Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:network:wifi:wireless.overview [2018/04/03 20:01] – Cleaned up ToC, re-arranged information into a more logical layout ; Bodies still require work jw0914docs:guide-user:network:wifi:wireless.overview [2023/06/22 22:24] – [Wireless Drivers in OpenWrt] Grammar and capitalization memicinn19
Line 1: Line 1:
 ====== Wireless overview ====== ====== Wireless overview ======
 +This article deals with 802.11 wireless. OpenWrt supports other wireless devices too, see
 +[[docs:guide-user:hardware:bluetooth:start|Bluetooth]], 802.15.4 ([[https://dev.openwrt.org/changeset/45348|r45348]]) or RTL-SDR ([[https://yuv.al/blog/feeding-data-to-flightradar24-dot-com/|RTL-SDR on TL-WR703n]])
  
-This article deals with 802.11 wireless, however OpenWrt also supports other wireless technologies +===== Introduction ===== 
-  * [[docs:guide-user:hardware:bluetooth:start|Bluetooth]] +[[https://wireless.wiki.kernel.org/welcome|Linux Wireless]] is //the// source for documentation regarding the entire **Linux Kernel IEEE 802.11 ("wireless") subsystem**It is a wiki like this one, so feel free to contribute there as well! Everything not OpenWrt specific, belongs there. This page is an exception, as I believe I can provide a better introduction. ;-)
-  * 802.15.4 ([[https://dev.openwrt.org/changeset/45348|r45348]]+
-  * RTL-SDR ([[http://blog.y3xz.com/blog/2014/04/24/feeding-data-to-flightradar24-dot-com/|TL-WR703n]])+
  
 +  * IEEE 802.**3** is a family of communication protocols comprising [[wp>Physical Layer|Layer 1]] and [[wp>Media Access Control|Layer 2 Sublayer MAC]] 
 +  * IEEE 802.3 has an official name: //Ethernet//
 +  * IEEE 802.**11** is a family of communication protocols also comprising Layer 1 and Layer 2 Sublayer MAC
 +  * IEEE 802.11 has no official name; so most people simply call it "wireless" or "wavelan" or ''wifi'' (note that [[wp>Wi-Fi]] is a brand name)
 +  * The support for IEEE 802.11 in the Linux-Kernel is fragmented: this means there are two frames (WEXT=deprecated, cfg80211 + nl80211=current) and multiple drivers, e.g.
 +    * for some broadcom WNICs, there are also three drivers available: broadcom proprietary drivers (''broadcom-wl''), broadcom mac80211-based drivers (the ''b43'') and the brcmSmac- and brcmFmac drivers
 +      * to set up and configure **[[https://wireless.wiki.kernel.org/en/users/documentation/iw|wireless utilities]]** are available, however on OpenWrt we rather use UCI: ''[[docs:guide-user:network:wifi:basic|/etc/config/wireless]]'' and ''[[docs:guide-user:base-system:basic-networking|/etc/config/network]]''.
 +    * There are two different types of WNICs to distinguish: [[https://wireless.wiki.kernel.org/en/developers/documentation/glossary#:~:text=(Access%20Point)-,SoftMAC,-SoftMAC%20is%20a|SoftMAC]] and [[https://wireless.wiki.kernel.org/en/developers/documentation/glossary#:~:text=or%20terminal%20emulator.-,FullMAC,-FullMAC%20is%20a|FullMAC]] devices; also see //[[https://wireless.wiki.kernel.org/en/developers/documentation/mac80211|About mac80211]]//.
 +  * Many drivers might require firmware blobs. Most firmware code is closed source. (Exception carl9170, [[https://wireless.wiki.kernel.org/en/developers/gsoc/2012/ath9k_htc_open_firmware|ath9k_htc]])
 +  * Atheros ath9k does not require firmware.
 +  * In contrast to Ethernet drivers, wireless drivers work in a **Wireless Mode of Operation**.
  
-===== Introduction ===== 
  
-[[http://wireless.kernel.org/en/users|Linux Wireless]] is //the// source for documentation regarding the entire **Linux Kernel IEEE 802.11 ("wireless") subsystem**. It is a wiki like this one, so feel free to contribute there as well! Everything not OpenWrt specific, belongs there. This page is an exception, as I believe I can provide a better introduction. ;-)+==== Wireless Modes of Operation ====
  
-  * **IEEE 802.** +[[docs:techref:wireless.modes|Wireless Modes of Operation]] 
-    * **3:** Official name: //Ethernet// +→Kernel: [[http://wireless.kernel.org/en/users/Documentation/modes|Wireless Modes of Operation]]
-      * A family of communication protocols comprising [[wp>Physical Layer|Layer 1]] and [[wp>Media Access Control|Layer 2 Sublayer MAC]] \\ \\ +
-    * **11:** No official name; AKA"wireless", "wavelan", or ''wifi'' <sup>//(NOTE: [[wp>Wi-Fi]] is a brand name)//</sup> +
-      * A family of communication protocols also comprising Layer 1 and Layer 2 Sublayer MAC +
-        * Support for IEEE 802.11 in the Linux-Kernel is fragmented, meaning there are two frames (WEXT=deprecated, cfg80211 + nl80211=current) and multiple drivers, e.g. +
-          * For some Broadcom WNICs, there are three drivers available:  +
-            * Broadcom proprietary drivers (''broadcom-wl''+
-            * Broadcom mac80211-based drivers (the ''b43''+
-            * brcmSmac- and brcmFmac drivers \\ \\ +
-  * **Set up and configure:**  +
-    * **LuCI:** [[https://wireless.wiki.kernel.org/en/users/documentation/iw|Wireless Utilities]] +
-    * **SSH:** ''[[docs:guide-user:network:wifi:basic|/etc/config/wireless]]'' and ''[[docs:guide-user:base-system:basic-networking|/etc/config/network]]'' \\ \\ +
-  * There are two different types of WNICs to distinguish: +
-    * [[http://linuxwireless.org/en/developers/Documentation/mac80211|About mac80211]] +
-      * [[http://www.linuxwireless.org/en/developers/Documentation/Glossary?highlight=%28softmac%29#SoftMAC|SoftMAC]] +
-      * [[http://www.linuxwireless.org/en/developers/Documentation/Glossary?highlight=%28FullMAC%29#FullMAC|FullMAC]]\\ \\ +
-  * Many drivers might require firmware blobs.  +
-    * Most firmware code is closed source, with some exceptions <sup>([[https://wireless.wiki.kernel.org/en/developers/gsoc/2012/ath9k_htc_open_firmware|ath9k_htc]])</sup> +
-    * Atheros ath9k does not require firmware. \\ \\ +
-  * In contrast to Ethernet drivers, wireless drivers work in a **Wireless Mode of Operation**.+
  
-==== Operation Modes ==== 
  
-  * [[docs:techref:wireless.modes|OpenWrt]] +==== Driver support for wireless modes of operation ==== 
-  * [[http://wireless.kernel.org/en/users/Documentation/modes|Kernel]]+See what the Linux 802.11 driver for //your// hardware can and cannot do. Some drivers support only one mode: STA (also called station, client or managed mode) other drivers support multiple modes, some even simultaneously (interface combination):\\ 
 +  * [[http://wireless.kernel.org/en/users/Drivers|wireless.kernel.org: Driver capabilities: support for Wireless Modes of Operation]]\\ 
 +  * →[[wp>Comparison_of_open_source_wireless_drivers#Driver_capabilities|Wikipedia: Driver capabilities: support for Wireless Modes of Operation]] 
 +Limitations when combining multiple wireless modes of operation at the same time do exist.\\ 
 +  * →[[https://forum.openwrt.org/viewtopic.php?pid=204746#p204746|Driver limitations when combining multiple wireless modes of operation]]
  
-==== Driver Support ====+Firmware Limitations do exist 
 +  * ->[[http://www.spinics.net/lists/linux-wireless/msg124328.html|No 5GHz AP with Intel 7260]]
  
-Some drivers support only one modeSTA //(also called station, client or managed mode)//, while other drivers support multiple modes, including simultaneously [interface combination] +==== Regulation in law ==== 
-  * [[http://wireless.kernel.org/en/users/Drivers|wireless.kernel.org: Driver capabilities: Support for Wireless Modes of Operation]] +Available frequenciesbands and channels are subject to regulation in each state. 
-  * [[wp>Comparison_of_open_source_wireless_drivers#Driver_capabilities|Wikipedia: Driver capabilities: support for Wireless Modes of Operation]]+Please see: https://git.kernel.org/pub/scm/linux/kernel/git/sforshee/wireless-regdb.git/tree/db.txt
  
-Limitations: 
-  * [[https://forum.openwrt.org/viewtopic.php?pid=204746#p204746|Limitations when Combining Multiple Wireless Modes of Operation]] 
-  * [[http://www.spinics.net/lists/linux-wireless/msg124328.html|No 5GHz AP with Intel 7260]] 
  
-==== Regulations ====+===== Wireless Drivers in OpenWrt ===== 
 +Wireless drivers are pulled on a more or less regular basis from [[http://git.kernel.org/cgit/linux/kernel/git/wireless/wireless-testing.git/|wireless-testing]] and the OpenWrt patches which are not mainlined yet are adjusted, see e.g. [[https://dev.openwrt.org/changeset/36939/trunk|r36939]]. 
 +OpenWrt does not use kernel drivers. The package is called mac80211. 
 +  * [[https://dev.openwrt.org/log/trunk/package/kernel/mac80211|history of commits to OpenWrt trunk regarding mac80211]] 
 +  * [[https://dev.openwrt.org/search?ticket=on&q=mac80211|tickets on mac80211]], better is a custom query in [[wp>Trac]]: e.g. [[https://dev.openwrt.org/query?status=accepted&status=assigned&status=new&status=reopened&description=~mac80211&max=20&order=priority|custom query]]
  
-Available Frequencies, Bands, and Channels are subject to regulation in each state and country<sup>(see [[https://wireless.wiki.kernel.org/en/developers/Regulatory/wireless-regdb|Reg Database]])</sup>+Similar work (brand new drivers for older kernel) is done by the [[https://backports.wiki.kernel.org/index.php/Main_Page|backports]] project [[http://marc.info/?l=linux-backports&m=136490878702448|April 2013 announcement]], previously called compat-wireless or compat-driver. OpenWrt does not use this, despite referencing it by name.
  
 +===== Wireless Utilities in OpenWrt =====
 +  * [[docs:guide-user:network:wifi:wireless-tool:wireless.utilities|Wireless Utilities]]
  
-===== OpenWrt ===== 
  
-Wireless drivers are pulled on a more or less regular basis from [[http://git.kernel.org/cgit/linux/kernel/git/wireless/wireless-testing.git/|wireless-testing]], with the OpenWrt-patches not mainlined yet being adjusted.+===== Wireless Tools and Applications available in the OpenWrt repository ===== 
 +  * [[docs:guide-user:network:wifi:wireless-tool:kismet]] – An IEEE 802.11 network detector, sniffer and intrusion detection system. 
 +  * [[docs:guide-user:network:wifi:wireless-tool:aircrack-ng]] – Aircrack-ng is the next generation of aircrack with new features 
 +  * [[docs:guide-user:network:wifi:wireless-tool:horst]] – A scanning and analysis tool for IEEE 802.11 networks and especially IBSS (ad-hoc) mode and mesh networks (OLSR).
  
-OpenWrt does not use Kernel drivers, and the package is called mac80211. 
-  * [[https://dev.openwrt.org/log/trunk/package/kernel/mac80211|History of Commits to OpenWrt Trunk Regarding mac80211]] 
-  * [[https://dev.openwrt.org/search?ticket=on&q=mac80211|tickets on mac80211]] 
-    * A custom query in [[wp>Trac]] may be better: [[https://dev.openwrt.org/query?status=accepted&status=assigned&status=new&status=reopened&description=~mac80211&max=20&order=priority|Custom Query]] 
  
-Similar work (drivers for older kernels) is done by the [[https://backports.wiki.kernel.org/index.php/Main_Page|backports]] project  +==== Captive portal software available in the OpenWrt repository ====
-  * [[http://marc.info/?l=linux-backports&m=136490878702448|April 2013 announcement]], previously called compat-wireless or compat-driver. OpenWrt does not use this, despite referencing it by name.+
  
-==== Drivers ====+| ''[[docs:guide-user:services:captive-portal:wireless.hotspot.nodogsplash|nodogsplash]]'' | Layer 3 |  https://github.com/nodogsplash/nodogsplash | 
 +| ::: | NoDogSplash offers a simple way to open a free hotspot providing restricted access to an internet connection.\\ It is another alternative from NoCat which aims to offer captive portal solutions local to the router/gateway and a simplistic setup, user bandwidth control and basic auth/splash page. Nodogsplash is small, well tested, tailored for OpenWrt by its author and can be set up with only one or two config file changes, in contrast Chilli is more complete but complex to set up. || 
 +| ''[[docs:guide-user:services:captive-portal:wireless.hotspot.coova-chilli|coova-chilli]]'' | Layer 2 / Layer 3|  http://www.coova.org/
 +| ::: | CoovaChilli is an open source access controller for wireless LAN access points and is based on ChilliSpot. It is used for authenticating users of a wireless (or wired) LAN. It supports web based login (UAM) which is today's standard for public HotSpots and it supports Wireless Protected Access (WPA) which is the standard of the future. Authentication, authorization and accounting (AAA) is handled by your favorite RADIUS server.\\ Built on top of Chillispot with several improvements and additions. Includes [[wp>WISPr]] support, and much more. Main captive portal solution used in CoovaAP. ||
  
 +
 +==== Wireless packages available in the OpenWrt repository ====
 +This shall be, but is not, an exhaustive list of all packages in the OpenWrt repository regarding wireless stuff to play with. The installation is always the same ''opkg install <package>'', for documentation regarding the configuration and utilization, search for Howtos in this wiki or in the Internet.
 +
 +^ Name    ^  Size ^ Description  ^
 +| airpwn              |    23618 | Airpwn is a framework for 802.11 (wireless) packet injection. Airpwn listens to incoming wireless packets, and if the data matches a pattern specified in the config files, custom content is injected "spoofed" from the wireless access point. From the perspective of the wireless client, airpwn becomes the server.  |
 +| collectd-mod-wireless  |   7321 | wireless status input plugin  |
 +| freifunk-watchdog    |   9546 | A watchdog daemon that monitors wireless interfaces to ensure the correct BSSID and channel. The process will initiate a wireless restart as soon as it detects a BSSID or channel mismatch.   |
 +| karma                |   8605 | KARMA is a set of tools for assessing the security of wireless clients at multiple layers. Wireless sniffing tools discover clients and their preferred/trusted networks by passively listening for 802.11 Probe Request frames.  |
 +| kmod-wprobe          |    9408 | A module that exports measurement data from wireless driver to user space  |
 +| mdk3                   49495 | Tool to exploit wireless vulnerabilities  |
 +| wavemon              |   32209 | wavemon is a ncurses-based monitoring application for wireless network devices. Based on WEXT-API   |
 +| wireless-tools         30236 | This package contains a collection of tools for configuring wireless adapters implementing WEXT-API  |
 +
 +
 +==== Wireless drivers available in the OpenWrt repository ====
 +E.g.:
 ^ Package ^      Dependencies  ^^^^^^ ^ Package ^      Dependencies  ^^^^^^
 | kmod-ath9k    | |||||| | kmod-ath9k    | ||||||
Line 108: Line 123:
 | kmod-ath          |   10.059 | This module contains some common parts needed by Atheros Wireless drivers.  | | kmod-ath          |   10.059 | This module contains some common parts needed by Atheros Wireless drivers.  |
 | kmod-b43          |  210.860 | Kernel module for Broadcom 43xx wireless support (mac80211 stack) | | kmod-b43          |  210.860 | Kernel module for Broadcom 43xx wireless support (mac80211 stack) |
 +| kmod-brcm-wl      | 1847.448 | Proprietary kernel module for Broadcom SSB/B43xx, it replaces kmod-b43. It requires also the packages nas and wlc |
 +| kmod-brcmsmac      550.416 | Kernel module for Broadcom BCMA/IEEE802.11n PCIe Wireless cards |
 | kmod-mac80211      139.372 | Generic IEEE 802.11 Networking Stack (mac80211)              | | kmod-mac80211      139.372 | Generic IEEE 802.11 Networking Stack (mac80211)              |
 | kmod-cfg80211       93.696 | cfg80211 is the Linux wireless LAN (802.11) configuration API.  | | kmod-cfg80211       93.696 | cfg80211 is the Linux wireless LAN (802.11) configuration API.  |
 | iw                |   32.100 | cfg80211 interface configuration utility  | | iw                |   32.100 | cfg80211 interface configuration utility  |
 | wireless-tools    |   23.153 | Contains ''[[man>iwconfig]]'', ''[[man>iwlist]]'' and ''[[man>iwpriv]]''; tools for configuring wireless adapters implementing the WExt.  | | wireless-tools    |   23.153 | Contains ''[[man>iwconfig]]'', ''[[man>iwlist]]'' and ''[[man>iwpriv]]''; tools for configuring wireless adapters implementing the WExt.  |
-| crda              |    9.627 | The [[http://www.linuxwireless.org/en/developers/Regulatory/CRDA|Central Regulatory Domain Agent]] serves one purpose: tell Linux kernel what to enforce. \\ It is a udev helper for communication between kernel <-> userspace. You only need to run this manually for debugging purposes. \\ For manual changing of regulatory domains use iw (''iw reg set'') or wpa-supplicant.  |+| crda              |    9.627 | The [[https://wireless.wiki.kernel.org/en/developers/regulatory/crda|Central Regulatory Domain Agent]] serves one purpose: tell Linux kernel what to enforce. In essence it is a udev helper for communication between the kernel and userspace. You only need to run this manually for debugging purposes. For manual changing of regulatory domains use iw (''iw reg set'') or wpa-supplicant (feature yet to be added).  |
 | libnl-tiny        |   13.529 | This package contains a stripped down version of libnl  | | libnl-tiny        |   13.529 | This package contains a stripped down version of libnl  |
  
  
-| {{:meta:icons:tango:48px-outdated.svg.png?nolink}}  | Due to [[https://dev.openwrt.org/changeset/31954/|r31954]] tweaking the ''regulatory.bin'' to enbale channel 13 and 14 is no longer an option.  | +| {{:meta:icons:tango:48px-outdated.svg.png?nolink}}  | Due to [[https://dev.openwrt.org/changeset/31954/|r31954]] tweaking the ''regulatory.bin'' to enable channel 13 and 14 is no longer an option.  |
- +
- +
-==== Wireless Utilities ==== +
- +
-  * [[docs:guide-user:network:wifi:wireless-tool:wireless.utilities|Wireless Utilities]] +
- +
- +
-===== Applications & Tools ===== +
- +
-  * [[docs:guide-user:network:wifi:wireless-tool:kismet|Kismet]] +
-    * An IEEE 802.11 network detector, sniffer and intrusion detection system.\\ \\ +
-  * [[docs:guide-user:network:wifi:wireless-tool:aircrack-ng|AirCrack-NG]] +
-    * The next generation of aircrack with new features\\ \\ +
-  * [[docs:guide-user:network:wifi:wireless-tool:horst|Horst]] +
-    * A scanning and analysis tool for IEEE 802.11 networks and especially IBSS (ad-hoc) mode and mesh networks (OLSR). +
- +
- +
-==== Captive Portals ==== +
- +
-  * **Layer 3** +
-    * [[docs:guide-user:services:captive-portal:wireless.hotspot.nodogsplash|NoDogSplash]] <sup>([[https://github.com/nodogsplash/nodogsplash|GitHub]])</sup> +
-      * NoDogSplash offers a simple way to open a free hotspot providing restricted access to an internet connection. +
-        * An alternative from NoCat, offering captive portal solutions local to the router/gateway, with a simplistic setup, user bandwidth control and basic auth/splash page.  +
-        * Small, well tested, tailored for OpenWrt by its author, it can be set up with only one or two config file changes; in contrast, Chilli is more complete but complex to set up. \\ \\ +
-  * **Layer 2 / Layer 3** +
-    * [[docs:guide-user:services:captive-portal:wireless.hotspot.coova-chilli|Coova-Chilli]] <sup>([[http://www.coova.org|site]])</sup> +
-      * An open source access controller for wireless LAN access points and is based on ChilliSpot.  +
-        * Used for authenticating users of a wireless (or wired) LAN, it supports web based login (UAM), which is today's standard for public HotSpots, and Wireless Protected Access (WPA). +
-          * Authentication, authorization, and accounting (AAA) is handled by your favorite RADIUS server. +
-        * Built on top of Chillispot with several improvements and additions, including [[wp>WISPr|WISPr]] support, among others, which is the main captive portal solution used in CoovaAP. +
- +
- +
-==== Packages ==== +
- +
-These are some of the packages in the OpenWrt repository regarding wireless stuff to play with.  +
-  * The installation is always the same ''opkg install <package>'' +
-  * For documentation regarding the configuration and utilization, search for HowTOs in this wiki or via your search engine of choice. +
- +
-^ Name    ^  Size ^ Description +
-| airpwn              |    23618 | Airpwn is a framework for 802.11 (wireless) packet injection. Airpwn listens to incoming wireless packets, and if the data matches a pattern specified in the config files, custom content is injected "spoofed" from the wireless access point. From the perspective of the wireless client, airpwn becomes the server. +
-| collectd-mod-wireless  |   7321 | wireless status input plugin +
-| freifunk-watchdog    |   9546 | A watchdog daemon that monitors wireless interfaces to ensure the correct BSSID and channel. The process will initiate a wireless restart as soon as it detects a BSSID or channel mismatch.   | +
-| karma                |   8605 | KARMA is a set of tools for assessing the security of wireless clients at multiple layers. Wireless sniffing tools discover clients and their preferred/trusted networks by passively listening for 802.11 Probe Request frames. +
-| kmod-wprobe          |    9408 | A module that exports measurement data from wireless driver to user space  | +
-| mdk3                   49495 | Tool to exploit wireless vulnerabilities +
-| wavemon              |   32209 | wavemon is a ncurses-based monitoring application for wireless network devices. Based on WEXT-API   | +
-| wireless-tools         30236 | This package contains a collection of tools for configuring wireless adapters implementing WEXT-API +
- +
- +
-===== Wireless security ===== +
- +
-  * <color #af0000>**DO NOT, //under any circumstances//, utilize WPS (WiFi Protected Setup), or WEP/WPA encryption**</color> +
-    * <color #af0000>//They're not even remotely secure//</color> +
- +
-==== Encryption ==== +
- +
-  * **Basic** +
-    * It is //recommended// to use **WPA2-PSK** //and// **Force CCMP (AES)** as both are the best means of non-enterprise encryption. +
- +
-  * **Advanced** +
-    * One can improve WiFi security even further by utilizing [[https://en.wikipedia.org/wiki/IEEE_802.11w-2009|802.11w]] and [[https://en.wikipedia.org/wiki/Extensible_Authentication_Protocol|EAP]]. +
-      * <color #4b4b4b>These are more advanced encryption/authorization methods and a decent understanding, //prior to implementation//, is recommended</color> +
-        * [[docs:guide-user:network:wifi:wireless.security.8021x|Basic WPA Enterprise configuration instructions]] +
-        * [[docs:guide-user:network:wifi:encryption#configure_wpa2_enterprise_eap-tls_with_external_radius_server|EAP-TLS]] +
-        * [[docs:guide-user:network:wifi:encryption#configure_wpa2_enterprise_client_peap-gtc_using_one_time_password_otp|EAP-GTC OTP]] +
- +
-==== Passwords ==== +
- +
-    * <color #af0000>**WiFi network passwords should be a //minimum 16 characters// & contain //at least//:**</color>  +
-      * **2** //uppercase// letters +
-      * **2** //lowercase// letters +
-      * **2** //numbers// +
-      * **2** //symbols// +
- +
-    * <color #af0000>**Do //not// utilize these in your passwords:**</color> +
-      * **Personal info** +
-        * <color #4b4b4b>//Your name, Family/Friends/Pets' names//</color> +
-        * <color #4b4b4b>//Important dates (birthdays, anniversaries, etc.)//</color> +
-        * <color #4b4b4b>//Dictionary words//</color> +
-      * **Router Admin** <color #646464>//[root]//</color> **password** +
-        * <color #4b4b4b>//Any form of your Admin <color #646464>[root]</color> password//</color> +
- +
-    * <color #af0000>**Above all, do not write down passwords & do not save them in files**</color> +
-      * <color #4b4b4b>//If you, for whatever reason, require writing passwords down, please utilize://</color> +
-        * [[https://www.gnupg.org|GnuPG]] <color #646464>(Linux)</color> +
-        * [[https://www.gpg4win.org/|Gpg4Win]] <color #646464>(Windows)</color> +
-      * <color #4b4b4b>//to create a 4096bit or greater signing cert, protect it with a password inline with the above, and use that signing cert to encrypt the document.//</color> +
- +
-==== SSIDs ==== +
- +
-  * Should be customized, //not generic// <color #646464>(i.e. **//not//** OpenWrt, Linksys, etc.)</color> +
- +
-==== WiFi Access ==== +
- +
-  * Your home network is like your house, you don't give your house keys to anyone but those you trust; WiFi networks and their passwords are the same.   +
- +
-  * vLANs should be configured for guest networks and the vLANs should be firewalled off from your home network +
-    * <color #4b4b4b>**For example, to completely firewall off traffic from:**</color> <color #6e6e6e>**//LAN -> Guest//**</color> <color #4b4b4b>**&**</color> <color #6e6e6e>**//Guest -> LAN//**</color><color #4b4b4b>**:**</color> +
-      * <color #646464>Chain name(s)</color> <color #6e6e6e>[//''forward''//]</color> <color #646464>and interfaces</color> <color #6e6e6e>[//''br0'' (LAN), ''br1'' (Guest)//]</color> <color #646464>will vary</color> <WRAP 54.5em lo><code bash> +
-iptables -t filter -I forward 1 -i br1 -m state --state NEW -j ACCEPT +
-iptables -t filter -I forward 2 -i br1 -o br0 -m state --state NEW -j DROP +
-iptables -t filter -I forward 3 -i br0 -o br1 -m state --state NEW -j DROP +
-</code></WRAP> +
- +
- +
-===== Configs & HowTOs =====+
  
-  * [[docs:guide-user:network:wifi: |WiFi]] 
  
-===== Troubleshooting =====+===== Wireless Configuration HowTo and Recipes ===== 
 +You can find a couple of probed scenarios under ->[[docs:guide-user:network:wifi: | wifi section]].
  
-  * [[https://forum.openwrt.org/viewtopic.php?id=33875|Problem with Multicast Traffic on 802.11 Networks]]+===== Troubleshooting ====== 
 +  * [[https://forum.openwrt.org/viewtopic.php?id=33875|problem with any kinds of multicast traffic on 802.11 networks]]
  
 ===== Notes ===== ===== Notes =====
 +  * [[https://forum.openwrt.org/viewtopic.php?pid=133243#p133243|on AP modes]]
 +  * [[https://dev.openwrt.org/changeset/37553|r37553  add authsae open80211s authentication daemon]] [[wp>IEEE 802.11s]]
 +  * [[https://dev.openwrt.org/changeset/37483|r37483 ath9k: add initial tx queueing rework patches]] This forces all packets (even for un-aggregated traffic) through software queues to improve fairness and stability
  
-  * [[https://forum.openwrt.org/viewtopic.php?pid=133243#p133243|AP Modes]]\\ \\ +===== OpenWrt Wireless FAQ ===== 
-  * [[https://dev.openwrt.org/changeset/37553|r37553  Add authsae open80211s Authentication Daemon]]  +  * -> {{tagpage>wireless|OpenWrt Wireless FAQ}}
-    * [[wp>IEEE 802.11s|IEEE 802.11s]]\\ \\ +
-  * [[https://dev.openwrt.org/changeset/37483|r37483 ath9k: Add Initial TX Queueing Rework Patches]]  +
-    * This forces all packets (INCL. un-aggregated traffic) through software queues to improve fairness and stability\\ \\ +
-  * [[docs:guide-user:network:wifi:faq.wireless|Wireless FAQ]]+
  • Last modified: 2023/06/22 22:48
  • by memicinn19