Show pagesourceOld revisionsBacklinksBack to top × Table of Contents Openwrt无线方面的设置 无线设置包含的部分 wifi-device 配置项 Wifi网络 配置WiFi加密 生成Key WPA加密 Broadcom的WiFi Atheros WiFi 配置WPA (PSK) 配置WPA2 (PSK) WEP加密(不推荐) 启用/重启/关闭 无线接口 重新生成配置 Openwrt无线方面的设置 所有与无线有关的设置存放在本地文件 /etc/config/wireless中,我们可以用 vi 来编辑并修改它,这个配置文件是针对 无线设备 以及 无线网络 的。在这里需要区分理解的是,无线设备在wiki英文原文是 wireless devices ,无线网络在wiki英文原文是 wireless networks。 wireless devices 中指的是无线通讯设备相关的设置,而不单止是无线网卡的设置,wireless networks 指的是无线局域网相关的设置。 无线设置包含的部分 一个典型的无线设置文件至少应该包含两个方面的内容,即至少一个无线设备 和 至少一个与之相关的无线接口 配置。 无线设备 的设置指的是一般无线电通讯相关的参数,例如设备硬件(网卡芯片驱动程序类型),信道,频率,发射功率等; 无线接口 的设置指的是 无线设备 的工作模式,essid,无线加密方式等。 无线设备 和 无线接口 具有关联性,首先是设置好一个 无线设备 的参数,然后再设置与这个 无线设备 相关的 无线接口 参数,从而构造出一个可以有效工作的无线局域网环境。 wifi-device 配置项 wifi-device 所配置的是指设备中无线通讯硬件,很多情况中,一个设备只有一个无线通讯接口,所以只有一个 wifi-device 配置项,如果有多个无线通讯设备则会有多个 wifi-device 配置项,每个配置项用来指定不同的接口。 一个最小的 wifi-device 配置就像下面的例子,需要注意的是其中所指定的不同的芯片类型和驱动。 config 'wifi-device' 'wl0' option 'type' 'broadcom' option 'channel' '6' wl0 是无线网卡的内置标识符 broadcom 表示芯片或驱动程序的类型 6 指定无线网卡工作的无线频道 下表列出了设备节中所有的选项。注意:并非所有的芯片或驱动程序都适用于这些选项,请参考备注以便了解详情。 常用的选项 名称 类型 必须 默认值 描述 type string 是 (autodetected) The type is determined on firstboot during the initial radio device detection - it is usually not required to change it. Used values are broadcom on brcm-2.4, atheros for madwifi or mac80211 for b43, ath5k and ath9k phy integer 否 (autodetected) Specifies the radio phy associated to this section, it is usally autodetected and should not be changed This option is only used for type mac80211 macaddr MAC address 是 (autodetected) Specifies the radio adapter associated to this section, it is not used to change the device mac but to identify the underlying interface. The value is autodetected. This option is only used for type mac80211 disabled boolean 否 1 Disables the radio adapter if set to 1. Removing this option or setting it to 0 will enable the adapter channel integer or “auto” 是 auto Specifies the wireless channel to use. In station mode the value auto is allowed, in access point mode an actual channel number must be given hwmode string 否 (driver default) Selects the wireless protocol to use, possible values are 11b, 11bg, 11g, 11gdt (G + dynamic turbo, madwifi only), 11gst (G turbo, broadcom only), 11a, 11adt (A + dynamic turbo, madwifi only), 11ast (A + static turbo, madwifi only), 11fh (frequency hopping), 11lrs (LRS mode, broadcom only), 11ng (11N on 2.4GHz, mac80211 only), 11na (11N on 5GHz, mac80211 only) or auto htmode string 否 (driver default) Specifies the channel width in 11ng and 11na mode, possible values are: HT20 (single 20MHz channel), HT40- (2x 20MHz channels, 2. channel below) or HT40+ (2x 20MHz channels, 2. channel above). This option is only used for type mac80211 ht_capab string 否 (driver default) Specifies the available capabilities of the radio. The values are autodetected. This option is only used for type mac80211 txpower integer 否 (driver default) Specifies the transmission power in dBm diversity boolean 否 1 Enables or disables the automatic antenna selection by the driver rxantenna integer 否 (driver default) Specifies the antenna for receiving, the value may be driver specific, usually it is 1 for the first and 2 for the second antenna. Specifying 0 enables automatic selection by the driver if supported. This option has no effect if diversity is enabled txantenna integer 否 (driver default) Specifies the antenna for transmitting, values are identical to rxantenna antenna string 否 (driver default) Selects the antenna, possible values are vertical for internal vertical polarization, horizontal for internal horizontal polarization or external to use the external antenna connector Only used on the Ubiquity NanoStation device family instead of the rxantenna/txantenna settings. macfilter string 否 disable Specifies the mac filter policy, disable to disable the filter, allow to treat it as whitelist or deny to treat it as blacklist. Not supported for the mac80211 type yet maclist list of MAC addresses 否 (none) List of MAC addresses to put into the mac filter. Not supported for the mac80211 type yet country varies 否 (driver default) Specifies the country code, affects the available channels and transmission powers. For type broadcom a two letter country code is used (EN or DE). The madwifi driver expects a numeric code. Not supported for the mac80211 type yet (supported in trunk) distance integer 否 (driver default) Distance between the ap and the furthest client in meters . Only supported by madwifi, and the mac80211 type (in trunk) Broadcom参数 The options below are only used by the proprietary Broadcom driver (type broadcom). 名称 类型 必须 默认值 描述 frameburst boolean no 0 Enables Broadcom frame bursting if supported maxassoc integer no (driver default) Limits the maximum allowed number of associated clients slottime integer no (driver default) Slot time in milliseconds Madwifi参数 The following options are only used by the Madwifi driver (type atheros). 名称 类型 是否必须 默认参数 描述 softled boolean no 1 Enables software based LED control in the driver outdoor boolean no 0 Enables outdoor channels in the 5GHz band regdomain number no (driver default) Overrides the regulatory domain setting Wifi网络 A complete wireless configuration contains at least one wifi-iface section per adapter to define a wireless network on top of the hardware. Some drivers support multiple wireless networks per device: broadcom if the core revision is greater or equal 9 (see dmesg | grep corerev) madwifi always supports multiple networks all other drivers do *not* support multiple networks yet A minimal example for a wifi-iface declaration is given below. config 'wifi-iface' option 'device' 'wl0' option 'network' 'lan' option 'mode' 'ap' option 'ssid' 'MyWifiAP' option 'encryption' 'psk2' option 'key' 'secret passphrase' wl0 is the identifier for the underlying radio hardware lan specifies the network interface the wifi is attached to ap is the opetion mode, Access Point in this example MyWifiAP is the broadcasted SSID psk2 specifies the wireless encryption method, WPA2 PSK here secret passphrase is the secret WPA passphrase 常用的选项 The most common configuration option for wifi-iface sections are listed below. 名称 类型 必须 默认值 描述 device string 是 (first device id) Specifies the used wireless adapter, must refer to one of the defined wifi-device sections mode string 是 ap Selects the operation mode of the wireless network, ap for Access Point, sta for managed (client) mode, adhoc for Ad-Hoc, wds for static WDS and monitor for monitor mode ssid string 是 OpenWrt The broadcasted SSID of the wireless network bssid BSSID address no (driver default) Override the BSSID of the network, only applicable in adhoc or sta mode. In wds mode specifies the BSSID of another AP to create WDS with. hidden boolean 否 0 Turns off SSID broadcasting if set to 1 isolate boolean 否 0 Isolate wireless clients from each other, only applicable in ap mode. Not supported for the mac80211 type yet doth boolean 否 0 Enables 802.11h support. Not supported for the mac80211 type yet wmm boolean 否 0 Enables WMM (802.11e) support. Not supported for the mac80211 type yet network string 是 lan Specifies the network interface to attach the wireless to encryption string 否 none Used wireless encryption, none for an open network, wep for WEP, psk for WPA-PSK and psk2 for WPA2-PSK. See the WPA modes table for additional possible values. key number or string 否 (none) Specifies the secret passphrase used for WPA PSK mode or the key index for WEP mode key1 string 否 (none) WEP Key #1 (selected by the index in key) key2 string 否 (none) WEP Key #2 (selected by the index in key) key3 string 否 (none) WEP Key #3 (selected by the index in key) key4 string 否 (none) WEP Key #4 (selected by the index in key) ieee80211w integer 否 0 Enables MFP (802.11w) support (0 = disabled, 1 = optional, 2 = required). Only supported by the ath9k driver (in trunk) ieee80211w_max_timeout integer 否 (hostapd default) Specifies the 802.11w Association SA Query maximum timeout. Only supported by the ath9k driver (in trunk) ieee80211w_retry_timeout integer 否 (hostapd default) Specifies the 802.11w Association SA Query retry timeout . Only supported by the ath9k driver (in trunk) See the WPA tables below for a full listing of WPA related options used for WPA2 Enterprise (802.1x) Madwifi参数 The options in the table below only work with type atheros. 名称 类型 必须 默认值 描述 ar boolean 否 0 Enables AR support bgscan boolean 否 0 Enables background scanning bursting boolean 否 0 Enables frame bursting compression boolean 否 0 Enables hardware compression ff boolean 否 0 Enables fast frames frag integer 否 (none) Fragmentation threshold mcast_rate integer 否 (driver default) Use a fixed multicast rate minrate integer 否 (driver default) Limit the minimum rate used maxrate integer 否 (driver default) Limit the maximum rate used nosbeacon boolean 否 0 Disables the hardware beacon timer, only applicable in Managed mode sw_merge boolean 否 0 Disables the hardware beacon timer, only applicable in IBSS mode probereq boolean 否 1 Enables probe responses (AP will not appear in wifi scans if disabled) rate integer 否 (driver default) Use a fixed rate rts integer 否 (driver default) Override the RTS/CTS threshold turbo boolean 否 0 Enables turbo mode uapsd boolean 否 0 Enables Unscheduled Automatic Power Save Delivery (UAPSD) wds boolean 否 0 Enables Lazy-WDS, only applicable in Access Point or Managed mode wdssep boolean 否 0 Separates WDS clients from each other xr boolean 否 0 Enables XR support WPA模式 Besides the WPA mode, the encryption option also specifies the group and peer ciphers to use. To override the cipher, the value of encryption must be given in the form mode+cipher. See the listing below for possible combinations. 值 WPA版本 Ciphers psk2+tkip+ccmp psk2+tkip+aes WPA2 Personal (PSK) TKIP, CCMP psk2+tkip WPA2 Personal (PSK) TKIP psk2+ccmp psk2+aes psk2 WPA2 Personal (PSK) CCMP psk+tkip+ccmp psk+tkip+aes WPA Personal (PSK) TKIP, CCMP psk+tkip psk WPA Personal (PSK) TKIP psk+ccmp psk+aes WPA Personal (PSK) CCMP mixed-psk+tkip+ccmp mixed-psk+tkip+aes mixed-psk WPA/WPA2 Personal (PSK) mixed mode TKIP, CCMP mixed-psk+tkip WPA/WPA2 Personal (PSK) mixed mode TKIP mixed-psk+ccmp mixed-psk+aes WPA/WPA2 Personal (PSK) mixed mode CCMP wpa2+tkip+ccmp wpa2+tkip+aes WPA2 Enterprise TKIP, CCMP wpa2+ccmp wpa2+aes wpa2 WPA2 Enterprise CCMP wpa2+tkip WPA2 Enterprise TKIP wpa+tkip+ccmp wpa+tkip+aes WPA Enterprise TKIP, CCMP wpa+ccmp wpa+aes WPA Enterprise CCMP wpa+tkip wpa WPA Enterprise TKIP mixed-wpa+tkip+ccmp mixed-wpa+tkip+aes mixed-wpa WPA/WPA2 Enterprise mixed mode TKIP, CCMP mixed-wpa+tkip WPA/WPA2 Enterprise mixed mode TKIP mixed-wpa+ccmp mixed-wpa+aes WPA/WPA2 Enterprise mixed mode CCMP WPA Enterprise (Access Point) Listing of Access Point related options for WPA Enterprise. 名称 默认值 描述 server (none) RADIUS server to handle client authentication port 1812 RADIUS server port key (none) Shared RADIUS secret The options below are not supported by the Broadcom nas authenticator nasid (none) NAS ID to use for RADIUS athentication requests wpa_group_rekey 600 WPA Group Cipher rekeying interval in seconds ieee80211d 0 Enables IEEE 802.11d (“World Mode”) if set to 1 WPA Enterprise (Client) Listing of Client related options for WPA Enterprise. At the time of writing only the madwifi driver supports WPA Enterprise in client mode. 名称 默认值 描述 eap_type (none) Defines the EAP protocol to use, possible values are tls for EAP-TLS and peap or ttls for EAP-PEAP auth MSCHAPV2 Defines the phase 2 authentication method to use, only applicable if eap_type is peap or ttls identity (none) EAP identity to send during authentication password (none) Password to send during EAP authentication ca_cert (none) Specifies the path the CA certificate used for authentication priv_key (none) Specifies the path to the private key file used for authentication, only applicable if eap_type is set to tls priv_key_pwd (none) Password to unlock the private key file, only works in conjunction with priv_key 配置WiFi加密 Howto setup wireless encryption with OpenWrt Kamikaze. You can do the same from within the LuCI WebUI (Network > Wifi) if you prefer a GUI. 生成Key To generate a random password for your key you can use the pwgen program. pwgen is available for most Linux distributions and is also packaged for OpenWrt Kamikaze. Run it with e.g. pwgen --secret 13 1 - this generates one password with a length of 13 letters/numbers. WPA加密 Broadcom的WiFi Broadcom的无线芯片必须安装NAS的包。 root@OpenWrt:~# opkg install nas Atheros WiFi For Atheros wireless chips install the hostapd package if your run in AP mode. root@OpenWrt:~# opkg install hostapd TIP: If you only need WPA (PSK) encryption you can install the hostapd-mini package which does not depend on the zlib and libopenssl packages. If you have a Atheros wireless and run it in client-mode you have to install the wpa-supplicant package instead of hostapd. root@OpenWrt:~# opkg install wpa-supplicant 配置WPA (PSK) 使用UCI配置的WPA(PSK)的加密。 root@OpenWrt:~# uci set wireless.@wifi-iface[0].encryption=psk root@OpenWrt:~# uci set wireless.@wifi-iface[0].key="your_password" root@OpenWrt:~# uci commit wireless root@OpenWrt:~# wifi For the key only letters (upper and lower case) and numbers are allowed. The length must be between 8 and 63 characters. 配置WPA2 (PSK) 使用UCI配置的WPA2(PSK)的加密。 root@OpenWrt:~# uci set wireless.@wifi-iface[0].encryption=psk2 root@OpenWrt:~# uci set wireless.@wifi-iface[0].key="your_password" root@OpenWrt:~# uci commit wireless root@OpenWrt:~# wifi For the key only letters (upper and lower case) and numbers are allowed. The length must be between 8 and 63 characters. Configuration is also possible via direct editing of /etc/config/wireless: option encryption psk option key "your_password" See the uci文档 for information on configuration files in general and the sections above for a full outline of the wifi config file in particular. WEP加密(不推荐) 为WEP密钥格式的一些注意事项: The format for the WEP key for the key1 option is HEX If you wish to use raw hex keys then you can skip to the UCI commands paragraph below. Raw hex keys have 10 hex digits (0..9, a..f) for 64-bit WEP keys and 26 hex digits for 128-bit WEP keys. 如果你不想使用原始的十六进制键然后按照下面的说明。 The length of a 64bit WEP key must be exact 5 characters The length of a 128bit WEP key must be exact 13 characters Allowed characters are letters (upper and lower case) and numbers 生成一个64位的WEP密钥: root@OpenWrt:~# echo -n 'awerf' | hexdump -e '5/1 "%02x" "\n"' 6177657266 生成一个128位的WEP密钥: root@OpenWrt:~# echo -n 'xdhdkkewioddd' | hexdump -e '13/1 "%02x" "\n"' 786468646b6b6577696f646464 现在,在UCI中使用你刚才生成的16进制的WEP密钥来设置加密。 root@OpenWrt:~# uci set wireless.@wifi-iface[0].encryption=wep root@OpenWrt:~# uci set wireless.@wifi-iface[0].key1="786468646b6b6577696f646464" root@OpenWrt:~# uci set wireless.@wifi-iface[0].key=1 root@OpenWrt:~# uci commit wireless root@OpenWrt:~# wifi 您可以配置最多四个WEP密钥。 启用/重启/关闭 无线接口 在 Openwrt下要 启用/重启/关闭 无线接口是使用命令 “wifi”来完成的。 启动无线接口:不带参数直接在命令行运行 wifi 命令; 如果修改了无线的配置,我们需要重新启动无线接口使配置生效,同样是不带参数直接在命令行下运行 wifi 命令; 如果需要关闭无线装置,加上“ down “参数使用 “wifi down” 大多数情况下新安装的 Openwrt 是默认关闭无线接口的。 重新生成配置 To rebuild the configuration file, e.g. after installing a new wireless driver, remove the existing wireless configuration (if any) and use the wifi detect command with stdout redirected to the /etc/config/wireless file: root@OpenWrt:~# rm -f /etc/config/wireless; wifi detect > /etc/config/wireless This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.OKMore information about cookies Last modified: 2020/12/30 05:01by shorile