Openwrt无线方面的设置

所有与无线有关的设置存放在本地文件 /etc/config/wireless中,我们可以用 vi 来编辑并修改它,这个配置文件是针对 无线设备 以及 无线网络 的。在这里需要区分理解的是,无线设备在wiki英文原文是 wireless devices ,无线网络在wiki英文原文是 wireless networks。

wireless devices 中指的是无线通讯设备相关的设置,而不单止是无线网卡的设置,wireless networks 指的是无线局域网相关的设置。

无线设置包含的部分

一个典型的无线设置文件至少应该包含两个方面的内容,即至少一个无线设备 和 至少一个与之相关的无线接口 配置。

无线设备 的设置指的是一般无线电通讯相关的参数,例如设备硬件(网卡芯片驱动程序类型),信道,频率,发射功率等;

无线接口 的设置指的是 无线设备 的工作模式,essid,无线加密方式等。

无线设备 无线接口 具有关联性,首先是设置好一个 无线设备 的参数,然后再设置与这个 无线设备 相关的 无线接口 参数,从而构造出一个可以有效工作的无线局域网环境。

wifi-device 配置项

wifi-device 所配置的是指设备中无线通讯硬件,很多情况中,一个设备只有一个无线通讯接口,所以只有一个 wifi-device 配置项,如果有多个无线通讯设备则会有多个 wifi-device 配置项,每个配置项用来指定不同的接口。

一个最小的 wifi-device 配置就像下面的例子,需要注意的是其中所指定的不同的芯片类型和驱动。 

config 'wifi-device' 'wl0'
        option 'type'    'broadcom'
        option 'channel' '6'
  • wl0 是无线网卡的内置标识符
  • broadcom 表示芯片或驱动程序的类型
  • 6 指定无线网卡工作的无线频道

下表列出了设备节中所有的选项。注意:并非所有的芯片或驱动程序都适用于这些选项,请参考备注以便了解详情。

常用的选项

名称 类型 必须 默认值 描述
type string (autodetected) The type is determined on firstboot during the initial radio device detection - it is usually not required to change it. Used values are broadcom on brcm-2.4, atheros for madwifi or mac80211 for b43, ath5k and ath9k
phy integer (autodetected) Specifies the radio phy associated to this section, it is usally autodetected and should not be changed
:!: This option is only used for type mac80211
macaddr MAC address (autodetected) Specifies the radio adapter associated to this section, it is not used to change the device mac but to identify the underlying interface. The value is autodetected.
:!: This option is only used for type mac80211
disabled boolean 1 Disables the radio adapter if set to 1. Removing this option or setting it to 0 will enable the adapter
channel integer or “auto” auto Specifies the wireless channel to use. In station mode the value auto is allowed, in access point mode an actual channel number must be given
hwmode string (driver default) Selects the wireless protocol to use, possible values are 11b, 11bg, 11g, 11gdt (G + dynamic turbo, madwifi only), 11gst (G turbo, broadcom only), 11a, 11adt (A + dynamic turbo, madwifi only), 11ast (A + static turbo, madwifi only), 11fh (frequency hopping), 11lrs (LRS mode, broadcom only), 11ng (11N on 2.4GHz, mac80211 only), 11na (11N on 5GHz, mac80211 only) or auto
htmode string (driver default) Specifies the channel width in 11ng and 11na mode, possible values are: HT20 (single 20MHz channel), HT40- (2x 20MHz channels, 2. channel below) or HT40+ (2x 20MHz channels, 2. channel above).
:!: This option is only used for type mac80211
ht_capab string (driver default) Specifies the available capabilities of the radio. The values are autodetected.
:!: This option is only used for type mac80211
txpower integer (driver default) Specifies the transmission power in dBm
diversity boolean 1 Enables or disables the automatic antenna selection by the driver
rxantenna integer (driver default) Specifies the antenna for receiving, the value may be driver specific, usually it is 1 for the first and 2 for the second antenna. Specifying 0 enables automatic selection by the driver if supported. This option has no effect if diversity is enabled
txantenna integer (driver default) Specifies the antenna for transmitting, values are identical to rxantenna
antenna string (driver default) Selects the antenna, possible values are vertical for internal vertical polarization, horizontal for internal horizontal polarization or external to use the external antenna connector
:!: Only used on the Ubiquity NanoStation device family instead of the rxantenna/txantenna settings.
macfilter string disable Specifies the mac filter policy, disable to disable the filter, allow to treat it as whitelist or deny to treat it as blacklist.
:!: Not supported for the mac80211 type yet
maclist list of MAC addresses (none) List of MAC addresses to put into the mac filter.
:!: Not supported for the mac80211 type yet
country varies (driver default) Specifies the country code, affects the available channels and transmission powers. For type broadcom a two letter country code is used (EN or DE). The madwifi driver expects a numeric code.
:!: Not supported for the mac80211 type yet (supported in trunk)
distance integer (driver default) Distance between the ap and the furthest client in meters .
:!: Only supported by madwifi, and the mac80211 type (in trunk)

Broadcom参数

:!: The options below are only used by the proprietary Broadcom driver (type broadcom).

名称 类型 必须 默认值 描述
frameburst boolean no 0 Enables Broadcom frame bursting if supported
maxassoc integer no (driver default) Limits the maximum allowed number of associated clients
slottime integer no (driver default) Slot time in milliseconds

Madwifi参数

:!: The following options are only used by the Madwifi driver (type atheros).

名称 类型 是否必须 默认参数 描述
softled boolean no 1 Enables software based LED control in the driver
outdoor boolean no 0 Enables outdoor channels in the 5GHz band
regdomain number no (driver default) Overrides the regulatory domain setting

Wifi网络

A complete wireless configuration contains at least one wifi-iface section per adapter to define a wireless network on top of the hardware. Some drivers support multiple wireless networks per device:

  • broadcom if the core revision is greater or equal 9 (see dmesg | grep corerev)
  • madwifi always supports multiple networks
  • all other drivers do *not* support multiple networks yet

A minimal example for a wifi-iface declaration is given below. 

config 'wifi-iface'
        option 'device'     'wl0'
        option 'network'    'lan'
        option 'mode'       'ap'
        option 'ssid'       'MyWifiAP'
        option 'encryption' 'psk2'
        option 'key'        'secret passphrase'
  • wl0 is the identifier for the underlying radio hardware
  • lan specifies the network interface the wifi is attached to
  • ap is the opetion mode, Access Point in this example
  • MyWifiAP is the broadcasted SSID
  • psk2 specifies the wireless encryption method, WPA2 PSK here
  • secret passphrase is the secret WPA passphrase

常用的选项

The most common configuration option for wifi-iface sections are listed below.

名称 类型 必须 默认值 描述
device string (first device id) Specifies the used wireless adapter, must refer to one of the defined wifi-device sections
mode string ap Selects the operation mode of the wireless network, ap for Access Point, sta for managed (client) mode, adhoc for Ad-Hoc, wds for static WDS and monitor for monitor mode
ssid string OpenWrt The broadcasted SSID of the wireless network
bssid BSSID address no (driver default) Override the BSSID of the network, only applicable in adhoc or sta mode. In wds mode specifies the BSSID of another AP to create WDS with.
hidden boolean 0 Turns off SSID broadcasting if set to 1
isolate boolean 0 Isolate wireless clients from each other, only applicable in ap mode.
:!: Not supported for the mac80211 type yet
doth boolean 0 Enables 802.11h support.
:!: Not supported for the mac80211 type yet
wmm boolean 0 Enables WMM (802.11e) support.
:!: Not supported for the mac80211 type yet
network string lan Specifies the network interface to attach the wireless to
encryption string none Used wireless encryption, none for an open network, wep for WEP, psk for WPA-PSK and psk2 for WPA2-PSK. See the WPA modes table for additional possible values.
key number or string (none) Specifies the secret passphrase used for WPA PSK mode or the key index for WEP mode
key1 string (none) WEP Key #1 (selected by the index in key)
key2 string (none) WEP Key #2 (selected by the index in key)
key3 string (none) WEP Key #3 (selected by the index in key)
key4 string (none) WEP Key #4 (selected by the index in key)
ieee80211w integer 0 Enables MFP (802.11w) support (0 = disabled, 1 = optional, 2 = required).
:!: Only supported by the ath9k driver (in trunk)
ieee80211w_max_timeout integer (hostapd default) Specifies the 802.11w Association SA Query maximum timeout.
:!: Only supported by the ath9k driver (in trunk)
ieee80211w_retry_timeout integer (hostapd default) Specifies the 802.11w Association SA Query retry timeout .
:!: Only supported by the ath9k driver (in trunk)
:!: See the WPA tables below for a full listing of WPA related options used for WPA2 Enterprise (802.1x)

Madwifi参数

:!: The options in the table below only work with type atheros.

名称 类型 必须 默认值 描述
ar boolean 0 Enables AR support
bgscan boolean 0 Enables background scanning
bursting boolean 0 Enables frame bursting
compression boolean 0 Enables hardware compression
ff boolean 0 Enables fast frames
frag integer (none) Fragmentation threshold
mcast_rate integer (driver default) Use a fixed multicast rate
minrate integer (driver default) Limit the minimum rate used
maxrate integer (driver default) Limit the maximum rate used
nosbeacon boolean 0 Disables the hardware beacon timer, only applicable in Managed mode
sw_merge boolean 0 Disables the hardware beacon timer, only applicable in IBSS mode
probereq boolean 1 Enables probe responses (AP will not appear in wifi scans if disabled)
rate integer (driver default) Use a fixed rate
rts integer (driver default) Override the RTS/CTS threshold
turbo boolean 0 Enables turbo mode
uapsd boolean 0 Enables Unscheduled Automatic Power Save Delivery (UAPSD)
wds boolean 0 Enables Lazy-WDS, only applicable in Access Point or Managed mode
wdssep boolean 0 Separates WDS clients from each other
xr boolean 0 Enables XR support

WPA模式

Besides the WPA mode, the encryption option also specifies the group and peer ciphers to use. To override the cipher, the value of encryption must be given in the form mode+cipher. See the listing below for possible combinations.

WPA版本 Ciphers
psk2+tkip+ccmp
psk2+tkip+aes 		WPA2 Personal (PSK) TKIP, CCMP
psk2+tkip WPA2 Personal (PSK) TKIP
psk2+ccmp
psk2+aes
psk2 		WPA2 Personal (PSK) CCMP
psk+tkip+ccmp
psk+tkip+aes 		WPA Personal (PSK) TKIP, CCMP
psk+tkip
psk 		WPA Personal (PSK) TKIP
psk+ccmp
psk+aes 		WPA Personal (PSK) CCMP
mixed-psk+tkip+ccmp
mixed-psk+tkip+aes
mixed-psk 		WPA/WPA2 Personal (PSK) mixed mode TKIP, CCMP
mixed-psk+tkip WPA/WPA2 Personal (PSK) mixed mode TKIP
mixed-psk+ccmp
mixed-psk+aes 		WPA/WPA2 Personal (PSK) mixed mode CCMP
wpa2+tkip+ccmp
wpa2+tkip+aes 		WPA2 Enterprise TKIP, CCMP
wpa2+ccmp
wpa2+aes
wpa2 		WPA2 Enterprise CCMP
wpa2+tkip WPA2 Enterprise TKIP
wpa+tkip+ccmp
wpa+tkip+aes 		WPA Enterprise TKIP, CCMP
wpa+ccmp
wpa+aes 		WPA Enterprise CCMP
wpa+tkip
wpa 		WPA Enterprise TKIP
mixed-wpa+tkip+ccmp
mixed-wpa+tkip+aes
mixed-wpa 		WPA/WPA2 Enterprise mixed mode TKIP, CCMP
mixed-wpa+tkip WPA/WPA2 Enterprise mixed mode TKIP
mixed-wpa+ccmp
mixed-wpa+aes 		WPA/WPA2 Enterprise mixed mode CCMP

WPA Enterprise (Access Point)

Listing of Access Point related options for WPA Enterprise.

名称 默认值 描述
server (none) RADIUS server to handle client authentication
port 1812 RADIUS server port
key (none) Shared RADIUS secret
:!: The options below are not supported by the Broadcom nas authenticator
nasid (none) NAS ID to use for RADIUS athentication requests
wpa_group_rekey 600 WPA Group Cipher rekeying interval in seconds
ieee80211d 0 Enables IEEE 802.11d (“World Mode”) if set to 1

WPA Enterprise (Client)

Listing of Client related options for WPA Enterprise.

:!: At the time of writing only the madwifi driver supports WPA Enterprise in client mode.

名称 默认值 描述
eap_type (none) Defines the EAP protocol to use, possible values are tls for EAP-TLS and peap or ttls for EAP-PEAP
auth MSCHAPV2 Defines the phase 2 authentication method to use, only applicable if eap_type is peap or ttls
identity (none) EAP identity to send during authentication
password (none) Password to send during EAP authentication
ca_cert (none) Specifies the path the CA certificate used for authentication
priv_key (none) Specifies the path to the private key file used for authentication, only applicable if eap_type is set to tls
priv_key_pwd (none) Password to unlock the private key file, only works in conjunction with priv_key

配置WiFi加密

Howto setup wireless encryption with OpenWrt Kamikaze. You can do the same from within the LuCI WebUI (Network > Wifi) if you prefer a GUI.

生成Key

To generate a random password for your key you can use the pwgen program. pwgen is available for most Linux distributions and is also packaged for OpenWrt Kamikaze. Run it with e.g. pwgen --secret 13 1 - this generates one password with a length of 13 letters/numbers.

WPA加密

Broadcom的WiFi

Broadcom的无线芯片必须安装NAS的包。 

root@OpenWrt:~# opkg install nas

Atheros WiFi

For Atheros wireless chips install the hostapd package if your run in AP mode. 

root@OpenWrt:~# opkg install hostapd

TIP: If you only need WPA (PSK) encryption you can install the hostapd-mini package which does not depend on the zlib and libopenssl packages.

If you have a Atheros wireless and run it in client-mode you have to install the wpa-supplicant package instead of hostapd. 

root@OpenWrt:~# opkg install wpa-supplicant

配置WPA (PSK)

使用UCI配置的WPA(PSK)的加密。 

root@OpenWrt:~# uci set wireless.@wifi-iface[0].encryption=psk
root@OpenWrt:~# uci set wireless.@wifi-iface[0].key="your_password"
root@OpenWrt:~# uci commit wireless
root@OpenWrt:~# wifi

:!: For the key only letters (upper and lower case) and numbers are allowed. The length must be between 8 and 63 characters.

配置WPA2 (PSK)

使用UCI配置的WPA2(PSK)的加密。 

root@OpenWrt:~# uci set wireless.@wifi-iface[0].encryption=psk2
root@OpenWrt:~# uci set wireless.@wifi-iface[0].key="your_password"
root@OpenWrt:~# uci commit wireless
root@OpenWrt:~# wifi

:!: For the key only letters (upper and lower case) and numbers are allowed. The length must be between 8 and 63 characters.

Configuration is also possible via direct editing of /etc/config/wireless: 

	option encryption   psk
	option key	    "your_password"

See the uci文档 for information on configuration files in general and the sections above for a full outline of the wifi config file in particular.

WEP加密(不推荐)

为WEP密钥格式的一些注意事项:

  • The format for the WEP key for the key1 option is HEX

If you wish to use raw hex keys then you can skip to the UCI commands paragraph below. Raw hex keys have 10 hex digits (0..9, a..f) for 64-bit WEP keys and 26 hex digits for 128-bit WEP keys.

如果你不想使用原始的十六进制键然后按照下面的说明。

  • The length of a 64bit WEP key must be exact 5 characters
  • The length of a 128bit WEP key must be exact 13 characters
  • Allowed characters are letters (upper and lower case) and numbers

生成一个64位的WEP密钥: 

root@OpenWrt:~# echo -n 'awerf' | hexdump -e '5/1 "%02x" "\n"'
6177657266

生成一个128位的WEP密钥: 

root@OpenWrt:~# echo -n 'xdhdkkewioddd' | hexdump -e '13/1 "%02x" "\n"'
786468646b6b6577696f646464

现在,在UCI中使用你刚才生成的16进制的WEP密钥来设置加密。 

root@OpenWrt:~# uci set wireless.@wifi-iface[0].encryption=wep
root@OpenWrt:~# uci set wireless.@wifi-iface[0].key1="786468646b6b6577696f646464"
root@OpenWrt:~# uci set wireless.@wifi-iface[0].key=1
root@OpenWrt:~# uci commit wireless
root@OpenWrt:~# wifi

您可以配置最多四个WEP密钥。

启用/重启/关闭 无线接口

在 Openwrt下要 启用/重启/关闭 无线接口是使用命令 “wifi”来完成的。

启动无线接口:不带参数直接在命令行运行 wifi 命令;

如果修改了无线的配置,我们需要重新启动无线接口使配置生效,同样是不带参数直接在命令行下运行 wifi 命令;

如果需要关闭无线装置,加上“ down “参数使用 “wifi down”

大多数情况下新安装的 Openwrt 是默认关闭无线接口的。

重新生成配置

To rebuild the configuration file, e.g. after installing a new wireless driver, remove the existing wireless configuration (if any) and use the wifi detect command with stdout redirected to the /etc/config/wireless file: 

root@OpenWrt:~# rm -f /etc/config/wireless; wifi detect > /etc/config/wireless
This website uses cookies. By using the website, you agree with storing cookies on your computer. Also you acknowledge that you have read and understand our Privacy Policy. If you do not agree leave the website.More information about cookies
  • Last modified: 2020/12/30 00:01
  • by shorile