[WLANware] WDS + WPA
oxis at gmx.de
oxis at gmx.de
Mon Oct 30 00:45:13 CET 2006
Hallo zusammen,
ich habe ein paar Probleme ein WDS Netzwerk aufzubauen. Kurz gesagt bekomme ich die beiden nicht dazu, im WDS AP Mode miteinander zu kommunizieren. Das ganze sollte dann noch verschlüsselt ablaufen über das nas Package.
Ich habe mal zusammen geschrieben, was ich meinen 2 WRT54G V2.2 angetan habe.
Vielleicht kann mir jmd sagen, was ich falsch mache. Vom Prizip her sollte es laufen. Ich kann mich sogar auf beide von meinen Schläppi aus verbinden. Nur untereinander wollen die WRT's nicht :-(
Danke im Voraus,
mfg
Stephan
PS: MAC's, IP's, PWD's habe ich nicht rausgestrichen. Ich bin mir der "Gefahr" bewusst.
-------------------------------------------------------------------------------
// SET UP of an new flashed WRT with WRT 54G
-------------------------------------------------------------------------------
-------------------------------------------------------------------------------
// Setting default NVRAM settings
-------------------------------------------------------------------------------
$ mtd erase nvram -r
router will delete all values from the NVRAM and reboot with factory default settings.
$ nvram boot_wait=on
$ nvram set clkfreq=216
$ nvram commit
$ nvram show | sort > /etc/nvram-dump.txt
@FILE /etc/nvram-dump.txt
aa0=3
ag0=255
boardflags2=0
boardflags=0x0118
boardnum=42
boardrev=0x10
boardtype=0x0708
boot_ver=v3.4
boot_wait=on
bootnv_ver=2
ccode=0
cctl=0
clkfreq=216
dl_ram_addr=a0001000
eou_device_id=OBTF2CLC
eou_private_key=9d89440becfb94d88520688674b082dd8f980e19265ec61be2a6d27f2c24ad0ece2763bc3dc588cca827c5af29cf272bfcc905f19f81f641eb9f058c7b4e531e0a1789c125853907fa3c6b31dd75cd9b5f2d975b5d64ed71c725d6714bb4913947a9442c91f00dac6f7fedf9afc30afc357614d7865e8a9e8b8d8db7c8300db1
eou_public_key=b28a8051c850535bca13a9a9732e722e4d680ffa5eafad52cdabffa132076ecc833db54cce8a89f902d7bde8a6d9b4ed95f4e49a5f7128289392175af2259167fbee532ab68084d9b7c5e736261c28e013434d601d02ea9d6ceeb8d7eb74884911c4c823c8ca08f0dc158ae201331dfef4fcf615f733b2bb19bcded40fdc2abb11
et0macaddr=00:12:17:DD:E2:1A
et0mdcport=0
et0phyaddr=30
gpio5=robo_reset
il0macaddr=00:12:17:dd:e2:1c
lan_ifname=br0
lan_ifnames=vlan0 eth1 eth2
lan_ipaddr=192.168.1.1
lan_netmask=255.255.255.0
lan_proto=static
os_flash_addr=bfc40000
os_ram_addr=80001000
pa0b0=0x15eb
pa0b1=0xfa82
pa0b2=0xfe66
pa0itssit=62
pa0maxpwr=0x4e
pmon_ver=CFE 3.61.13.0
scratch=a0180000
sdram_config=0x0062
sdram_init=0x010b
sdram_ncdl=0x0
sdram_refresh=0x0000
sromrev=2
vlan0hwname=et0
vlan0ports=1 2 3 4 5*
vlan1hwname=et0
vlan1ports=0 5
wan_device=vlan1
wan_ifname=vlan1
wan_proto=dhcp
watchdog=5000
wl0_ifname=eth1
wl0_infra=1
wl0_mode=ap
wl0_radio=1
wl0_ssid=OpenWrt
wl0gpio2=0
wl0gpio3=0
wl0id=0x4320
-------------------------------------------------------------------------------
// Setting network devices
-------------------------------------------------------------------------------
+----------------------------+
| br0 |
| (unused) |
+----------------------------+
+--------+ +--------++--------++--------+ +--------+ ------------------> Antenne 1
| ppp0 | | eth0 || eth1 || lo0 | | wl0 | 802.11 WiFi
| (wan) | | || (wifi) || (loop) | | | controller
+--------+ +--------++--------++--------+ +--------+ ------------------> Antenne 2
| | |
| +----------------------------+
|
+--------+
| port5 |
+--------+
|
+-------------+-------------+
| |
+--------+ +--------+
| vlan1 | | vlan0 |
+--------+ +--------+
| |
| +---------+----+----+---------+
| | | | |
+--------+ +--------++--------++--------++--------+
| port 0 | | port 1 || port 2 || port 3 || port 4 |
+--------+ +--------++--------++--------++--------+
Port0 = WAN
Port1 = Switch
Port2 = Switch
Port3 = Switch
Port4 = Switch
Sicherstellen, dass br0 nicht gesetzt ist
$ nvram unset lan_ifnames
Port0 vlan1 zuweisen
$ nvram set vlan1ports="0 5"
$ nvram set vlan1hwname=et0
$ nvram commit
Port1-4 vlan0 zuweisen. Das "*" in vlan1 bewirkt eine Art "default" Route für den Traffic, der kein VLAN Tag gesetzt hat.
$ nvram set vlan0ports="1 2 3 4 5*"
$ nvram set vlan0hwname=et0
$ nvram commit
-------------------------------------------------------------------------------
// Configuring network devices
-------------------------------------------------------------------------------
WAN interface konfigurieren : device vlan0
$ nvram set wan_ifname=vlan1
$ nvram set wan_device=vlan1
$ nvram set wan_proto=dhcp
$ nvram commit
LAN Switch konfigurieren : device vlan1
$ nvram set lan_ifname=vlan0
$ nvram set lan_proto=static
$ nvram set lan_ipaddr=192.168.1.1
$ nvram set lan_netmask=255.255.255.0
$ nvram commit
WiFi Interface konfigurieren device eth1
$ nvram set wifi_ifname=eth1
$ nvram set wifi_proto=static
$ nvram set wifi_ipaddr=10.0.0.1
$ nvram set wifi_netmask=255.255.255.0
$ nvram unset wl0_country
$ nvram unset wl_country
$ nvram unset wl_country_code
$ nvram unset wl_chan_list
$ nvram unset wl_channel
$ nvram set wl0_ifname=eth1
$ nvram set wl0_ssid="DeepBlue"
$ nvram set wl0_channel="11"
$ nvram set wl0_mode=ap
$ nvram set wl0_infra=1
$ nvram set wl0_closed=0
$ nvram set wl0_country_code=All
-------------------------------------------------------------------------------
// DHCP für wired und wireless connections
-------------------------------------------------------------------------------
DHCP für den LAN Bereich konfigurieren (Für Failsave im NVRAM)
$ nvram set dhcp_start=100 <start_number>
$ nvram set dhcp_num=50 <number of hosts>
$ killall -9 dnsmasq; /etc/init.d/S50dnsmasq
DHCP für den WLAN Bereich konfigurieren
@FILE /etc/hosts
127.0.0.1 localhost
192.168.1.1 rtr01-wrt
192.168.1.2 rtr02-wrt
# allow /etc/hosts and dhcp lookups via *.lan
local=/lan/
domain=lan
@FILE /etc/dnsmasq.conf
# filter what we send upstream
domain-needed
bogus-priv
filterwin2k
localise-queries
# allow /etc/hosts and dhcp lookups via *.lan
local=/lan/
domain=lan
expand-hosts
# enable dhcp (start,end,netmask,leasetime)
dhcp-authoritative
#dhcp-range=192.168.1.100,192.168.1.250,255.255.255.0,12h
dhcp-leasefile=/tmp/dhcp.leases
# dhcp-range=[network-id,]<start-addr>,<end-addr>[[,<netmask>],<broadcast>][,<default lease time>]
# added by BLAB, Stephan; 2006-10-29
# DHCP sowohl als auf dem LAN Port, als auch auf dem WLAN Port bereit stellen
dhcp-range=lan,192.168.1.100,192.168.1.254,255.255.255.0,24h
dhcp-range=wlan,10.0.0.100,10.0.0.254,255.255.255.0,5h
# STD. NETWORK SETTINGS LAN
# default route: dhcp-option=3,192.168.1.1,192.168.1.2
# dns server(s): dhcp-option=6,192.168.1.1,192.168.1.2
# added by BLAB, Stephan; 2006-10-29
# set the default route for dhcp clients on the wlan side to 10.0.0.1
dhcp-option=wlan,3,10.0.0.1
#set the dns server for the dhcp clients on the wlan side to 10.0.0.1
dhcp-option=wlan,6,10.0.0.1
#set the default route for dhcp clients on the lan side to 192.168.1.1
dhcp-option=lan,3,192.168.1.1
#set the dns server for the dhcp clients on the lan side to 192.168.1.1
dhcp-option=lan,6,192.168.1.1
# use /etc/ethers for static hosts; same format as --dhcp-host
# <hwaddr> <ipaddr>
read-ethers
Jetzt starten wir den DHCP Server nochmal
$ killall -9 dnsmasq ; /etc/init.d/S50dnsmasq
Anmerkung: Firewall anpassen nicht vergessen für device eth1
quickchange zum testen in
@FILE /etc/init.d/S45firewall
...
iptables -A FORWARD -i $WLAN -o $WAN -j ACCEPT
...
-------------------------------------------------------------------------------
// Starting Syslog Daemon syslogd
-------------------------------------------------------------------------------
@FILE /etc/init.d/S11syslogd
#!/bin/sh
# SYSLOG daemon
#
# This file handles the SYSLOG Daemon
#start syslog daemon in background
/sbin/syslogd &
$ chmod +x /etc/init.d/S11syslogd
-------------------------------------------------------------------------------
// Starting NTP time sync
-------------------------------------------------------------------------------
$ ipkg install ntpclient
Setzen der Timezone
$ echo "CET-1CEST-0200,M3.5.0/02:00:00,M10.5.0/03:00:00" >/etc/TZ
@FILE /etc/init.d/S60ntpclient
#!/bin/sh
# NTP time syncronisation
#
# This files handles the time syncronisation with a NTP server
# kill any existing ntpclient processes
# (they can get stuck if no route to target host)
/usr/bin/killall ntpclient
# do time sync
/usr/sbin/ntpclient -l -h ptbtime1.ptb.de -c 1 -s &
$ chmod +x /etc/init.d/S60ntpclient
$ crontab -e
# NTP update allways at 6.00
0 6 * * * /etc/init.d/S60ntpclient
-------------------------------------------------------------------------------
// WPA + AES installieren
-------------------------------------------------------------------------------
Firmware-Erweiterung installieren (NAS package)
$ ipkg install nas
eth1 kurz verschlüsseln und mit schläppi nachschauen, ob verschlüsselung tut
/usr/sbin/nas -P /tmp/nas.lan.pid -l eth1 -H 34954 -i eth1 -A -m 4 -k CiscoWPA -s YourSSID -w 2 -g 3600
-------------------------------------------------------------------------------
// Wireless Distribution System (WDS)
-------------------------------------------------------------------------------
wl0_lazywds = Accept WDS connections from anyone (0:disabled 1:enabled)
wl0_wds = List of WDS peer mac addresses (xx:xx:xx:xx:xx:xx, space separated)
MAC Adresse Router 1 = "00:12:17:DD:E2:1C"
MAC Adresse Router 2 = "00:13:10:2F:CC:16"
nvram set wl0_lazywds=0
nvram set wl0_wds=00:12:17:DD:E2:1C
nvram commit
ifup wifi; /sbin/wifi
hm .... tut nicht ....
...
lesen
...
NVRAM setting on Router 1
nvram set wl0_auth_mode=psk
nvram set wl0_channel=1
nvram set wl0_closed=0
nvram set wl0_crypto=tkip
nvram set wl0_ifname=eth1
nvram set wl0_infra=1
nvram set wl0_lazywds=0
nvram set wl0_mode=ap
nvram set wl0_radio=1
nvram set wl0_ssid=rtr01-wrt
nvram set wl0_wds=00:13:10:2F:CC:16
nvram set wl0_wep=disabled
nvram set wl0_wpa_gtk_rekey=3600
nvram set wl0_wpa_psk=CiscoWPA
nvram set wl0_wds_ssid=0x11
NVRAM setting on Router 2
nvram set wl0_auth_mode=psk
nvram set wl0_channel=1
nvram set wl0_closed=0
nvram set wl0_crypto=tkip
nvram set wl0_ifname=eth1
nvram set wl0_infra=1
nvram set wl0_lazywds=0
nvram set wl0_mode=ap
nvram set wl0_radio=1
nvram set wl0_ssid=rtr01-wrt
nvram set wl0_wds=00:12:17:DD:E2:1C
nvram set wl0_wep=disabled
nvram set wl0_wpa_gtk_rekey=3600
nvram set wl0_wpa_psk=CiscoWPA
nvram set wan_proto=none
nvram set lan_gateway=192.168.1.1
nvram set lan_dns= 10.10.10.252
nvram set wl0_gmode=1
--
Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!
Ideal für Modem und ISDN: http://www.gmx.net/de/go/smartsurfer
More information about the WLANware
mailing list