Page 2 of 5 FirstFirst 1234 ... LastLast
Results 16 to 30 of 75

Thread: WDS (Hybrid) problems....

  1. #16
    Join Date
    Jul 2004
    Location
    near Lyon @ France
    Posts
    195

    WPA or 802.1x over WDS

    Hi,

    I've two wileys actually configured with WDS (hybrid mode) over WEP128.

    I'm trying to migrate to WPA or WEP using a 802.1x/EAP-TLS authentication.
    I've freeradius setup and functional on one wiley, on which I can authenticate my users using EAP/TLS.

    I now have two problem :
    1) the 'nas' process which sometimes dies (tomilius has already written a nice thread on it).
    2) I'm unable to setup a working WDS between the two wileys when using 802.1x auth. I guess this is related to nas, but don't know where to start. Or maybe I need a "802.1x client" on the second wiley.

    My view is not really clear between encryption/authentication, so please correct me if some terms are unappropriate.

    Does somebody have allready setup a WDS link using WPA or WEP with 802.1x auth. ? any hints ?

    Thanks a lot.

    JF

  2. #17
    Join Date
    Dec 2003
    Location
    Russian Federation
    Posts
    8,353
    JF, this will not work with 1.9.2.7 for sure.

  3. #18
    Hello! I've never done WDS (I can't imagine myself buying another one of these things... *shudder*), but Oleg helped me with the nas problem you're having. First of all, put this in pre-boot (you know, after #!/bin/sh if you don't already have it, and don't forget to chmod +x):
    mount -obind /dev/null /usr/sbin/nas

    As you may be able to tell, that just makes it so when the system tries to call nas, it ends up reaching nothing (except /dev/null). This way, you can launch it on your own time after you've finished up loading freeradius (that is, it's finished loading itself up). Assuming you have freeradius configured correctly, here's what I added to post-boot:
    Code:
    # THIS IS THE TOP OF THE FILE
    # Bring down the WLAN interface until radius server is loaded
    wl down
    # THIS IS CLOSER TO THE BOTTOM IF NOT THE BOTTOM
    # Start freeradius
    /usr/local/sbin/start-radius
    
    # Wait for radius port 1812 to open before moving further...
    # You can change this to another method of checking to
    # make sure freeradius is fully loaded if you feel the need.
    # I'm not even fully sure that this is a good way to do it.
    i=0
    loaded=
    while [ -z "$loaded" ]
    do
     loaded=`netstat -an | grep ":1812" | grep ":*"`
     usleep 100000
     let "i += 1"
     if [ "$i" -eq 100 ]; then break; fi
    done
    
    # Sleep another second for good luck
    sleep 1
    
    # Bring the WLAN interface back up
    wl up
    # Start nas
    /usr/local/sbin/start-nas
    Here are some essential files (which need to be chmod +x'd as well);
    /usr/local/sbin/start-radius:
    Code:
    #!/bin/sh
    
    # The following ensures that the correct
    # library for libcrypto.so is being used
    # (the same one is located in /usr/lib in
    # older firmware but has recently been
    # change to libkrypto.so :) ).
    export LD_LIBRARY_PATH=/opt/lib
    export LD_PRELOAD=/opt/lib/libcrypto.so
    
    if [ -n "`pidof radiusd`" ]; then
        /bin/killall radiusd 2>/dev/null
    fi
    
    if [ ! -d /var/spool/log/radius ] ;  then
        mkdir -p /var/spool/log/radius
    fi
    
    # NOTE! I have a script set up to clean out
    # log files like this every few days (removes
    # the old .old and renames the .log to .old).
    # You may not want it to output to
    # /opt/radiusd.log unless you have space or
    # are willing to clean it or set up a cron
    # script as well. If you're not, just take out
    # " > /opt/radiusd.log", but you should
    # probably leave it at first for testing.
    /opt/sbin/radiusd -y -z -X -A > /opt/radiusd.log &
    /usr/local/sbin/start-nas
    Code:
    #!/bin/sh
    # Kill it if it's running
    killall nas
    # Use correct library
    export LD_LIBRARY_PATH=/usr/lib
    # Allow access to nas again (unmount
    # it from /dev/null)
    umount /usr/sbin/nas
    # I throw these in a lot. May/may not
    # be necessary. I haven't removed it
    # because "if it ain't broke don't fix it."
    # So shoot me.
    # Sleep for 10 milliseconds to (probably
    # unnecessarily) make time for an
    # umount.
    usleep 10000
    # Launch nas
    nas /tmp/nas.lan.conf /tmp/nas.lan.pid lan &
    OK, so, as far as I know nas dies (I think it commits suicide) if it can't contact the radius server, which in this case is freeradius and is itself. If it dies any other time for you, I'd suggest setting up a cron task to keep important stuff like that running.

    Sorry--in light of Oleg's post, this likely didn't help you very much.
    Last edited by tomilius; 01-06-2005 at 20:54.

  4. #19
    Join Date
    Jul 2004
    Location
    near Lyon @ France
    Posts
    195
    That is a long post for sure
    I knew I was right catching your attention on this

    It will help me for sure, resolving the nas die issue. Thank you very much Tomilius. I will give news as soon as it works.

    @Oleg :
    any structural reason this can't work ?
    anyway, what about a - not very nice - way that is :
    client mode with wpa_supplicant (I just pushed a first_attempt_package to unslung) on a wiley to register on the other one plus routing plus freeradius on both wiley to authenticate users. This is not very nice, I agree... but ?


    JF

  5. #20
    Quote Originally Posted by Jean-Fabrice
    That is a long post for sure
    I knew I was right catching your attention on this
    Well, don't be so sure. As I've said, I've never done WDS. And a lot of it was basically padding, lol, which is now located at http://wl500g.info/showthread.php?p=16351#post16351.

  6. #21
    Join Date
    Jul 2004
    Location
    near Lyon @ France
    Posts
    195
    Other idea :
    would it be possible (now or in a future firmware) to have wds and normal wifi supplicant using two differents authentication & encryption scheme ?
    wds bridge could use shared key while others 'normal' clients would use ... what they want...

    I can't figure now if this is totally absurd or not. If someone has good wifi knowledge, help is more than welcome.

    JF

  7. #22
    My WiFi knowledge isn't that good, but I can tell you that anything as advanced and obscure as what you're trying to do probably won't be easily or cheaply available on "this generation" of hardware. As for software (which is really the key but companies enjoy charging more and making it seem like hardware), Broadcom, I believe, holds the source code to the utilities necessary to allow such an advanced configuration... Maybe somebody else can confirm/deny this, but if that's true, then I don't think it will be possible with this router. Just my 2 cents.
    Last edited by tomilius; 09-06-2005 at 00:10.

  8. #23
    Join Date
    Dec 2003
    Location
    Russian Federation
    Posts
    8,353
    Quote Originally Posted by Jean-Fabrice
    @Oleg :
    any structural reason this can't work ?
    The problem is that WPA is broken in the 1.9.2.7 release... Also, it looks like this never worked with old firmwares too.

    anyway, what about a - not very nice - way that is :
    client mode with wpa_supplicant (I just pushed a first_attempt_package to unslung) on a wiley to register on the other one plus routing plus freeradius on both wiley to authenticate users. This is not very nice, I agree... but ?
    Have no idea. Does not look to be simple.

  9. #24

    WRT54g + WL500gx + WDS

    Hi,
    A couple of days ago I got a WL500gx. Not particularly for his routing capabilities but more for his wireless server capabilities (small, quit, power efficient, USB etc.). I configured it as a WDS client with my WRT54g but have some problems with it... see picture for an overview.

    This is the status and problem I have:
    • the wl500gx (configured as a WDS client) and wrt54g connect correctly via WDS.
    • the wl500gx has the latest OLEG firmware (5a).
    • the wrt54g is static configured as 192.168.1.1 and the wl500gx as 192.168.1.2.
    • when I connect my PC to the wl500gx i get a DHCP (different range than the DHCP from the wrt54g) and have internet connection via de wrt54g.
    • when I go back to the preffered situation where my PC is connected to the wrt54g, I can telnet to the wl500gx and can configure it.
    • when I telnet to the wl500gx and do 'ping 192.168.1.1' I get a reply.
    • when I telnet to the wl500gx and do 'ping google.nl' I get "network unreachable" or (I don't remember the setting) no reply at all, however I do get a DNS resolve.


    So, it seems that the wl500gx itself cannot connect to the internet while a pc connected to the wl500gx can?!? This results into that I cannot use the IPKG facility due to the fact that it needs internet. Does anywhone recognize this problem and knows a sollution?? I am not a complete newbie to linux but still lack mutch knowledge .

    Thanks in advance,
    Tom
    Attached Images Attached Images  

  10. #25
    On the wl500g you should set the wrt54g as default gateway

  11. #26
    Quote Originally Posted by phedny
    On the wl500g you should set the wrt54g as default gateway
    Owkee, but how do I do this... In the web control panel there is not an option for this I think... And which interface should have this as a default gateway?

  12. #27
    OK after some searching this seems to do the trick!!

    route add default gw 192.168.1.1

    Thanks for the tip!

  13. #28

    emule and WDS

    Hi,

    I have some problems using emule behind my second AP. I am using two 500g with WPA-PSK-encryption, one in Hybrid-Mode, one in Access-point-mode. The WDS+WPA-PSK works after some hard work (and the great help of some guys here ) fine, but now I have some probs with emule.

    At my main-Router I configured a virtual server:
    192.168.1.87 4662 TCP EMULE-TCP
    192.168.1.87 4672 UDP EMULE-UDP

    In the past when I used only one wl500g this works great, but now I have no chance to configure the virtual server at the second 500g (AP) and so I recieve everytime a lowID.

    Has someone some reccomendations?

    Thanks for your help!!

  14. #29
    Join Date
    Apr 2004
    Location
    Netherlands
    Posts
    1,307
    You probably gonna need to do the port-forwarding using iptables commands. Dunno how to though...

  15. #30

    mac filtering all over wds links

    i found out that mac filtering works per router base.
    so, i have to enter the same mac address allowed to enter my network all over my wds/repeater.

    is there an easy way to make this automatic?
    so, i only need to change the mac filter list in one router and all other wds/repeater gets their list from this one router.

    how can i do this?

    tnx.
    aztech adsl router -> asus wl500g w/ 1.9.2.7-5a fw -> linksys wrt54g w/ dd-wrt & hyperwrt as WDS

    http://www.ngobrol.com

Page 2 of 5 FirstFirst 1234 ... LastLast

Similar Threads

  1. Configuratie hybrid mode
    By allie09 in forum Dutch Discussion - Nederlands
    Replies: 4
    Last Post: 02-08-2005, 20:14
  2. DSL-Sharing with 2 WL-500g in Hybrid-Mode
    By fraho in forum WL-500g Q&A
    Replies: 1
    Last Post: 12-05-2005, 16:09
  3. WDS / Hybrid not working? or i'm just stupid..
    By Antiloop in forum WL-500g Q&A
    Replies: 105
    Last Post: 05-04-2005, 11:03
  4. What firmware to get WPA hybrid mode working ?
    By Jean-Fabrice in forum WL-500g Q&A
    Replies: 1
    Last Post: 21-02-2005, 15:04
  5. Using Hybrid with D-LINK DI-624
    By mr.destroyer in forum WL-500g Q&A
    Replies: 1
    Last Post: 14-07-2004, 09:10

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •