wpa2 hostap setup

[Michael Proto]

On Tue, Mar 3, 2009 at 12:02 AM, Randy Bush <randy at psg.com> wrote:
> i386 (soekris) 8-current
>
> i currently have
>
> wlans_ath0="wlan0 wlan1"
> create_args_wlan0="wlanmode hostap channel 11 ssid rgnet-aden wep wepkey itsasecretsilly weptxkey 1 media autoselect mode 11g up"
> create_args_wlan1="wlanmode hostap ssid rg-free up"
> cloned_interfaces=bridge0
> ifconfig_bridge0="192.168.0.1 addm vr1 addm vr2 addm vr3 addm wlan0 addm wlan1 up"
> ifconfig_vr1=up
> ifconfig_vr2=up
> ifconfig_vr3=up
>
> i want to go to a more reasonable over the air crypt sceheme, e.g. wpa2.
> clients are mac, airport express, and winxp.  is there a well known
> recipe?
>
> i think i need to run hostapd with a hostapd.conf something like
>
>    interface=wlan0
>    ctrl_interface=/var/run/hostapd
>    ctrl_interface_group=0
>    ssid=rgnet-aden
>    country_code=JP
>    hw_mode=g
>    channel=42
>    auth_algs=3
>    wpa=1
>    wpa_passphrase=itsasecretsilly
>    wpa_key_mgmt=WPA-PSK
>
> i could not really understand the dual bssid stuff and many of the
> options.  and when i get that sorted, what do i do to my /etc/rc.conf?
>

First, if you want to use WPA2, you'll want to change the hostapd.conf
options a bit:

wpa=2
wpa_pairwise=CCMP TKIP (or just wpa_pairwise=CCMP)

You also don't need the wep settings in the ifconfig statement for
wlan0 in your rc.conf, hostapd will take care of the encryption bits.
Here's all my rc.conf has for my wlan0 interface (and I'm using WPA2
with it as well, which is configured as in hostapd.conf) which has
been working very well for a variety of clients for some time now:

ifconfig_ath0="mode 11g"
wlans_ath0="wlan0"
create_args_wlan0="wlanmode ap"
ifconfig_wlan0="inet 192.168.1.1 netmask 255.255.255.0 channel 11"



-Proto