Ensuring wlan connection is encrypted
Hi, Hope this message isn't too OT for the list. I've just ventured into WiFi networking for the first time in order to link two PCs together. Both running SuSE 8.2, with identical Netgear MA111 miniature USB nics with the latest drivers compiled from http://www.linux-wlan.org/ After a little fun and games getting them to speak to each other they are now working well in ad-hoc mode with fixed IP addresses, so I have set them up to use WEP encryption, just so that traffic between the machines has some form of encryption. I have an identical /etc/wlan/wlancfg-MyNetwork file on both the pcs - details below with keys altered... But iwconfig returns a line that says "Encryption key:off". Should this be on, if WEP is enabled? Is there any way to verify that traffic over the wlan0 interface is actually encrypted? What tools can I use? Thanks in advance, Jason /etc/wlan/wlancfg-MyNetwork: #=======USER MIB SETTINGS============================= # You can add the assignments for various MIB items # of your choosing to this variable, separated by # whitespace. The wlan-ng script will then set each one. # Just uncomment the variable and set the assignments # the way you want them. #USER_MIBS="p2CnfRoamingMode=1 p2CnfShortPreamble=mixed" #=======WEP=========================================== # [Dis/En]able WEP. Settings only matter if PrivacyInvoked is true lnxreq_hostWEPEncrypt=true # true|false lnxreq_hostWEPDecrypt=true # true|false dot11PrivacyInvoked=true # true|false dot11WEPDefaultKeyID=0 # 0|1|2|3 dot11ExcludeUnencrypted=true # true|false, in AP this means WEP is required. # If PRIV_GENSTR is not empty, use PRIV_GENTSTR to generate # keys (just a convenience) # add-ons/ in the tarball contains other key generators. PRIV_GENERATOR=/sbin/nwepgen # nwepgen, Neesus compatible PRIV_KEY128=true # keylength to generate PRIV_GENSTR="" # or set them explicitly. Set genstr or keys, not both. dot11WEPDefaultKey0=2b:c8:c7:b2:ea:4d:2f:d3:b9:83:e1:ff:ae dot11WEPDefaultKey1=7b:be:66:c7:84:e0:83:23:96:75:a1:72:f1 dot11WEPDefaultKey2=ce:9d:ab:01:b3:ed:fd:85:fa:e1:07:f0:58 dot11WEPDefaultKey3=29:4b:0f:76:98:e0:ed:47:28:68:f4:9a:3d #=======SELECT STATION MODE=================== IS_ADHOC=y # y|n, y - adhoc, n - infrastructure #======= INFRASTRUCTURE STATION =================== # What kind of authentication? AuthType="sharedkey" # opensystem | sharedkey (requires WEP) #======= ADHOC STATION ============================ BCNINT=100 # Beacon interval (in Kus) CHANNEL=2 # DS channel for BSS (1-14, depends # on regulatory domain) BASICRATES="2 4" # Rates for mgmt&ctl frames (in 500Kb/s) OPRATES="2 4 11 22" # Supported rates in BSS (in 500Kb/s)
Jason wrote:
But iwconfig returns a line that says "Encryption key:off". Should this be on, if WEP is enabled?
It should say something like "Encryption key:****-****-**" Are your cards capable of using 128 bit keys as per your config file? What happens if you use iwconfig to set the key? (This is a 64 (40) bit key) iwconfig [interface] key 0A0A-0A0A-0A sjb
On Wednesday 12 November 2003 16:49, sjb wrote:
It should say something like "Encryption key:****-****-**"
Are your cards capable of using 128 bit keys as per your config file?
According to the manual, they are.
What happens if you use iwconfig to set the key? (This is a 64 (40) bit key)
iwconfig [interface] key 0A0A-0A0A-0A
# iwconfig wlan0 key 0a0a-0a0a-0a Error for wireless request "Set Encode" (8B2A) : SET failed on device wlan0 ; Function not implemented. I think this is because the linux-wlan drivers don't interface correctly with iwconfig (they're read only) -- they use their own setup utilities wlanctl-ng and wlancfg . The command "wlancfg show wlan0" seems to confirm what's in my configuration files... amongst it's output is: dot11AuthenticationAlgorithmsEnable1=true dot11AuthenticationAlgorithmsEnable2=false dot11PrivacyInvoked=true dot11WEPDefaultKeyID=0 dot11ExcludeUnencrypted=true p2CnfWEPDefaultKeyID=0 p2CnfWEPFlags=0,1,4,7 p2CnfAuthentication=0 p2CnfRoamingMode=1 which seems to correspond to WEP and security... now does this mean the actual connection is encrypted? The linux-wlan FAQ mentions in passing host-based WEP -- which I assume is done in the driver, not in the nic hardware. Maybe this is why it's not showing with iwconfig... more experimentation needed, methinks. Thanks for your help, Jason
participants (2)
-
Jason
-
sjb