my router hates me

Bob Elzer bob.elzer at gmail.com
Sat Jun 13 17:51:01 MST 2009 

What do you mean "Run of the Mill"

Mine has blinking lights and an antenna.

:-)

 

-----Original Message-----
From: plug-discuss-bounces at lists.plug.phoenix.az.us
[mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of Michael
Butash
Sent: Saturday, June 13, 2009 5:43 PM
To: Main PLUG discussion list
Subject: RE: my router hates me

	Bob is right, you don't need a radius server to run WPA/WPA2.  Most
of your generic run o' the mill routers do PSK, preshare keys as other
members have stated.  This is fine for most any consumer.  This is
documented typically as WPA[2]-PSK.  If you have you ask what radius is, you
don't need it.  Try and go with WPA2-PSK (with aes specifically) where
possible, so long as your nic supports it.

	I love ubuntu, but their wireless capability tends to be crap before
8.10.  You also tend to have issues with the kind of adapter, hardware
crypto methods are dependent on the hardware supporting it.  Older and/or
cheap wifi nics tend to have a lot of particular driver issues, especially
usb ones.  I have an old ppc imac running ubuntu810 that can't do over wep
because of its ancient aircard, despite the supplicant
(wicd,networkmanager) supporting it, but offers no errors to tell you this.
You just beat your head against a wall for half a day until you realize your
own futility.  Moral of the story, make sure yours does.

	Prior to ubuntu810, i simply used scripts launching wpa_supplicant
for most non-PSK authentication methods (leap,peap), and typically even
sometimes psk because networkmanager was really quite wack prior.  The
newest networkmanager under 8.10 is mostly pretty solid, finally giving me
windoze-like guiness for simplifying my wireless even in enterprise
networks.  I can help with calling wpa_supplicant direct if you _have_ to,
but if you don't like or are used to using a command-line, it's not much of
an option.

So I ask these:

1) What kind of nic are you using?  Use commands like "lsusb" or "lsmod
| grep mac" tend to be helpful.  Even the sticker on the box sometimes.
I can probably tell you if it's a pos, or should work, as research will as
well.  Doing enterprise wireless, ive had to try just about every method on
a ton of different wifi nic over the years to know what works and what
doesn't.

2) I saw prior you getting a 68.x.x.x address on your workstation - you have
your router connected incorrectly if so.  Only your "outside" or "wan" ports
should have anything not 192.168.0.0/16 or 10.0.0.0/8 addresses.  You should
connect up your cable modem to the wan, and your hosts on the other ports.
Most generic routers will hand you a
192.168.1.x/24 address, yours should as well on the lan or wireless.

3) I don't use wicd, but the results will be the same regardless.  When you
try to connect, on the command line type "iwconfig wlan0" and note the
result.  You should see most notably the ESSID as your SSID:

wlan0     IEEE 802.11abgn  ESSID:"your_essid"

If it does not, wicd isn't talking correctly to your nic.

4) Does yours specifically say WPA2 or WPA, also if mentions tkip or aes?
These are quite relevant, and again, some nics doesn't support combinations
thereof. 

	I highly recommend moving to ubuntu 8.10 (or higher) and using
native network manager over wicd.  I think so long as your nic isn't
wack/old, you'll find it just works now.  If not for upgrading, look at
getting a backport of networkmanger 7.0 from hardy-backports and try it
(google it).  Also consider getting another nic, I try to use intel's
exclusively, as they ultimately have better/best support for various
encryption and authentication standards, especially for enterprise.
Intel contributes source code as well, unlike broadcom or other random
chinese chipsets of the week.

-mb


On Sat, 2009-06-13 at 15:43 -0700, Bob Elzer wrote:
> I have a D-Link DI624, I am running WPA2 with AES and PSK.
> 
> And I don't have a radius server.
> 
> It works fine.
> 
>  
> 
> -----Original Message-----
> From: plug-discuss-bounces at lists.plug.phoenix.az.us
> [mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of 
> Craig White
> Sent: Saturday, June 13, 2009 1:29 PM
> To: Main PLUG discussion list
> Subject: Re: my router hates me
> 
> On Sat, 2009-06-13 at 13:14 -0700, Robert Holtzman wrote:
> > On Fri, 12 Jun 2009, kitepilot at kitepilot.com wrote:
> > 
> > > BTW...
> > > You seem to have the router configured for WPA.
> > > WPA won't work without some serious tinkering and some other 
> > > resources, like servers and all sort of ugly stuff.
> > > That may be the source of your problem.
> > > Turn it off.
> > 
> > I haven't seen this mentioned in all the not inconsiderable reading 
> > I've done. The only reference I've seen to having to run a server is 
> > in connection with WPA/WPA2 and the AES algorithm where there has to 
> > be a RADIUS server involved. I'm running WPA with the TKIP algorithm.
> > 
> > If I'm wrong could you clarify or point me to a source? I ran across 
> > this at http://technet.microsoft.com/en-us/library/bb877996.aspx
> > 
> > "For environments without a RADIUS infrastructure, WPA supports the 
> > use of a preshared key. For environments with a RADIUS 
> > infrastructure, WPA supports EAP and RADIUS."
> > 
> > Forgive the source (M$).
> > 
> > As I mentioned in a previous post, the connection fails with or 
> > without encryption enabled.
> > 
> > Thanks for your continued patience. Between you and the other list 
> > members who have responded I know a bit more about networking than 
> > when I started.
> ----
> There are many forms of WPA but I think you are referring to WPA-PSK 
> which is a 'pre-shared key' system. You put the pre-shared key into 
> the 'access point/router' and also provide the same pre-shared key to 
> whatever computer is trying to connect. WPA-PSK infers both an 
> encryption method and an authentication method.
> 
> WPA (TKIP) or WPA2 (AES) are encryption methods and both would use a 
> separate backend radius server for authentication.
> 
> Craig
> 
> 
> --
> This message has been scanned for viruses and dangerous content by 
> MailScanner, and is believed to be clean.
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

More information about the PLUG-discuss mailing list