my router hates me

Michael Butash michael at butash.net
Sat Jun 13 17:43:08 MST 2009 

	Bob is right, you don't need a radius server to run WPA/WPA2.  Most of
your generic run o' the mill routers do PSK, preshare keys as other
members have stated.  This is fine for most any consumer.  This is
documented typically as WPA[2]-PSK.  If you have you ask what radius is,
you don't need it.  Try and go with WPA2-PSK (with aes specifically)
where possible, so long as your nic supports it.

	I love ubuntu, but their wireless capability tends to be crap before
8.10.  You also tend to have issues with the kind of adapter, hardware
crypto methods are dependent on the hardware supporting it.  Older
and/or cheap wifi nics tend to have a lot of particular driver issues,
especially usb ones.  I have an old ppc imac running ubuntu810 that
can't do over wep because of its ancient aircard, despite the supplicant
(wicd,networkmanager) supporting it, but offers no errors to tell you
this.  You just beat your head against a wall for half a day until you
realize your own futility.  Moral of the story, make sure yours does.

	Prior to ubuntu810, i simply used scripts launching wpa_supplicant for
most non-PSK authentication methods (leap,peap), and typically even
sometimes psk because networkmanager was really quite wack prior.  The
newest networkmanager under 8.10 is mostly pretty solid, finally giving
me windoze-like guiness for simplifying my wireless even in enterprise
networks.  I can help with calling wpa_supplicant direct if you _have_
to, but if you don't like or are used to using a command-line, it's not
much of an option.

So I ask these:

1) What kind of nic are you using?  Use commands like "lsusb" or "lsmod
| grep mac" tend to be helpful.  Even the sticker on the box sometimes.
I can probably tell you if it's a pos, or should work, as research will
as well.  Doing enterprise wireless, ive had to try just about every
method on a ton of different wifi nic over the years to know what works
and what doesn't.

2) I saw prior you getting a 68.x.x.x address on your workstation - you
have your router connected incorrectly if so.  Only your "outside" or
"wan" ports should have anything not 192.168.0.0/16 or 10.0.0.0/8
addresses.  You should connect up your cable modem to the wan, and your
hosts on the other ports.  Most generic routers will hand you a
192.168.1.x/24 address, yours should as well on the lan or wireless.

3) I don't use wicd, but the results will be the same regardless.  When
you try to connect, on the command line type "iwconfig wlan0" and note
the result.  You should see most notably the ESSID as your SSID:

wlan0     IEEE 802.11abgn  ESSID:"your_essid"

If it does not, wicd isn't talking correctly to your nic.

4) Does yours specifically say WPA2 or WPA, also if mentions tkip or
aes?  These are quite relevant, and again, some nics doesn't support
combinations thereof. 

	I highly recommend moving to ubuntu 8.10 (or higher) and using native
network manager over wicd.  I think so long as your nic isn't wack/old,
you'll find it just works now.  If not for upgrading, look at getting a
backport of networkmanger 7.0 from hardy-backports and try it (google
it).  Also consider getting another nic, I try to use intel's
exclusively, as they ultimately have better/best support for various
encryption and authentication standards, especially for enterprise.
Intel contributes source code as well, unlike broadcom or other random
chinese chipsets of the week.

-mb


On Sat, 2009-06-13 at 15:43 -0700, Bob Elzer wrote:
> I have a D-Link DI624, I am running WPA2 with AES and PSK.
> 
> And I don't have a radius server.
> 
> It works fine.
> 
>  
> 
> -----Original Message-----
> From: plug-discuss-bounces at lists.plug.phoenix.az.us
> [mailto:plug-discuss-bounces at lists.plug.phoenix.az.us] On Behalf Of Craig
> White
> Sent: Saturday, June 13, 2009 1:29 PM
> To: Main PLUG discussion list
> Subject: Re: my router hates me
> 
> On Sat, 2009-06-13 at 13:14 -0700, Robert Holtzman wrote:
> > On Fri, 12 Jun 2009, kitepilot at kitepilot.com wrote:
> > 
> > > BTW...
> > > You seem to have the router configured for WPA.
> > > WPA won't work without some serious tinkering and some other 
> > > resources, like servers and all sort of ugly stuff.
> > > That may be the source of your problem.
> > > Turn it off.
> > 
> > I haven't seen this mentioned in all the not inconsiderable reading 
> > I've done. The only reference I've seen to having to run a server is 
> > in connection with WPA/WPA2 and the AES algorithm where there has to 
> > be a RADIUS server involved. I'm running WPA with the TKIP algorithm.
> > 
> > If I'm wrong could you clarify or point me to a source? I ran across 
> > this at http://technet.microsoft.com/en-us/library/bb877996.aspx
> > 
> > "For environments without a RADIUS infrastructure, WPA supports the 
> > use of a preshared key. For environments with a RADIUS infrastructure, 
> > WPA supports EAP and RADIUS."
> > 
> > Forgive the source (M$).
> > 
> > As I mentioned in a previous post, the connection fails with or 
> > without encryption enabled.
> > 
> > Thanks for your continued patience. Between you and the other list 
> > members who have responded I know a bit more about networking than 
> > when I started.
> ----
> There are many forms of WPA but I think you are referring to WPA-PSK which
> is a 'pre-shared key' system. You put the pre-shared key into the 'access
> point/router' and also provide the same pre-shared key to whatever computer
> is trying to connect. WPA-PSK infers both an encryption method and an
> authentication method.
> 
> WPA (TKIP) or WPA2 (AES) are encryption methods and both would use a
> separate backend radius server for authentication.
> 
> Craig
> 
> 
> --
> This message has been scanned for viruses and dangerous content by
> MailScanner, and is believed to be clean.
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> 
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>

More information about the PLUG-discuss mailing list