got yourself a gum
Two things were stopping me – new boards rumoured in the summer and the additional import fees (which I hear almost double their cost).
Last week a CFstix audio pack came up on ebay from a fairly reputable UK seller and I got it for cheap.
As you can see, it’s fucking tiny:
It gets a bit bigger (but still nowhere near a palmful) with the add-on boards.
400Mhz XScale PXA255 chip, 64Mb RAM and 4Mb flash, serial and USBnet, and a CF slot for wifi or storage. Oh, and sound if that’s your bag. Mighty nice.
Course, I haven’t powered it up yet (need a 2 → 3 pin adapter for the power brick), so it might be broken…
wpa for freebsd
Despite our ups and downs, for me there’s still
only one choice for a server OS .
Luckily, FreeBSD 6.x now has WPA supplicant in the base,
along with ipi/ipw (Centrino 802.11b/g support), and word is
the 5.x wrinkles are ironed out.
So I thought I’d do a BSD version of the
WPA howto
I wrote the other day.
0: ingredients:
- FreeBSD 6.0
- a WPA capable supported wireless NIC (mainly 802.11g kit). I’m using a Cardbus NEC WL54AG - piece of crap but supported by ath and only 20 notes on ebay. Replace ath0 with ipw/ipi/ndis as appropriate.
- a computer
- an access point (should work on ad-hoc WLANs, too)
- a rootprompt
1: patch your kernel
Sod’s law -
since we’re securing our WLAN you might as well do it right.
2: get your modules on
If your card doesn’t show up in ’ifconfig -a’, check dmesg. Mine said:
cardbus0: at device 0.0 (no driver attached) until I kldload if_ath, then I got:
ath_hal: 0.9.14.9 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413)
ath0: mem 0×88000000-0×8800ffff irq 12 at device 0.0 on cardbus0
ath0: Ethernet address: 00:0d:00:1d:41:1b
ath0: mac 5.9 phy 4.3 radio 3.6 3: setup /etc/wpa_supplicant.conf
If you’re accessing a pre-shared key WPA network, you should only need
to tweak the ‘psk=’, ‘proto=’ lines.
For anything else, read the (excellent)
wpa_supplicant.conf
manpage.
# used by wpa_cli(8) (see 'troubleshooting' below)
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
# boilerplate, essentially. see the example for a walkthrough
eapol_version=1
ap_scan=1
fast_reauth=1
# 'network' is a group of APs sharing a SSID
network={
ssid="YOURSSID"
# 'RSN' == 'WPA2'
proto=RSN WPA
# that's 'pre-shared key'
key_mgmt=WPA-PSK
# lists ciphers to try. CCMP is AES
# pairwise is for client <-> AP traffic, group is for broadcasts
pairwise=CCMP TKIP
group=CCMP TKIP
psk="hail beastie, baby"
}
4: setup your AP
(the faint-hearted should probably check they have ethernet access to it first)
You want to enable WPA-PSK and broadcast your SSID. On the WRT54G that goes:
- under ‘wireless’ → ‘basic wireless settings’
- enable “SSID broadcast” (no need for security by obscurity)
- under ‘wireless’ → ‘wireless security’
- set ‘security mode’ = ‘WPA2 personal’ (’enterprise’ needs a RADIUS server)
- WPA algorithms = ‘AES’ or ‘TKIP + AES’ (I went for plain AES)
- shared key = choose a long passphrase (it’s not like you’ll type it much)
Check you have everything you need (before you lose connectivity) and ‘save settings’.
5: gentlemen, start your NICs
As root, try this:
/etc/rc.d/wpa_supplicant forcestart ath0
/sbin/dhclient ath0 # or just 'ifconfig ath0 .....'and hopefully you’re back online.
Since I told my supplicant to try CCMP, then TKIP (the ’pairwise=…’ .conf line),
I was asked to kldload
wlan_ccmp
and restart the supplicant. If it fell through to TKIP it presumably want
wlan_tkip
.
6: automatic for the people
Assuming our /etc/wpa_supplicant.conf was good, we now want this
to start at boot.
First the loader has to pull in our modules. For my case, that’s
cat >> /boot/loader.conf if_ath_load="YES" wlan_ccmp_load="YES" wlan_tkip_load="YES"# can't hurt EOF
Now you just flag the interface as using WPA and DHCP:
cat >> /etc/rc.conf ifconfig_ath0="WPA DHCP" EOF
7: troubleshooting
wpa_supplicant will give you more detail than you could possibly want if you pass it
a ’-dd’ argument. A ’ps awwux|grep supplicant’ should give you the full command you’re
using, just add ’-dd’ to those arguments.
That should give you some idea where it’s failing, or at least get you a string to google for.
I also highly recommend
wpa_cli
for those who a) don’t want to hardcode a PSK in a cfg file, b) need to debug their connection or c) like talking to network processes for some reason.
8: homework schools out
Laptop users might want to play with devd and have the start_if.ath0 script run when you insert your NIC should be pleased to find you can now just plug in your card and devd will fire it up correctly for you. It even kills off wpa_supplicant and dhclient neatly when you eject the card.
unfortunate sequence of events
Apologies if anyone’s had trouble with the blog in the last few days.
I recently escaped Stalag MySQL and the postgresql schema load zeroed the id field sequences , so comments (ok, spam) probably weren’t publishable.
Articles certainly weren’t.
I must’ve lucked out on my test post – id 1 must have been free, so the constraint didn’t grumble.
Other than that and a wierd timewarp thing I’m really glad I switched. I’ve always disliked mysql, but on TextDrive there are more good reasons to switch.
- you don’t need to supply a password to psql, so you can cron backups in without all the worries about password safety
- dedicated db boxes are on the cards. I want to be on the pgsql server with the 2 dozen other guys rather than the mysql server with a bazillion php users (no offence boys, just a load thing).
live and learn
some things I learnt this holiday
- depp > wilder
- blotches don’t need a reason
- de caprio can act
- 4 square foot of wall produces an inordinate amount of plaster if you hit it right
- magnadoodle > etch-a-sketch
- it’s not quicker by train
- Tarquin should have paid up
- shitty wallpaper generally hides an even shittier wall
- jerkily animated woodpeckers aren’t creepy if you’re 2
- the public will hate you for having sex twice, but it’s ok to run away and lie when a coke-stuffed corpse is found in your pool
- sqlite is still the ginger stepchild of connection adapters
- there’s a reason the Goodies aren’t back on telly
- gin is fattening
Happy New Year to all both our readers.