I had a running setup with experimental 2005-04-23, nas from http://www.bingner.com/openwrt/. AP mode, WPA-PSK, TKIP.

Newer versions (2005-05-25, 2005-06-17) do not work with the nas binary for me. iwconfig says "encryption key:off". I found a recent post on this topic. The solution was to use a newer version of the nas binary: http://openwrt.alphacore.net/experiment … mipsel.ipk

But this does not work for me either. Moreover the mentioned post talks about changing the "-m 2" parameter to "-m 4". I do not understand why this needs to be changed. "-m 2" should mean WPA-PSK, while "-m 4" seems to undocumented.

Any ideas? Or would be a better idea to give wpa_supplicant a try?

There reason of changing option "-m 2" to "-m 4" was that I found it through Console (through COM1) when using LINKSYS Beta firmware 4.50.05 -> so I suppose new nas binary have change their option for this parameters (including new option such AES...)

So currently I use nico lasted testing firmware with the following packages

1. siproxd sip voip proxy -> it is working very goods
2. tc package for QoS
3. with modify firewall.user with port forwarding under /etc folder I able to public Windows 2000 PPTP Server, webserver behind LINKSYS WRT54GS to Internet

But I still have troubles with
1. Make DynDNS work and start automatically at startup, so I have use Dyndns client in my Webserver inside LAN
2. Unable to access LAN Webserver using Dyndns name (external IP address of WRT54GS)
(I didn't have about troubles when using LINKSYS original firmware)

Please advice how to fix this troubles

TuanND from VIETNAM

With firmware 4.50.05 you are using a WRT54GS. I have a WRT54G 2.2. Do they need different versions of nas? From which firmware is the package at http://openwrt.alphacore.net/experiment … mipsel.ipk?

I just fetched the beta firmware WRT54GV3.1_4.00.5_US_code.bin from the linksys server. But I'm not able to mount it. The method from http://openwrt.org/OpenWrtFaq does not work. The image does not seem to include the string "Compressed ROMFS". I tried different substrings with grep. Any hints how to extract this binary?

Oops, missed info a the package tracker. Says it's from 4.50.5 US. So it's from a WRT54GS firmware, not WRT54G.

But the question remains: do the G and GS version of the WRT need different nas binaries?

No way. The only hardware difference is the size of flash and ram, software differences are just some nvram variables.
The same binary works on both.

Just wanted to say that everything works fine now. I guess my main problem was that "iwconfig eth1" only shows a key if a wireless client is connected. I knew if WPA works, the key shows up there so I made most of my tests without trying to connect with the notebook.

As you have a serial console on your WRT, do you know how to use WPA2? The new beta firmware offers it, so the nas binary should be able to handle it.

Do I need to make some change(s) to the stuff on my website?

Current versions (both HEAD and whiterussian branch) use a new wireless driver (3.90.23.0). These versions require two changes:

* needs nas binary from Linksys beta firmware (4.50.05/4.00.5)
* PSK option changed from "-m 2" to "-m 4"

The nas binary can be found at: http://openwrt.alphacore.net/experiment … mipsel.ipk

Remaining questions:

* What do the new "-m" options do?
* How to enable WPA2?
* Is it possible to extract nas binary from Linksys firmware image? Method from the wiki does not work anymore with this version.

Edit: My impression is "wl0_wep" key is not needed. So either set it to "disabled" or remove it.

(Last edited by Yogi on 26 Jun 2005, 10:33)

Here are option of command nas of LINKSYS WRT54GS ver 4.50.5

1. Security disable
nas -P /tmp/nas.lan.pid -l br0 -H 34954

2. Security WPA-PSK TKIP
nas -P /tmp/nas.lan.pid -l br0 -H 34954 -i eth1 -A -m 4 -k <share-key> -s linksys -w 2 -g 3600

3. Security WPA-PSK AES
nas -P /tmp/nas.lan.pid -l br0 -H 34954 -i eth1 -A -m 4 -k <share-key> -s linksys -w 4 -g 3600

4. Security WPA-PSK TKIP+AES
nas -P /tmp/nas.lan.pid -l br0 -H 34954 -i eth1 -A -m 4 -k <share-key> -s linksys -w 6 -g 3600

5. Security WPA -RADIUS - TKIP
nas -P /tmp/nas.lan.pid -l br0 -H 34954 -i eth1 -A -m 2 -r <share-key> -s linksys -w 2 -g 3600 -h <Radius server ip> -p 1812 -t 36000

6. Security WPA2-PSK-TKIP
nas -P /tmp/nas.lan.pid -l br0 -H 34954 -i eth1 -A -m 128 -k <share-key> -s linksys -w 2 -g 3600

7. Security WPA2-RADIUS-TKIP
nas -P /tmp/nas.lan.pid -l br0 -H 34954 -i eth1 -A -m 64 -r <share-key> -s linksys -w 2 -g 3600 -h <Radius IP> -p 1812 -t 36000

8. Security WPA2-RADIUS-AES
nas -P /tmp/nas.lan.pid -l br0 -H 34954 -i eth1 -A -m 64 -r <share-key> -s linksys -w 4 -g 3600 -h <Radius IP> -p 1812 -t 36000

9. Security WPA2-PSK-TKIP Mixed
nas -P /tmp/nas.lan.pid -l br0 -H 34954 -i eth1 -A -m 132 -k <share-key> -s linksys -w 2 -g 3600

10. Security WPA2-RADIUS-TKIP Mixed
nas -P /tmp/nas.lan.pid -l br0 -H 34954 -i eth1 -A -m 66 -r <share-key> -s linksys -w 2 -g 3600 -h <Radius IP> -p 1812 -t 36000

11. Security WEP64bit -RADIUS
nas -P /tmp/nas.lan.pid -l br0 -H 34954 -i eth1 -A -m 32 -r <Radius share-key> -s linksys -w 1 -I 1 -K <WEP share key> -h <Radius IP> -p 1812 -t 36000

12. Security WEP64bit (same as security disabled and nas daemon is not running)
nas -P /tmp/nas.lan.pid -l br0 -H 34954

I can concur with all of the above information.  Having downloaded the latest release of OpenWRT today, the recommended nas binary (http://openwrt.alphacore.net/experiment … mipsel.ipk) and reconfigured the S41wpa script supplied by sbinger (http://www.bingner.com/openwrt/wpa.html) to use the "-m 4" option , my wireless link works perfectly - as it did three hours ago when I was running official Linksys firmware on my WRT54G v2.2.

Way to go ppls, this is awesome stuff.

Kaldek

P.S.  For anyone who is curious, WPA "AES" is more secure than WPA "TKIP" because it uses AES-CCMP cryptography with all the benefits of TKIP (I keep seeing this question on the 'net).  By using AES it is effectively then considered WPA2 (I also keep seeing questions on "how to use WPA2" on the 'net).  If you don't believe me, I quote directly from the media briefing on WPA2 at wi-fi.org when I say "The primary difference between WPA and WPA2 is the encryption algorithm used - RC4 and AES respectively".  Unfortunately, when we use WPA with "TKIP", it means "TKIP using the RC4 algorithm", and when we use WPA with "AES" it means "TKIP using the AES-CCMP algorithm".  It is not, in any way, obvious.

(Last edited by kaldek on 30 Jun 2005, 14:10)

BTW, it is possible to have both WPA and no WPA for an access point ?

Hey WPA users,
I just made a package containing the current version of nas (works with whiterussian) and init/hotplug scripts. The scripts are basically those from http://www.bingner.com/openwrt with added WPA2 support. Please try this package and let me know if it works. You can get it here: http://openwrt.inf.fh-brs.de/~nbd/non-free/

Great stuff.  I had to hack up the nas script myself so it's great that there's a package out there for it now.  I would have done the same myself but I didn't get around to installing all the source on my Gentoo box.

Kaldek

Works for me. WPA2-PSK-AES settings.

Just one note: I guess /var/run/ would be a better location for the pid file.

Is it possible to run wpa or wpa2 with boxes which are in ad-hoc mode (I use olsr as the mesh-routing protocol)?

Honestly I don't know, but this sounds less like a question for OpenWRT, and more like a question for 802.11 WPA in general.  I'd recommend googling this and looking for as much info on the limitations of ad-hoc mode as possible.

Personally, I'd guess that you can't do WPA and ad-hoc mode.

Kaldek

Trying to get WDS (and WPA) working on WhiteRussian.

I've read all the threads I can get my hands on and I'm not sure where things stand with this release.  The release notes kind of point to WDS problems but then it sounds like if you change some things around and hold your tongue right you can get it to work.  I'd like to hear from someone who has WhiteRussian RC1 doing WDS+WPA-PSK on a WRT54GS.  So far I've tried it between two rev 1.0 boxes and a 1.1 and 2.0 box without getting it working.

I followed these instructions http://jean.nu/view.php/page/openwrt to start off with.

I didn't follow the instructions on extracting the nas binary and instead saw a post that said someone (nbd) made .ipk's of the new nas, S41 & hotplug scripts so then I installed the two packages from http://openwrt.inf.fh-brs.de/~nbd/non-free/ instead of wgetting the ones in the instructions from the first link I mentioned.

I can't ping from one WRT to the other over the wireless so I guess they are not associating etc.  I've tried about all I can think of.

I may fall back to the experimental version I see people having the most success with and try that since the release notes of WhiteRussian point to issues with WDS.

If anyone has this working and can square me away I really would appreciate it.  I'll try to figure out how to post my nvram settings and my S41 & hotplug scripts so others can check me out since I obviously don't know what I'm doing!

Thanks!

Update on my situation.

I was able to get WDS working (without WPA-PSK) on my two WRT54GS V1.0 boxes running 2005-05-25 experimental.  This was after I finally gave up and ran mtd erase nvram to go back to defaults.

After being able to ping from one box to the other over the wireless link, I tried to get WPA-PSK working after installing these packages:
http://downloads.openwrt.org/whiterussi … mipsel.ipk
http://downloads.openwrt.org/whiterussi … mipsel.ipk

I set all of my nvram settings according to these instructions:
http://jean.nu/view.php/page/openwrt

I couldn't ping once I set the WPA-PSK nvram settings.  I tripple checked everything and tried all I knew and couldn't get it to work.

I changed clockfreq to 216 and got both boxes hung in the reset cycle.  Time to make a JTAG cable!

Next I tried to get whiterussian working with my remaining WRTGS V1.1 and V2.0 box.  Here is what I have done so far:

Installled whiterussian binary
Did a mtd erase nvram to start with fresh nvram settings.  nvram get wl0_hwaddr does nothing by the way.
Did an ipkg update & upgrade
installed packages:
http://downloads.openwrt.org/whiterussi … mipsel.ipk
http://downloads.openwrt.org/whiterussi … mipsel.ipk

Saw the post where wl0_wds doesn't work so I did the wl wds <my other boxes MAC> on both boxes.  If I do a wl wds right after this command it displays the MAC I entered.  After a reboot, running wl wds shows nothing.  Is this right?

The WLAN light will blink some but I am still not able to ping one WRT box from the other over the air using the wireless interface.

iwconfig displays:
lo        no wireless extensions.

eth0      no wireless extensions.

eth1      IEEE 802.11-DS  ESSID:"Temple"
          Mode:Master  Frequency:2.412 GHz  Access Point: 00:13:10:19:32:2F
          Tx-Power:31 dBm
          RTS thr=2347 B   Fragment thr=2346 B
          Encryption key:off

br0       no wireless extensions.

vlan0     no wireless extensions.

vlan1     no wireless extensions.

I only tried to get WDS working with whiterussian (following the WDS+WPA-PSK instructions above) up to the point where you should be able to ping the other box.  I didn't try setting any of the WPA settings yet except for the ssid.

If someone has WDS+WPA-PSK working on a WRT54GS 1.1 or 2.0 box,  please, please, pretty please square me away.

Here are the nvram setting so far of box 1:

root@wrt1:/sbin# nvram show
wan_ipadd=192.168.2.1
os_ram_addr=80001000
boardrev=0x10
il0macaddr=00:13:10:19:32:2f
bootnv_ver=2
et0macaddr=00:13:10:19:32:2D
boot_wait=on
watchdog=5000
et0mdcport=0
pmon_ver=CFE 3.61.13.0
gpio5=robo_reset
vlan0ports=1 2 3 4 5*
os_flash_addr=bfc40000
sromrev=2
boardtype=0x0708
lan_netmask=255.255.255.0
wl0_ssid=Temple
wl0id=0x4320
ag0=255
wl0gpio2=0
wl0gpio3=0
boardflags2=0
wl0_afterburner=off
wan_proto=static
pa0itssit=62
cctl=0
lan_ifnames=vlan0 eth1
lan_dns=216.12.0.20
pa0maxpwr=0x4e
clkfreq=200
lan_ipaddr=192.168.0.59
vlan1hwname=et0
aa0=3
sdram_config=0x0062
vlan1ports=0 5
scratch=a0180000
eou_private_key=77a9ed52bfd4694227ff972bf16e159e6b6bf30a9152715fbcd962815ac11f8fdac17149d9b2785f3d9b6d2f86a72d07489125803093fcd108770390e97bf6a616cb99db9394159b6934f028a5b0b691991f7429560e78127211ce17f83c0b5dfa6ba77f8299749f65cfcc62c2cfde0039604a17f1768d92ff22a287781acef1
ccode=0
eou_device_id=BKZFVK7U
lan_ifname=br0
boardflags=0x118
sdram_refresh=0x0000
sdram_ncdl=0xfeff09
et0phyaddr=30
wan_hostname=wrt1
pa0b0=0x15eb
pa0b1=0xfa82
pa0b2=0xfe66
sdram_init=0x000b
vlan0hwname=et0
dl_ram_addr=a0001000
boot_ver=v3.4
boardnum=42
eou_public_key=cb6dad0cac82b2f0773280fde73b24c0836ab6c52a3f5a55f43e5aa8b3e1e8daf3e273ca587c33084f21d33731b5cc8c61c38c8d1f61fa968e63ec7659b9234f57c782f67169702f593ec4d6000717bbf76f0929743cf2d568b7df05e0a862439da23ef1b7c827e1caac41a067351e15c889bc98c4933b22f5d68b32333c2d1511
size: 1427 bytes (31341 left)

Here is a dump of nvram settings on box 2:

root@wrt2:/# nvram show
os_ram_addr=80001000
il0macaddr=00:13:10:2e:0f:2c
boardrev=0x10
et0macaddr=00:13:10:2E:0F:2A
bootnv_ver=2
watchdog=5000
boot_wait=on
et0mdcport=0
pmon_ver=CFE 3.61.13.0
vlan0ports=1 2 3 4 5*
gpio5=robo_reset
os_flash_addr=bfc40000
sromrev=2
boardtype=0x0708
lan_netmask=255.255.255.0
wl0_ssid=Temple
wl0id=0x4320
ag0=255
wl0gpio2=0
wl0gpio3=0
boardflags2=0
wl0_afterburner=off
wan_proto=static
pa0itssit=62
cctl=0
lan_ifnames=vlan0 eth1
lan_dns=216.12.0.20
pa0maxpwr=0x4e
lan_ipaddr=192.168.0.60
clkfreq=200
aa0=3
vlan1hwname=et0
sdram_config=0x0062
vlan1ports=0 5
eou_private_key=3d2c023506f6062c848a934bf6c2f3bbacd85868bdad68ea42f8e80d3fa8d306f340136c573db0192f9ae860881198f1f05533fe22dba6331128e8cb33ebf7a903ceccd46d1bee6c70f215b7c60340c34717187f69b8c5ca5d77a63d3a47c3017720720deb4022c16ce47c7969bcbe5baaa167fd1570080a315eb8c383c45449
scratch=a0180000
ccode=0
eou_device_id=N59OE7IM
lan_ifname=br0
boardflags=0x118
sdram_refresh=0x0000
sdram_ncdl=0xfeff08
wan_ipaddr=192.168.2.1
et0phyaddr=30
wan_hostname=wrt2
pa0b0=0x15eb
pa0b1=0xfa82
pa0b2=0xfe66
sdram_init=0x000b
vlan0hwname=et0
dl_ram_addr=a0001000
boot_ver=v3.4
boardnum=42
eou_public_key=cffc078117aae1ca8f70c19be096d64ae545f9641e80cb1c7d4e482d0ba46717a173753d289e89ef3b75161501d56e69cabb4a60101e01e0d3f17de616ef16da0fca7582203f055b0d55c8fef685e2ee74fb2a96945c06e2543c51aa824e4d04d66e9b1b68c30b8692f109ac6eba8d986907f5d2f8cf349405961c8d4607bcdb11
size: 1428 bytes (31340 left)

I've also read about getting WDS+WPA-PSK working with the linksys firware then loading OpenWRT to get the right nvram settings.  This is about the only thing I have not tried!

Thanks in advance for any advice!

hutchman, I may be mistaken or not understand what you are doing, but I have WPA-PSK+aes working on a WRT-54GS with OpenWRT and your nvram settings do not seem to include the ones I found to control whether it works or not.  I posted these before:

http://openwrt.org/forum/viewtopic.php?id=2002

but here they are again:
----
wl0_lazywds=0
wl0_wds= <WRT-54G MAC> <--- my other WDS system
wl0_auth_mode = psk
wl0_crypto = aes
wl0_wep = disabled
wl0_wpa_psk = <passphrase>

It seems to take a while for the two systems to start talking to each other, but once they do, that's it!
----
Hope this helps.

Hey,

My goal is to get WDS & WPA-PSK working with AES.  My problem is I was able to get WDS working on my WRT54GS V1.0 boxes but couldn't get WPA working ... and I finally bricked (looped) them so then I had to give up and try again using a V1.1 and V2.0 box.  On these I installed whiterussian RC1.  I can't get WDS to work so I haven't even tried to set the WPA nvram settings as the instructions I was following says to get WDS working first, then try to get WPA working.

I just installed whiterussian RC2 yesterday but haven't gotten very far yet.  I have noticed though that doing a nvram get wl0_hwaddr still doesn't display the radio's MAC so I'm wondering if there is some magic to getting WDS working on RC2.   I hope to try things out more today.

Checking the options of the latest nas binary, it looks like the use of "WPA2" is a bit ambiguous.  As previously stated, all you need to use to get WPA2 is AES encryption because that normally also implies TKIP.  Just be aware of that.

Kaldek

Does anyone know if nas can be used to set up wpa-psk towards the WAN/ethernet interface in client/supplicant mode?

Thanks!