hostapd on new install issue?

[geekswordsman]

Hey everyone.

Just fresh installed the amd64 v4.4 on a new home server I'm building. Nothing too crazy, just an upgraded replacement over my current i386 v4.3 box. The main new feature is that I'm adding an atheros based wireless card to let the server act as a wap.

Everything installs correctly, but when I go to run hostapd, I get this:

# hostapd
hostapd: /etc/hostapd.conf: group/world readable/writeable
failed to open the main config file: /etc/hostapd.conf
# ls /etc/hostapd.conf
/etc/hostapd.conf
#

Not sure why it's having a problem opening - config file is in the right place ( I have even tried placing it elsewhere and specifying it, to no avail). I've tried the default config file as well as my custom one (pretty much just activating WPA and setting up the passphrase).

Any ideas on why it's doing this? If you need any additional info let me know.

[jggimi]

Use "ls -l" -- the error message says that the file is unprotected. It should be owned by root:wheel, chmod 600 (-rw-------).

[geekswordsman]

That solved it, and uncovered a new problem... Maybe I'm out of practice with my hostapd.conf writing, but it's rejecting what (used to) work just fine. Here's my file, with the lines that are causing errors marked with * :

---hostapd.conf---
*interface=ath0
driver=bsd
*logger_syslog=-1
*logger_syslog_level=0
*logger_stdout=-1
*logger_stdout_level=0
*debug=3
*dump_file=/tmp/hostapd.dump
*ctrl_interface=/usr/sbin/hostapd
ctrl_interface_group=wheel
ssid=mynetwork
macaddr_acl=0
*auth_algs=1

*wpa=1
wpa_passphrase=mynetworkpwphrase
wpa_key_magmt=WPA-PSK
wpa_pairwise=CCMP TKIP
---end hostapd.conf---

As you can see, all I'm trying to do is setup a simple WPA encryption on my wireless card. I've read through the man pages for hostapd.conf and couldn't see anyway to do it, and haven't been able to find an example though searches.

Any insights appreciated.

[jggimi]

It appears to me that the sample configuration file (the default install's /etc/hostapd.conf, that you apparently replaced with your own after doing a clean install, and prompting this thread), has been unchanged since February 2007.

I don't use hostapd. I've just looked at the man page. And it seems to me that:

Your first error is an apparent macro assignment and is attempting to using the reserved word "interface".

Your second line doesn't produce an error message, instead it assignes the macro "driver" and then never uses it.

And so on... repetitively, through the rest of the file.

Because you have destroyed your sample hostapd.conf file, I will replicate it here, so that you may copy/paste/edit as needed.

Code:

# $OpenBSD: hostapd.conf,v 1.11 2007/02/27 20:53:45 david Exp $
# sample hostapd configuration file
# see hostapd.conf(5)

# "wavelan is a battle field"

#
# Macros
#

# Define macros for the interfaces to be used by hostapd. The "wlan"
# interface is optional.
wlan="ath0"
wired="sis0"

#
# Tables
#

# Define the MAC addresses (BSSIDs) for your accesspoints in a table.
table <myess> {
    00:90:4b:0d:fd:c8,
    00:02:6f:21:ea:8b
}

# Address masks are providing a simple way to match by MAC vendor ID.
#
# table <senao> { 00:02:6f:ff:ff:ff & ff:ff:ff:00:00:00 }

#
# Global options
#

# Comment this option to run hostapd in passive IAPP logging mode.
set hostap interface $wlan

# Use default radiotap mode.
set hostap mode radiotap

# Uncomment these options to jump to the next channel every 2 seconds.
#set hostap hopper interface $wlan
#set hostap hopper delay 2000

# Use multicast (according to the revised standard).
set iapp interface $wired
set iapp mode multicast

# The following mode is compatible to some pre-standard IAPP implementations
#set iapp mode broadcast port 2313

#
# Event rules
#

# Log probe requests.
hostap handle type management subtype probe request \
    with iapp type radiotap

# Log and annoy foreign accesspoints.
#
# This will be logged as well but the important thing is to
# annoy other accesspoints in your wireless territory.
hostap handle type data bssid !<myess> \
    with frame type management subtype deauth reason auth expire \
    from &bssid to ff:ff:ff:ff:ff:ff bssid &bssid

# The first de-auth example will not work with some newer stuff, like
# iwi(4)/ipw(4) "centrino", because they ignore management frames to
# the broadcast address as a countermeasure against the "void11"
# attack.
#
# hostap handle type data bssid !<myess> \
#    with frame type management subtype deauth reason auth expire \
#    from &bssid to &from bssid &bssid

# Detect flooding of management frames except beacons.
# This will detect some possible Denial of Service attacks
# against the IEEE 802.11 protocol (like "void11").
hostap handle skip type management subtype ! beacon \
    with log \
    rate 100 / 10 sec

# Finally log any rogue accesspoints limited to every second.
hostap handle skip type management subtype beacon bssid !<myess> \
    with iapp type radiotap limit 1 sec

[geekswordsman]

Thankfully I've learned to always make backups of defaults, so I still have it

I guess what's confusing to me is that the configuration file I created works just fine with hostapd in FreeBSD. Doing a little digging I haven't seen anything that specifies different builds between FreeBSD and OpenBSD, including scouring the hostapd main site (http://hostap.epitest.fi/hostapd). In fact, the example hostapd.conf from their site, while much more detailed, is remarkably similar to mine...

Going to try and re-install using the 0.6.9 version directly from epitest, and see if that works. Thanks again for the help.

[geekswordsman]

Ok, some more searching and I've found that there are two different versions of hostapd, one by Jouni Malinen, the other by the OpenBSD folks, and they are, in fact, two very, very different beasts.

Saying that, what is the best way to configure a wap on OpenBSD? I had always read that hostapd was the quickest, easiest way, but so far it continues to thwart me.

Thanks.

[jggimi]

Quote:

Originally Posted by geekswordsman

...they are, in fact, two very, very different beasts....

That is usually the case. There are around 15 years of development separating the OSes.

Quote:

Saying that, what is the best way to configure a wap on OpenBSD?

OpenBSD's hostapd. But this time, be sure to use OpenBSD's man page, and edit the sample rather than using a FreeBSD configuration file.

[geekswordsman]

Well that would make sense. I'll poke at it and see what if I can't get it working.

I'm actually surprised by the lack of easily-findable information regarding setting something so simple up. Don't suppose you happen to know of any sample documents otherwise regarding this?

Thanks again for the info.

[jggimi]

Improve large wireless networks with hostapd(8)

Proactive wireless networks with hostapd(8)

[geekswordsman]

Thanks. Unfortunately I had already read both of those articles and they don't actually go into how to setup the WPA encryption and passphrase.

[jggimi]

AFAIK, one sets hostap mode, and WPA keys, with ifconfig.

You've hit a very small group of OpenBSD users, here, and, over a weekend, when activity is lower.

If you don't want to wait a day or two, you might consider posting to misc@.

[geekswordsman]

I've been poking at this for about a week now trying to get it working, so a little longer isn't too big of a deal =P

Attempting to set it up through ifconfig is resulting in a kernel trap. This is a good card (Atheros AR5212), though I'm wondering if it isn't something with the AMD64 distribution. I may have to try installing an i386 dist and testing it there as well.

Thanks again for the help.

[jggimi]

Quote:

Originally Posted by geekswordsman

Attempting to set it up through ifconfig is resulting in a kernel trap.

You are trying to solve two different problems: 1) understanding OpenBSD's hostapd is very different than FreeBSD's, and the extent of the differences. 2) WPA for ath(4).

The man page for ath(4) says:

Code:

AR5211 and AR5212 support the AES, TKIP, and Michael cryptographic opera-
tions required for WPA but at this time the driver does not support them.

Look to your chipset.

[geekswordsman]

*faceplants*

That's just wonderful. Guess I'll try FreeBSD again, as I had it working on there, but had a completely different issue regarding my internal NIC. Not to mention the FreeBSD AMD64 install isn't the most stable.

Thanks very much for the assist jggimi. I feel like a total dumb $$$ for not having found any of that info before (as I said, I've been working on this for about a week now!!!) and you pull it up in no time... But I'd rather feel like this than still be frustrated out of my head as to why it's not working! =P

[jggimi]

4.5 will be out next week; included in 4.5 is the following change:

Quote:

The ath(4) driver now has WPA-PSK support.

The details say:

Quote:

Switched ath(4) to softcrypto to enable support for WPA/WPA2

If you don't want to wait another week, just test with a -current snapshot.

[geekswordsman]

Decided to try and test out even just WEP encryption, and had the same kernel trap.

Downloaded the 4.5 snapshot (I do like the installer better), attempted to configure WPA and got no kernel trap, just the entire system froze.

My command:

ifconfig ath0 192.168.1.1 nwid my_network wpaakms 'psk' wpaciphers 'tkip' wpapsk 'my_wpa_passphrase' mediaopt hostap

I had always thought that wireless options in ifconfig were only for connecting, not for host setup, and that another program configured the actual hosting part.

I'll probably try FreeBSD again on a spare HDD that I have, and hopefully resolve the problem with my internal NIC.

Thanks again for the advice.

[jggimi]

Quote:

...and that another program configured the actual hosting part.

Not on OpenBSD. The hostapd tool you were attempting to use has a different purpose:

Quote:

DESCRIPTION
hostapd is a daemon which allows communication between different 802.11
wireless access points running in Host AP mode.

hostapd implements the Inter Access Point Protocol (IAPP). Its purpose
is to exchange station association updates between access points in large
wireless networks. IAPP has been designed to speed up roaming between
different access points in the same Extended Service Set (ESS). IAPP is
described in the IEEE 802.11f standard.

hostapd additionally allows the monitoring and logging of station associ-
ations on a non-hostap host which is receiving IAPP messages.....

Sorry things didn't work out for you with this particular hardware configuration. You might still want to post your "freeze" to misc@; it's possible one of the driver developers may have a new fix available or a suggestion. Just post your dmesg and the failing ifconfig command.

[geekswordsman]

Quote:

Originally Posted by jggimi

Not on OpenBSD. The hostapd tool you were attempting to use has a different purpose

As I have now learned ^_^ Thanks!

Quote:

Originally Posted by jggimi

Sorry things didn't work out for you with this particular hardware configuration. You might still want to post your "freeze" to misc@; it's possible one of the driver developers may have a new fix available or a suggestion. Just post your dmesg and the failing ifconfig command.

Oh no, not at all. Actually, in doing a little more digging I found that there is an error in my ifconfig... When passing the wpa-psk, I need to also include the nwid of the network I'm connecting to. wpa-psk is actually a seperate method invoked by ifconfig that generates the hexadecimal passkey, and it requires that ssid in order to do so (where the ssid == nwid specified in ifconfig). So it's fully possible that my system freeze is a result of my passing bad/incomplete arguments to ifconfig.

At work now, so can't test it yet (stupid me and left it powered off, so can't even ssh in >_>). But I'll keep poking at it. I've been using BSD as my server OS for over 10 years now, and I'd rather keep trying at it and get it working than switch over to another OS!

If I figure it out I'll post details. Thanks again!

[jggimi]

Quote:

Originally Posted by geekswordsman

...So it's fully possible that my system freeze is a result of my passing bad/incomplete arguments to ifconfig.

I don't use WPA with OpenBSD, so I've never looked into its configuration. But if it is at all possible for ifconfig to "know" it has incomplete information, I belived it should fail with an error message, the kernel should not hang. If you determine that the hang was due to a config error on your part, you should file a bug report.

Quote:

If I figure it out I'll post details. Thanks again!

Great! And you're welcome, of course, but I don't think I've helped very much.

[geekswordsman]

Quote:

Originally Posted by jggimi

I don't use WPA with OpenBSD, so I've never looked into its configuration. But if it is at all possible for ifconfig to "know" it has incomplete information, I belived it should fail with an error message, the kernel should not hang. If you determine that the hang was due to a config error on your part, you should file a bug report.

I agree that it should, but you never know. It may not even be ifconfig that causing the hang, it could be wpa-psk. It's something that's supposed to be supported, which to me means that they've tested it successfully. I just need to duplicate what they did, which may mean going back to an i386 architecture.

Quote:

Originally Posted by jggimi

Great! And you're welcome, of course, but I don't think I've helped very much.

I disagree. You've kept hair on my head by providing quick responses with great, simple insight. It's what I needed. I tend to over-complicate things, and that's what got me so confused here about what I was doing. I think I'm on the right track now. We'll hopefully know tonight!