WPA for my Gentoo router

[grant123]

Is there any way to set up WPA encryption on my Gentoo router? I've been trying to use wpa_supplicant and its "master" mode (mode=1). The farthest I've gotten is with the following wpa_supplicant.conf:

###
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
ap_scan=2

network={
ssid="mynetwork"
mode=1
proto=WPA
key_mgmt=WPA-NONE
pairwise=NONE
group=TKIP
psk="mypassword"
}
###

and the following /etc/conf.d/net:

###
config_ath0="192.168.0.1 broadcast 192.168.0.255 netmask 255.255.255.0"
modules_ath0="wpa_supplicant"
wpa_supplicant_ath0="-Dmadwifi"
###

Starting net.ath0 returns:

###
* Starting ath0
* Starting wpa_supplicant on ath0 ... [ ok ]
* ath0 connected to "mynetwork" at 00:00:00:00:00:00
* Bringing up ath0
* 192.168.0.1 [ ok ]
###

Subsequent 'iwlist ath0 scanning' from my laptop do not show 'mynetwork' and trying to connect to it just times out.

WEP via iwconfig is working great. Is there a better way to set up WPA encryption on my Gentoo router?

- Grant

[UberLord]

Why not run an unsecured network and use openvpn to create a secure layer?
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool

[grant123]

Hi Uberlord. I remember you helped me when I was first struggling to get wireless/madwifi to work. It's solid now by the way.

Can you tell me more about how an unencrypted network and openvpn would accomplish the same thing as an encrypted network? I basically don't want anyone else to be able to connect to my network or view the traffic on my network.

[UberLord]

Well, with wireless they can view the traffic if they are in range. Nothing you can do about this - at all.

So, we have to encrypt the traffic somehow. The way that I see it is that WPA has to be supported at all ends - in my case not much of my hardware supports WPA and WEP is hardly secure. So the answer is to run an unsecured network. The only services my server allows over this is internal DNS and DHCP.

On top of that I run a secure VPN which requires a signed SSL cert by me to connect. This works well as the only thing I have that doesn't support this is my Xbox wireless adapter so I specifically allow my server to allow that MAC address + fixed IP address through the firewall unsecured through the xbox live ports only.

So on my server I have this

eth0 - wired ethernet
wlan0 - wifi card - insecure
vpn0 - secure vpn connection over either eth0 or wlan0

firewall blocks access to everything bar internal dns and dhcp unless it's on the vpn link.
forwarding is only allowed from vpn0.

Benefits
1) Some people think you're running an insecure network as they got an IP address. I even had my neighbour tell me it was broken as he couldn't get the internet to work
2) workstations can talk to each other without the need for openvpn - think lan parties!
3) you don't need to keep updating your hardware for new security - just upgrade the vpn!

Problems
1) Harder to setup
_________________
Use dhcpcd for all your automated network configuration needs
Use dhcpcd-ui (GTK+/Qt) as your System Tray Network tool

[opopanax]

clever...

[grant123]

Are you saying people would still be able to view the wireless network traffic with this setup?

Is there no way to use WPA with a Gentoo router?

[UberLord]

[Monkeh]

For WPA with a Linux box (or the BSDs, I believe), you want hostapd. You seem to be using an Atheros card, so check out their wiki.

[grant123]

Uberlord -

I mean can anyone still view the network traffic since it is unencrypted, even though openvpn prevents them from connecting?

Monkeh -

Nice. I'm checking that out now.

[UberLord]

[grant123]

Thanks guys. I'm trying to get hostapd to work but I'm running into an error. I started a new thread about it.