• Home
  • Help
  • Search
  • Login
  • Register
Pages: [1]
Author Topic: Securing your GuruPlug with WPA2  (Read 3830 times)
joewein
Newbie
*

Karma: 0
Posts: 7


View Profile WWW
« on: May 28, 2010, 10:36:04 PM »

When I connected my GuruPlug Server Plus to the wired network, it came up as an access point which I could immediately use with my laptop. The trouble is, it's an unsecured network, the only unsecured network in my neighbourhood. Any of my neighbours could use it too.

I've been trying to follow these instructions to secure my GuruPlug Server Plus in AP mode via WPA2:
http://plugcomputer.org/plugwiki/index.php/Setting_GuruPlug_to_be_a_WiFi_Access_Point

I configured the SSID and passphrase and set it up for WPA2 as the protocol and "AES CCMP" as the cipher, but no joy when trying to connect to it.

Here's the current status displayed after the server has come up and /root/init_setup.sh has been processed:

Code:
my-hostname:~# uaputl sys_config
AP settings:
SSID = my-ssid
Basic Rates = 0x82 0x84 0x8b 0x96
Non-Basic Rates = 0xc 0x12 0x18 0x24 0x30 0x48 0x60 0x6c
AP MAC address = 00:24:23:XX:XX:XX
Beacon period = 100
DTIM period = 1
Tx power = 13 dBm
SSID broadcast = enabled
Preamble type = short
Rx antenna = A
Tx antenna = A
Radio = on
Firmware = handles intra-BSS packets
RTS threshold = 2347
Fragmentation threshold = 2346
Tx data rate = auto
STA ageout timer = 1800
WEP KEY_0 = 00 00 00 00 00
Default WEP Key = 0
WEP KEY_1 = 00 00 00 00 00
WEP KEY_2 = 00 00 00 00 00
WEP KEY_3 = 00 00 00 00 00
AUTHMODE = Open authentication
Filter Mode = Filter table is disabled
PROTOCOL = WPA2
Max Station Number = 8
Retry Limit = 7
Channel = 6
Channel Select Mode = Manual
Channels List = 1 2 3 4 5 6 7 8 9 10 11
MCBC data rate = auto
Group re-key time = 86400 second
KeyMgmt = PSK
PairwiseCipher = AES CCMP
GroupCipher = AES CCMP
WPA passphrase = my-passphrase

802.11D setting:
State = disabled
Dot11d = country code is not set.
Bad address
ERR:UAP_POWER_MODE is not supported by uap0
my-hostname:~#

Here is my /root/init_setup.sh:

Code:
#!/bin/sh

# This is called from /etc/rc.local to perform the initial setup.

# We always bootup in AP mode. Delete any stale files
rm -f /etc/wlanclient.mode
SSID=Plug2-uAP-`ifconfig eth0 | awk -F ":" '/HWaddr/ {print $6$7}'`

insmod /root/uap8xxx.ko
ifconfig uap0 192.168.1.1 up
/usr/bin/uaputl sys_cfg_ssid "my-ssid"
# /usr/bin/uaputl sys_cfg_ssid $SSID
# 32 - WPA2
/usr/bin/uaputl sys_cfg_protocol 32
/usr/bin/uaputl sys_cfg_wpa_passphrase "my-passphrase"
# 8 - AES CCMP
/usr/bin/uaputl sys_cfg_cipher 8 8
/usr/bin/uaputl bss_start
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/ip_forward
/etc/init.d/udhcpd start
/etc/init.d/dnsmasq start
iptables -A INPUT -i uap0 -p tcp -m tcp --dport 80 -j ACCEPT

# Re-enable bluetooth. In the earlier case, it didn't find the firmware.
#rmmod libertas_sdio libertas btmrvl_sdio btmrvl bluetooth 2>/dev/null
rmmod btmrvl_sdio btmrvl
/etc/init.d/bluetooth start

modprobe btmrvl_sdio
hciconfig hci0 up
hciconfig hci0 piscan
/usr/bin/mute-agent &

# Set leds
echo 1 > `eval ls /sys/class/leds/*plug*\:green\:health/brightness`
echo 1 > `eval ls /sys/class/leds/*plug*\:green\:wmode/brightness`

Here is my ifconfig output:

Code:
eth0      Link encap:Ethernet  HWaddr 00:50:43:XX:XX:XX 
          inet addr:192.168.42.16  Bcast:192.168.42.255  Mask:255.255.255.0
          inet6 addr: 2001:470:b:83:250:43ff:fe01:5c02/64 Scope:Global
          inet6 addr: fe80::250:43ff:fe01:5c02/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:52021 errors:0 dropped:0 overruns:0 frame:0
          TX packets:809 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:5283462 (5.0 MiB)  TX bytes:102126 (99.7 KiB)
          Interrupt:11

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:280 (280.0 B)  TX bytes:280 (280.0 B)

uap0      Link encap:Ethernet  HWaddr 00:24:23:YY:YY:YY 
          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::224:23ff:fe1f:b023/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:90 (90.0 B)

When I try to connect to the SSID from a laptop running Vista Home, it prompts me for the key or passphrase. If I enter an incorrect one, it tells it's wrong. So much, so good. If however I enter the correct one, I get a message that Windows could not connect to my SSID. If I select the Windows option to diagnose the problem it also tells me that the access point "changed its wireless network security settings to be less secure". I have no idea what that means. Any suggestions on how to get the WLAN AP secured?

« Last Edit: May 28, 2010, 10:41:34 PM by joewein » Logged

joewein
Newbie
*

Karma: 0
Posts: 7


View Profile WWW
« Reply #1 on: June 07, 2010, 07:13:38 PM »

I'm curious: Is everyone else leaving their GuruPlug AP open and unsecured? Or are you turning the WLAN off?

Logged

ppmt
Full Member
***

Karma: 1
Posts: 129


View Profile
« Reply #2 on: June 08, 2010, 07:10:17 AM »

Hi,

My Guruplug is secured and I use WPA2 as well. Here is my config

Code:
Guruplug:~# uaputl sys_config
AP settings:
SSID = GuruPlug-Coolbreeze
Basic Rates = 0x82 0x84 0x8b 0x96
Non-Basic Rates = 0xc 0x12 0x18 0x24 0x30 0x48 0x60 0x6c
AP MAC address = 00:24:23:1f:ab:89
Beacon period = 100
DTIM period = 1
Tx power = 13 dBm
SSID broadcast = enabled
Preamble type = short
Rx antenna = A
Tx antenna = A
Radio = on
Firmware = handles intra-BSS packets
RTS threshold = 2347
Fragmentation threshold = 2346
Tx data rate = auto
STA ageout timer = 1800
WEP KEY_0 = 00 00 00 00 00
Default WEP Key = 0
WEP KEY_1 = 00 00 00 00 00
WEP KEY_2 = 00 00 00 00 00
WEP KEY_3 = 00 00 00 00 00
AUTHMODE = Open authentication
Filter Mode = Filter table is disabled
PROTOCOL = WPA2
Max Station Number = 8
Retry Limit = 7
Channel = 6
Channel Select Mode = Manual
Channels List = 1 2 3 4 5 6 7 8 9 10 11
MCBC data rate = auto
Group re-key time = 86400 second
KeyMgmt = PSK
PairwiseCipher = AES CCMP
GroupCipher = AES CCMP
WPA passphrase = my_apassword_here

802.11D setting:
State = disabled
Dot11d = country code is not set.
Bad address
ERR:UAP_POWER_MODE is not supported by uap0

and I can connect to it with my laptop..
Logged

giochigratis
Guest
« Reply #3 on: June 11, 2010, 03:06:31 PM »

I use a normal WPA encryption, i have to change to wpa2 ?
Logged

flipflip
Jr. Member
**

Karma: 4
Posts: 50


Hopplaschorsch!


View Profile
« Reply #4 on: June 15, 2010, 11:05:42 AM »

http://plugcomputer.org/plugwiki/index.php/Setting_GuruPlug_to_be_a_WiFi_Access_Point --> "Changing the Security Mode"
Logged

GPS+ Debian Squeeze AP router firewall dhcpd named NAS Squeezebox OpenVPN All running fine.

Pages: [1]
Print
Jump to: