Novell Doc: Reference - Wireless LAN

25.1 Wireless LAN

Wireless LANs have become an indispensable aspect of mobile computing. Today, most laptops have built-in WLAN cards. Basically, wireless networks can be classified as managed networks and ad-hoc networks. Managed networks have a managing element: the access point. In this mode (also referred to as infrastructure mode), all connections of the WLAN stations in the network run over the access point, which may also serve as a connection to an ethernet. Ad-hoc networks do not have an access point. The stations communicate directly with each other. The transmission range and number of participating stations are greatly limited in ad-hoc networks. Therefore, an access point is usually more efficient. It is even possible to use a WLAN card as an access point. Most cards support this functionality.

25.1.1 Configuration with YaST

To configure the wireless network card, select Network Devices > Network Settings in the YaST control center. The Network Settings dialog where you can configure general network settings opens. Please refer to Section 14.4, Configuring a Network Connection with YaST for more information about the general network configuration. All network cards that have been detected by the system are listed under the Overview tab.

Choose your wireless card from the list and click Edit to open the Network Card Setup dialog. Configure whether to use a dynamic or a static IP address under the tab Address. You can also adjust General and Hardware settings such as Device Activation or Firewall Zone and driver settings. In most cases there is no need to change the preconfigured values.

Click Next to proceed to the wireless network card specific configuration dialog. If you are using NetworkManager (refer to Section 14.5, NetworkManager for more information), there is no need to adjust the wireless device settings, since these will be set by NetworkManager on demand—proceed with Next and Yes to finish the configuration. If you are using your computer only in a specific wireless network, make the basic settings for WLAN operation here.

Figure 25-1 YaST: Configuring the Wireless Network Card

Operating Mode

A station can be integrated in a WLAN in three different modes. The suitable mode depends on the network in which to communicate: Ad-hoc (peer-to-peer network without access point), Managed (network is managed by an access point), or Master (your network card should be used as the access point). To use any of the WPA-PSK or WPA-EAP modes, the operating mode must be set to Managed.

Network Name (ESSID)

All stations in a wireless network need the same ESSID for communicating with each other. If nothing is specified, the card automatically selects an access point, which may not be the one you intended to use.

Authentication Mode

Select a suitable authentication method for your network: No Encryption, WEP-Open, WEP-Shared Key, WPA-EAP, or WPA-PSK. If you select WPA authentication, a network name (ESSID) must be set.

Key Input Type

WEP and WPA-PSK authentication methods require to input a key. The key has to be entered as either a Passphrase, as an ASCII string, or Hexadecimal string.

WEP Keys: Either enter the default key here or click WEP Keys to enter the advanced key configuration dialog. Set the length of the key to 128 bit or 64 bit. The default setting is 128 bit. In the list area at the bottom of the dialog, up to four different keys can be specified for your station to use for the encryption. Press Set as Default to define one of them as the default key. Unless you change this, YaST uses the first entered key as the default key. If the standard key is deleted, one of the other keys must be marked manually as the default key. Click Edit to modify existing list entries or create new keys. In this case, a pop-up window prompts you to select an input type (Passphrase, ASCII, or Hexadecimal). If you select Passphrase, enter a word or a character string from which a key is generated according to the length previously specified. ASCII requests an input of 5 characters for a 64-bit key and 13 characters for a 128-bit key. For Hexadecimal, enter 10 characters for a 64-bit key or 26 characters for a 128-bit key in hexadecimal notation.
WPA-PSK: To enter a key for WPA-PSK, select the input method Passphrase or Hexadecimal. In the Passphrase mode, the input must be 8 to 63 characters. In the Hexadecimal mode, enter 64 characters.

Expert Settings

This button opens a dialog for the detailed configuration of your WLAN connection. Usually there should be no need to change the preconfigured settings.

Channel: The specification of a channel on which the WLAN station should work is only needed in Ad-hoc and Master modes. In Managed mode, the card automatically searches the available channels for access points. In Ad-hoc mode, select one of the 12 offered channels for the communication of your station with the other stations. In Master mode, determine on which channel your card should offer access point functionality. The default setting for this option is Auto.
Bit Rate: Depending on the performance of your network, you may want to set a certain bit rate for the transmission from one point to another. In the default setting Auto, the system tries to use the highest possible data transmission rate. Some WLAN cards do not support the setting of bit rates.
Access Point: In an environment with several access points, one of them can be preselected by specifying the MAC address.
Use Power Management: When you are on the road, use power saving technologies to maximize the operating time of your battery. More information about power management is available in Section 24.0, Power Management.

Click next to finish the setup. If you have chosen WPA-EAP authentication, another configuration step is needed before your station is ready for deployment in the WLAN. Enter the credentials you have been given by your network administrator. For TLS, provide Identity, Client Certificate, Client Key, and Server Certificate. TTLS and PEAP require Identity and Password. Server Certificate and Anonymous Identity are optional. YaST searches for any certificate under /etc/cert. Therefore, save the certificates given to you to this location and restrict access to these files to 0600 (owner read and write). Click Details to enter the advanced authentication dialog for your WPA-EAP setup. Select the authentication method for the second stage of EAP-TTLS or EAP-PEAP communication. If you selected TTLS in the previous dialog, choose any, MD5, GTC, CHAP, PAP, MSCHAPv1, or MSCHAPv2. If you selected PEAP, choose any, MD5, GTC, or MSCHAPv2. PEAP version can be used to force the use of a certain PEAP implementation if the automatically-determined setting does not work for you.

IMPORTANT: Security in Wireless Networks

Be sure to use one of the supported authentication and encryption methods to protect your network traffic. Unencrypted WLAN connections allow third parties to intercept all network data. Even a weak encryption (WEP) is better than none at all.

25.1.2 Utilities

kismet (package kismet) is a network diagnosis tool with which to listen to the WLAN packet traffic. In this way, you can also detect any intrusion attempts in your network. More information is available at http://www.kismetwireless.net/ and in the manual page.

25.1.3 Tips and Tricks for Setting Up a WLAN

These tips can help tweak speed and stability as well as security aspects of your WLAN.

Stability and Speed

The performance and reliability of a wireless network mainly depend on whether the participating stations receive a clean signal from the other stations. Obstructions like walls greatly weaken the signal. The more the signal strength sinks, the more the transmission slows down. During operation, check the signal strength with the iwconfig utility on the command line (Link Quality field) or with NetworkManager or KNetworkManager. If you have problems with the signal quality, try to set up the devices somewhere else or adjust the position of the antennas of your access points. Auxiliary antennas that substantially improve the reception are available for a number of PCMCIA WLAN cards. The rate specified by the manufacturer, such as 54 Mbit/s, is a nominal value that represents the theoretical maximum. In practice, the maximum data throughput is no more than half this value.

Security

If you want to set up a wireless network, remember that anybody within the transmission range can easily access it if no security measures are implemented. Therefore, be sure to activate an encryption method. All WLAN cards and access points support WEP encryption. Although this is not entirely safe, it does present an obstacle for a potential attacker. WEP is usually adequate for private use. WPA-PSK would be even better, but it is not implemented in older access points or routers with WLAN functionality. On some devices, WPA can be implemented by means of a firmware update. Furthermore, Linux does not support WPA on all hardware components. If WPA is not available, WEP is better than no encryption. In enterprises with advanced security requirements, wireless networks should only be operated with WPA.

25.1.4 Troubleshooting

If your WLAN card fails is not automatically detected or fails to respond, check whether it is supported by openSUSE. A list of supported WLAN network cards is available under http://en.opensuse.org/HCL/Network_Adapters_(Wireless)

Multiple Network Devices

Modern laptops usually have a network card and a WLAN card. If you configured both devices with DHCP (automatic address assignment), you may encounter problems with the name resolution and the default gateway. This is evident from the fact that you can ping the router but cannot surf the Internet. The Support Database features an article on this subject at http://en.opensuse.org/SDB:Name_Resolution_Does_Not_Work_with_Several_Concurrent_DHCP_Clients.

Problems with Prism2 Cards

Several drivers are available for devices with Prism2 chips. The various cards work more or less smoothly with the various drivers. With these cards, WPA is only possible with the hostap driver. If such a card does not work properly or not at all or you want to use WPA, read /usr/share/doc/packages/wireless-tools/README.prism2.

25.1.5 For More Information

The Internet pages of Jean Tourrilhes, who developed the Wireless Tools for Linux, present a wealth of useful information about wireless networks. See http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Wireless.html.