The WiFi settings are configured in the file \texttt{/etc/config/wireless}
-(currently supported on Broadcom and Atheros). When booting the router for the first time
+(currently supported on Broadcom, Atheros and mac80211). When booting the router for the first time
it should detect your card and create a sample configuration file. By default '\texttt{option network lan}' is
commented. This prevents unsecured sharing of the network over the wireless interface.
driver specific options and configurations. This script is also calling driver specific binaries like wlc for
Broadcom, or hostapd and wpa\_supplicant for atheros.
-The reason for using such architecture, is that it abstracts the driver configuration
+The reason for using such architecture, is that it abstracts the driver configuration.
\paragraph{Generic Broadcom wireless config:}
option encryption "none"
\end{Verbatim}
+\paragraph{Generic mac80211 wireless config:}
+
+\begin{Verbatim}
+config wifi-device "wifi0"
+ option type "mac80211"
+ option channel "5"
+
+config wifi-iface
+ option device "wlan0"
+# option network lan
+ option mode "ap"
+ option ssid "OpenWrt"
+ option hidden "0"
+ option encryption "none"
+\end{Verbatim}
+
\paragraph{Generic multi-radio Atheros wireless config:}
\begin{Verbatim}
\begin{Verbatim}
config wifi-device wifi device name
- option type broadcom, atheros
+ option type broadcom, atheros, mac80211
option country us, uk, fr, de, etc.
option channel 1-14
option maxassoc 1-128 (broadcom only)
config wifi-iface
option network the interface you want wifi to bridge with
option device wifi0, wifi1, wifi2, wifiN
- option mode ap, sta, adhoc, or wds
+ option mode ap, sta, adhoc, monitor, or wds
option ssid ssid name
option bssid bssid address
option encryption none, wep, psk, psk2, wpa, wpa2
\item \texttt{adhoc} \\
Ad-Hoc mode
+ \item \texttt{monitor} \\
+ Monitor mode
+
\item \texttt{wds} \\
WDS point-to-point link
The RADIUS server ip address
\item \texttt{port} (wpa) \\
- The RADIUS server port
+ The RADIUS server port (defaults to 1812)
\item \texttt{hidden} \\
0 broadcasts the ssid; 1 disables broadcasting of the ssid
\end{itemize}
+\paragraph{Wireless Distribution System}
+
+WDS is a non-standard mode which will be working between two Broadcom devices for instance
+but not between a Broadcom and Atheros device.
+
+\subparagraph{Unencrypted WDS connections}
+
+This configuration example shows you how to setup unencrypted WDS connections.
+We assume that the peer configured as below as the BSSID ca:fe:ba:be:00:01
+and the remote WDS endpoint ca:fe:ba:be:00:02 (option bssid field).
+
+\begin{Verbatim}
+config wifi-device "wl0"
+ option type "broadcom"
+ option channel "5"
+
+config wifi-iface
+ option device "wl0"
+ option network lan
+ option mode "ap"
+ option ssid "OpenWrt"
+ option hidden "0"
+ option encryption "none"
+
+config wifi-iface
+ option device "wl0"
+ option network lan
+ option mode wds
+ option ssid "OpenWrt WDS"
+ option bssid "ca:fe:ba:be:00:02"
+\end{Verbatim}
+
+\subparagraph{Encrypted WDS connections}
+
+It is also possible to encrypt WDS connections. \texttt{psk}, \texttt{psk2} and
+\texttt{psk+psk2} modes are supported. Configuration below is an example
+configuration using Pre-Shared-Keys with AES algorithm.
+
+\begin{Verbatim}
+config wifi-device wl0
+ option type broadcom
+ option channel 5
+
+config wifi-iface
+ option device "wl0"
+ option network lan
+ option mode ap
+ option ssid "OpenWrt"
+ option encryption psk2
+ option key "<key for clients>"
+
+config wifi-iface
+ option device "wl0"
+ option network lan
+ option mode wds
+ option bssid ca:fe:ba:be:00:02
+ option ssid "OpenWrt WDS"
+ option encryption psk2
+ option key "<psk for WDS>"
+\end{Verbatim}
+
+\paragraph{802.1x configurations}
+
+OpenWrt supports both 802.1x client and Access Point
+configurations. 802.1x client is only working with
+Atheros or mac80211 drivers. Configuration only
+supports EAP types TLS, TTLS or PEAP.
+
+\subparagraph{EAP-TLS}
+
+\begin{Verbatim}
+config wifi-iface
+ option device "ath0"
+ option network lan
+ option ssid OpenWrt
+ option eap_type tls
+ option ca_cert "/etc/config/certs/ca.crt"
+ option priv_key "/etc/config/certs/priv.crt"
+ option priv_key_pwd "PKCS#12 passphrase"
+\end{Verbatim}
+
+\subparagraph{EAP-PEAP}
+
+\begin{Verbatim}
+config wifi-iface
+ option device "ath0"
+ option network lan
+ option ssid OpenWrt
+ option eap_type peap
+ option ca_cert "/etc/config/certs/ca.crt"
+ option auth MSCHAPV2
+ option identity username
+ option password password
+\end{Verbatim}
\paragraph{Limitations:}
\item 1x \texttt{sta}, 0-3x \texttt{ap}
\item 1-4x \texttt{ap}
\item 1x \texttt{adhoc}
+ \item 1x \texttt{monitor}
\end{itemize}
WDS links can only be used in pure AP mode and cannot use WEP (except when sharing the
\item \textbf{Atheros}: \\
\begin{itemize}
- \item 1x \texttt{sta}, 0-4x \texttt{ap}
- \item 1-4x \texttt{ap}
+ \item 1x \texttt{sta}, 0-Nx \texttt{ap}
+ \item 1-Nx \texttt{ap}
\item 1x \texttt{adhoc}
\end{itemize}
+
+ N is the maximum number of VAPs that the module allows, it defaults to 4, but can be
+ changed by loading the module with the maxvaps=N parameter.
\end{itemize}
\paragraph{Adding a new driver configuration}
-Since we currently only support two different wireless drivers : Broadcom and Atheros,
+Since we currently only support thread different wireless drivers : Broadcom, Atheros and mac80211,
you might be interested in adding support for another driver like Ralink RT2x00,
Texas Instruments ACX100/111.