The WiFi settings are configured in the file \texttt{/etc/config/wireless}
-(currently supported on Broadcom and Atheros). When booting the router for the first time
+(currently supported on Broadcom, Atheros and mac80211). When booting the router for the first time
it should detect your card and create a sample configuration file. By default '\texttt{option network lan}' is
commented. This prevents unsecured sharing of the network over the wireless interface.
option encryption "none"
\end{Verbatim}
+\paragraph{Generic mac80211 wireless config:}
+
+\begin{Verbatim}
+config wifi-device "wifi0"
+ option type "mac80211"
+ option channel "5"
+
+config wifi-iface
+ option device "wlan0"
+# option network lan
+ option mode "ap"
+ option ssid "OpenWrt"
+ option hidden "0"
+ option encryption "none"
+\end{Verbatim}
+
\paragraph{Generic multi-radio Atheros wireless config:}
\begin{Verbatim}
\begin{Verbatim}
config wifi-device wifi device name
- option type broadcom, atheros
+ option type broadcom, atheros, mac80211
option country us, uk, fr, de, etc.
option channel 1-14
option maxassoc 1-128 (broadcom only)
config wifi-iface
option network the interface you want wifi to bridge with
option device wifi0, wifi1, wifi2, wifiN
- option mode ap, sta, adhoc, or wds
+ option mode ap, sta, adhoc, monitor, or wds
option ssid ssid name
option bssid bssid address
option encryption none, wep, psk, psk2, wpa, wpa2
\item \texttt{adhoc} \\
Ad-Hoc mode
+ \item \texttt{monitor} \\
+ Monitor mode
+
\item \texttt{wds} \\
WDS point-to-point link
The RADIUS server ip address
\item \texttt{port} (wpa) \\
- The RADIUS server port
+ The RADIUS server port (defaults to 1812)
\item \texttt{hidden} \\
0 broadcasts the ssid; 1 disables broadcasting of the ssid
\end{itemize}
+\paragraph{Wireless Distribution System}
+
+WDS is a non-standard mode which will be working between two Broadcom devices for instance
+but not between a Broadcom and Atheros device.
+
+\subparagraph{Unencrypted WDS connections}
+
+This configuration example shows you how to setup unencrypted WDS connections.
+We assume that the peer configured as below as the BSSID ca:fe:ba:be:00:01
+and the remote WDS endpoint ca:fe:ba:be:00:02 (option bssid field).
+
+\begin{Verbatim}
+config wifi-device "wl0"
+ option type "broadcom"
+ option channel "5"
+
+config wifi-iface
+ option device "wl0"
+ option network lan
+ option mode "ap"
+ option ssid "OpenWrt"
+ option hidden "0"
+ option encryption "none"
+
+config wifi-iface
+ option device "wl0"
+ option network lan
+ option mode wds
+ option ssid "OpenWrt WDS"
+ option bssid "ca:fe:ba:be:00:02"
+\end{Verbatim}
+
+\subparagraph{Encrypted WDS connections}
+
+It is also possible to encrypt WDS connections. \texttt{psk}, \texttt{psk2} and
+\texttt{psk+psk2} modes are supported. Configuration below is an example
+configuration using Pre-Shared-Keys with AES algorithm.
+
+\begin{Verbatim}
+config wifi-device wl0
+ option type broadcom
+ option channel 5
+
+config wifi-iface
+ option device "wl0"
+ option network lan
+ option mode ap
+ option ssid "OpenWrt"
+ option encryption psk2
+ option key "<key for clients>"
+
+config wifi-iface
+ option device "wl0"
+ option network lan
+ option mode wds
+ option bssid ca:fe:ba:be:00:02
+ option ssid "OpenWrt WDS"
+ option encryption psk2
+ option key "<psk for WDS>"
+\end{Verbatim}
+
+\paragraph{802.1x configurations}
+
+OpenWrt supports both 802.1x client and Access Point
+configurations. 802.1x client is only working with
+Atheros or mac80211 drivers. Configuration only
+supports EAP types TLS, TTLS or PEAP.
+
+\subparagraph{EAP-TLS}
+
+\begin{Verbatim}
+config wifi-iface
+ option device "ath0"
+ option network lan
+ option ssid OpenWrt
+ option eap_type tls
+ option ca_cert "/etc/config/certs/ca.crt"
+ option priv_key "/etc/config/certs/priv.crt"
+ option priv_key_pwd "PKCS#12 passphrase"
+\end{Verbatim}
+
+\subparagraph{EAP-PEAP}
+
+\begin{Verbatim}
+config wifi-iface
+ option device "ath0"
+ option network lan
+ option ssid OpenWrt
+ option eap_type peap
+ option ca_cert "/etc/config/certs/ca.crt"
+ option auth MSCHAPV2
+ option identity username
+ option password password
+\end{Verbatim}
\paragraph{Limitations:}
\item 1x \texttt{sta}, 0-3x \texttt{ap}
\item 1-4x \texttt{ap}
\item 1x \texttt{adhoc}
+ \item 1x \texttt{monitor}
\end{itemize}
WDS links can only be used in pure AP mode and cannot use WEP (except when sharing the
\item \textbf{Atheros}: \\
\begin{itemize}
- \item 1x \texttt{sta}, 0-4x \texttt{ap}
- \item 1-4x \texttt{ap}
+ \item 1x \texttt{sta}, 0-Nx \texttt{ap}
+ \item 1-Nx \texttt{ap}
\item 1x \texttt{adhoc}
\end{itemize}
+
+ N is the maximum number of VAPs that the module allows, it defaults to 4, but can be
+ changed by loading the module with the maxvaps=N parameter.
\end{itemize}
\paragraph{Adding a new driver configuration}
-Since we currently only support two different wireless drivers : Broadcom and Atheros,
+Since we currently only support thread different wireless drivers : Broadcom, Atheros and mac80211,
you might be interested in adding support for another driver like Ralink RT2x00,
Texas Instruments ACX100/111.