ACC SHELL
<html><head><meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1"><title>Chapter 32. Wireless LAN</title><link rel="stylesheet" href="susebooks.css" type="text/css"><meta name="generator" content="DocBook XSL Stylesheets V1.75.2"><link rel="home" href="index.html" title="Documentation"><link rel="up" href="part.reference.mobility.html" title="Part VI. Mobility"><link rel="prev" href="cha.pmanage.html" title="Chapter 31. Power Management"><link rel="next" href="cha.tablet.html" title="Chapter 33. Using Tablet PCs"></head><body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="navheader"><table width="100%" summary="Navigation header" border="0" class="bctable"><tr><td width="80%"><div class="breadcrumbs"><p><a href="index.html"> Documentation</a><span class="breadcrumbs-sep"> > </span><a href="book.opensuse.reference.html">Reference</a><span class="breadcrumbs-sep"> > </span><a href="part.reference.mobility.html">Mobility</a><span class="breadcrumbs-sep"> > </span><strong><a accesskey="p" title="Chapter 31. Power Management" href="cha.pmanage.html"><span>◀</span></a> <a accesskey="n" title="Chapter 33. Using Tablet PCs" href="cha.tablet.html"><span>▶</span></a></strong></p></div></td></tr></table></div><div class="chapter" title="Chapter 32. Wireless LAN"><div class="titlepage"><div><div><h2 class="title"><a name="cha.wireless.wlan"></a>Chapter 32. Wireless LAN<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#cha.wireless.wlan">¶</a></span></h2></div></div></div><div class="toc"><p><b>Contents</b></p><dl><dt><span class="sect1"><a href="cha.wireless.wlan.html#sec.wireless.wlan.standards">32.1. WLAN Standards</a></span></dt><dt><span class="sect1"><a href="cha.wireless.wlan.html#sec.wireless.wlan.modes">32.2. Operating Modes</a></span></dt><dt><span class="sect1"><a href="cha.wireless.wlan.html#sec.wireless.wlan.func.auth">32.3. Authentication</a></span></dt><dt><span class="sect1"><a href="cha.wireless.wlan.html#sec.wireless.wlan.func.encr">32.4. Encryption</a></span></dt><dt><span class="sect1"><a href="cha.wireless.wlan.html#sec.wireless.wlan.yast2">32.5. Configuration with YaST</a></span></dt><dt><span class="sect1"><a href="cha.wireless.wlan.html#sec.wireless.wlan.tant">32.6. Tips and Tricks for Setting Up a WLAN</a></span></dt><dt><span class="sect1"><a href="cha.wireless.wlan.html#sec.wireless.wlan.probs">32.7. Troubleshooting</a></span></dt><dt><span class="sect1"><a href="cha.wireless.wlan.html#sec.wireless.wlan.info">32.8. For More Information</a></span></dt></dl></div><a class="indexterm" name="id504247"></a><a class="indexterm" name="id504252"></a><div class="abstract" title="Abstract"><p class="title"><b>Abstract</b></p><p>
Wireless LANs, or Wireless Local Area Network (WLANs), have become an
indispensable aspect of mobile computing. Today, most laptops have
built-in WLAN cards. This chapter describes how to set up a WLAN card
with YaST, encrypt transmissions, and use tips and tricks.
<span>Alternatively, you can configure and manage
WLAN access with NetworkManager. For details, refer to
Chapter <i>Using NetworkManager</i> (↑Start-Up).</span>
</p></div><div class="sect1" title="32.1. WLAN Standards"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sec.wireless.wlan.standards"></a>32.1. WLAN Standards<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.wireless.wlan.standards">¶</a></span></h2></div></div></div><p>
WLAN cards communicate using the 802.11 standard, prepared by the IEEE
organization. Originally, this standard provided for a maximum
transmission rate of 2 Mbit/s. Meanwhile, several supplements have
been added to increase the data rate. These supplements define details
such as the modulation, transmission output, and transmission rates (see
<a class="xref" href="cha.wireless.wlan.html#tab.wireless.std.overview" title="Table 32.1. Overview of Various WLAN Standards">Table 32.1, “Overview of Various WLAN Standards”</a>). Additionally, many
companies implement hardware with proprietary or draft features.
</p><div class="table"><a name="tab.wireless.std.overview"></a><p class="title"><b>Table 32.1. Overview of Various WLAN Standards</b><span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#tab.wireless.std.overview">¶</a></span></p><div class="table-contents"><table summary="Overview of Various WLAN Standards" border="1"><colgroup><col><col><col><col></colgroup><thead><tr><th>
<p>
Name
</p>
</th><th>
<p>
Band (GHz)
</p>
</th><th>
<p>
Maximum Transmission Rate (Mbit/s)
</p>
</th><th>
<p>
Note
</p>
</th></tr></thead><tbody><tr><td>
<p>
802.11 Legacy
</p>
</td><td>
<p>
2.4
</p>
</td><td>
<p>
2
</p>
</td><td>
<p>
Outdated; virtually no end devices available
</p>
</td></tr><tr><td>
<p>
802.11a
</p>
</td><td>
<p>
5
</p>
</td><td>
<p>
54
</p>
</td><td>
<p>
Less interference-prone
</p>
</td></tr><tr><td>
<p>
802.11b
</p>
</td><td>
<p>
2.4
</p>
</td><td>
<p>
11
</p>
</td><td>
<p>
Less common
</p>
</td></tr><tr><td>
<p>
802.11g
</p>
</td><td>
<p>
2.4
</p>
</td><td>
<p>
54
</p>
</td><td>
<p>
Widespread, backwards-compatible with 11b
</p>
</td></tr><tr><td>
<p>
802.11n
</p>
</td><td>
<p>
2.4 and/or 5
</p>
</td><td>
<p>
300
</p>
</td><td>
<p>
Common
</p>
</td></tr></tbody></table></div></div><br class="table-break"><p>
802.11 Legacy cards are not supported by openSUSE®. Most cards
using 802.11a, 802.11b, 802.11g and 802.11n are supported. New cards
usually comply with the 802.11n standard, but cards using 802.11g are
still available.
</p></div><div class="sect1" title="32.2. Operating Modes"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sec.wireless.wlan.modes"></a>32.2. Operating Modes<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.wireless.wlan.modes">¶</a></span></h2></div></div></div><p>
In wireless networking, various techniques and configurations are used to
ensure fast, high-quality, and secure connections. Different operating
types suit different setups. It can be difficult to choose the right
authentication method. The available encryption methods have different
advantages and pitfalls.
</p><p>
Basically, wireless networks can be classified into three network modes:
</p><div class="variablelist"><dl><dt><span class="term">Managed Mode (Infrastructure Mode), via Access Point </span></dt><dd><p>
Managed networks have a managing element: the access point. In this mode
(also referred to as infrastructure mode), all connections of the WLAN
stations in the network run through the access point, which may also
serve as a connection to an ethernet. To make sure only authorized
stations can connect, various authentication mechanisms (WPA, etc) are
used.
</p></dd><dt><span class="term">Ad-hoc Mode (Peer-to-Peer Network)</span></dt><dd><p>
Ad-hoc networks do not have an access point. The stations communicate
directly with each other, therefore an ad-hoc network is usually faster
than a managed network. However, the transmission range and number of
participating stations are greatly limited in ad-hoc networks. They also
do not support WPA authentication. If you are intending to use WPA
security, then you should not use Ad-Hoc_Mode.
</p></dd><dt><span class="term">Master Mode</span></dt><dd><p>
In master mode your network card is used as the access point. It works
only if your WLAN card supports this mode. Find out the details of
your WLAN card on <a class="ulink" href="http://linux-wless.passys.nl" target="_top">http://linux-wless.passys.nl</a>.
</p></dd></dl></div></div><div class="sect1" title="32.3. Authentication"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sec.wireless.wlan.func.auth"></a>32.3. Authentication<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.wireless.wlan.func.auth">¶</a></span></h2></div></div></div><p>
Because a wireless network is much easier to intercept and compromise
than a wired network, the various standards include authentication and
encryption methods. In the original version of the IEEE 802.11 standard,
these are described under the term WEP (Wired Equivalent Privacy).
However, because WEP has proven to be insecure (see
<a class="xref" href="cha.wireless.wlan.html#sec.wireless.wlan.tant.sec" title="32.6.3. Security">Section 32.6.3, “Security”</a>), the WLAN industry
(joined under the name <span class="emphasis"><em>Wi-Fi Alliance</em></span>) has defined
an extension called WPA, which is supposed to eliminate the weaknesses of
WEP. The later IEEE 802.11i standard includes WPA and some other
authentication and encryption methods. IEEE 802.11i is also referred to
as WPA2, because WPA is based on a draft version of 802.11i.
</p><p>
To make sure that only authorized stations can connect, various
authentication mechanisms are used in managed networks:
</p><div class="variablelist"><dl><dt><span class="term">None (Open)</span></dt><dd><p>
An open system is a system that does not require authentication. Any
station can join the network. Nevertheless, WEP encryption can be
used, see <a class="xref" href="cha.wireless.wlan.html#sec.wireless.wlan.func.encr" title="32.4. Encryption">Section 32.4, “Encryption”</a>.
</p></dd><dt><span class="term">Shared Key (according to IEEE 802.11)</span></dt><dd><p>
In this procedure, the WEP key is used for the authentication.
However, this procedure is not recommended, because it makes the WEP
key more susceptible to attacks. All an attacker needs to do is to
listen long enough to the communication between the station and the
access point. During the authentication process, both sides exchange
the same information, once in encrypted form and once in unencrypted
form. This makes it possible for the key to be reconstructed with
suitable tools. Because this method makes use of the WEP key for the
authentication and for the encryption, it does not enhance the
security of the network. A station that has the correct WEP key can
authenticate, encrypt, and decrypt. A station that does not have the
key cannot decrypt received packets. Accordingly, it cannot
communicate, regardless of whether it had to authenticate itself.
</p></dd><dt><span class="term">WPA-PSK (or WPA-Personal, according to IEEE 802.1x)</span></dt><dd><p>
WPA-PSK (PSK stands for preshared key) works similarly to the Shared
Key procedure. All participating stations as well as the access point
need the same key. The key is 256 bits in length and is usually
entered as a passphrase. This system does not need a complex key
management like WPA-EAP and is more suitable for private use.
Therefore, WPA-PSK is sometimes referred to as WPA
<span class="quote">“<span class="quote">Home</span>”</span>.
</p></dd><dt><span class="term">WPA-EAP (or WPA-Enterprise, according to IEEE 802.1x)</span></dt><dd><p>
Actually, WPA-EAP (Extensible Authentication Protocol) is not an
authentication system but a protocol for transporting authentication
information. WPA-EAP is used to protect wireless networks in
enterprises. In private networks, it is scarcely used. For this
reason, WPA-EAP is sometimes referred to as WPA
<span class="quote">“<span class="quote">Enterprise</span>”</span>.
</p><p>
WPA-EAP needs a Radius server to authenticate users. EAP offers three
different methods for connecting and authenticating to the server:
</p><div class="itemizedlist"><ul class="itemizedlist" type="bullet"><li class="listitem" style="list-style-type: disc"><p>
Transport Layer Security (EAP-TLS): TLS authentication relies on the
mutual exchange of certificates for both server and client. First,
the server presents its certificate to the client where it is
evaluated. If the certificate is considered valid, the client in
turn presents its certificate to the server. While TLS is secure, it
requires a working certification management infrastructure in your
network. This infrastructure is rarely found in private networks.
</p></li><li class="listitem" style="list-style-type: disc"><p>
Tunneled Transport Layer Security (EAP-TTSL)
</p></li><li class="listitem" style="list-style-type: disc"><p>
Protected Extensible Authentication Protocol (EAP-PEAP): Both TTLS
and PEAP are two-stage protocols. In the first stage, a secure
connection is established and in the second the client
authentication data is exchanged. They require far less
certification management overhead than TLS, if any.
</p></li></ul></div></dd></dl></div></div><div class="sect1" title="32.4. Encryption"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sec.wireless.wlan.func.encr"></a>32.4. Encryption<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.wireless.wlan.func.encr">¶</a></span></h2></div></div></div><p>
There are various encryption methods to ensure that no unauthorized
person can read the data packets that are exchanged in a wireless network
or gain access to the network:
</p><div class="variablelist"><dl><dt><span class="term">WEP (defined in IEEE 802.11)</span></dt><dd><p>
This standard makes use of the RC4 encryption algorithm, originally
with a key length of 40 bits, later also with 104 bits.
Often, the length is declared as 64 bits or 128 bits,
depending on whether the 24 bits of the initialization vector are
included. However, this standard has some weaknesses. Attacks against
the keys generated by this system may be successful. Nevertheless, it
is better to use WEP than to not encrypt the network at all.
</p><p>
Some vendors have implemented the non-standard <span class="quote">“<span class="quote">Dynamic
WEP</span>”</span>. It works exactly as WEP and shares the same weaknesses,
except that the key is periodically changed by a key management
service.
</p></dd><dt><span class="term">TKIP (defined in WPA/IEEE 802.11i)</span></dt><dd><p>
This key management protocol defined in the WPA standard uses the same
encryption algorithm as WEP, but eliminates its weakness. Because a
new key is generated for every data packet, attacks against these keys
are fruitless. TKIP is used together with WPA-PSK.
</p></dd><dt><span class="term">CCMP (defined in IEEE 802.11i)</span></dt><dd><p>
CCMP describes the key management. Usually, it is used in connection
with WPA-EAP, but it can also be used with WPA-PSK. The encryption
takes place according to AES and is stronger than the RC4 encryption
of the WEP standard.
</p></dd></dl></div></div><div class="sect1" title="32.5. Configuration with YaST"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sec.wireless.wlan.yast2"></a>32.5. Configuration with YaST<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.wireless.wlan.yast2">¶</a></span></h2></div></div></div><div class="important"><table border="0" cellpadding="3" cellspacing="0" width="100%" summary="Important: Security Risks in Wireless Networks"><tr class="head"><td width="32"><img alt="[Important]" src="admon/important.png"></td><th align="left">Security Risks in Wireless Networks</th></tr><tr><td colspan="2" align="left" valign="top"><p>
Unencrypted WLAN connections allow third parties to intercept all
network data. Be sure to protect your network traffic by using one of
the supported authentication and encryption methods.
</p><p>
Use the best possible encryption method your hardware allows. However,
to use a certain encryption method, all devices in the network must
support this method, otherwise they cannot communicate with each other.
For example, if your router supports both WEP and WPA but the driver for
your WLAN card only supports WEP, WEP is the least common denominator
you can use. But even a weak encryption with WEP is better than none at
all. Refer to <a class="xref" href="cha.wireless.wlan.html#sec.wireless.wlan.func.encr" title="32.4. Encryption">Section 32.4, “Encryption”</a> and
<a class="xref" href="cha.wireless.wlan.html#sec.wireless.wlan.tant.sec" title="32.6.3. Security">Section 32.6.3, “Security”</a> for information.
</p></td></tr></table></div><p>
To configure a wireless LAN with YaST, you need to define the following
parameters:
</p><div class="variablelist"><dl><dt><span class="term">IP Address</span></dt><dd><p>
Use either a static IP address or let a DHCP server dynamically assign
an IP address to the interface.
</p></dd><dt><span class="term">Operating Mode</span></dt><dd><p>
Defines how to integrate your machine into a WLAN, depending on the
network topology. For background information, refer to
<a class="xref" href="cha.wireless.wlan.html#sec.wireless.wlan.modes" title="32.2. Operating Modes">Section 32.2, “Operating Modes”</a>.
</p></dd><dt><span class="term">Network Name (ESSID)</span></dt><dd><p>
Unique string identifying a network.
</p></dd><dt><span class="term">Authentication and Encryption Details</span></dt><dd><p>
Depending on the authentication and encryption method your network
uses, you need to enter one or more keys and/or certificates.
</p><p>
Several input options are available for entering the respective keys:
<span class="guimenu">Passphrase</span>, <span class="guimenu">ASCII</span> (only
available for WEP authentication methods), and
<span class="guimenu">Hexadecimal</span>.
</p></dd></dl></div><div class="sect2" title="32.5.1. Deactivating NetworkManager"><div class="titlepage"><div><div><h3 class="title"><a name="sec.wireless.wlan.yast2.nm"></a>32.5.1. Deactivating NetworkManager<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.wireless.wlan.yast2.nm">¶</a></span></h3></div></div></div><p>
A WLAN card is usually detected during installation. If your machine is
a mobile computer, NetworkManager is usually activated by default. If instead you
want to configure your WLAN card with YaST, you need to deactivate
NetworkManager first:
</p><div class="procedure"><ol class="procedure" type="1"><li id="st.wireless.wlan.start"><p>
Start YaST as user <code class="systemitem">root</code>.
</p></li><li><p>
In the YaST Control Center, select <span class="guimenu">Network
Devices</span>+<span class="guimenu">Network Settings</span> to
open the <span class="guimenu">Network Settings</span> dialog.
</p><p>
If your network is currently controlled by NetworkManager, you see a warning
message that the network settings cannot be edited by YaST.
</p></li><li><p>
To enable editing with YaST, leave the message with
<span class="guimenu">OK</span> and on the <span class="guimenu">Global Options</span>
tab, activate <span class="guimenu">Traditional Method with ifup</span>.
</p></li><li><p>
For further configuration, proceed with
<a class="xref" href="cha.wireless.wlan.html#sec.wireless.wlan.yast2.accesspoint" title="32.5.2. Configuration for Access Points">Section 32.5.2, “Configuration for Access Points”</a> or
<a class="xref" href="cha.wireless.wlan.html#sec.wireless.wlan.yast2.adhocnet" title="32.5.3. Establishing an Ad-Hoc Network">Section 32.5.3, “Establishing an Ad-Hoc Network”</a>.
</p><p>
Otherwise confirm your changes with <span class="guimenu">OK</span> to write the
network configuration.
</p></li></ol></div></div><div class="sect2" title="32.5.2. Configuration for Access Points"><div class="titlepage"><div><div><h3 class="title"><a name="sec.wireless.wlan.yast2.accesspoint"></a>32.5.2. Configuration for Access Points<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.wireless.wlan.yast2.accesspoint">¶</a></span></h3></div></div></div><p>
In this section, learn how to configure your WLAN card to connect to an
(external) access point or how to use your WLAN card as access point (if
supported by your WLAN card) . For configuration of networks without an
access point, refer to
<a class="xref" href="cha.wireless.wlan.html#sec.wireless.wlan.yast2.adhocnet" title="32.5.3. Establishing an Ad-Hoc Network">Section 32.5.3, “Establishing an Ad-Hoc Network”</a>.
</p><div class="procedure" title="Procedure 32.1. Configuring Your WLAN Card for Using an Access Point"><a name="pro.wlan.yast2.accesspoint"></a><p class="title"><b>Procedure 32.1. Configuring Your WLAN Card for Using an Access Point</b><span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#pro.wlan.yast2.accesspoint">¶</a></span></p><ol class="procedure" type="1"><li><p>
Start YaST and open the <span class="guimenu">Network Settings</span> dialog.
</p></li><li><p>
Switch to the <span class="guimenu">Overview</span> tab where all network cards
are listed that have been detected by the system. If you need more
information about general network configuration, refer to
<a class="xref" href="cha.basicnet.html#sec.basicnet.yast" title="21.4. Configuring a Network Connection with YaST">Section 21.4, “Configuring a Network Connection with YaST”</a>.
</p></li><li id="st.wireless.wlan.card"><p>
Choose your wireless card from the list and click
<span class="guimenu">Edit</span> to open the <span class="guimenu">Network Card
Setup</span> dialog.
</p></li><li><p>
On the <span class="guimenu">Address</span> tab, configure whether to use a
dynamic or a static IP address for the machine. Usually
<span class="guimenu">Dynamic Address</span> with <span class="guimenu">DHCP</span> is
fine.
</p></li><li><p>
Click <span class="guimenu">Next</span> to proceed to the <span class="guimenu">Wireless
Network Card Configuration</span> dialog.
</p></li><li><p>
To use your WLAN card to connect to an access point, set the
<span class="guimenu">Operating Mode</span> to <span class="guimenu">Managed</span>.
</p><p>
If however you want to use your WLAN card as access point, set the
<span class="guimenu">Operating Mode</span> to <span class="guimenu">Master</span>. Note
that not all WLAN cards support this mode.
</p><div class="note"><table border="0" cellpadding="3" cellspacing="0" width="100%" summary="Note: Using WPA-PSK or WPA-EAP"><tr class="head"><td width="32"><img alt="[Note]" src="admon/note.png"></td><th align="left">Using WPA-PSK or WPA-EAP</th></tr><tr><td colspan="2" align="left" valign="top"><p>
If you want to use WPA-PSK or WPA-EAP authentication modes, the
operating mode must be set to <span class="guimenu">Managed</span>.
</p></td></tr></table></div></li><li><p>
To connect to a certain network, enter the <span class="guimenu">Network Name
(ESSID)</span>. Alternatively, click <span class="guimenu">Scan
Network</span> and select a network from the list of available
wireless networks.
</p><p>
All stations in a wireless network need the same ESSID for
communicating with each other. If no ESSID is specified, your WLAN
card automatically associates with the access point that has the best
signal strength.
</p><div class="note"><table border="0" cellpadding="3" cellspacing="0" width="100%" summary="Note: WPA Authentication Requires an ESSID"><tr class="head"><td width="32"><img alt="[Note]" src="admon/note.png"></td><th align="left">WPA Authentication Requires an ESSID</th></tr><tr><td colspan="2" align="left" valign="top"><p>
If you select <span class="guimenu">WPA</span> authentication, a network name
(ESSID) must be set.
</p></td></tr></table></div></li><li><p>
Select an <span class="guimenu">Authentication Mode</span> for your network.
Which mode is suitable, depends on your WLAN card's driver and the
ability of the other devices in the network.
</p></li><li><p>
If you have chosen to set the <span class="guimenu">Authentication Mode</span>
to <span class="guimenu">No Encryption</span>, finish the configuration by
clicking <span class="guimenu">Next</span>. Confirm the message about this
potential security risk and leave the <span class="guimenu">Overview</span> tab
(showing the newly configured WLAN card) with <span class="guimenu">OK</span>.
</p><p>
If you haven chosen any of the other authentication modes, proceed
with <a class="xref" href="cha.wireless.wlan.html#pro.wlan.yast2.enryption" title="Procedure 32.2. Entering the Encryption Details">Procedure 32.2, “Entering the Encryption Details”</a>.
</p></li></ol></div><div class="figure"><a name="fig.wireless.wlan.yast"></a><p class="title"><b>Figure 32.1. YaST: Configuring the Wireless Network Card</b><span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#fig.wireless.wlan.yast">¶</a></span></p><div class="figure-contents"><div class="mediaobject"><table border="0" summary="manufactured viewport for HTML img" cellspacing="0" cellpadding="0" width="55%"><tr><td><img src="images/yast2_wlan.png" width="100%" alt="YaST: Configuring the Wireless Network Card"></td></tr></table></div></div></div><br class="figure-break"><div class="procedure" title="Procedure 32.2. Entering the Encryption Details"><a name="pro.wlan.yast2.enryption"></a><p class="title"><b>Procedure 32.2. Entering the Encryption Details</b><span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#pro.wlan.yast2.enryption">¶</a></span></p><p>
The following authentication methods require an encryption key:
<span class="guimenu">WEP - Open</span>, <span class="guimenu">WEP - Shared Key</span>, and
<span class="guimenu">WPA-PSK</span>.
</p><p>
For WEP, usually only key is needed—however, up to 4 different
WEP keys can be defined for your station. One of them needs to be set
as the default key and is used for encryption. The others are used for
decryption. Per default, a key length of 128-bit is used, but you can
also choose to set the length to 64-bit.
</p><p>
For higher security, WPA-EAP uses a RADIUS server to authenticate
users. For authentication at the server, three different methods are
available: TLS, TTLS and PEAP. The credentials and certificates you
need for WPA-EAP depend on the authentication method used for the
RADIUS server. Ask your system administrator to provide the needed
information and credentials. YaST searches for any certificate under
<code class="filename">/etc/cert</code>. Therefore, save the certificates given
to you to this location and restrict access to these files to
<code class="literal">0600</code> (owner read and write).
</p><ol class="procedure" type="1"><li><p>
To enter the key for <span class="guimenu">WEP - Open</span> or <span class="guimenu">WEP -
Shared Key</span>:
</p><ol type="a" class="substeps"><li><p>
Set the <span class="guimenu">Key Input Type</span> either to
<span class="guimenu">Passphrase</span>, <span class="guimenu">ASCII</span> or
<span class="guimenu">Hexadecimal</span>.
</p></li><li><p>
Enter the respective <span class="guimenu">Encryption Key</span> (usually only
one key is used):
</p><p>
If you have selected <span class="guimenu">Passphrase</span>, enter a word or
a character string from which a key is generated according to the
specified key length (per default, 128-bit) .
</p><p>
<span class="guimenu">ASCII</span> requests an input of 5 characters for a
64-bit key and 13 characters for a 128-bit key.
</p><p>
For <span class="guimenu">Hexadecimal</span>, enter 10 characters for a 64-bit
key or 26 characters for a 128-bit key in hexadecimal notation.
</p></li><li><p>
To adjust the key length to a lower bit rate (which might be
necessary for older hardware), click <span class="guimenu">WEP Keys</span> and
set the <span class="guimenu">Key Length</span> to <span class="guimenu">64</span> bit.
The <span class="guimenu">WEP Keys</span> dialog also shows the WEP keys that
have been entered so far. Unless another key is explicitly set as
default, YaST always uses the first key as default key.
</p></li><li><p>
To enter more keys for WEP (or to modify one of the keys), select
the respective entry and click <span class="guimenu">Edit</span>. Select the
<span class="guimenu">Key Input Type</span> and enter the key.
</p></li><li><p>
Confirm your changes with <span class="guimenu">OK</span>.
</p></li></ol></li><li><p>
To enter a key for <span class="guimenu">WPA-PSK</span>:
</p><ol type="a" class="substeps"><li><p>
Select the input method <span class="guimenu">Passphrase</span> or
<span class="guimenu">Hexadecimal</span>.
</p></li><li><p>
Enter the respective <span class="guimenu">Encryption Key</span>.
</p><p>
In the <span class="guimenu">Passphrase</span> mode, the input must be 8 to 63
characters. In the <span class="guimenu">Hexadecimal</span> mode, enter 64
characters.
</p></li></ol></li><li><p>
If you have chosen <span class="guimenu">WPA-EAP</span> authentication, click
<span class="guimenu">Next</span> to switch to the <span class="guimenu">WPA-EAP</span>
dialog, where to enter the credentials and certificates you have been
given by your network administrator.
</p><ol type="a" class="substeps"><li><p>
Select the <span class="guimenu">EAP Mode</span> the RADIUS server uses for
authentication. The details you need to enter in the following
depend on the selected <span class="guimenu">EAP Mode</span>.
</p></li><li><p>
For TLS, provide <span class="guimenu">Identity</span>, <span class="guimenu">Client
Certificate</span>, <span class="guimenu">Client Key</span>, and
<span class="guimenu">Client Key Password</span>. To increase security, you
can also configure a <span class="guimenu">Server Certificate</span> used to
validate the server's authenticity.
</p><p>
TTLS and PEAP require <span class="guimenu">Identity</span> and
<span class="guimenu">Password</span>, whereas <span class="guimenu">Server
Certificate</span> and <span class="guimenu">Anonymous Identity</span> are
optional.
</p></li><li><p>
To enter the advanced authentication dialog for your WPA-EAP setup,
click <span class="guimenu">Details</span>.
</p></li><li><p>
Select the <span class="guimenu">Authentication Method</span> for the second
stage of EAP-TTLS or EAP-PEAP communication (inner authentication).
The choice of methods depends on the authentication method for the
RADIUS server you selected in the previous dialog.
</p></li><li><p>
If the automatically-determined setting does not work for you,
choose a specific <span class="guimenu">PEAP Version</span> to force the use
of a certain PEAP implementation.
</p></li></ol></li><li><p>
Confirm your changes with <span class="guimenu">OK</span>. The <span class="guimenu">Overview
</span> tab shows the details of your newly configured WLAN card.
</p></li><li><p>
Click <span class="guimenu">OK</span> to finalize the configuration and to leave
the dialog.
</p></li></ol></div></div><div class="sect2" title="32.5.3. Establishing an Ad-Hoc Network"><div class="titlepage"><div><div><h3 class="title"><a name="sec.wireless.wlan.yast2.adhocnet"></a>32.5.3. Establishing an Ad-Hoc Network<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.wireless.wlan.yast2.adhocnet">¶</a></span></h3></div></div></div><p>
In some cases it is useful to connect two computers equipped with a WLAN
card. To establish an ad-hoc network with YaST, do the following:
</p><div class="procedure"><ol class="procedure" type="1"><li><p>
Start YaST and open the <span class="guimenu">Network Settings</span> dialog.
</p></li><li><p>
Switch to the <span class="guimenu">Overview</span> tab, choose your wireless
card from the list and click <span class="guimenu">Edit</span> to open the
<span class="guimenu">Network Card Setup</span> dialog.
</p></li><li><p>
Choose <span class="guimenu">Statically assigned IP Address</span> and enter the
following data:
</p><div class="itemizedlist"><ul class="itemizedlist" type="bullet"><li class="listitem" style="list-style-type: disc"><p>
<span class="guimenu">IP Address</span>:
<code class="systemitem">192.168.1.1</code>.
Change this address on the second computer to
<code class="systemitem">192.168.1.2</code>,
for example.
</p></li><li class="listitem" style="list-style-type: disc"><p>
<span class="guimenu">Subnet Mask</span>:
<code class="systemitem">/24</code>
</p></li><li class="listitem" style="list-style-type: disc"><p>
<span class="guimenu">Hostname</span>: Choose any name you like.
</p></li></ul></div></li><li><p>
Proceed with <span class="guimenu">Next</span>.
</p></li><li><p>
Set the <span class="guimenu">Operating Mode</span> to
<span class="guimenu">Ad-hoc</span>.
</p></li><li><p>
Choose a <span class="guimenu">Network Name (ESSID)</span>. This can be any
name, but it has to be used on every computer in the ad-hoc network.
</p></li><li><p>
Select an <span class="guimenu">Authentication Mode</span> for your network.
Which mode is suitable, depends on your WLAN card's driver and the
ability of the other devices in the network.
</p></li><li><p>
If you have chosen to set the <span class="guimenu">Authentication Mode</span>
to <span class="guimenu">No Encryption</span>, finish the configuration by
clicking <span class="guimenu">Next</span>. Confirm the message about this
potential security risk and leave the <span class="guimenu">Overview</span> tab
(showing the newly configured WLAN card) with <span class="guimenu">OK</span>.
</p><p>
If you haven chosen any of the other authentication modes, proceed
with <a class="xref" href="cha.wireless.wlan.html#pro.wlan.yast2.enryption" title="Procedure 32.2. Entering the Encryption Details">Procedure 32.2, “Entering the Encryption Details”</a>.
</p></li><li><p>
If you do not have <code class="systemitem">smpppd</code>
installed, YaST asks you to do so.
</p></li><li><p>
Configure the other WLAN cards in the network accordingly, using the
same <span class="guimenu">Network Name (ESSID)</span>, the same
<span class="guimenu">Authentication Mode</span> but different IP addresses.
</p></li></ol></div></div><div class="sect2" title="32.5.4. Setting Additional Configuration Parameters"><div class="titlepage"><div><div><h3 class="title"><a name="sec.wireless.wlan.yast2.advanced"></a>32.5.4. Setting Additional Configuration Parameters<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.wireless.wlan.yast2.advanced">¶</a></span></h3></div></div></div><p>
Usually there is no need to change the preconfigured settings when
configuring your WLAN card. However, if you need detailed configuration
of your WLAN connection, YaST allows you to tweak the following
settings:
</p><div class="variablelist"><dl><dt><span class="term">Channel</span></dt><dd><p>
The specification of a channel on which the WLAN station should work.
This is only needed in <span class="guimenu">Ad-hoc</span> and
<span class="guimenu">Master</span> modes. In <span class="guimenu">Managed</span> mode,
the card automatically searches the available channels for access
points.
</p></dd><dt><span class="term">Bit Rate</span></dt><dd><p>
Depending on the performance of your network, you may want to set a
certain bit rate for the transmission from one point to another. In
the default setting <span class="guimenu">Auto</span>, the system tries to use
the highest possible data transmission rate. Some WLAN cards do not
support the setting of bit rates.
</p></dd><dt><span class="term">Access Point</span></dt><dd><p>
In an environment with several access points, one of them can be
preselected by specifying the MAC address.
</p></dd><dt><span class="term">Power Management</span></dt><dd><p>
When you are on the road, power saving technologies can help to
maximize the operating time of your battery.
Using
power management may affect the connection quality and increase the
network latency.
</p></dd></dl></div><div class="procedure"><p>
To access the advanced options:
</p><ol class="procedure" type="1"><li><p>
Start YaST and open the <span class="guimenu">Network Settings</span> dialog.
</p></li><li><p>
Switch to the <span class="guimenu">Overview</span> tab, choose your wireless
card from the list and click <span class="guimenu">Edit</span> to open the
<span class="guimenu">Network Card Setup</span> dialog.
</p></li><li><p>
Click <span class="guimenu">Next</span> to proceed to the <span class="guimenu">Wireless
Network Card Configuration</span> dialog.
</p></li><li><p>
Click <span class="guimenu">Expert Settings</span>.
</p></li><li><p>
In <span class="guimenu">Ad-hoc</span> mode, select one of the offered channels
(11 to 14, depending on your country) for the communication of your
station with the other stations. In <span class="guimenu">Master</span> mode,
determine on which <span class="guimenu">Channel</span> your card should offer
access point functionality. The default setting for this option is
<span class="guimenu">Auto</span>.
</p></li><li><p>
Select the <span class="guimenu">Bit Rate</span> to use.
</p></li><li><p>
Enter the MAC address of the <span class="guimenu">Access Point</span> you want
to connect to.
</p></li><li><p>
Choose if to <span class="guimenu">Use Power Management</span> or not.
</p></li><li><p>
Confirm your changes with <span class="guimenu">OK</span> and click
<span class="guimenu">Next</span> and <span class="guimenu">OK</span> to finish the
configuration.
</p></li></ol></div></div></div><div class="sect1" title="32.6. Tips and Tricks for Setting Up a WLAN"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sec.wireless.wlan.tant"></a>32.6. Tips and Tricks for Setting Up a WLAN<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.wireless.wlan.tant">¶</a></span></h2></div></div></div><p>
The following tools and tips can help to monitor and improve speed and
stability as well as security aspects of your WLAN.
</p><div class="sect2" title="32.6.1. Utilities"><div class="titlepage"><div><div><h3 class="title"><a name="sec.wireless.wlan.tant.tools"></a>32.6.1. Utilities<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.wireless.wlan.tant.tools">¶</a></span></h3></div></div></div><p>
The package <code class="systemitem">wireless-tools</code>
contains utilities that allow to set wireless LAN specific parameters
and get statistics. See
<a class="ulink" href="http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Tools.html" target="_top">http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Tools.html</a>
for more information.
</p><p>
kismet (package <code class="systemitem">kismet</code>) is a
network diagnosis tool with which to listen to the WLAN packet traffic.
In this way, you can also detect any intrusion attempts in your network.
More information is available at
<a class="ulink" href="http://www.kismetwireless.net/" target="_top">http://www.kismetwireless.net/</a> and in the manual
page.
</p></div><div class="sect2" title="32.6.2. Stability and Speed"><div class="titlepage"><div><div><h3 class="title"><a name="sec.wireless.wlan.tant.stab"></a>32.6.2. Stability and Speed<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.wireless.wlan.tant.stab">¶</a></span></h3></div></div></div><p>
The performance and reliability of a wireless network mainly depend on
whether the participating stations receive a clear signal from the other
stations. Obstructions like walls greatly weaken the signal. The more
the signal strength sinks, the more the transmission slows down. During
operation, check the signal strength with the
<span class="command"><strong>iwconfig</strong></span> utility on the command line (<code class="literal">Link
Quality</code> field) or with the NetworkManager applets provided by KDE or
GNOME. If you have problems with the signal quality, try to set up the
devices somewhere else or adjust the position of the antennas of your
access points. Auxiliary antennas that substantially improve the
reception are available for a number of PCMCIA WLAN cards. The rate
specified by the manufacturer, such as 54 Mbit/s, is a nominal
value that represents the theoretical maximum. In practice, the maximum
data throughout is no more than half this value.
</p><p>
The <span class="command"><strong>iwspy</strong></span> command can displays WLAN statistics:
</p><pre class="screen">iwspy wlan0
wlan0 Statistics collected:
00:AA:BB:CC:DD:EE : Quality:0 Signal level:0 Noise level:0
Link/Cell/AP : Quality:60/94 Signal level:-50 dBm Noise level:-140 dBm (updated)
Typical/Reference : Quality:26/94 Signal level:-60 dBm Noise level:-90 dBm</pre></div><div class="sect2" title="32.6.3. Security"><div class="titlepage"><div><div><h3 class="title"><a name="sec.wireless.wlan.tant.sec"></a>32.6.3. Security<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.wireless.wlan.tant.sec">¶</a></span></h3></div></div></div><p>
If you want to set up a wireless network, remember that anybody within
the transmission range can easily access it if no security measures are
implemented. Therefore, be sure to activate an encryption method. All
WLAN cards and access points support WEP encryption. Although this is
not entirely safe, it does present an obstacle for a potential attacker.
</p><p>
For private use, use WPA-PSK if available. Although Linux supports WPA
on most hardware components, some drivers do not offer WPA support. It
may also not be available on older access points and routers with WLAN
functionality. For such devices, check if WPA can be implemented by
means of a firmware update. If WPA is not available, WEP is better than
no encryption. In enterprises with advanced security requirements,
wireless networks should only be operated with WPA.
</p><p>
Use strong passwords for your authentication method. For example, the
Web page <a class="ulink" href="https://www.grc.com/passwords.htm" target="_top">https://www.grc.com/passwords.htm</a> generates
random 64 character passwords.
</p></div></div><div class="sect1" title="32.7. Troubleshooting"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sec.wireless.wlan.probs"></a>32.7. Troubleshooting<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.wireless.wlan.probs">¶</a></span></h2></div></div></div><p>
If your WLAN card is not automatically detected, check whether it is
supported by openSUSE. A list of supported WLAN network cards is
available under
<a class="ulink" href="http://en.opensuse.org/HCL:Network_(Wireless)" target="_top">http://en.opensuse.org/HCL:Network_(Wireless)</a>. If your
card is not supported, it may be possible to make it work using the
Microsoft Windows drivers with Ndiswrapper. Please refer to
<a class="ulink" href="http://en.opensuse.org/SDB:Ndiswrapper" target="_top">http://en.opensuse.org/SDB:Ndiswrapper</a> for detailed
information.
</p><p>
If your WLAN card fails to respond, check the following prerequisites:
</p><div class="orderedlist"><ol class="orderedlist" type="1"><li><p>
Do you know the device name of the WLAN card? Usually it is
<code class="systemitem">wlan0</code>. Check with the tool
<span class="command"><strong>ifconfig</strong></span>.
</p></li><li><p>
Have you checked your needed firmware? Refer to
<code class="filename">/usr/share/doc/packages/wireless-tools/README.firmware</code>
for more information.
</p></li><li><p>
Is the ESSID of your router broadcasted and visible (not hidden)?
</p></li></ol></div><div class="sect2" title="32.7.1. Check the Network Status"><div class="titlepage"><div><div><h3 class="title"><a name="sec.wireless.wlan.probs.iwconfi"></a>32.7.1. Check the Network Status<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.wireless.wlan.probs.iwconfi">¶</a></span></h3></div></div></div><p>
The command <span class="command"><strong>iwconfig</strong></span> can give you important
information about your wireless connection. For example, the following
line displays the ESSID, the wireless mode, frequency, if you signal is
encrypted, the link quality, and much more:
</p><pre class="screen"><span class="command"><strong>iwconfig</strong></span> wlan0
wlan0 IEEE 802.11abg ESSID:"guest"
Mode:Managed Frequency:5.22GHz Access Point: 00:11:22:33:44:55
Bit Rate:54 Mb/s Tx-Power=13 dBm
Retry min limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality:62/92 Signal level:-48 dBm Noise level:-127 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:10 Invalid misc:0 Missed beacon:0</pre><p>
You can also get the previous information with the
<span class="command"><strong>iwlist</strong></span> command. For example, the following line
displays the current bit rate:
</p><pre class="screen"><span class="command"><strong>iwlist</strong></span> wlan0 rate
wlan0 unknown bit-rate information.
Current Bit Rate=54 Mb/s</pre><p>
If you want an overview how many access points are available, it can
also be done with the <span class="command"><strong>iwlist</strong></span> command. It gives you a
list of <span class="quote">“<span class="quote">cells</span>”</span> which looks like this:
</p><pre class="screen"><span class="command"><strong>iwlist</strong></span> wlan0 scanning
wlan0 Scan completed:
Cell 01 - Address: 00:11:22:33:44:55
Channel:40
Frequency:5.2 GHz (Channel 40)
Quality=67/70 Signal level=-43 dBm
Encryption key: off
ESSID:"Guest"
Bit Rates: 6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s;
24 Mb/s; 36 Mb/s; 48 Mb/s
Mode: Master
Extra:tsf=0000111122223333
Extra: Last beacon: 179ms ago
IE: Unknown: ...</pre></div><div class="sect2" title="32.7.2. Multiple Network Devices"><div class="titlepage"><div><div><h3 class="title"><a name="sec.wireless.wlan.probs.multi"></a>32.7.2. Multiple Network Devices<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.wireless.wlan.probs.multi">¶</a></span></h3></div></div></div><p>
Modern laptops usually have a network card and a WLAN card. If you
configured both devices with DHCP (automatic address assignment), you
may encounter problems with the name resolution and the default gateway.
This is evident from the fact that you can ping the router but cannot
surf the Internet. The Support Database features an article on this
subject at
<a class="ulink" href="http://old-en.opensuse.org/SDB:Name_Resolution_Does_Not_Work_with_Several_Concurrent_DHCP_Clients" target="_top">http://old-en.opensuse.org/SDB:Name_Resolution_Does_Not_Work_with_Several_Concurrent_DHCP_Clients</a>.
</p></div><div class="sect2" title="32.7.3. Problems with Prism2 Cards"><div class="titlepage"><div><div><h3 class="title"><a name="sec.wireless.wlan.probs.prism"></a>32.7.3. Problems with Prism2 Cards<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.wireless.wlan.probs.prism">¶</a></span></h3></div></div></div><p>
Several drivers are available for devices with
<span class="productname">Prism2</span> chips. The various cards work more or
less smoothly with the various drivers. With these cards, WPA is only
possible with the hostap driver. If such a card does not work properly
or not at all or you want to use WPA, read
<code class="filename">/usr/share/doc/packages/wireless-tools/README.prism2</code>.
</p></div></div><div class="sect1" title="32.8. For More Information"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a name="sec.wireless.wlan.info"></a>32.8. For More Information<span class="permalink"><a alt="Permalink" title="Copy Permalink" href="#sec.wireless.wlan.info">¶</a></span></h2></div></div></div><p>
More information can be found on the following pages:
</p><div class="variablelist"><dl><dt><span class="term"><a class="ulink" href="http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Wireless.html" target="_top">http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Wireless.html</a>
</span></dt><dd><p>
The Internet pages of Jean Tourrilhes, who developed the
<span class="emphasis"><em>Wireless Tools</em></span> for Linux, present a wealth of
useful information about wireless networks.
</p></dd><dt><span class="term"><a class="ulink" href="tuxmobil.org" target="_top">tuxmobil.org</a>
</span></dt><dd><p>
Useful hands-on information about mobile computers under Linux.
</p></dd><dt><span class="term"><a class="ulink" href="http://www.linux-on-laptops.com" target="_top">http://www.linux-on-laptops.com</a>
</span></dt><dd><p>
More information about Linux on laptops.
</p></dd><dt><span class="term"><a class="ulink" href="http://en.opensuse.org/HCL:Network_(Wireless)" target="_top">http://en.opensuse.org/HCL:Network_(Wireless)</a>
</span></dt><dd><p>
Lists supported WLAN network cards.
</p></dd><dt><span class="term"><a class="ulink" href="http://en.opensuse.org/SDB:Ndiswrapper" target="_top">http://en.opensuse.org/SDB:Ndiswrapper</a>
</span></dt><dd><p>
Offers a work-around for running unsupported WLAN cards with the
Microsoft Windows using Ndiswrapper.
</p></dd></dl></div></div></div><div class="navfooter"><table width="100%" summary="Navigation footer" border="0" class="bctable"><tr><td width="80%"><div class="breadcrumbs"><p><a href="index.html"> Documentation</a><span class="breadcrumbs-sep"> > </span><a href="book.opensuse.reference.html">Reference</a><span class="breadcrumbs-sep"> > </span><a href="part.reference.mobility.html">Mobility</a><span class="breadcrumbs-sep"> > </span><strong><a accesskey="p" title="Chapter 31. Power Management" href="cha.pmanage.html"><span>◀</span></a> <a accesskey="n" title="Chapter 33. Using Tablet PCs" href="cha.tablet.html"><span>▶</span></a></strong></p></div></td></tr></table></div></body></html>
ACC SHELL 2018