[gentoo-user] Configuring hostapd

[gentoo-user] Configuring hostapd

[Fernando Rodriguez]

Hello,

After installing hostapd I can successfully connect to the AP, I can get DHCP 
from it, but I cannot access the network through it (neither lan or internet). 
This is an existing router box so iptables and everything else is already 
properly configured.

I'm using this minimal config:

interface=wlp0s10
#driver=nl80211
hw_mode=g
channel=6
#ieee80211d=1
#country_code=FR
#ieee80211n=1
#wmm_enabled=1

ssid=LinuxAP
auth_algs=1
wpa=2
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_passphrase=hello linux ap 

iw list shows the following supported modes:
* IBSS
* managed
* AP
* AP/VLAN
* monitor

The ebuild warns that in order for hostapd to work I need to set the card in 
master mode (the wiki makes no mention of it). But when I try to do that 
(either through the net init scripts or through iwconfig) I get the following 
error:

Error for wireless request "Set Mode" (8B06) :
    SET failed on device wlp0s10 ; Invalid argument.

However after starting hostapd it appears that it was able to set the card to 
master mode according to iwconfig:

wlp0s10   IEEE 802.11bg  Mode:Master  Tx-Power=20 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off

So, is this card supported or not? Will I be able to connect and get dhcp from 
the server if it didn't? Avahi also _sortof_ works. If I add the wifi card to 
the deny-interfaces list on avahi-daemon.conf and try to ping the AP using the 
avahi name the avahi daemon (on the AP) logs the following:

Received packet from invalid interface.


This is the output of rc-service hostapd start:

Configuration file: /etc/hostapd/hostapd.conf
Using interface wlp0s10 with hwaddr 00:14:a5:cb:4d:8a and ssid "LinuxAP"
wlp0s10: interface state UNINITIALIZED->ENABLED
wlp0s10: AP-ENABLED         [ ok ]


Any suggestions?

-- 
Fernando Rodriguez

Re: [gentoo-user] Configuring hostapd

[Fernando Rodriguez]

On Saturday, August 01, 2015 8:50:21 PM Fernando Rodriguez wrote:
> Hello,
> 
> After installing hostapd I can successfully connect to the AP, I can get 
DHCP 
> from it, but I cannot access the network through it (neither lan or 
internet). 
> This is an existing router box so iptables and everything else is already 
> properly configured.
> 
> I'm using this minimal config:
> 
> interface=wlp0s10
> #driver=nl80211
> hw_mode=g
> channel=6
> #ieee80211d=1
> #country_code=FR
> #ieee80211n=1
> #wmm_enabled=1
> 
> ssid=LinuxAP
> auth_algs=1
> wpa=2
> wpa_key_mgmt=WPA-PSK
> rsn_pairwise=CCMP
> wpa_passphrase=hello linux ap 
> 
> iw list shows the following supported modes:
> * IBSS
> * managed
> * AP
> * AP/VLAN
> * monitor
> 
> The ebuild warns that in order for hostapd to work I need to set the card in 
> master mode (the wiki makes no mention of it). But when I try to do that 
> (either through the net init scripts or through iwconfig) I get the following 
> error:
> 
> Error for wireless request "Set Mode" (8B06) :
>     SET failed on device wlp0s10 ; Invalid argument.
> 
> However after starting hostapd it appears that it was able to set the card 
to 
> master mode according to iwconfig:
> 
> wlp0s10   IEEE 802.11bg  Mode:Master  Tx-Power=20 dBm   
>           Retry short limit:7   RTS thr:off   Fragment thr:off
>           Power Management:off
> 
> So, is this card supported or not? Will I be able to connect and get dhcp 
from 
> the server if it didn't? Avahi also _sortof_ works. If I add the wifi card to 
> the deny-interfaces list on avahi-daemon.conf and try to ping the AP using 
the 
> avahi name the avahi daemon (on the AP) logs the following:
> 
> Received packet from invalid interface.
> 
> 
> This is the output of rc-service hostapd start:
> 
> Configuration file: /etc/hostapd/hostapd.conf
> Using interface wlp0s10 with hwaddr 00:14:a5:cb:4d:8a and ssid "LinuxAP"
> wlp0s10: interface state UNINITIALIZED->ENABLED
> wlp0s10: AP-ENABLED         [ ok ]
> 
> 
> Any suggestions?
> 
> 

Forgot to mention, the card is: 
Qualcomm Atheros AR2413/AR2414 Wireless Network Adapter
It uses ath5k driver.

-- 
Fernando Rodriguez

Re: [gentoo-user] Configuring hostapd

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 2772 bytes --]

On Sunday 02 Aug 2015 01:50:21 Fernando Rodriguez wrote:
> Hello,
> 
> After installing hostapd I can successfully connect to the AP, I can get
> DHCP from it, but I cannot access the network through it (neither lan or
> internet). 

This sounds like a (network) routing problem, rather than a hostapd issue.


> This is an existing router box so iptables and everything else
> is already properly configured.
> 
> I'm using this minimal config:
> 
> interface=wlp0s10
> #driver=nl80211
> hw_mode=g
> channel=6
> #ieee80211d=1
> #country_code=FR
> #ieee80211n=1
> #wmm_enabled=1
> 
> ssid=LinuxAP
> auth_algs=1
> wpa=2
> wpa_key_mgmt=WPA-PSK
> rsn_pairwise=CCMP
> wpa_passphrase=hello linux ap
> 
> iw list shows the following supported modes:
> * IBSS
> * managed
> * AP
> * AP/VLAN
> * monitor
> 
> The ebuild warns that in order for hostapd to work I need to set the card
> in master mode (the wiki makes no mention of it). 

I think this is a matter of nomenclature.  Your AP & AP/VLAN would/should be 
the equivalent to master mode.


> But when I try to do
> that (either through the net init scripts or through iwconfig) I get the
> following error:
> 
> Error for wireless request "Set Mode" (8B06) :
>     SET failed on device wlp0s10 ; Invalid argument.

Did you try setting it up as AP, or AP/VLAN to see if it works?  In the latter 
you will also need to setting a route for the AP VLAN to access the default 
(V)LAN and Internet.



> However after starting hostapd it appears that it was able to set the card
> to master mode according to iwconfig:
> 
> wlp0s10   IEEE 802.11bg  Mode:Master  Tx-Power=20 dBm
>           Retry short limit:7   RTS thr:off   Fragment thr:off
>           Power Management:off

What mode is shown if you use AP or AP/VLAN?


> So, is this card supported or not? Will I be able to connect and get dhcp
> from the server if it didn't? 

I believe that your card is supported for hostapd use, or otherwise you would 
not be able to get a dhcp address from the server.


> Avahi also _sortof_ works. If I add the wifi
> card to the deny-interfaces list on avahi-daemon.conf and try to ping the
> AP using the avahi name the avahi daemon (on the AP) logs the following:
> 
> Received packet from invalid interface.
> 
> 
> This is the output of rc-service hostapd start:
> 
> Configuration file: /etc/hostapd/hostapd.conf
> Using interface wlp0s10 with hwaddr 00:14:a5:cb:4d:8a and ssid "LinuxAP"
> wlp0s10: interface state UNINITIALIZED->ENABLED
> wlp0s10: AP-ENABLED         [ ok ]
> 
> 
> Any suggestions?

Check that your routing is set up to allow connections from your client IP 
through the network of the AP.

-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

Re: [gentoo-user] Configuring hostapd

[Fernando Rodriguez]

On Sunday, August 02, 2015 1:29:50 PM Mick wrote:
> On Sunday 02 Aug 2015 01:50:21 Fernando Rodriguez wrote:
> > Hello,
> > 
> > After installing hostapd I can successfully connect to the AP, I can get
> > DHCP from it, but I cannot access the network through it (neither lan or
> > internet). 
> 
> This sounds like a (network) routing problem, rather than a hostapd issue.

It looks like that, but if I stop iptables completely on the router all 
unicast traffic still works in the lan (both wired and through an external AP), 
so if I connect to the hostapd AP with iptables off, shouldn't I at the very 
least be able to ping the wireless interface on the router?

I also tried with only the following rule which enables internet access to all 
wired workstations and through external AP:

iptables -t nat -A POSTROUTING -o enp0s8 -j MASQUERADE


> > This is an existing router box so iptables and everything else
> > is already properly configured.
> > 
> > I'm using this minimal config:
> > 
> > interface=wlp0s10
> > #driver=nl80211
> > hw_mode=g
> > channel=6
> > #ieee80211d=1
> > #country_code=FR
> > #ieee80211n=1
> > #wmm_enabled=1
> > 
> > ssid=LinuxAP
> > auth_algs=1
> > wpa=2
> > wpa_key_mgmt=WPA-PSK
> > rsn_pairwise=CCMP
> > wpa_passphrase=hello linux ap
> > 
> > iw list shows the following supported modes:
> > * IBSS
> > * managed
> > * AP
> > * AP/VLAN
> > * monitor
> > 
> > The ebuild warns that in order for hostapd to work I need to set the card
> > in master mode (the wiki makes no mention of it). 
> 
> I think this is a matter of nomenclature.  Your AP & AP/VLAN would/should be 
> the equivalent to master mode.
> 
> 
> > But when I try to do
> > that (either through the net init scripts or through iwconfig) I get the
> > following error:
> > 
> > Error for wireless request "Set Mode" (8B06) :
> >     SET failed on device wlp0s10 ; Invalid argument.
> 
> Did you try setting it up as AP, or AP/VLAN to see if it works?  In the 
latter 
> you will also need to setting a route for the AP VLAN to access the default 
> (V)LAN and Internet.

I did, same error. But I found that this is an issue with mac80211 based 
drivers, they can only be set to master mode through the nl80211 interface 
which is what hostapd uses. So from what I understand, as long as iw list 
shows AP mode I'm good and the ebuild warning is outdated. I believe you just 
net to enable the netlink use flag (which I did) for it to work.

http://linuxwireless.org/en/users/Documentation/hostapd/

Thanks,

-- 
Fernando Rodriguez

Re: [gentoo-user] Configuring hostapd

[Mick]

[-- Attachment #1: Type: Text/Plain, Size: 1344 bytes --]

On Sunday 02 Aug 2015 22:04:41 Fernando Rodriguez wrote:
> On Sunday, August 02, 2015 1:29:50 PM Mick wrote:
> > On Sunday 02 Aug 2015 01:50:21 Fernando Rodriguez wrote:
> > > Hello,
> > > 
> > > After installing hostapd I can successfully connect to the AP, I can
> > > get DHCP from it, but I cannot access the network through it (neither
> > > lan or internet).
> > 
> > This sounds like a (network) routing problem, rather than a hostapd
> > issue.
> 
> It looks like that, but if I stop iptables completely on the router all
> unicast traffic still works in the lan (both wired and through an external
> AP), so if I connect to the hostapd AP with iptables off, shouldn't I at
> the very least be able to ping the wireless interface on the router?
> 
> I also tried with only the following rule which enables internet access to
> all wired workstations and through external AP:
> 
> iptables -t nat -A POSTROUTING -o enp0s8 -j MASQUERADE

You should probably specify the local subnet, so that multicast packets are 
not sent out to the Internet, e.g.:

iptables -t nat -A POSTROUTING -o enp0s8 -s 192.168.1.0/24 ! -d 192.168.1.0/24  
-j MASQUERADE

(Change 192.168.1.0/24 to suit your LAN subnet)

Also have you enabled ip forwarding in your kernel:

sysctl -w net.ipv4.ip_forward=1

-- 
Regards,
Mick

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

Re: [gentoo-user] Configuring hostapd

[Fernando Rodriguez]

On Sunday, August 02, 2015 11:12:07 PM Mick wrote:
> On Sunday 02 Aug 2015 22:04:41 Fernando Rodriguez wrote:
> > On Sunday, August 02, 2015 1:29:50 PM Mick wrote:
> > > On Sunday 02 Aug 2015 01:50:21 Fernando Rodriguez wrote:
> > > > Hello,
> > > > 
> > > > After installing hostapd I can successfully connect to the AP, I can
> > > > get DHCP from it, but I cannot access the network through it (neither
> > > > lan or internet).
> > > 
> > > This sounds like a (network) routing problem, rather than a hostapd
> > > issue.
> > 
> > It looks like that, but if I stop iptables completely on the router all
> > unicast traffic still works in the lan (both wired and through an external
> > AP), so if I connect to the hostapd AP with iptables off, shouldn't I at
> > the very least be able to ping the wireless interface on the router?
> > 
> > I also tried with only the following rule which enables internet access to
> > all wired workstations and through external AP:
> > 
> > iptables -t nat -A POSTROUTING -o enp0s8 -j MASQUERADE
> 
> You should probably specify the local subnet, so that multicast packets are 
> not sent out to the Internet, e.g.:
> 
> iptables -t nat -A POSTROUTING -o enp0s8 -s 192.168.1.0/24 ! -d 
192.168.1.0/24  
> -j MASQUERADE
> 
> (Change 192.168.1.0/24 to suit your LAN subnet)

I'm not actually using that rule except as a minimal setup for troubleshooting 
this issue. My actual rules do specify the subnet.

> Also have you enabled ip forwarding in your kernel:
> 
> sysctl -w net.ipv4.ip_forward=1

Yes, it is an existing router that works perfectly except for the hostapd AP. 
My current setup is as follows:

Internet -> Gentoo Router -> Switch -> AP

Where AP is a wifi router with routing features disabled. Never had problems 
with it. Now I installed hostapd on "Gentoo Router" and everything else still 
works fine except when I connect to the hostapd AP. Even with only that minimal 
iptable rule or no rules at all.

Thanks,

-- 
Fernando Rodriguez

Re: [gentoo-user] Configuring hostapd

[Cor Legemaat]

[-- Attachment #1: Type: text/plain, Size: 2432 bytes --]

On Sun, 2015-08-02 at 19:56 -0400, Fernando Rodriguez wrote:
> On Sunday, August 02, 2015 11:12:07 PM Mick wrote:
> > On Sunday 02 Aug 2015 22:04:41 Fernando Rodriguez wrote:
> > > On Sunday, August 02, 2015 1:29:50 PM Mick wrote:
> > > > On Sunday 02 Aug 2015 01:50:21 Fernando Rodriguez wrote:
> > > > > Hello,
> > > > > 
> > > > > After installing hostapd I can successfully connect to the 
> > > > > AP, I can
> > > > > get DHCP from it, but I cannot access the network through it 
> > > > > (neither
> > > > > lan or internet).
> > > > 
> > > > This sounds like a (network) routing problem, rather than a 
> > > > hostapd
> > > > issue.
> > > 
> > > It looks like that, but if I stop iptables completely on the 
> > > router all
> > > unicast traffic still works in the lan (both wired and through 
> > > an external
> > > AP), so if I connect to the hostapd AP with iptables off, 
> > > shouldn't I at
> > > the very least be able to ping the wireless interface on the 
> > > router?
> > > 
> > > I also tried with only the following rule which enables internet 
> > > access to
> > > all wired workstations and through external AP:
> > > 
> > > iptables -t nat -A POSTROUTING -o enp0s8 -j MASQUERADE
> > 
> > You should probably specify the local subnet, so that multicast 
> > packets are
> > not sent out to the Internet, e.g.:
> > 
> > iptables -t nat -A POSTROUTING -o enp0s8 -s 192.168.1.0/24 ! -d
> 192.168.1.0/24
> > -j MASQUERADE
> > 
> > (Change 192.168.1.0/24 to suit your LAN subnet)
> 
> I'm not actually using that rule except as a minimal setup for 
> troubleshooting
> this issue. My actual rules do specify the subnet.
> 
> > Also have you enabled ip forwarding in your kernel:
> > 
> > sysctl -w net.ipv4.ip_forward=1
> 
> Yes, it is an existing router that works perfectly except for the 
> hostapd AP.
> My current setup is as follows:
> 
> Internet -> Gentoo Router -> Switch -> AP
> 
> Where AP is a wifi router with routing features disabled. Never had 
> problems
> with it. Now I installed hostapd on "Gentoo Router" and everything 
> else still
> works fine except when I connect to the hostapd AP. Even with only 
> that minimal
> iptable rule or no rules at all.
> 
> Thanks,
> 
Probably /dev/random depleated, try enable your hardware rng or sys-
apps/haveged test with `cat /proc/sys/kernel/random/entropy_avail`

Regards:
Cor

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

Re: [gentoo-user] Configuring hostapd

[Fernando Rodriguez]

On Tuesday, August 04, 2015 8:18:43 PM Cor Legemaat wrote:
> On Sun, 2015-08-02 at 19:56 -0400, Fernando Rodriguez wrote:
> > On Sunday, August 02, 2015 11:12:07 PM Mick wrote:
> > > On Sunday 02 Aug 2015 22:04:41 Fernando Rodriguez wrote:
> > > > On Sunday, August 02, 2015 1:29:50 PM Mick wrote:
> > > > > On Sunday 02 Aug 2015 01:50:21 Fernando Rodriguez wrote:
> > > > > > Hello,
> > > > > > 
> > > > > > After installing hostapd I can successfully connect to the 
> > > > > > AP, I can
> > > > > > get DHCP from it, but I cannot access the network through it 
> > > > > > (neither
> > > > > > lan or internet).
> > > > > 
> > > > > This sounds like a (network) routing problem, rather than a 
> > > > > hostapd
> > > > > issue.
> > > > 
> > > > It looks like that, but if I stop iptables completely on the 
> > > > router all
> > > > unicast traffic still works in the lan (both wired and through 
> > > > an external
> > > > AP), so if I connect to the hostapd AP with iptables off, 
> > > > shouldn't I at
> > > > the very least be able to ping the wireless interface on the 
> > > > router?
> > > > 
> > > > I also tried with only the following rule which enables internet 
> > > > access to
> > > > all wired workstations and through external AP:
> > > > 
> > > > iptables -t nat -A POSTROUTING -o enp0s8 -j MASQUERADE
> > > 
> > > You should probably specify the local subnet, so that multicast 
> > > packets are
> > > not sent out to the Internet, e.g.:
> > > 
> > > iptables -t nat -A POSTROUTING -o enp0s8 -s 192.168.1.0/24 ! -d
> > 192.168.1.0/24
> > > -j MASQUERADE
> > > 
> > > (Change 192.168.1.0/24 to suit your LAN subnet)
> > 
> > I'm not actually using that rule except as a minimal setup for 
> > troubleshooting
> > this issue. My actual rules do specify the subnet.
> > 
> > > Also have you enabled ip forwarding in your kernel:
> > > 
> > > sysctl -w net.ipv4.ip_forward=1
> > 
> > Yes, it is an existing router that works perfectly except for the 
> > hostapd AP.
> > My current setup is as follows:
> > 
> > Internet -> Gentoo Router -> Switch -> AP
> > 
> > Where AP is a wifi router with routing features disabled. Never had 
> > problems
> > with it. Now I installed hostapd on "Gentoo Router" and everything 
> > else still
> > works fine except when I connect to the hostapd AP. Even with only 
> > that minimal
> > iptable rule or no rules at all.
> > 
> > Thanks,
> > 
> Probably /dev/random depleated, try enable your hardware rng or sys-
> apps/haveged test with `cat /proc/sys/kernel/random/entropy_avail`
> 
> Regards:
> Cor

Thanks. II did get an error about depleted entropy at some point when starting 
hostapd but I went ahead and installed haveged and it still doesn't work. It 
doesn't even work when configured as an open AP. I checked the kernel config and 
I had VLAN support disabled. I've rebuilt it but can't reboot right now. Maybe 
it's required even though I'm not using VLANs? 

-- 
Fernando Rodriguez

Re: [gentoo-user] Configuring hostapd

[Cor Legemaat]

[-- Attachment #1: Type: text/plain, Size: 3907 bytes --]

On Wed, 2015-08-05 at 01:00 -0400, Fernando Rodriguez wrote:
> On Tuesday, August 04, 2015 8:18:43 PM Cor Legemaat wrote:
> > On Sun, 2015-08-02 at 19:56 -0400, Fernando Rodriguez wrote:
> > > On Sunday, August 02, 2015 11:12:07 PM Mick wrote:
> > > > On Sunday 02 Aug 2015 22:04:41 Fernando Rodriguez wrote:
> > > > > On Sunday, August 02, 2015 1:29:50 PM Mick wrote:
> > > > > > On Sunday 02 Aug 2015 01:50:21 Fernando Rodriguez wrote:
> > > > > > > Hello,
> > > > > > > 
> > > > > > > After installing hostapd I can successfully connect to 
> > > > > > > the
> > > > > > > AP, I can
> > > > > > > get DHCP from it, but I cannot access the network 
> > > > > > > through it
> > > > > > > (neither
> > > > > > > lan or internet).
> > > > > > 
> > > > > > This sounds like a (network) routing problem, rather than a
> > > > > > hostapd
> > > > > > issue.
> > > > > 
> > > > > It looks like that, but if I stop iptables completely on the
> > > > > router all
> > > > > unicast traffic still works in the lan (both wired and 
> > > > > through
> > > > > an external
> > > > > AP), so if I connect to the hostapd AP with iptables off,
> > > > > shouldn't I at
> > > > > the very least be able to ping the wireless interface on the
> > > > > router?
> > > > > 
> > > > > I also tried with only the following rule which enables 
> > > > > internet
> > > > > access to
> > > > > all wired workstations and through external AP:
> > > > > 
> > > > > iptables -t nat -A POSTROUTING -o enp0s8 -j MASQUERADE
> > > > 
> > > > You should probably specify the local subnet, so that multicast
> > > > packets are
> > > > not sent out to the Internet, e.g.:
> > > > 
> > > > iptables -t nat -A POSTROUTING -o enp0s8 -s 192.168.1.0/24 ! -d
> > > 192.168.1.0/24
> > > > -j MASQUERADE
> > > > 
> > > > (Change 192.168.1.0/24 to suit your LAN subnet)
> > > 
> > > I'm not actually using that rule except as a minimal setup for
> > > troubleshooting
> > > this issue. My actual rules do specify the subnet.
> > > 
> > > > Also have you enabled ip forwarding in your kernel:
> > > > 
> > > > sysctl -w net.ipv4.ip_forward=1
> > > 
> > > Yes, it is an existing router that works perfectly except for the
> > > hostapd AP.
> > > My current setup is as follows:
> > > 
> > > Internet -> Gentoo Router -> Switch -> AP
> > > 
> > > Where AP is a wifi router with routing features disabled. Never 
> > > had
> > > problems
> > > with it. Now I installed hostapd on "Gentoo Router" and 
> > > everything
> > > else still
> > > works fine except when I connect to the hostapd AP. Even with 
> > > only
> > > that minimal
> > > iptable rule or no rules at all.
> > > 
> > > Thanks,
> > > 
> > Probably /dev/random depleated, try enable your hardware rng or 
> > sys-
> > apps/haveged test with `cat /proc/sys/kernel/random/entropy_avail`
> > 
> > Regards:
> > Cor
> 
> Thanks. II did get an error about depleted entropy at some point 
> when starting
> hostapd but I went ahead and installed haveged and it still doesn't 
> work. It
> doesn't even work when configured as an open AP. I checked the 
> kernel config and
> I had VLAN support disabled. I've rebuilt it but can't reboot right 
> now. Maybe
> it's required even though I'm not using VLANs?
> 
Is there an IP configured on the interface or the bridge of that 
interface? Can you ping your gateway? If I'm correct dhcp uses 
broadcast but you need a valid gateway IP switchable on mac layer.

Does it stay connected? I have a problem with a link between hostapd 
and a mikrotik device on 802.11a where I needed to patch hostapd to 
get it to stay connected. But that should show in hostapd debug logs. 
Mine is still running on hostapd-2.3 because if I update and screw it 
my internet is broken, if that's your problem I will search for my 
notes and mail it.

Regards:
Cor

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

Re: [gentoo-user] Configuring hostapd

[Fernando Rodriguez]

On Thursday, August 06, 2015 7:04:27 AM Cor Legemaat wrote:
> On Wed, 2015-08-05 at 01:00 -0400, Fernando Rodriguez wrote:
> > On Tuesday, August 04, 2015 8:18:43 PM Cor Legemaat wrote:
> > > On Sun, 2015-08-02 at 19:56 -0400, Fernando Rodriguez wrote:
> > > > On Sunday, August 02, 2015 11:12:07 PM Mick wrote:
> > > > > On Sunday 02 Aug 2015 22:04:41 Fernando Rodriguez wrote:
> > > > > > On Sunday, August 02, 2015 1:29:50 PM Mick wrote:
> > > > > > > On Sunday 02 Aug 2015 01:50:21 Fernando Rodriguez wrote:
> > > > > > > > Hello,
> > > > > > > > 
> > > > > > > > After installing hostapd I can successfully connect to 
> > > > > > > > the
> > > > > > > > AP, I can
> > > > > > > > get DHCP from it, but I cannot access the network 
> > > > > > > > through it
> > > > > > > > (neither
> > > > > > > > lan or internet).
> > > > > > > 
> > > > > > > This sounds like a (network) routing problem, rather than a
> > > > > > > hostapd
> > > > > > > issue.
> > > > > > 
> > > > > > It looks like that, but if I stop iptables completely on the
> > > > > > router all
> > > > > > unicast traffic still works in the lan (both wired and 
> > > > > > through
> > > > > > an external
> > > > > > AP), so if I connect to the hostapd AP with iptables off,
> > > > > > shouldn't I at
> > > > > > the very least be able to ping the wireless interface on the
> > > > > > router?
> > > > > > 
> > > > > > I also tried with only the following rule which enables 
> > > > > > internet
> > > > > > access to
> > > > > > all wired workstations and through external AP:
> > > > > > 
> > > > > > iptables -t nat -A POSTROUTING -o enp0s8 -j MASQUERADE
> > > > > 
> > > > > You should probably specify the local subnet, so that multicast
> > > > > packets are
> > > > > not sent out to the Internet, e.g.:
> > > > > 
> > > > > iptables -t nat -A POSTROUTING -o enp0s8 -s 192.168.1.0/24 ! -d
> > > > 192.168.1.0/24
> > > > > -j MASQUERADE
> > > > > 
> > > > > (Change 192.168.1.0/24 to suit your LAN subnet)
> > > > 
> > > > I'm not actually using that rule except as a minimal setup for
> > > > troubleshooting
> > > > this issue. My actual rules do specify the subnet.
> > > > 
> > > > > Also have you enabled ip forwarding in your kernel:
> > > > > 
> > > > > sysctl -w net.ipv4.ip_forward=1
> > > > 
> > > > Yes, it is an existing router that works perfectly except for the
> > > > hostapd AP.
> > > > My current setup is as follows:
> > > > 
> > > > Internet -> Gentoo Router -> Switch -> AP
> > > > 
> > > > Where AP is a wifi router with routing features disabled. Never 
> > > > had
> > > > problems
> > > > with it. Now I installed hostapd on "Gentoo Router" and 
> > > > everything
> > > > else still
> > > > works fine except when I connect to the hostapd AP. Even with 
> > > > only
> > > > that minimal
> > > > iptable rule or no rules at all.
> > > > 
> > > > Thanks,
> > > > 
> > > Probably /dev/random depleated, try enable your hardware rng or 
> > > sys-
> > > apps/haveged test with `cat /proc/sys/kernel/random/entropy_avail`
> > > 
> > > Regards:
> > > Cor
> > 
> > Thanks. II did get an error about depleted entropy at some point 
> > when starting
> > hostapd but I went ahead and installed haveged and it still doesn't 
> > work. It
> > doesn't even work when configured as an open AP. I checked the 
> > kernel config and
> > I had VLAN support disabled. I've rebuilt it but can't reboot right 
> > now. Maybe
> > it's required even though I'm not using VLANs?
> > 
> Is there an IP configured on the interface or the bridge of that 
> interface? 

Yes

> Can you ping your gateway? 

No...I can ping it locally or remotely when I connect through the external AP 
but not through hostapd.

> If I'm correct dhcp uses 
> broadcast but you need a valid gateway IP switchable on mac layer.
> 
> Does it stay connected? 

Yes

> I have a problem with a link between hostapd 
> and a mikrotik device on 802.11a where I needed to patch hostapd to 
> get it to stay connected. But that should show in hostapd debug logs. 
> Mine is still running on hostapd-2.3 because if I update and screw it 
> my internet is broken, if that's your problem I will search for my 
> notes and mail it.

Tried hostapd-2.3 too, same thing.
I will try it on a laptop with a more recent adapter tomorrow to rule that 
out.

> Regards:
> Cor

-- 
Fernando Rodriguez

Re: [gentoo-user] Configuring hostapd

[Cor Legemaat]

[-- Attachment #1: Type: text/plain, Size: 5098 bytes --]

On Thu, 2015-08-06 at 23:41 -0400, Fernando Rodriguez wrote:
> On Thursday, August 06, 2015 7:04:27 AM Cor Legemaat wrote:
> > On Wed, 2015-08-05 at 01:00 -0400, Fernando Rodriguez wrote:
> > > On Tuesday, August 04, 2015 8:18:43 PM Cor Legemaat wrote:
> > > > On Sun, 2015-08-02 at 19:56 -0400, Fernando Rodriguez wrote:
> > > > > On Sunday, August 02, 2015 11:12:07 PM Mick wrote:
> > > > > > On Sunday 02 Aug 2015 22:04:41 Fernando Rodriguez wrote:
> > > > > > > On Sunday, August 02, 2015 1:29:50 PM Mick wrote:
> > > > > > > > On Sunday 02 Aug 2015 01:50:21 Fernando Rodriguez 
> > > > > > > > wrote:
> > > > > > > > > Hello,
> > > > > > > > > 
> > > > > > > > > After installing hostapd I can successfully connect 
> > > > > > > > > to
> > > > > > > > > the
> > > > > > > > > AP, I can
> > > > > > > > > get DHCP from it, but I cannot access the network
> > > > > > > > > through it
> > > > > > > > > (neither
> > > > > > > > > lan or internet).
> > > > > > > > 
> > > > > > > > This sounds like a (network) routing problem, rather 
> > > > > > > > than a
> > > > > > > > hostapd
> > > > > > > > issue.
> > > > > > > 
> > > > > > > It looks like that, but if I stop iptables completely on 
> > > > > > > the
> > > > > > > router all
> > > > > > > unicast traffic still works in the lan (both wired and
> > > > > > > through
> > > > > > > an external
> > > > > > > AP), so if I connect to the hostapd AP with iptables off,
> > > > > > > shouldn't I at
> > > > > > > the very least be able to ping the wireless interface on 
> > > > > > > the
> > > > > > > router?
> > > > > > > 
> > > > > > > I also tried with only the following rule which enables
> > > > > > > internet
> > > > > > > access to
> > > > > > > all wired workstations and through external AP:
> > > > > > > 
> > > > > > > iptables -t nat -A POSTROUTING -o enp0s8 -j MASQUERADE
> > > > > > 
> > > > > > You should probably specify the local subnet, so that 
> > > > > > multicast packets are
> > > > > > not sent out to the Internet, e.g.:
> > > > > > 
> > > > > > iptables -t nat -A POSTROUTING -o enp0s8 -s 192.168.1.0/24 
> > > > > > ! -d
> > > > > 192.168.1.0/24
> > > > > > -j MASQUERADE
> > > > > > 
> > > > > > (Change 192.168.1.0/24 to suit your LAN subnet)
> > > > > 
> > > > > I'm not actually using that rule except as a minimal setup 
> > > > > for troubleshooting
> > > > > this issue. My actual rules do specify the subnet.
> > > > > 
> > > > > > Also have you enabled ip forwarding in your kernel:
> > > > > > 
> > > > > > sysctl -w net.ipv4.ip_forward=1
> > > > > 
> > > > > Yes, it is an existing router that works perfectly except 
> > > > > for the hostapd AP.
> > > > > My current setup is as follows:
> > > > > 
> > > > > Internet -> Gentoo Router -> Switch -> AP
> > > > > 
> > > > > Where AP is a wifi router with routing features disabled. 
> > > > > Never had
> > > > > problems
> > > > > with it. Now I installed hostapd on "Gentoo Router" and
> > > > > everything
> > > > > else still
> > > > > works fine except when I connect to the hostapd AP. Even 
> > > > > with only
> > > > > that minimal
> > > > > iptable rule or no rules at all.
> > > > > 
> > > > > Thanks,
> > > > > 
> > > > Probably /dev/random depleated, try enable your hardware rng 
> > > > or sys-
> > > > apps/haveged test with `cat 
> > > > /proc/sys/kernel/random/entropy_avail`
> > > > 
> > > > Regards:
> > > > Cor
> > > 
> > > Thanks. II did get an error about depleted entropy at some point 
> > > when starting
> > > hostapd but I went ahead and installed haveged and it still 
> > > doesn't work. It
> > > doesn't even work when configured as an open AP. I checked the 
> > > kernel config and
> > > I had VLAN support disabled. I've rebuilt it but can't reboot 
> > > right now. Maybe
> > > it's required even though I'm not using VLANs?
> > > 
> > Is there an IP configured on the interface or the bridge of that 
> > interface?
> 
> Yes
> 
> > Can you ping your gateway?
> 
> No...I can ping it locally or remotely when I connect through the 
> external AP
> but not through hostapd.
> 
> > If I'm correct dhcp uses
> > broadcast but you need a valid gateway IP switchable on mac layer.
> > 
> > Does it stay connected?
> 
> Yes
> 
> > I have a problem with a link between hostapd
> > and a mikrotik device on 802.11a where I needed to patch hostapd 
> > to get it to stay connected. But that should show in hostapd debug 
> > logs. Mine is still running on hostapd-2.3 because if I update and 
> > screw it my internet is broken, if that's your problem I will 
> > search for my notes and mail it.
> 
> Tried hostapd-2.3 too, same thing.
> I will try it on a laptop with a more recent adapter tomorrow to 
> rule that
> out.
> 
> > Regards: Cor
> 
If you stay connected I would assume your hostapd setup and key is 
correct, otherwise you wouldn't receive a dhcp answer. That must be an 
IP config/iptables problem but very difficult to help if I can't see 
your setup.

Regards:
Cor

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 473 bytes --]

Re: [gentoo-user] Configuring hostapd

[Fernando Rodriguez]

On Monday, August 10, 2015 8:59:27 AM Cor Legemaat wrote:
> On Thu, 2015-08-06 at 23:41 -0400, Fernando Rodriguez wrote:
> > On Thursday, August 06, 2015 7:04:27 AM Cor Legemaat wrote:
> > > On Wed, 2015-08-05 at 01:00 -0400, Fernando Rodriguez wrote:
> > > > On Tuesday, August 04, 2015 8:18:43 PM Cor Legemaat wrote:
> > > > > On Sun, 2015-08-02 at 19:56 -0400, Fernando Rodriguez wrote:
> > > > > > On Sunday, August 02, 2015 11:12:07 PM Mick wrote:
> > > > > > > On Sunday 02 Aug 2015 22:04:41 Fernando Rodriguez wrote:
> > > > > > > > On Sunday, August 02, 2015 1:29:50 PM Mick wrote:
> > > > > > > > > On Sunday 02 Aug 2015 01:50:21 Fernando Rodriguez 
> > > > > > > > > wrote:
> > > > > > > > > > Hello,
> > > > > > > > > > 
> > > > > > > > > > After installing hostapd I can successfully connect 
> > > > > > > > > > to
> > > > > > > > > > the
> > > > > > > > > > AP, I can
> > > > > > > > > > get DHCP from it, but I cannot access the network
> > > > > > > > > > through it
> > > > > > > > > > (neither
> > > > > > > > > > lan or internet).
> > > > > > > > > 
> > > > > > > > > This sounds like a (network) routing problem, rather 
> > > > > > > > > than a
> > > > > > > > > hostapd
> > > > > > > > > issue.
> > > > > > > > 
> > > > > > > > It looks like that, but if I stop iptables completely on 
> > > > > > > > the
> > > > > > > > router all
> > > > > > > > unicast traffic still works in the lan (both wired and
> > > > > > > > through
> > > > > > > > an external
> > > > > > > > AP), so if I connect to the hostapd AP with iptables off,
> > > > > > > > shouldn't I at
> > > > > > > > the very least be able to ping the wireless interface on 
> > > > > > > > the
> > > > > > > > router?
> > > > > > > > 
> > > > > > > > I also tried with only the following rule which enables
> > > > > > > > internet
> > > > > > > > access to
> > > > > > > > all wired workstations and through external AP:
> > > > > > > > 
> > > > > > > > iptables -t nat -A POSTROUTING -o enp0s8 -j MASQUERADE
> > > > > > > 
> > > > > > > You should probably specify the local subnet, so that 
> > > > > > > multicast packets are
> > > > > > > not sent out to the Internet, e.g.:
> > > > > > > 
> > > > > > > iptables -t nat -A POSTROUTING -o enp0s8 -s 192.168.1.0/24 
> > > > > > > ! -d
> > > > > > 192.168.1.0/24
> > > > > > > -j MASQUERADE
> > > > > > > 
> > > > > > > (Change 192.168.1.0/24 to suit your LAN subnet)
> > > > > > 
> > > > > > I'm not actually using that rule except as a minimal setup 
> > > > > > for troubleshooting
> > > > > > this issue. My actual rules do specify the subnet.
> > > > > > 
> > > > > > > Also have you enabled ip forwarding in your kernel:
> > > > > > > 
> > > > > > > sysctl -w net.ipv4.ip_forward=1
> > > > > > 
> > > > > > Yes, it is an existing router that works perfectly except 
> > > > > > for the hostapd AP.
> > > > > > My current setup is as follows:
> > > > > > 
> > > > > > Internet -> Gentoo Router -> Switch -> AP
> > > > > > 
> > > > > > Where AP is a wifi router with routing features disabled. 
> > > > > > Never had
> > > > > > problems
> > > > > > with it. Now I installed hostapd on "Gentoo Router" and
> > > > > > everything
> > > > > > else still
> > > > > > works fine except when I connect to the hostapd AP. Even 
> > > > > > with only
> > > > > > that minimal
> > > > > > iptable rule or no rules at all.
> > > > > > 
> > > > > > Thanks,
> > > > > > 
> > > > > Probably /dev/random depleated, try enable your hardware rng 
> > > > > or sys-
> > > > > apps/haveged test with `cat 
> > > > > /proc/sys/kernel/random/entropy_avail`
> > > > > 
> > > > > Regards:
> > > > > Cor
> > > > 
> > > > Thanks. II did get an error about depleted entropy at some point 
> > > > when starting
> > > > hostapd but I went ahead and installed haveged and it still 
> > > > doesn't work. It
> > > > doesn't even work when configured as an open AP. I checked the 
> > > > kernel config and
> > > > I had VLAN support disabled. I've rebuilt it but can't reboot 
> > > > right now. Maybe
> > > > it's required even though I'm not using VLANs?
> > > > 
> > > Is there an IP configured on the interface or the bridge of that 
> > > interface?
> > 
> > Yes
> > 
> > > Can you ping your gateway?
> > 
> > No...I can ping it locally or remotely when I connect through the 
> > external AP
> > but not through hostapd.
> > 
> > > If I'm correct dhcp uses
> > > broadcast but you need a valid gateway IP switchable on mac layer.
> > > 
> > > Does it stay connected?
> > 
> > Yes
> > 
> > > I have a problem with a link between hostapd
> > > and a mikrotik device on 802.11a where I needed to patch hostapd 
> > > to get it to stay connected. But that should show in hostapd debug 
> > > logs. Mine is still running on hostapd-2.3 because if I update and 
> > > screw it my internet is broken, if that's your problem I will 
> > > search for my notes and mail it.
> > 
> > Tried hostapd-2.3 too, same thing.
> > I will try it on a laptop with a more recent adapter tomorrow to 
> > rule that
> > out.
> > 
> > > Regards: Cor
> > 
> If you stay connected I would assume your hostapd setup and key is 
> correct, otherwise you wouldn't receive a dhcp answer. That must be an 
> IP config/iptables problem but very difficult to help if I can't see 
> your setup.
> 
> Regards:
> Cor

I used only this rule for testing:
iptables -t nat -A POSTROUTING -o enp0s8 -j MASQUERADE

I tested on a laptop and the same setup works with one minor issue, bringing 
up the wireless interface creates a routing table entry that tries to route 
LAN traffic through the wireless interface so I can't access the wired LAN or 
internet (since it has to go through the gateway) until I delete it manually, 
but I can still access the laptop through the wireless interface.

Other than that the differences are that the laptop uses ath9k whereas the 
router uses ath5k and the router uses the gentoo-sources-3.18.12 and laptop 
currently has 4.0.6 from git.

-- 
Fernando Rodriguez

Re: [gentoo-user] Configuring hostapd

[Cor Legemaat]

[-- Attachment #1: Type: text/plain, Size: 6979 bytes --]

On Mon, 2015-08-10 at 15:20 -0400, Fernando Rodriguez wrote:
> On Monday, August 10, 2015 8:59:27 AM Cor Legemaat wrote:
> > On Thu, 2015-08-06 at 23:41 -0400, Fernando Rodriguez wrote:
> > > On Thursday, August 06, 2015 7:04:27 AM Cor Legemaat wrote:
> > > > On Wed, 2015-08-05 at 01:00 -0400, Fernando Rodriguez wrote:
> > > > > On Tuesday, August 04, 2015 8:18:43 PM Cor Legemaat wrote:
> > > > > > On Sun, 2015-08-02 at 19:56 -0400, Fernando Rodriguez 
> > > > > > wrote:
> > > > > > > On Sunday, August 02, 2015 11:12:07 PM Mick wrote:
> > > > > > > > On Sunday 02 Aug 2015 22:04:41 Fernando Rodriguez 
> > > > > > > > wrote:
> > > > > > > > > On Sunday, August 02, 2015 1:29:50 PM Mick wrote:
> > > > > > > > > > On Sunday 02 Aug 2015 01:50:21 Fernando Rodriguez
> > > > > > > > > > wrote:
> > > > > > > > > > > Hello,
> > > > > > > > > > > 
> > > > > > > > > > > After installing hostapd I can successfully 
> > > > > > > > > > > connect
> > > > > > > > > > > to
> > > > > > > > > > > the
> > > > > > > > > > > AP, I can
> > > > > > > > > > > get DHCP from it, but I cannot access the network
> > > > > > > > > > > through it
> > > > > > > > > > > (neither
> > > > > > > > > > > lan or internet).
> > > > > > > > > > 
> > > > > > > > > > This sounds like a (network) routing problem, 
> > > > > > > > > > rather
> > > > > > > > > > than a
> > > > > > > > > > hostapd
> > > > > > > > > > issue.
> > > > > > > > > 
> > > > > > > > > It looks like that, but if I stop iptables 
> > > > > > > > > completely on
> > > > > > > > > the
> > > > > > > > > router all
> > > > > > > > > unicast traffic still works in the lan (both wired 
> > > > > > > > > and
> > > > > > > > > through
> > > > > > > > > an external
> > > > > > > > > AP), so if I connect to the hostapd AP with iptables 
> > > > > > > > > off,
> > > > > > > > > shouldn't I at
> > > > > > > > > the very least be able to ping the wireless 
> > > > > > > > > interface on
> > > > > > > > > the
> > > > > > > > > router?
> > > > > > > > > 
> > > > > > > > > I also tried with only the following rule which 
> > > > > > > > > enables
> > > > > > > > > internet
> > > > > > > > > access to
> > > > > > > > > all wired workstations and through external AP:
> > > > > > > > > 
> > > > > > > > > iptables -t nat -A POSTROUTING -o enp0s8 -j 
> > > > > > > > > MASQUERADE
> > > > > > > > 
> > > > > > > > You should probably specify the local subnet, so that
> > > > > > > > multicast packets are
> > > > > > > > not sent out to the Internet, e.g.:
> > > > > > > > 
> > > > > > > > iptables -t nat -A POSTROUTING -o enp0s8 -s 
> > > > > > > > 192.168.1.0/24
> > > > > > > > ! -d
> > > > > > > 192.168.1.0/24
> > > > > > > > -j MASQUERADE
> > > > > > > > 
> > > > > > > > (Change 192.168.1.0/24 to suit your LAN subnet)
> > > > > > > 
> > > > > > > I'm not actually using that rule except as a minimal 
> > > > > > > setup
> > > > > > > for troubleshooting
> > > > > > > this issue. My actual rules do specify the subnet.
> > > > > > > 
> > > > > > > > Also have you enabled ip forwarding in your kernel:
> > > > > > > > 
> > > > > > > > sysctl -w net.ipv4.ip_forward=1
> > > > > > > 
> > > > > > > Yes, it is an existing router that works perfectly except
> > > > > > > for the hostapd AP.
> > > > > > > My current setup is as follows:
> > > > > > > 
> > > > > > > Internet -> Gentoo Router -> Switch -> AP
> > > > > > > 
> > > > > > > Where AP is a wifi router with routing features disabled.
> > > > > > > Never had
> > > > > > > problems
> > > > > > > with it. Now I installed hostapd on "Gentoo Router" and
> > > > > > > everything
> > > > > > > else still
> > > > > > > works fine except when I connect to the hostapd AP. Even
> > > > > > > with only
> > > > > > > that minimal
> > > > > > > iptable rule or no rules at all.
> > > > > > > 
> > > > > > > Thanks,
> > > > > > > 
> > > > > > Probably /dev/random depleated, try enable your hardware 
> > > > > > rng
> > > > > > or sys-
> > > > > > apps/haveged test with `cat
> > > > > > /proc/sys/kernel/random/entropy_avail`
> > > > > > 
> > > > > > Regards:
> > > > > > Cor
> > > > > 
> > > > > Thanks. II did get an error about depleted entropy at some 
> > > > > point when starting
> > > > > hostapd but I went ahead and installed haveged and it still
> > > > > doesn't work. It
> > > > > doesn't even work when configured as an open AP. I checked 
> > > > > the kernel config and
> > > > > I had VLAN support disabled. I've rebuilt it but can't 
> > > > > reboot right now. Maybe
> > > > > it's required even though I'm not using VLANs?
> > > > > 
> > > > Is there an IP configured on the interface or the bridge of 
> > > > that interface?
> > > 
> > > Yes
> > > 
> > > > Can you ping your gateway?
> > > 
> > > No...I can ping it locally or remotely when I connect through 
> > > the external AP
> > > but not through hostapd.
> > > 
> > > > If I'm correct dhcp uses
> > > > broadcast but you need a valid gateway IP switchable on mac 
> > > > layer.
> > > > 
> > > > Does it stay connected?
> > > 
> > > Yes
> > > 
> > > > I have a problem with a link between hostapd
> > > > and a mikrotik device on 802.11a where I needed to patch 
> > > > hostapd to get it to stay connected. But that should show in 
> > > > hostapd debug logs. Mine is still running on hostapd-2.3 
> > > > because if I update and screw it my internet is broken, if 
> > > > that's your problem I will search for my notes and mail it.
> > > 
> > > Tried hostapd-2.3 too, same thing.
> > > I will try it on a laptop with a more recent adapter tomorrow to 
> > > rule that
> > > out.
> > > 
> > > > Regards: Cor
> > > 
> > If you stay connected I would assume your hostapd setup and key is 
> > correct, otherwise you wouldn't receive a dhcp answer. That must 
> > be an IP config/iptables problem but very difficult to help if I 
> > can't see your setup.
> > 
> > Regards:
> > Cor
> 
> I used only this rule for testing:
> iptables -t nat -A POSTROUTING -o enp0s8 -j MASQUERADE
> 
> I tested on a laptop and the same setup works with one minor issue, 
> bringing
> up the wireless interface creates a routing table entry that tries 
> to route
> LAN traffic through the wireless interface so I can't access the 
> wired LAN or
> internet (since it has to go through the gateway) until I delete it 
> manually,
> but I can still access the laptop through the wireless interface.
> 
> Other than that the differences are that the laptop uses ath9k 
> whereas the
> router uses ath5k and the router uses the gentoo-sources-3.18.12 and 
> laptop
> currently has 4.0.6 from git.
> 
Wat is the output of:
      * for table in filter nat mangle raw security; do echo Table\ 
        $table: && iptables -t $table -L -v --line-numbers; done
      * ifconfig -a
      * ip route show
      * brctl show

Regards:
Cor

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 473 bytes --]