Part II. System / Chapter 17. Wireless Communication | ||||
|---|---|---|---|---|
 | 16.6. The YaST Power Management Module | 17.2. Bluetooth |  | |
Part II. System / Chapter 17. Wireless Communication | ||||
|---|---|---|---|---|
| 16.6. The YaST Power Management Module | 17.2. Bluetooth | | |
Table of Contents
Abstract
There are several possibilities for using your Linux system to communicate with other computers, cellular phones, or peripheral devices. WLAN (wireless LAN) can be used to network laptops. Bluetooth can be used to connect individual system components (mouse, keyboard), peripheral devices, cellular phones, PDAs, and individual computers with each other. IrDA is mostly used for communication with PDAs or cellular phones. This chapter introduces all three technologies and their configuration.
Wireless LANs have become an indispensable aspect of mobile computing. Today, most laptops have built-in WLAN cards. The 802.11 standard for the wireless communication of WLAN cards was prepared by the IEEE organization. Originally, this standard provided for a maximum transmission rate of 2 MBit/s. Meanwhile, several supplements have been added to increase the data rate. These supplements define details such as the modulation, transmission output, and transmission rates:
Table 17.1. Overview of Various WLAN Standards
Name | Band (GHz) | Maximum Transmission Rate (MBit/s) | Note |
|---|---|---|---|
802.11 | 2.4 | 2 | Outdated; virtually no end devices available |
802.11b | 2.4 | 11 | Widespread |
802.11a | 5 | 54 | Less common |
802.11g | 2.4 | 54 | Backward-compatible with 11b |
Additionally, there are proprietary standards, like the 802.11b variation of Texas Instruments with a maximum transmission rate of 22 MBit/s (sometimes referred to as 802.11b+). However, the popularity of cards using this standard is limited.
802.11 cards are not supported by SUSE LINUX. Most cards using 802.11a, 802.11b, and 802.11g are supported. New cards usually comply with the 802.11g standard, but cards using 802.11b are still available. Normally, cards with the following chips are supported:
Lucent/Agere Hermes
Intel PRO/Wireless 2100, 2200BG, 2915ABG
Intersil Prism2/2.5/3
Intersil PrismGT
Atheros 5210, 5211, 5212
Atmel at76c502, at76c503, at76c504, at76c506
Texas Instruments ACX100, ACX111
A number of older cards that are hardly used and no longer available are also supported. An extensive list of WLAN cards and the chips they use is available at the Web site of AbsoluteValue Systems: http://www.linux-wlan.org/docs/wlan_adapters.html.gz. http://wiki.uni-konstanz.de/wiki/bin/view/Wireless/ListeChipsatz provides an overview of the various WLAN chips.
Some cards need a firmware image that must be loaded into the card when the
driver is initialized. This is the case with Intersil
PrismGT, Atmel, and TI
ACX100, ACX111. The firmware can easily be installed with the
YaST Online Update. The firmware for Intel PRO-Wireless cards ships with
SUSE LINUX and is automatically installed by YaST as soon as a card
of this type is detected. More information about this subject is available
in the installed system in
/usr/share/doc/packages/wireless-tools/README.firmware.
Cards without native Linux support can be used by running the ndiswrapper
application. ndiswrapper uses the Windows drivers that are shipped together
with most WLAN cards. A description of ndiswrapper can be found under
/usr/share/doc/packages/ndiswrapper/README.SUSE
(provided the package ndiswrapper
is installed). For in-depth information on ndiswrapper, refer to the
project's Web site http://ndiswrapper.sourceforge.net/support.html.
This section covers the basic aspects of wireless networking. Learn about the different operating modes and authentication and encryption types.
Basically, wireless networks can be classified as managed networks and ad-hoc networks. Managed networks have a managing element: the access point. In this mode (also referred to as infrastructure mode), all connections of the WLAN stations in the network run over the access point, which may also serve as a connection to an ethernet. Ad-hoc networks do not have an access point. The stations communicate directly with each other. The transmission range and number of participating stations are greatly limited in ad-hoc networks. Therefore, an access point is usually more efficient. It is even possible to use a WLAN card as an access point. Most cards support this functionality.
Because a wireless network is much easier to intercept and compromise than a wired network, the various standards include authentication and encryption methods. In the original version of the IEEE 802.11 standard, these are described under the term WEP. However, because WEP has proven to be insecure (see Section 17.1.5.2, “Security”), the WLAN industry (joined under the name Wi-Fi Alliance) has defined a new extension called WPA, which is supposed to eliminate the weaknesses of WEP. The later IEEE 802.11i standard (also referred to as WPA2, because WPA is based on a draft version 802.11i) includes WPA and some other authentication and encryption methods.
To make sure that only authorized stations can connect, various authentication mechanisms are used in managed networks:
An open system is a system that does not require authentication. Any station can join the network. Nevertheless, WEP encryption (see Section 17.1.2.3, “Encryption”) can be used.
In this procedure, the WEP key is used for the authentication. However, this procedure is not recommended, because it makes the WEP key more susceptible to attacks. All an attacker needs to do is to listen long enough to the communication between the station and the access point. During the authentication process, both sides exchange the same information, once in encrypted form and once in unencrypted form. Thus, the key can be reconstructed with suitable tools. Because this method makes use of the WEP key for the authentication and for the encryption, it does not enhance the security of the network. A station that has the correct WEP key can authenticate, encrypt, and decrypt. A station that does not have the key cannot decrypt received packets. Accordingly, it cannot communicate, regardless of whether it had to authenticate itself.
WPA-PSK (PSK stands for preshared key) works similarly to the Shared Key procedure. All participating stations as well as the access point need the same key. The key is 256 bits in length and is usually entered as a passphrase. This system does not need a complex key management like WPA-EAP and is more suitable for private use. Therefore, WPA-PSK is sometimes referred to as WPA “Home”.
Actually, WPA-EAP is not an authentication system but a protocol for transporting authentication information. WPA-EAP is used to protect wireless networks in enterprises. In private networks, it is scarcely used. For this reason, WPA-EAP is sometimes referred to as WPA “Enterprise”.
There are various encryption methods to ensure that no unauthorized person can read the data packets that are exchanged in a wireless network or gain access to the network:
This standard makes use of the RC4 encryption algorithm, originally with a key length of 40 bits, later also with 104 bits. Often, the length is declared as 64 bits or 128 bits, depending on whether the 24 bits of the initialization vector are included or not. However, this standard has some weaknesses. Attacks against the keys generated by this system may be successful. Nevertheless, it is better to use WEP than not encrypt the network at all.
This key management protocol defined in the WPA standard uses the same encryption algorithm as WEP, but eliminates its weakness. Because a new key is generated for every data packet, attacks against these keys are in vain. TKIP is used together with WPA-PSK.
CCMP describes the key management. Usually, it is used in connection with WPA-EAP, but it can also be used with WPA-PSK. The encryption takes place according to AES and is stronger than the RC4 encryption of the WEP standard.
To configure your wireless network card, start the YaST module. In , select the device type and click . In , shown in Figure 17.1, “YaST: Configuring the Wireless Network Card”, make the basic settings for the WLAN operation:
A station can be integrated in a WLAN in three different modes. The suitable mode depends on the network in which to communicate: (peer-to-peer network without access point), (network is managed by an access point), or (your network card should be used as access point).
All stations in a wireless network need the same ESSID for communicating with each other. If nothing is specified, the card automatically selects an access point, which may not be the one you intended to use.
Select a suitable authentication method for your network: , , or . If you select , a network name must be set.
This button opens a dialog for the detailed configuration of your WLAN connection. A detailed description of this dialog is provided later.
After completing the basic settings, your station is ready for deployment in the WLAN.
![[Important]](admon/important.png) | Security in Wireless Networks |
|---|---|
Be sure to use one of the supported authentication and encryption methods to protect your network traffic. Unencrypted WLAN connections allow third parties to intercept all network data. Even a weak encryption (WEP) is better than none at all. Refer to Section 17.1.2.3, “Encryption” and Section 17.1.5.2, “Security” for information. | |
Depending on the selected authentication method, YaST prompts you to fine-tune the settings in another dialog. For , there is nothing to configure, because this setting implements unencrypted operation without authentication.
Set a key input type. Choose from , , or . You may keep up to four different keys to encrypt the transmitted data. Click to enter the key configuration dialog. Set the length of the key: or . The default setting is . In the list area at the bottom of the dialog, up to four different keys can be specified for your station to use for the encryption. Press to define one of them as the default key. Unless you change this, YaST uses the first entered key as the default key. If the standard key is deleted, one of the other keys must be marked manually as the default key. Click to modify existing list entries or create new keys. In this case, a pop-up window prompts you to select an input type (, , or ). If you select , enter a word or a character string from which a key is generated according to the length previously specified. requests an input of 5 characters for a 64-bit key and 13 characters for a 128-bit key. For , enter 10 characters for a 64-bit key or 26 characters for a 128-bit key in hexadecimal notation.
To enter a key for WPA-PSK, select the input method or . In the mode, the input must be 8 to 63 characters. In the mode, enter 64 characters.
Click to leave the dialog for the basic configuration of the WLAN connection and enter the expert configuration. The following options are available in this dialog:
The specification of a channel on which the WLAN station should work is only needed in and modes. In mode, the card automatically searches the available channels for access points. In mode, select one of the 12 offered channels for the communication of your station with the other stations. In mode, determine on which channel your card should offer access point functionality. The default setting for this option is .
Depending on the performance of your network, you may want to set a certain bit rate for the transmission from one point to another. In the default setting , the system tries to use the highest possible data transmission rate. Some WLAN cards do not support the setting of bit rates.
In an environment with several access points, one of them can be preselected by specifying the MAC address.
When you are on the road, use power saving technologies to maximize the operating time of your battery. More information about power management is available in Chapter 16, Power Management.
hostap (hostap package) is used to
run a WLAN card as an access point. More information about this package is
available at the project home page (http://hostap.epitest.fi/).
kismet (kismet package) is a
network diagnosis tool with which to listen to the WLAN packet traffic. In
this way, you can also detect any intrusion attempts in your network. More
information is available at http://www.kismetwireless.net/
and in the manual page.
These tips can help tweak speed and stability as well as security aspects of your WLAN.
The performance and reliability of a wireless network mainly depend on
whether the participating stations receive a clean signal from the other
stations. Obstructions like walls greatly weaken the signal. The more the
signal strength sinks, the more the transmission slows down. During
operation, check the signal strength with the iwconfig utility on the
command line (Link Quality field) or with kwifimanager
in KDE. If you have problems with the signal quality, try to set up the
devices somewhere else or adjust the position of the antennas of your
access points. Auxiliary antennas that substantially improve the reception
are available for a number of PCMCIA WLAN cards. The rate specified by the
manufacturer, such as 54 MBit/s, is a nominal value that
represents the
theoretical maximum. In practice, the maximum data throughput is
no more than half this value.
If you want to set up a wireless network, remember that anybody within the transmission range can easily access it if no security measures are implemented. Therefore, be sure to activate an encryption method. All WLAN cards and access points support WEP encryption. Although this is not entirely safe, it does present an obstacle for a potential attacker. WEP is usually adequate for private use. WPA-PSK would be even better, but it is not implemented in older access points or routers with WLAN functionality. On some devices, WPA can be implemented by means of a firmware update. Furthermore, Linux does not support WPA on all hardware components. When this documentation was prepared, WPA only worked with cards using Atheros or Prism2/2.5/3 chips. On the latter, WPA only works if the hostap driver is used (see Section 17.1.6.2, “Problems with Prism2 Cards”). If WPA is not available, WEP is better than no encryption. In enterprises with advanced security requirements, wireless networks should only be operated with WPA.
If your WLAN card fails to respond, check if you have downloaded the needed firmware. Refer to Section 17.1.1, “Hardware”. The following paragraphs cover some known problems.
Modern laptops usually have a network card and a WLAN card. If you configured both devices with DHCP (automatic address assignment), you may encounter problems with the name resolution and the default gateway. This is evident from the fact that you can ping the router but cannot surf the Internet. The Support Database at http://portal.suse.com features an article on this subject. To find the article, enter “DHCP” in the search dialog.
Several drivers are available for devices with
Prism2 chips. The various cards work more or
less smoothly with the various drivers. With these cards, WPA is only
possible with the hostap driver. If such a card does not work properly or
not at all or you want to use WPA, read
/usr/share/doc/packages/wireless-tools/README.prism2.
WPA support has been implemented for the first time in SUSE LINUX.
In Linux, WPA support is still under development. Thus, YaST
only allows the configuration of WPA-PSK. WPA does not work
with many cards. To enable WPA, some of these cards need
a firmware update. If you want to use WPA, read
/usr/share/doc/packages/wireless-tools/README.wpa.
The Internet pages of Jean Tourrilhes, who developed the Wireless Tools for Linux, present a wealth of useful information about wireless networks. See http://www.hpl.hp.com/personal/Jean_Tourrilhes/Linux/Wireless.html.
