Screw encryption!

On Friday, I said I was finally going to secure my wireless LAN. As you can probably tell from the title of this post, that didn't go so well. As of this writing, I am still running an open system because that's the only configuration I can get to work with all three of my computers.

268023_d-link_switch.jpgI've spent several hours messing with this today, and it's put me in a really foul mood. There was a time when I enjoyed messing around with my system configuration, but I just can't do it anymore. I don't care that much about networking. I have too many other things I want to spend my time on. I just want my damn network to function and not let anyone who drives by eavesdrop on all my traffic. Is that too much to ask?

My upgrade process started with a firmware update to my D-Link DI-524 C wireless router. This update included WPA2 support, which was a nice bonus. So my encryption options were now: nothing, WEP, WPA, WPA2, and something called WPA2-auto. On the down side, it included no additional documentation, so I have no clude what this "WPA2-auto" is supposed to be. But "auto" sounded promising, so I decided to go with that mode.

Turns out this was a bad idea. According to this forum thread, WPA2-auto doesn't seem to work consistently. Unfortunately, I didn't discover this until I had spent a considerable amount of time trying to get my PC configuration right. You see, I was misled because my laptop was able to connect one time while the router was in WPA2-auto mode. That led me to assume that the problem was with my PCs, not the router. Guess I should have Googled first.

So, eventually, I ended up going with plain-old WPA. The client configuration was a bit tricky for this. You see, my laptop uses NDISwrapper, so I could just use KNetworkManager to enter the pre-shared key. However, my desktops both have RaLink cards and use the rt2500 driver. This driver does not use the Linux wireless extensions and hence does not work with NetworkManager. To configure these cards, you need to add some lines to your /etc/network/interfaces file, as described here. It works, but the down side is that it breaks NetworkManager. However, since these are desktop PCs with 1 WiFi card connecting to 1 access point, that's not really a big deal.

While the desktops weren't that difficult (one I got the right router settings, that is), the laptop was another story. I still haven't figured that one out yet. Of course, I was out of energy by the time I got around to it, so I wasn't exactly in peak form.

The laptop has in integrated Broadcom card which, as I said becore, is configured to use NDISwrapper. This means it works with KNetworkManager. However, I couldn't get KNetworkManager to connect to the access point with WPA enabled. I selected the encryption mode, entered the pre-shared key, and then the connection progress bar would hang at 28%. The iwconfig output said that the card was associated with my access point, but I never got an IP address.

My current suspicion is that the laptop is using stale configuration data from my failed WPA2-auto attempt. I had some problem with stale configuration on the desktops too. For those, I just did a /etc/init.d/networking stop and then unloaded the driver module, then reloaded and restarted. That cleared everything up. In this case, however, I'm thinking it's the data stored by KNetworkManager. The only problem is, I have no clue whatsoever where I would look to find out. The interface is really spartan and there's no obvious way to delete stale configurations.

There is still one big functionality question I'm left with: how do I get NetworkManager to centrally configure an access point for all users? Both Sarah and I have our own accounts on the laptop, and I'd really like NetworkManager to automatically detect when our home network is present and connect to the access point at system start-up. I'm thinking there must be a way to do that, but there's nothing obvious in any of the configuration tools.

You can reply to this entry by leaving a comment below. This entry accepts Pingbacks from other blogs. You can follow comments on this entry by subscribing to the RSS feed.

Add your comments #

A comment body is required. No HTML code allowed. URLs starting with http:// or ftp:// will be automatically converted to hyperlinks.