Monday, 3 December 2012

Build Asus EeePC Debian Wifi Access Point

Background

I have a number of old netbooks and laptops, gathering dust in my office that have been discarded over the years by family members, friends and myself as they have been replaced by newer faster models. Many of them are in various stages of being dismantled as they have been cannibalised to keep other machines going. In addition to old computer equipment, my office is also littered with old networking equipment including access points and even some wireless antennas that I seem to have accumulated over the years. Even with all this old hardware available to me, I still find myself wanting a Linux based access point for two reasons.
  • The challenge of getting it working, and learn a few things on the way.
  • To provide a Linux machine for future projects I have in mind.

Hardware

Looking at the equipment I have available to experiment with, I have chosen to use one of the two original Asus EeePC available. After all, these were the machines that created the whole netbook category as I see it. I have a 701 4G Surf in a rather fetching baby blue and white colour, and a 701 8G model.
Despite the rather girlie colour its the 4G Surf that I have chosen as I don't need much storage space, and the battery is in better condition than the 8G alternative.
 

Debian OS

The Asus has a Atheros wifi card which is supported in the ath5k driver. This is included in the kernel of Debian distributions since 2.6.25. Debian Squeeze (at time of writing) is the current stable release, so I headed over to the downloads page and several minutes later had a Net Install CD burnt ready for action.
 If you need help installing Debian there is a lot of useful information in the Debian EeePC Wiki.
 

OS Installation

The install itself is simple enough, I chose to do an expert text only install. Previously on other netbooks I've had problems with GUI installs and the different resolutions. I didn't even try the GUI, it may work fine, text although not pretty always works though.
When it came to partitioning the disks, I went with a single 4GB ext3 partition. I didn't bother with a swap space as I don't have a lot of space to play with, but primarily because the internal disk is flash memory, I can't see how it will actually add much to the performance anyway. I don't have conclusive information either way, so just chose a simple set-up for my needs.
During the Software Selection of the install process I opted for the three following options.
  • SSH Server
  • Laptop
  • Standard System Utilities
If at a later date I find I need some additional functionality I can always install the relevant package at that time. At the moment I am keen to avoid installing all sorts of software and risk wasting valuable disk space which is at a premium on the EeePC.
Following a reboot, and logging in with the credentials provided during the install it all looks good with both my ethernet and wifi interfaces being available.
root@eeepc:~#$ ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:1f:c6:3e:1f:b9
 inet addr:10.1.1.158 Bcast:10.1.1.255 Mask:255.255.255.0
 inet6 addr: fe80::21f:c6ff:fe3e:1fb9/64 Scope:Link
 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
 RX packets:182 errors:0 dropped:0 overruns:0 frame:0
 TX packets:104 errors:0 dropped:0 overruns:0 carrier:1
 collisions:1 txqueuelen:1000
 RX bytes:21877 (21.3 KiB) TX bytes:14862 (14.5 KiB)
 Memory:fbfc0000-fc000000

lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0
 inet6 addr: ::1/128 Scope:Host
 UP LOOPBACK RUNNING MTU:16436 Metric:1
 RX packets:8 errors:0 dropped:0 overruns:0 frame:0
 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:0
 RX bytes:560 (560.0 B) TX bytes:560 (560.0 B)

pan0 Link encap:Ethernet HWaddr 9a:12:2c:14:30:5b
 BROADCAST MULTICAST MTU:1500 Metric:1
 RX packets:0 errors:0 dropped:0 overruns:0 frame:0
 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:0
 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

wlan0 Link encap:Ethernet HWaddr 00:15:af:8e:04:7c
 BROADCAST MULTICAST MTU:1500 Metric:1
 RX packets:0 errors:0 dropped:0 overruns:0 frame:0
 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1000
 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
 

Additional Packages Required

Pretty much everything you need to get up and running will probably be installed now, there are some exceptions of course. For my access point I will need to be able to put the Atheros wifi card into Master mode, to enable me to do this I need Hostapd.
apt-get install hostapd
In addition I also will be requiring the ability to bridge the Wlan0 and Eth0 interfaces and will need the bridge utils package to achieve this.
apt-get install bridge-utils
 

Post Installation Configuration - Hostapd

Once hostapd is installed you need to edit a couple of config files to enable it to start up as a daemon with the required configuration.
  1. In /etc/default/hostapd  replace the line #DAEMON_CONF="" with DAEMON_CONF="/etc/hostapd/hostapd.conf"
  2. Edit /etc/hostapd/hostapd.conf file and include the configuration for your new wireless network. An example is shown below, but more information on the settings available can be found on this hostapd driver page, it is targeted towards PRISM based wifi cards, but is still a good reference.
The following can be used as a sample hostapd.conf for an open access point.
#
# Config for /etc/hostapd/hostapd.conf for an open wifi.
#
interface=wlan0
driver=nl80211
bridge=br0
ssid=open-wifi
auth_algs=1
channel=11
wpa=0
ignore_broadcast_ssid=0
It is very simple to add WPA security, as the example below shows.
#
# Config for /etc/hostapd/hostapd.conf for a secure wifi.
#
interface=wlan0
driver=nl80211
bridge=br0
ssid=secure-wifi
auth_algs=1
channel=1
wpa=3
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
wpa_passphrase=securewirelesspassword
macaddr_acl=0
ignore_broadcast_ssid=0
Even though we have not yet set-up the bridging function, it is probably worth restarting the hostapd process for the new configuration file to be used. To do this simply enter  the following:
/etc/init.d/hostapd restart
 

Post Installation Configuration - Bridging.

All that is left to do in this simple set-up is to build the bridge and allocate the real physical interfaces to the bridge. The commands below are all that is needed to do this.
ifconfig eth0 0.0.0.0 down
ifconfig wlan0 0.0.0.0 down
brctl addbr br0
brctl addif br0 eth0
brctl addif br0 wlan0
brctl stp br0 off
ifconfig eth0 0.0.0.0 up
ifconfig wlan0 0.0.0.0 up
dhclient br0
Whilst this may look complicated, it is very simple really.
  • Lines 1 & 2 remove any IP address on the Ethernet and Wifi interfaces and shuts them down.
  • Line 3 defines a new interface br0
  • Lines 4 and 5 add the Ethernet and Wifi interfaces into the bridge group br0
  • Line 6 turns spanning-tree off. This is a function which prevents loops in a network, and isn't needed for a simple wireless network.
  • Lines 7 & 8 bring up the two interfaces without an IP address assigned.
  • Line 9 requests an IP address for the br0 interface so the host Debian box can accessed for management purposes.

It Works

I now have an old Asus EeePC up and running as a basic Access Point using Debian Linux.
AsusEeePC-AP  

Summary

This is a simple project but one I've been planning to do for a while now. This small portable laptop is now functioning as a simple access point. I have further projects planned, some of the ideas include
  • Add a DHCP server and route rather than bridge between the Wifi and the Ethernet.
  • Add NAT (or more specifically PAT) functionality to mascaraed the wireless clients so their IP addresses do not appear on the attached Ethernet.
  • Build an OpenVPN connection from the laptop to a remote server so that the wireless clients are then tunnelled across the attached Ethernet. This will allow both traffic encryption and hiding of the end Wifi devices.
  • As a simple data collection point to run capture tools such as tcpdump, dsniff and driftnet for testing and demonstration purposes.
  • Building on that idea, add ettercap functionality to highlight the threat of MITM (Man In The Middle) attacks and educate people not to just use any open wireless network.
  • Investigate the possibility of building some content filtering solution to protect children from stumbling (or finding) non appropriate web sites.
I have no idea what will come first on that list, or when I will find the time, but all of those things present a challenge and catch my interest.
I hope this information helps someone somewhere, if you have any thoughts or ideas, please leave a comment.

No comments:

Post a Comment

All comments made are subject to moderation.