OpenBSD Journal

WPA/WPA2 Support in OpenBSD

Contributed by merdely on from the would-you-like-some-cheese-with-your-whine dept.

Damien Bergamini (damien@) just committed WPA-support (wikipedia) for OpenBSD. In the commit message, Damien states that "bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4), rum(4), upgt(4), and zyd(4) should work." And, Damien says "support for more chipsets should arrive soon."

Examples, ifconfig(8) output and commit messages below.

To use WPA-PSK in station mode:

# ifconfig ral0 wpa wpapsk \
0x0e8de50e2a614dbd83df61db3e042b396177e8cc8ef7e1f2e83e158a19ba5ea3
To convert a passphrase to a 256-bit hexadecimal key, use wpa-psk(8):
# /sbin/wpa-psk <ssid> <passphrase>

The output of ifconfig ral0 looks like:

ral0: flags=8802 mtu 1500
        lladdr 00:11:2f:82:8c:01
        groups: wlan
        media: IEEE802.11 autoselect mode 11g hostap
        status: active
        ieee80211: nwid openbsd-ap chan 5 bssid 00:11:2f:82:8c:01
                   wpapsk <not displayed> wpaprotos wpa1,wpa2
                   wpaakms psk,802.1x wpaciphers tkip,ccmp
                   wpagroupcipher tkip 100dBm

Commit messages:

CVSROOT:	/cvs
Module name:	src
Changes by:	damien@	2008/04/16 12:32:15

Modified files:
	sys/conf       : files 
	sbin/ifconfig  : ifconfig.8 ifconfig.c 
	sys/net80211   : ieee80211.c ieee80211.h ieee80211_crypto.c 
	                 ieee80211_crypto.h ieee80211_input.c 
	                 ieee80211_ioctl.c ieee80211_ioctl.h 
	                 ieee80211_node.c ieee80211_node.h 
	                 ieee80211_output.c ieee80211_proto.c 
	                 ieee80211_proto.h ieee80211_var.h 
	sys/dev/ic     : acx.c atw.c bwi.c malo.c pgt.c rt2560.c 
	                 rt2661.c rt2860.c rt2860reg.h rtw.c 
	sys/dev/pci    : if_ipw.c if_ipwvar.h if_iwn.c if_wpi.c 
	sys/dev/usb    : if_ral.c if_rum.c if_upgt.c if_zyd.c 
Added files:
	sys/net80211   : ieee80211_crypto_ccmp.c ieee80211_crypto_tkip.c 
	                 ieee80211_crypto_wep.c 

Log message:
Kernel implementation of the 4-way handshake and group-key
handshake protocols (both supplicant and authenticator state
machines) as defined in the IEEE 802.11i standard.

Software implementation of the TKIP (Temporal Key Integrity
Protocol) and CCMP (CTR with CBC-MAC Protocol) protocols.

This diff doesn't implement any of the 802.1X authentication
protocols and thus only PSK authentication (using pre-shared
keys) is currently supported.

In concrete terms, this adds support for WPA-PSK and WPA2-PSK
protocols, both in station and hostap modes.

The following drivers are marked as WPA-capable and should
work:  bwi(4), malo(4), ral(4), iwn(4), wpi(4), ural(4),
rum(4), upgt(4), and zyd(4)

The following options have been added to ifconfig(8):
wpa, wpapsk, wpaprotos, wpaakms, wpaciphers, wpagroupcipher

wpa-psk(8) can be used to generate keys from passphrases.

tested by many@
ok deraadt@

and

CVSROOT:	/cvs
Module name:	src
Changes by:	damien@	2008/04/15 10:29:05

Added files:
	sbin/wpa-psk   : Makefile wpa-psk.8 wpa-psk.c 

Log message:
welcome wpa-psk(8).

ok deraadt@

Thank you to Damien for working on this oft requested feature and making it a reality (and thanks for helping me with this article). Be sure to show your appreciation by donating to the project.

(Comments are closed)


Comments
  1. By Anonymous Coward (2a01:348:6:b5::2) on

    Thanks a lot. Great work!

    Comments
    1. By Didier Wiroth (158.64.152.221) didier.wiroth@mcesr.etat.lu on http://www.wiroth.net

      > Thanks a lot. Great work!

      Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Thanks Thanks thanks THANKS, GRACIAS, MERCI, DANKE SCHOEN .....
      Thank you, thank you, thank you!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

      Comments
      1. By Anonymous Coward (24.37.242.64) on

        > > Thanks a lot. Great work!
        >
        > Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Thanks Thanks thanks THANKS, GRACIAS, MERCI, DANKE SCHOEN .....
        > Thank you, thank you, thank you!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

        My sentiments too.

        Comments
        1. By Baldusi (190.16.188.60) on

          > > > Thanks a lot. Great work!
          > >
          > > Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Thanks Thanks thanks THANKS, GRACIAS, MERCI, DANKE SCHOEN .....
          > > Thank you, thank you, thank you!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
          >
          > My sentiments too.
          I couldn't have expressed in better words.

      2. By clvrmnky (69.28.228.76) on http://clevermonkey.org

        > > Thanks a lot. Great work!
        >
        > Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Yes ... Thanks Thanks thanks THANKS, GRACIAS, MERCI, DANKE SCHOEN .....
        > Thank you, thank you, thank you!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

        I'll have what he's having.

  2. By Luis Coronado (190.10.76.226) on

    This post is too close to http://undeadly.org/cgi?action=article&sid=20080401040110 to be true! Checking -current to confirm...

    Comments
    1. By jason (jason) jason@dixongroup.net on http://www.dixongroup.net/

      > This post is too close to http://undeadly.org/cgi?action=article&sid=20080401040110 to be true! Checking -current to confirm...

      This is the real deal.

    2. By Brad (2001:470:8802:3:216:41ff:fe17:6933) brad at comstyle dot com on

      > This post is too close to http://undeadly.org/cgi?action=article&sid=20080401040110 to be true! Checking -current to confirm...

      Having working 3D support via DRI is not that far off for the ATI and Intel drivers.

      Comments
      1. By Anonymous Coward (192.193.245.14) on

        > > This post is too close to http://undeadly.org/cgi?action=article&sid=20080401040110 to be true! Checking -current to confirm...
        >
        > Having working 3D support via DRI is not that far off for the ATI and Intel drivers.

        How come Nvidia isn't in the list? Lack of hardware or has the recent release of ATI specs (which I thought lacked 3D stuff for the moment)?

        Comments
        1. By Brynet (Brynet) on

          > How come Nvidia isn't in the list? Lack of hardware or has the recent release of ATI specs (which I thought lacked 3D stuff for the moment)?
          >
          >

          What are you rambling about?

          Last time I checked, NVidia has NOT released any 3D(or 2D).. GPU programming information.

          AMD/ATI's docs only benefit ATI card users, what on earth made you think they would assist in the creation of an NVidia driver?

          Comments
          1. By Anonymous Coward (192.193.245.14) on

            > > How come Nvidia isn't in the list? Lack of hardware or has the recent release of ATI specs (which I thought lacked 3D stuff for the moment)?
            > >
            > >
            >
            > What are you rambling about?
            >
            > Last time I checked, NVidia has NOT released any 3D(or 2D).. GPU programming information.
            >
            > AMD/ATI's docs only benefit ATI card users, what on earth made you think they would assist in the creation of an NVidia driver?

            Sorry could have phrased it better. Basically asking whether the specs released by AMD/ATI helped in getting 3D support included. And if theres no 3D specs available - will a similar reverse engineering approach be taken for nvidia cards.

            Comments
            1. By Brynet (Brynet) on

              > Sorry could have phrased it better. Basically asking whether the specs released by AMD/ATI helped in getting 3D support included. And if theres no 3D specs available - will a similar reverse engineering approach be taken for nvidia cards.
              >

              Apologies, didn't understand you.

              I'm sure the existing Xorg ATI drive was improved, probably most of the work was deobfustication.

              There are 2 projects you should look at:
              http://www.radeonhd.org/ --> Based on the released docs, most development done by Novell.
              http://wiki.x.org/wiki/radeon
              http://dri.freedesktop.org/wiki/ATIRadeon
              http://nouveau.freedesktop.org/ --> Based on reverse engineering, lot's of work has been done.

              Older ATI cards have DRI 3D acceleration, so, assuming oga@'s great improvements get my attention, they should work.

            2. By sthen (2a01:348:108:155:20a:e4ff:fe2d:99ee) on

              > Sorry could have phrased it better. Basically asking whether the specs released by AMD/ATI helped in getting 3D support included. And if theres no 3D specs available - will a similar reverse engineering approach be taken for nvidia cards.

              It's more important than 3D. Newer cards don't have separate 2D acceleration, you will *need* 3D accel to get decent 2D performance.

              nvidia may well end up forced to release something, since their major competition has already done so (AMD/ATI and Intel), but try and support the companies who are being slightly helpful, eh? :)

              Comments
              1. By Anonymous Coward (192.193.245.14) on

                > > Sorry could have phrased it better. Basically asking whether the specs released by AMD/ATI helped in getting 3D support included. And if theres no 3D specs available - will a similar reverse engineering approach be taken for nvidia cards.
                >
                > It's more important than 3D. Newer cards don't have separate 2D acceleration, you will *need* 3D accel to get decent 2D performance.
                >
                > nvidia may well end up forced to release something, since their major competition has already done so (AMD/ATI and Intel), but try and support the companies who are being slightly helpful, eh? :)

                Thanks for the info!

              2. By oga (155.198.68.11) oga@openbsd.org on

                > > Sorry could have phrased it better. Basically asking whether the specs released by AMD/ATI helped in getting 3D support included. And if theres no 3D specs available - will a similar reverse engineering approach be taken for nvidia cards.
                >
                > It's more important than 3D. Newer cards don't have separate 2D acceleration, you will *need* 3D accel to get decent 2D performance.
                >
                > nvidia may well end up forced to release something, since their major competition has already done so (AMD/ATI and Intel), but try and support the companies who are being slightly helpful, eh? :)

                The thing about 2D/3D being the same on current cards is correct. This is the reasoning behind some newer X projects, like the Gallium3d mesa rewrite (still in early days), the eventual plan seems to be merging the 2d and 3d pipelines completely.

                Work such as the intel batchbuffer branch (which depends on the TTM memory manager, something we lack right now) get better 2d performance by accelerating EXA rendering.

                For the record (Sorry Stephen that i'm replying to you, you know this):

                Intel's driver is open, developed by people they pay. It's currently
                the most technically advanced.

                Ati's stuff had support based on NDAed docs from years ago for the r100 and r200 cards (up the the 9200 IIRC). r300 support was there, but reverse engineered. Since they released the specs, a lot of work has gone onto improving this. Actually both xf86-video-ati and xf86-video-radeonhd both have support for these cards. Which one to use is a matter for debate.

                Nvidia are by far the least open. There's the xf86-video-nv stuff. It is SHIT. Nouveau, the project to reverse engineer Nvidia hardware is making progress, but it's still early days. Support for this driver is on my todo list, but depends upon other stuff higher up.

                For the time being:
                - If you just want a desktop, nothing special get intel.
                - If you want to eventually do something with more intensive 3d, get Ati.
                - Avoid Nvidia. Honestly.

                Our current status (quite a bit of this is not in the tree while it's waiting for an ok): intel mostly works (there's still a few crash bugs in there), I've only got i965 hardware, but other hardware has been tested for me. Radeon works fairly well if you force the agp cards to pci mode, though some chipsets segfault every GL app (I don't have any of these to work with), my r400 card (X800SE pcie) works great. SiS chipsets I'm told work (or at least used to), someone recently tried a 3dfx card, it seems to crash a lot.

                this is on i386, but there are patches for amd64 too.

                In other words:

                Work is coming on, it'll be done in good time. If you want to help, email me privately please.

                Cheers,
                -0-

            3. By Brad (2001:470:8802:3:216:41ff:fe17:6933) brad at comstyle dot com on

              > Sorry could have phrased it better. Basically asking whether the specs released by AMD/ATI helped in getting 3D support included. And if theres no 3D specs available - will a similar reverse engineering approach be taken for nvidia cards.

              No. It required a developer willing and able to do the work. There is a project started already by the name of Nouveau which aims to reverse engineer the hw and provide 3D capabilities as well as a much better 2D driver, TV output support and so on. That is fairly important and will come along later though due to other dependencies will take a bit longer to get going what is available now.

    3. By Bryan.Brake (138.163.0.43) on

      > This post is too close to http://undeadly.org/cgi?action=article&sid=20080401040110 to be true! Checking -current to confirm...

      Damn Damien, this is bleeding edge stuff. committed ~2hours ago...

      Well done chap. I'll hoist one in your honor tonight. Tivo's and wife's windows laptop and now my OBSD box will all have WPA on them...

      And we did our way. It's open, free, and done correctly... I feel the need to open my pocketbook again...

  3. By Renaud Allard (renaud) renaud@llorien.org on

    WOW, this is just something I thought I would never see.
    Congratulations guys, excellent work.

  4. By Wifi (86.91.41.86) on

    YES ! another reason to get more BSD boxes in the house...!
    is there a Soekris variant i can put a wireless card in ?

    Thanx a zillion !

    Comments
    1. By Wifi (86.91.41.86) on

      > YES ! another reason to get more BSD boxes in the house...!
      > is there a Soekris variant i can put a wireless card in ?
      >
      > Thanx a zillion !

      I must learn to use google
      I must learn to use google
      I must learn to use google
      ..
      ..

      http://glozer.net/soekris/soekris.html

  5. By Anonymous Coward (192.94.73.2) on

    WOW!

    Thank you, damien@, for your hard work on this and for all the other OpenBSD devs who contributed/assisted. This is the single feature that I have wished for the most in OpenBSD. I have had clients asking for this. Now, I can deploy OpenBSD in more locations where it is appropriate and, hopefully, convince more clients to pony up donations.

    In any event, I will be making a special donation right now to OpenBSD for this FANTASTIC piece of news.

    THANK YOU!

    Comments
    1. By Stefan (193.30.140.138) on

      > In any event, I will be making a special donation right now to OpenBSD for this FANTASTIC piece of news.
      >
      > THANK YOU!

      So did I, right away!
      THANK YOU! THANK YOU! THANK YOU!

  6. By Anonymous Coward (195.29.157.74) on

    This is REALLY great news!

    This is why I buy DVD, T-Shirt and poster every OpenBSD release.

    Thanx.

    Comments
    1. By Anonymous Coward (62.227.96.87) on

      Just remember that T-Shirts and posters don't support OpenBSD.

      Comments
      1. By Hey Vern (75.166.185.123) on

        > Just remember that T-Shirts and posters don't support OpenBSD.

        Just remember that someone has to ship the CDs, along with all the paperwork involving paying for them. As Theo said, it was a business arrangement, increasing the sales of the CDs by allowing others to take risks involved with production and storage of the shirts. If Theo had to ship the CDs less work would get done.

        I'm all for disclosure, and I have several shirts (no posters though). But I have lots of CDs and donations (as in plural).

        I think we need to pony up and donate until a new snapshot comes out with WPA on it. If the project got an extra $15,000 for this effort, I would think it was worth it. In fact I'll go donate tonight. Won't you join me?


  7. By Matthew Dempsky (38.102.129.10) on

    Awesome! Does this work in hostap mode too? If so, I'll have to try to push replacing our existing WPA2 access points with OpenBSD ones. :-)

    Comments
    1. By Mike Erdely (merdely) on http://erdelynet.com/

      > Awesome! Does this work in hostap mode too? If so, I'll have to try to push replacing our existing WPA2 access points with OpenBSD ones. :-)

      "In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes."

      Comments
      1. By Anonymous Coward (38.102.129.10) on

        > "In concrete terms, this adds support for WPA-PSK and WPA2-PSK protocols, both in station and hostap modes."

        D'oh, I went digging through the man pages and source before finishing reading the post. :(

        Thanks for pointing that out though.

  8. By Anonymous Coward (68.76.120.222) on

    Question: Where does Damien live, and how can I send him a 6-pack of beer? (or drink of his choice)

    Comments
    1. By Mike Erdely (merdely) on http://erdelynet.com/

      > Question: Where does Damien live, and how can I send him a 6-pack of beer? (or drink of his choice)

      According to wikipedia (I know, the world's most reliable resource), he's in France.

      Comments
      1. By Anonymous Coward (64.119.129.237) on

        > > Question: Where does Damien live, and how can I send him a 6-pack of beer? (or drink of his choice)
        >
        > According to wikipedia (I know, the world's most reliable resource), he's in France.
        >
        >

        Do we just address to package to :

        Damien
        c.o. France

        ?

        Comments
        1. By Mike Erdely (merdely) on http://erdelynet.com/

          > Do we just address to package to :
          >
          > Damien
          > c.o. France
          >
          > ?

          If only there were some way you could contact him. Maybe an email address. He's probably unlisted though. Good luck.

          Comments
          1. By Noryungi (noryungi) on

            > > Do we just address to package to :
            > > Damien
            > > c.o. France
            > If only there were some way you could contact him. Maybe an email
            > address. He's probably unlisted though. Good luck.

            Oh come on, guys. This is embarassing.

            If you wish to contact Damien personally, just type "Damien Bergamini" in Google.

            The first page that comes up is his web site, on Free (a French ISP).

            Go to this page, and he helpfully supplies an email address, right there on the front page.

            No, I won't post his email address and/or URL here.

            Now, of course, I don't know if he likes beer. But I am sure you can find some other way to thank him if he does not like Guinness... :-)

            Comments
            1. By Mike Erdely (merdely) on http://erdelynet.com/

              > > If only there were some way you could contact him. Maybe an email
              > > address. He's probably unlisted though. Good luck.
              >
              > Oh come on, guys. This is embarassing.
              >
              > If you wish to contact Damien personally, just type "Damien Bergamini"
              > in Google.

              Or... I gave his frickin' email address in the story. damien@

    2. By Brynet (Brynet) on

      > Question: Where does Damien live, and how can I send him a 6-pack of beer? (or drink of his choice)

      Instead of asking here, with the off chance of someone revealing this mans address publicly (which he might not appreciate..)

      Visit his home page, obtain is email address.. contact him privately, and arrange delivery of the aforementioned alcoholic beverages in excessive quantities.

  9. By ficovh (189.130.3.72) ficovh@gmail.com on http://blog.bsdguy.net

    This is a excellent notice for connecting to WPA encrypting networks in OpenBSD.

    congrats.

  10. By Anonymous Coward (195.42.56.44) on

    If I remember well, WPA / WPA2 wasn't implemented in OpenBSD because it was crap.
    Now they implement it .... so it's not crap anymore ? -_-'

    Comments
    1. By Karl Sjödahl (Dunceor) on

      > If I remember well, WPA / WPA2 wasn't implemented in OpenBSD because it was crap.
      > Now they implement it .... so it's not crap anymore ? -_-'

      They never said it was crap, they just said that it wasn't a must because you could optain the same level of security with stuff already implemented in OpenBSD. Not the same thing.

      Great work Damien and if not a must, this is definitly something that will draw users.

      Comments
      1. By Brad (2001:470:8802:3:216:41ff:fe17:6933) on

        > > If I remember well, WPA / WPA2 wasn't implemented in OpenBSD because it was crap.
        > > Now they implement it .... so it's not crap anymore ? -_-'
        >
        > They never said it was crap, they just said that it wasn't a must because you could optain the same level of security with stuff already implemented in OpenBSD. Not the same thing.

        Lack of a developer willing and able to do the work was what held up adding support for WPA/WPA2.

    2. By Anonymous Coward (74.13.60.58) on

      > If I remember well, WPA / WPA2 wasn't implemented in OpenBSD because it was crap.
      > Now they implement it .... so it's not crap anymore ? -_-'

      No, it's always been PAM that they've said is crap.

    3. By Anonymous Coward (83.226.152.62) on

      > If I remember well, WPA / WPA2 wasn't implemented in OpenBSD because it was crap.
      > Now they implement it .... so it's not crap anymore ? -_-'

      It doesn't really matter whether it's crap or not. There are de facto a great number of WPA networks out there and OpenBSD need to be able to connect to them as well. I mean WEP is already supported, and I think everyone can agree to how pointless that is, but it's still something you just have to be able to use.

  11. By Rich (195.212.199.56) on

    HALLELUJAH !!!!!!

  12. By Janne Johansson (jj) jan.johansson@it.su.se on www.inet6.se

    Since I will be using WPA/WPA2 on my obsd boxes, I sent a "finders fee" over PayPal since I like stuff like this to get premiered.

    I call upon all of you who previously said "why is there no WPA, it sucks, I must have it" to follow me and donate some sum to show appreciation of it now.

  13. By Timo Myyrä (131.177.204.78) on

    Great work!

    Gotta update my laptop to current once I get home.

  14. By Anonymous Coward (85.106.209.253) on

    Here's an example /etc/hostname.if for auto-configuring WPA-PSK WLANs.

    wpi(4) is used as example interface type. Replace it with yours.
    Also replace essid and passphrase matching with your network configuration.
    /etc/hostname.wpi0:
    !_wpakey=`/sbin/wpa-psk essid 'passphrase'`
    !ifconfig \$if nwid essid wpa wpapsk ${_wpakey}
    dhcp NONE
    

    Comments
    1. By Anonymous Coward (2001:888:1b6b:b0e::6965:6b73) on

      > Here's an example /etc/hostname.if for auto-configuring WPA-PSK WLANs.
      (...)
      > !_wpakey=`/sbin/wpa-psk essid 'passphrase'`
      > !ifconfig \$if nwid essid wpa wpapsk ${_wpakey}
      > dhcp NONE

      Hrm. If you're doing this don't forget to chmod 600 /etc/hostname.if! In fact, maybe there ought to be a warning in the manpages...

      Comments
      1. By Anonymous Coward (91.3.31.65) on

        > Hrm. If you're doing this don't forget to chmod 600 /etc/hostname.if! In fact, maybe there ought to be a warning in the manpages...

        http://marc.info/?l=openbsd-cvs&m=120846187803526&w=2
        http://marc.info/?l=openbsd-cvs&m=120845916429517&w=2
        http://marc.info/?l=openbsd-cvs&m=120839716717153&w=2

  15. By Han (212.120.65.251) han@mijncomputer.nl on

    Yes! The one thing I needed to replace ubuntu on my work laptop with! I'll have a nice weekend!

    Comments
    1. By jirib (89.176.154.98) on

      > Yes! The one thing I needed to replace ubuntu on my work laptop with! I'll have a nice weekend!

      only thing? unfortunatelly i miss unicode in ncurses :( poor mcabber with OTR&GPG :(

      jirib

    2. By Anonymous Coward (90.190.199.233) on http://udet.dyndns.org/jg3/

      > Yes! The one thing I needed to replace ubuntu on my work laptop with! I'll have a nice weekend!

      Well :)

      Same issue here - using Ubuntu - will switch my laptop to OpenBSD soon :)

      Thanks !

  16. By Anonymous Coward (79.197.93.151) on

    Thanks a lot!

  17. By Bayu Krisnawan (krisna) krisna@infobsd.org on http://www.infobsd.org

    OpenBSD ROCK!!

    Wow very nice, thanks OpenBSD.

  18. By Bayu Krisnawan (202.148.12.244) krisna@infobsd.org on http://www.infobsd.org

    OpenBSD ROCK!!

    Wow very nice, thanks OpenBSD.

  19. By Hernan Costante (201.239.217.117) hdc@openbsderos.org on www.openbsderos.org

    YES!!!!!!

    its de best notice for my openbsd wireless server farm!!!!

    ....Vamos OpenBSD carajo!


    Salud!

    Hernan

  20. By e4ea (82.95.251.82) on

    Great work. Although I am not using wireless anymore because I had decided to wire all network connections in my house because of the missing WPA(2) support, I am sure this will attract a lot of new OpenBSD users. For wireless security in normal environments an absolute need. Thanks!!

    Comments
    1. By sthen (2a01:348:108:155:20a:e4ff:fe2d:99ee) on

      > Great work. Although I am not using wireless anymore because I had decided to wire all network connections in my house because of the missing WPA(2) support, I am sure this will attract a lot of new OpenBSD users. For wireless security in normal environments an absolute need. Thanks!!

      If you're in a situation where you can use wires, it's usually a better idea to do so.. WPA plugs some holes, but as the saying in hostapd.conf goes, "wavelan is a battle field".

  21. By Anonymous Coward (70.173.172.228) on

    > This diff doesn't implement any of the 802.1X authentication
    protocols and thus only PSK authentication (using pre-shared
    keys) is currently supported.

    What about in concert with security/wpa_supplicant?

  22. By Martin Toft (martintoft) mt@martintoft.dk on http://martintoft.dk

    Thank you very much. I'll soon be forced to use WPA at the university, as they are phasing out their VPN WLANs (their words: "everybody has support for WPA nowadays").

    Will support for some of the 802.1x authentication and key protocols follow anytime soon? E.g. PEAPv0/EAP-MSCHAPv2. I need "enterprise" mode :-)

    Comments
    1. By Anonymous Coward (70.173.172.228) on

      > Thank you very much. I'll soon be forced to use WPA at the university, as they are phasing out their VPN WLANs (their words: "everybody has support for WPA nowadays").
      >
      > Will support for some of the 802.1x authentication and key protocols follow anytime soon? E.g. PEAPv0/EAP-MSCHAPv2. I need "enterprise" mode :-)

      presumably security/wpa_supplicant (which is essentially a generic 802.1X client) will be updated.

  23. By Anonymous Coward (88.89.138.252) on

    Works great on OpenBSD 4.3-current with my D-Link DWL-G122 USB adapter (attaches to the rum(4) driver). Thanks guys!

Credits

Copyright © - Daniel Hartmeier. All rights reserved. Articles and comments are copyright their respective authors, submission implies license to publish on this web site. Contents of the archive prior to as well as images and HTML templates were copied from the fabulous original deadly.org with Jose's and Jim's kind permission. This journal runs as CGI with httpd(8) on OpenBSD, the source code is BSD licensed. undeadly \Un*dead"ly\, a. Not subject to death; immortal. [Obs.]