Jump to content

Setting Up An Ap Using Open-mesh


Recommended Posts

Hi,

I'm using an open-mesh router and flashed it according "Building or Unbricking guide" on the hak5 home page. I verified access to webif and Karma site with no problems.

For now I'm not interested in the Karma bit and deauthing clients and having them connect to my AP instead of the real one. I'm trying to use the Jasager as an AP instead of using Aireplay to create an AP. I’ve read the forums about the automatic scripts that enables everything for me, but really I’m trying to do things myself one step at a time to understand the process, then maybe I will use the scripts later when I know how everything works.

I used the guide on karmetasploit to edit the settings on my router to:

DHCP:
config dnsmasq
option domainneeded     1
option boguspriv        1
option filterwin2k      '0'  #enable for dial on demand
option localise_queries 1
option local    'lan'
option domain   'lan'
option expandhosts      1
option nonegcache       0
option authoritative    1
option readethers       1
option leasefile        '/tmp/dhcp.leases'
option resolvfile       '/tmp/resolv.conf.auto'

config dhcp lan
option interface        lan
option start    100
option limit    150
option leasetime        12h
option ignore 0
list dhcp_option 3,192.168.0.1
list dhcp_option 6,192.168.0.2,208.67.222.222
list dhcp_option 6,192.168.0.2,8.8.8.8

config dhcp wan
option interface        wan
option start 100
option limit 150
option leasetime 12h
option ignore 1
list dhcp_option 3,192.168.0.1
list dhcp_option 6,192.168.0.2,208.67.222.222
list dhcp_option 6,192.168.0.2,8.8.8.8

Network:
config interface loopback
option ifname   lo
option proto    static
option ipaddr   127.0.0.1
option netmask  255.0.0.0

config interface lan
option ifname   eth0
option type bridge
option netmask 255.255.255.0
option proto    static
option ipaddr   192.168.0.2
option gateway 192.168.0.1
option dns 8.8.8.8

Next in bt5 I connected my wlan0 to my home internet using wicd then I ran

 ifconfig eth0 192.168.0.1 netmask 255.255.255.0 

and I could log in to the router on 192.168.0.2 before the ip address for eth0 changes to 192.168.10.5 for some reason!

Another thing I noticed is every time I disconnect from my eth0 connection on wicd to try to connect to the wireless, the wireless connects fine for a minute before automatically disconnecting and going back to the eth0 connection like wicd is forcing eth0 to be the primary connection, which causes me to lose connectivity to the internet and also I'm not able to access the webif page because the ip address is on a different range than the set 192.168.0.x

I’ve tried changing those settings in wicd:

Under Preferences & General Settings

Network interfaces

I unchecked always show wired interface

I unchecked always switch to a wired connection when available

Under wired automatic connection

I choose prompt for wired network profile

Under Automatic reconnection

I unchecked automatically reconnect on network connection loss

And still the connection keeps disconnecting the wireless and connecting to the wired & changing the eth0 address to 192.168.10.5 as I verified by running ifconfig.

I’m not sure if this is a linux issue or a setting that I did wrong on the router.

Any ideas what the problem might be?

Link to comment
Share on other sites

*Correction* Earlier I meant to say Airbase-ng not Aireplay-ng

I've made some progress.

I gave my eth0 a static ip of 192.168.0.1 and I rebooted my backtrack. I've tried setting a static ip before, but forgot about the step of restarting the network file and then I would revert back to my old settings so that's why the settings never got implemented.

Here are my new findings:

setting a static ip for eth0 lets me access the router's webif & also I'm able to connect to the internet through my droid tether (easytether0)

when I SSH into the router and ping:

192.168.0.1 (which is ip for eth0) I get replies back :)

192.168.117.1 (which is the easytether gw) I get replies back :)

192.168.117.2 (which is the easytether0) I get replies back :)

8.8.8.8 no replies back <_<

cnn.com no replies back <_< BUT I get this:

root@OpenWrt:~# ping cnn.com
PING cnn.com (157.166.224.26): 56 data bytes

which displays the real ip address for the website.

Any ideas what I'm missing here that's not enabling me from pinging those sites? Also I tried to connect to the access point, but it's not giving an IP address to my Ipad :huh:

Link to comment
Share on other sites

I can't seem to find the edit button to edit add-on to my posts

To forward traffic I'm using:

ifconfig eth0 192.168.0.1 netmask 255.255.255.0
echo '1' &gt; /proc/sys/net/ipv4/ip_forward
iptables -X
iptables -F
iptables -A FORWARD -i easytether0 -o eth0 -s 192.168.0.0/24 -m state --state NEW -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A POSTROUTING -t nat -j MASQUERADE
route del default
route add default gw 192.168.117.1 easytether0

Link to comment
Share on other sites

I've made some progress, sorta

Following the guide here I re-flashed my router and followed the steps

My setup:

1y0rkj.jpg

eth0 set to static ip 192.168.0.1
router set to 192.168.0.2
smartphone ip: 192.168.117.2
I can access both the internet &amp; router at the same time

dhcp file:

config 'dnsmasq'
option 'domainneeded' '1'
option 'filterwin2k' '0'
option 'local' '/lan/'
option 'domain' 'lan'
option 'expandhosts' '1'
option 'nonegcache' '0'
option 'authoritative' '1'
option 'readethers' '1'
option 'leasefile' '/tmp/dhcp.leases'
option 'resolvfile' '/tmp/resolv.conf.auto'
option 'boguspriv' '0'
option 'localise_queries' '0'

config 'dhcp' 'lan'
option 'interface' 'lan'
option 'start' '100'
option 'limit' '150'
option 'leasetime' '720m'
option 'ignore' '0'
list 'dhcp_option' '3,192.168.117.2'
list 'dhcp_option' '6,8.8.8.8'

config 'dhcp' 'wan'
option 'interface' 'wan'
option 'ignore' '1'
option 'start' ''
option 'limit' ''
option 'leasetime' ''

network file:

config 'interface' 'loopback'
	option 'ifname' 'lo'
	option 'proto' 'static'
	option 'ipaddr' '127.0.0.1'
	option 'netmask' '255.0.0.0'

config 'interface' 'lan'
	option 'ifname' 'eth0'
	option 'type' 'bridge'
	option 'proto' 'static'
	option 'netmask' '255.255.255.0'
	option 'macaddr' ''
	option 'ipaddr' '192.168.0.2'
	option 'ip6addr' ''
	option 'ip6gw' ''
	option 'dns' ''
	option 'gateway' '192.168.117.2'

and I edited /karma/www/cgi-bin/functions.rb

under "def create_interface()" added:

system("sleep 1")
system("brctl addif br-lan ath0 2&gt;&amp;1 &gt; /dev/null")

On backtrack I execute the commands in instructions with adjusting wlan0 to easytether0 (usb tether to my phone)

echo 1 &gt; /proc/sys/net/ipv4/ip_forward
sudo iptables -t nat -A POSTROUTING -o easytether0 -j MASQUERADE

What the problem is:

Not being able to duplicate the steps and initiate connection after restart. The first time I tried this I was able to connect my ipad to the router and got the following addresses on my ipad connection:

IP address: 192.168.0.186
Subnet mask: 255.255.255.0
Router: 192.168.0.1
DNS: 8.8.8.8
Search Domain: lan

I was browsing with good speeds, then I shutdown everything and came back to try to connect the same ipad, but it wasn't getting any ip address. I tried a different ipad and a laptop, but still got the same issue.

Hours later I tried again and after connecting and disconnecting the interface on the Karma page and issuing the backtrack commands that I used earlier I was able to connect again. I tried to dublicate my same steps just to confirm it will work again and it didn't work!

•I tried connecting from different distance from the router and restart my backtrack machine and the router several times and also my ipads with no luck. The devices connect fine, but they don't get issued an ip address.

•I also tried booting up backtrack and setup all my eth0 and my easytether0 connections before turning on the router (just to see if maybe there is a conflicting setting between the laptop and the router and maybe the router will pick up the settings from backtrack), but no luck there.

• never made changes in the dhcp file or the network file and I was able to have devices connect to my router the several times I was able too so I know the settings are correct, but if there is a problem with them I don't mind making a change.

I'm happy with the progress I made so far, but I want this to work all the time, not one out 10 tries. Any ideas what the problem might be??

Link to comment
Share on other sites

  • 2 months later...

I'm having similar issues. We're using a very similar setup, I have BT5 running Jasager on an 0M1 also. I use the jasagerPwn script to do the ICS bit. I am able to get the router setup as an AP with ICS no problem (no sslstrip though).

One thing I changed that was hurting was having an eth0 entry in wicd. I deleted any signs of eth0 from wicd as my wlan0 and eth0 were always conflicting when being managed from the same program. I deleted eth0 config from wicd and used "ifconfig eth0 192.168.10.2 up" after every reboot and ran wicd only to connect wlan0 to a wireless network (only since I use WEP and it's a pain to use WEP and iwconfig). I recommend to only use "network managery" type interfaces when ifconfig and iwconfig can't do the same job.

I learned that when I start the router (running latest version of Jasager), I ssh into and stop dnsmasq. I then go to Jasager's GUI and turn karma on (I do not add my true AP to the black/whitelist, when I do it never works). If Karma is not enabled on the router, the clients to the AP have no DNS (they can ping 8.8.8.8 fine but they can not ping google.com) But when Karma is enabled, I am able to share internet completely fine.

Hope that helped.

Edited by bobbyb1980
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...