beakmyn Posted May 13, 2008 Share Posted May 13, 2008 Ok, so it took some researching and poking around but you can easily do pretty much whatever you want with the "public" Fonera signal. I'll tell you how to change the ESSID (removing the FON_ prepend) and how encrypt it. Why would you want to? Well, let's say you don't just want to share your internet connection with just anyone; lest you be liable for whatever illegal actions they perform while connected through your network. Here, you have a little more control over who gets to connect. Requirements SSH access to your Fonera scp (secure copy) OR Winscp OR vi editor in Fonera Hardware Used Fonera+ (FON 2201) Files touched I will only show you modified sections of the scripts for brevity. /etc/config/fon /lib/fon/config.sh /etc/init.d/chillispot #For WPA only Background In non-modified mode when the Fonera boots it calls /etc/config/Wireless which is just a redirect to set up the wireless (contents: . /lib/fon/config.sh wireless). So config.sh is called with parameters to accomplish this. It queries the /etc/config/fon file "Public" section settings. Currently there is no code in this file that allows the "Public" signal to be encrypted. This is easily fixed, just copy the code from the private section and replace the appropriate references sections. This is easy enough for WEP but there's a catch if you want to use WPA. Here's the rub; WPA uses the passphrase you provide and the ESSID as a seed to create the actual encryption key. Not a big deal except that the ESSID you supply in the /etc/config/fon is not the actual ESSID of the public connection even though that's what will show up in your wireless client/manager! So, you have to do a little more work and modify the chillispot config file and remove the FON_ prepend which is shown below. Unless this is done you'll never be able to connect to the public side using WPA encryption. Keep in mind that the Public signal isn't available until the Fonera has determined that it can access the internet. Modified: /lib/fon/config.sh config wifi-iface public option device wifi0 option ifname ath0 option mode ap config_get ssid public essid option ssid "$ssid" option hidden 0 config_get encryption public encryption case "$encryption" in wpa*|WPA*|Mixed|mixed) case "$encryption" in WPA|WPA1|wpa|wpa1) enc=psk;; WPA2|wpa2) enc=psk2;; Mixed|mixed) enc=psk-mixed;; esac config_get crypto public wpa_crypto option encryption "$enc${crypto:+/$crypto}" config_get key public password option key "$key" ;; WEP|wep) option encryption wep config_get key public wepkey option key "$wepkey" ;; esac This is the workhorse script . You'll see the unmodified section of the script, on your Fonera, for "config wifi-iface public" is pretty spartan. Just copy the what's in the private section pertaining to encryption and replace the appropriate "config_get private" with "config_get public" These are the calls to /etc/config/fon. This file needs to be changed if you want to enable encryption on the public wifi. WEP Encryption This is the easiest and requires the least amount of work on your part. Modified: /etc/config/fon config wifi public option essid 'MyPublicPlace' option isolate 1 option wepkey '1' option key1 'DEADBEEF11' option key2 '' option key3 '' option key4 '' DEADBEEF11 is a 10 digit hexidecimal passphrase. This creates WEP 64 encryption key. Also tested: option key1 $(get_serial) Conveniently creates a WEP64 key that is the serial number For a WEP 128 key try option key1 'FoneraIsCool!' Setting option wepkey '1' sets the Key# index to use. But since there is currently no webif interface to change this leave it at 1. WPA Encryption Using WPA comes with the warm fuzzy of a less-likely to be broken key. Yes, I know all the ways to break it, you don't need to tell me. Modified: /etc/config/fon config wifi public option essid 'MyPublicPlace' option isolate 1 option encryption 'wpa' option wpa_crypto tkip option password 'CPE1704TKS' Modified: /etc/init.d/chillispot # enable the wifi interface ssid config_get ssid public essid # Original #iwconfig "$wifi_ifname" essid "FON_$ssid" # WPA working iwconfig "$wifi_ifname" essid "$ssid" See the difference? Because the Public wifi was never meant to be encrypted it wasn't an issue to prepend the FON_ to the ESSID. However doing this will break WPA because the ESSID in use doesn't match what was used for the seed to the hash. So, you've got a buried shovel. We must remove the FON_ prepend. This doesn't appear to break anything. It does make it harder for the user to know it's FON spot so you'll want to set your ESSID to include the FON_ as an alternative. Removing the FON_ doesn't affect the captive portal. Caveats If you use the web interface to make changes that touch the /etc/config/fon file like changing the private wifi settings, you will lose your modifications to the public wifi. This is due to the webif scripts in use that overwrite this file. It should be a trivial procedure to modify the wireless settings web page to allow you to set both the private and public settings. These modifications most likely won't survive a firmware update though. Final Notes Reboot your Fonera and you should see that both the "Public" and "Private" are now encrypted! You can have both the WEP and WPA options in the /etc/config/fon file just remember to set the "option encryption" appropriately. Next up, modifying the webif scripts to make it even easier. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.