Hi Espen,
Thanks for that Ill check out that /etc/inc/interfaces.inc and see what I can do I ought to be able to get the EAP-TLS running from your suggestions Many thanks for your help, Joe _____ From: Espen Johansen [mailto:[EMAIL PROTECTED] Sent: 08 December 2006 13:34 To: [email protected] Subject: Re: [pfSense Support] SuperG Atheros Chipset For "super modes" brusting is supported on pretty much every chip that supports it, As for compression etc. you will have to verify this with the previous mentioned ifconfig lines. As for creating your own wpa supplicant, sure you can do this. However if you want it to stay intact during reboots and other wireless interface changes, the best way is to hardcode them in /etc/inc/interfaces.inc look for "function interfaces_wireless_configure" scroll down to the section: /* generate wpa_supplicant/hostap config if wpa is enabled */ Find: switch ($wlcfg['mode']) { case 'bss': if (isset($wlcfg['wpa']['enable'])) { $wpa .= <<<EOD All text from here to the "EOD;" line below is part of the wpa supplicant config. Simply add the lines you need here, and hardcode whatever lines you need, be sure to note that if you use multiple cards any setting hardcoded will be used for both/all cards. EOD; I'll have full radius (EAP-TLS/EAP-TTLS etc) support in the next major version (after the interface rewrite is complete). No timeline on this as of yet. Something like this should give you EAP-TLS (not tested so don't shoot me if the syntax is not perfect): ctrl_interface={$g['varrun_path']}/wpa_supplicant ctrl_interface_group=0 ap_scan=1 #fast_reauth=1 network={ ssid="{$wlcfg['ssid']}" scan_ssid=1 priority=5 proto=RSN key_mgmt=WPA-EAP eap=TLS identity="loader" ca_cert="/your/certs/folder/ca.pem" client_cert="/your/certs/folder/cli-cert.pem" private_key="/your/certs/folder/cli-key.pem" private_key_passwd="{$wlcfg['wpa']['passphrase']}" } you will have to create the certs offcource, and place them in the apropriate folder Hope this helps. -lsf On 12/7/06, Joseph (Joe) Lynn <[EMAIL PROTECTED]> wrote: Hi all, Many thanks to everyone for their replies As far as I can see now, from reading around and checking these messages, etc, it looks like most 108 atheros cards are supported at least in static turbo mode, whilst the super G extensions are not. I'm not sure if this will be too much of a problem Now I'm thinking, as far as I can tell, there's no reason why I couldn't just configure the wpa_supplicant.conf file by hand to authenticate against a radius server using EAP-TLS, is there? Cheers, Joe _____ From: Espen Johansen [mailto:[EMAIL PROTECTED] Sent: 05 December 2006 23:09 To: [email protected] <mailto:[email protected]> Subject: Re: [pfSense Support] SuperG Atheros Chipset Forgot this in my last reply, Turbo mode is also part of the "Super" functions in the atheros chips: Super G/Super AG mode includes dynamic 108 Mbps capability, real-time hardware data compression, Fast Frames and standards-compliant bursting. The reason I only mentioned Turbo is because the rest is normally enabled if the card is capable of super modes. -lsf On 12/5/06, Carlos Rosário < <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]> wrote: Turbo Mode uses channel width of 40mhz while normal operation uses 20mhz and every single channel takes 5mhz. This is why Turbo Mode is not a good thing in the 802.11b/g networks, since the 2,4ghz band is already very populated, and that's the reason I think the developer of the driver in FreeBSD didn't include Turbo Mode in 802.11g operations. SuperG is a different thing, it's a set of features to optimize communication Compression, Fast Frames and Packet Bursting. I don't know if all of theses features are present in the FreeBSD driver. _____ From: Espen Johansen [mailto:[EMAIL PROTECTED] Sent: terça-feira, 5 de Dezembro de 2006 16:51 To: [email protected] Subject: Re: [pfSense Support] SuperG Atheros Chipset To enable trubo mode check the turbo button, speed is still selected up to 54mbit, only difference is that with turbo enabled all speeds are 2x whatever speed you choose. Se the wiki for more info on manual ifconfig settings: http://wiki.pfsense.com/wikka.php?wakka=Wireless WPA2 is not fully implemented at the time, you can look at the generated hostapd/wpasupplicant config for more info. Also refer to the manpages for hostapd and wpa_supplicant. -lsf On 12/4/06, Joseph (Joe) Lynn < <mailto:[EMAIL PROTECTED]> [EMAIL PROTECTED]> wrote: Hi everyone, Congrats on a great product I was wondering about wireless I'm using the ath(4) driver for an Atheros 5212 card. I notice that in the man page for the ath driver, it states that:- "AR5212-based devices support 802.11a, 802.11b, and 802.11g operation with transmit speeds appropriate to each. All chips also support an Atheros Turbo Mode (TM) that operates in the 5Ghz frequency range with 2x the transmit speeds. Some chips also sup- port Turbo mode in the 2.4Ghz range with 802.11g. (These modes are, how- ever, only interoperable with other Atheros-based devices.) " Is there a way to enable the SuperG functionality within pfSense, outside of the GUI? Also, if I want to enable the 802.11x to use WPA2 Enterprise, how do I configure the EAP side of things within the GUI? Or does it have to be done at the command line? Many thanks, Joe
smime.p7s
Description: S/MIME cryptographic signature
