Wireless FreeBSD and VPN
Tue Aug 29 09:55:10 EST 2006
Back in Oxford connecting my laptop to the physics network was as simple as telling the physics IT staff its MAC address and assuring them that I had the latest Windows Service Pack and antivirus, or in practice that I was running FreeBSD and hence relatively immune to internet nasties.
In Griffith Uni the IT is handled centrally, and the default system specified is Windows. It is possible to connect non-Windows system to the network, but only over the wireless connection. Result: I get to find out how wireless works under FreeBSD. Fortunately one of my new labmates let me use his computer while he was in the lab, so I could do the necessary reseach (read: google).
First hurdle: getting FreeBSD to recognise the wireless card. A quick google search for "FreeBSD linksys WPC45G" and "FreeBSD netgear WG511" (the two wireless cards available at the university shop) found a HOW-TO for the linksys card at [Tao Security]. The part of this how-to relating to getting WEP to work is not relevant for the setup at Griffith, but the initial part about recompiling the Windows drivers for FreeBSD using ndisgen is vital. The basic procedure was:
- Copy the Windows driver files from the CD directory Drivers/NT/ to a temp directory eg /home/mattmcd/tmp (main files needed are the .inf and .sys files)
- Change to the temp directory and run ndisgen
- Choose the "convert driver" option
- enter the path to the .inf file
- enter the path to the .sys file
- do nothing for the rest of the screens displayed (press enter)
- Put the new bcmwl5_sys.ko file into /boot/modules as root (first part of the name is the same as the .sys file)
- Put in the linksys card (or can do this before booting the machine)
- Load the new kernel module with "kldload /boot/modules/bcmwl5_sys.ko"
That's it! dmesg should now reveal a new ndis0 device that is the wireless card (do "dmesg | grep ndis"). Bring up the interface as root with "ifconfig ndis0 up". Then ifconfig -a should show something like the following (I've changed the MAC addresses here to random values)
ndis0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500 inet6 fe80::214:bfff:fedc:fdb3%ndis0 prefixlen 64 scopeid 0x4 ether 00:26:12:65:fd:b3 media: IEEE 802.11 Wireless Ethernet autoselect (OFDM/54Mbps) status: associated ssid Wireless@Griffith channel 1 bssid 00:43:2d:94:19:10 authmode OPEN privacy OFF txpowmax 100 protmode CTS
Second hurdle: getting a name. Use "dhclient ndis0" to get a DHCP lease.
Third hurdle: logging onto the VPN. Again, the default route
requires Windows VPN software. Once again, a quick google search for
"freebsd wireless vpn" finds a how-to from a student at University of
Denver College of law who had exactly the same problem that I do.
The solution is to download the port net/pptpclient (fortunately only a single tar.gz file with no dependencies), and make install clean. Then do the configuration of /etc/ppp/ppp.conf as specified. (Three hours later) ... or at least it would have been what I wanted if Griffith was using PPTP as the VPN, not a Cisco system - d'oh!
Take 2: download security/vpnc, a client for accessing Cisco Concentrator VPNs. Also download the Linux client from Griffith website, to get the required configuration file Wireless@Griffith.pcf. Decrypt the encoded group password using a web form at the place where vpnc lives (or just guess the obvious group password for Wireless@Griffith given that the group is wireless - d'oh! NB: I don't think I'm breaking any security here, the username and password of the actual user are still required to use the service). Run vpnc, enter the data from the config file, VPN banner comes up. Success! Unfortunately I didn't realise that I had succeeded at this stage, since my web browser still couldn't see the outside world. Restarting it did the trick (I guess when it restarted it picked up the tun0 interface created when the VPN was set up).