OklahomaGreyBeard / torberry

Automatically exported from code.google.com/p/torberry
Other
0 stars 0 forks source link

No wifi, driver problem? #1

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
What steps will reproduce the problem?
1. Installed with sudo dcfldd bs=4M if=torberry-0.40.img of=/dev/sdb
2. Booted on Pi
3. worked, except it doesn't use the wifi.

What is the expected output? What do you see instead?
It says 100% at the end, I guess that's correct. I just do not get a wifi 
station and I think that this is because I have a tp-link tl-wn725n.

Can anyone tell me what to do to establish the wifi? 

Thanks in advance!

Original issue reported on code.google.com by cc.dj...@gmail.com on 28 Jul 2013 at 9:28

GoogleCodeExporter commented 8 years ago
Hello,

Can you paste your torberry.conf (stripping sensitive information like 
passwords) and the output of http://your.torberry.ip/sysStat (deleting mac, ip 
and other sensitive information)?

We will see if driver is loaded and (probably) misconfigured.

Thanks

Original comment by alex.a.b...@gmail.com on 30 Aug 2013 at 2:19

GoogleCodeExporter commented 8 years ago
Hi Alex,

Firstly, well done on a very useful application of the RasPi as a tor proxy.

I don't know if you managed to sort this out on your own already as I can see 
the issue hasn't been touched since last August. I understand how other 
commitments can erode project time, believe me ;D

I know the OP didn't respond, but I was having the very same problems as the 
one they seemed to be describing, and I now have a "hotfix" solution if you're 
still working on this and interested.

The web interface looks very clean and stylish, although still a little 
un-finished. In particular, the initial splash after login could host some 
torproject.org links or widgets etc. But more importantly, for the 'Physical 
Isolation' Network configuration area, there isn't an option to set ESSID, 
Channel, Regulatory Domain, TX Power, Encryption or Passphrase etc like there 
often is normally for an AP mode device's web interface.

I've found hostapd is very good at handling all of this in my experience and is 
pretty stable. I've also tried different configs like this using ifconfig, 
iwconfig, iw, and airbase-ng, but hostapd seems the best way IMHO.

I would gladly contribute towards this project with you if you wished to take 
it up again and try and progress it onwards a little further. 

I'm probably lacking in skills somewhat compared to yourself, but if you're 
willing to put up with my sparse work periods (I'm working full time but really 
think this project is very cool :D) and stupid questions then I'll do my best 
to learn fast.

Anyway...
For what its worth & to help other beginners...
(Feel free to add anything here to the wiki section if you think it's helpful 
as a temporary fix for people)

Here are the steps I took to setup my 'TORGate Wifi AP transparent tor proxy'

Ive used 'hostapd' for my fix as it provides a good implementation of the 
'nl80211 driver' that works well with my Alfa Card, but only because I've used 
it on a similar project on another *NIX Box and find it pretty reliable.

my kit consists of:

Raspberry Pi - Model B rev 2 512Mb with a 32GB SDHC Sandisk Extreme Card in a 
Pibow case (http://shop.pimoroni.com/products/pibow-raspberry-pi-case)
Alfa AWUS036NH Wifi Card 
(http://www.amazon.co.uk/gp/product/B0041L3FI8/ref=wms_ohs_product?ie=UTF8&psc=1
)
HAMA USB Hub powered by a 5V 2.0Amp power source (important for power level 
stabilization so that the Alfa Card and RasPi to work together nicely)
and some double-sided sticky foam tape to hole it all together (see photos 
attached).

For the un-initiated...
From scratch then :D

This setup is intended to allow the TorBerry to plug into one of your Home 
Router's LAN Ethernet ports and host either a secure (WPA2) or Open AP via the 
usb wifi card. The users connecting to this Wifi AP will then be transparently 
Proxied via the tor network. BOSH!!!...

Download, extract and copy (dd) the image over to the SD Card (/dev/XXX) as 
described in this sites wiki area...            
user@linuxpc:~# wget http://TorBerry.googlecode.com/files/TorBerry-0.40.img.xz
user@linuxpc:~# tar -xf TorBerry-0.40.img.xz
user@linuxpc:~# dd bs=1M if=TorBerry-0.40.img of=/dev/XXX
Now remove the SD Card from PC then re-insert it.
Use a partitioning tool to expand the 500MB'ish partition up to your drives 
full capacity (I used Gparted's GUI just because it was easy and you get good 
error checking and notifications compared to most CLI tools during the 
operation).

plug everything up and use your home router's configuration site (or NMAP, 
TCPDUMP if you want) to find the IP that the TorBerry has been assigned and use 
that to ssh into it.

user@linuxpc:~# ssh pi@192.168.0.X
The authenticity of host '192.168.0.X (192.168.0.X)' can't be established.
RSA key fingerprint is XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX:XX.
Are you sure you want to continue connecting (yes/no)? yes
pi@TorBerry ~ $ passwd      # default is 'raspberry' as always. ;D
Enter new UNIX password: XXXXXXXXX
Retype new UNIX password: XXXXXXXXX
pi@TorBerry ~ $ sudo passwd root     # to enable the root account it needs a 
password assigned. 
Enter new UNIX password: XXXXXXXXX
Retype new UNIX password: XXXXXXXXX
pi@TorBerry ~ $ exit

user@linuxpc:~# ssh root@192.168.0.45     # Now ssh and login as root.
root@TorBerry:~# apt-get update; apt-get upgrade -y       # update and upgrade 
the base packages
root@TorBerry:~# apt-get install hostapd ssh
root@TorBerry:~# ssh root@192.168.0.XX       # connect back to your 'linuxpc' or 
equivalent to auto add its key fingerprint to TorBerry's known hosts file and 
leave it logged in for now.

Now I use the 'Nautilus' 'Connect to Server' tool built into Debian to SFTP to 
the root of my TorBerry to make it easier to edit the files. Just select the 
setting to use ssh in the drop-down if you use this method. there are other 
SFTP, FTP, SCP etc clients out there you can use, but I leave that bit up to 
you.

Place the following into a script (after changing the Passphrase!) in 
/root/startTORGate.sh

#!/bin/bash 

# This script will build our wireless access point using hostapd. This gives 
some of the the most reliable performance and is the easiest to configure. an 
init.d script entry is set up to establish the AP upon boot. To reverse the 
'Wifi AP on boot' settings you can remove the init.d script entry and reboot.

sed -i 's#^DAEMON_CONF=.*#DAEMON_CONF=/etc/hostapd/hostapd.conf#' 
/etc/init.d/hostapd

# comment out everything below channel for an Open AP Setup. or change to 
ignore_broadcast_ssid=1 to hide your SSID.
cat <<EOF > /etc/hostapd/hostapd.conf
interface=wlan0
driver=nl80211
ssid=TORGate
channel=8
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=XXXXXXXXXXXXXX
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
EOF

hostapd -d /etc/hostapd/hostapd.conf

#end of script

Now return to the root terminal ssh session with the TorBerry, take ownership 
of the script, set it to executable, then run it...

root@TorBerry:~# chown root startTORGate.sh
root@TorBerry:~# chmod +x startTORGate.sh
root@TorBerry:~# sh startTORGate.sh

it will automatically follow the output of hostapd in the terminal, leave it 
running...

Now, use another device to look for the wifi network and connect to it while 
you tail the log of this in the terminal.

It will fail to connect as no DHCP Server is set up yet, but that's good at 
this stage as long as the 4-way handshake is working on the output.

you should see output like this pay attention for EAPOL-Key frames (1/4 
Pairwise), to (4/4 Pairwise) if your output is vastly different to this 
something has gone wrong and I suggest you just start by typing 'history' into 
each users session that you've used and see what you typed. This is often 
quicker than scanning through all the code. If In doubt just re-flash and start 
again from scratch... :(

wlan0: STA MA:Cx:AD:DR:ES:Sx WPA: sending 1/4 msg of 4-Way Handshake
WPA: Send EAPOL(version=2 secure=0 mic=0 ack=1 install=0 pairwise=8 kde_len=0 
keyidx=0 encr=0)
WPA: Use EAPOL-Key timeout of 100 ms (retry counter 1)
nl80211: Event message available
nl80211: New station MA:Cx:AD:DR:ES:Sx
IEEE 802.1X: MA:Cx:AD:DR:ES:Sx TX status - version=2 type=3 length=95 - ack=1
WPA: EAPOL-Key TX status for STA MA:Cx:AD:DR:ES:Sx ack=1
WPA: Increase initial EAPOL-Key 1/4 timeout by 1000 ms because of acknowledged 
frame
IEEE 802.1X: 121 bytes from MA:Cx:AD:DR:ES:Sx
IEEE 802.1X: version=1 type=3 length=117
WPA: Received EAPOL-Key from MA:Cx:AD:DR:ES:Sx key_info=0x10a type=2 
key_data_length=22
WPA: Received Key Nonce - hexdump(len=32): b7 ee 55 a2 5a cb 8b 55 22 d8 c4 26 
ee 0e 10 19 e8 19 f7 eb 2c ef 76 a2 49 20 e8 c1 a5 3a 5b c4
WPA: Received Replay Counter - hexdump(len=8): 00 00 00 00 00 00 00 01
wlan0: STA MA:Cx:AD:DR:ES:Sx WPA: received EAPOL-Key frame (2/4 Pairwise)
WPA: MA:Cx:AD:DR:ES:Sx WPA_PTK entering state PTKCALCNEGOTIATING
WPA: PTK derivation - A1=MA:Cx:AD:DR:ES:Sx A2=MA:Cx:AD:DR:ES:Sx
WPA: Nonce1 - hexdump(len=32): 67 d0 9d 88 c4 92 9b b4 34 7c 01 b1 4b b6 9a 7e 
ca 9d 93 20 62 b3 dd d9 51 31 78 dc 72 9e 67 01
WPA: Nonce2 - hexdump(len=32): b7 ee 55 a2 5a cb 8b 55 22 d8 c4 26 ee 0e 10 19 
e8 19 f7 eb 2c ef 76 a2 49 20 e8 c1 a5 3a 5b c4
WPA: PMK - hexdump(len=32): [REMOVED]
WPA: PTK - hexdump(len=48): [REMOVED]
WPA: MA:Cx:AD:DR:ES:Sx WPA_PTK entering state PTKCALCNEGOTIATING2
WPA: MA:Cx:AD:DR:ES:Sx WPA_PTK entering state PTKINITNEGOTIATING
wlan0: STA MA:Cx:AD:DR:ES:Sx WPA: sending 3/4 msg of 4-Way Handshake
WPA: Send EAPOL(version=2 secure=1 mic=1 ack=1 install=1 pairwise=8 kde_len=46 
keyidx=1 encr=1)
Plaintext EAPOL-Key Key Data - hexdump(len=56): [REMOVED]
WPA: Use EAPOL-Key timeout of 100 ms (retry counter 1)
IEEE 802.1X: MA:Cx:AD:DR:ES:Sx TX status - version=2 type=3 length=151 - ack=1
WPA: EAPOL-Key TX status for STA MA:Cx:AD:DR:ES:Sx ack=1
IEEE 802.1X: 99 bytes from MA:Cx:AD:DR:ES:Sx
IEEE 802.1X: version=1 type=3 length=95
WPA: Received EAPOL-Key from MA:Cx:AD:DR:ES:Sx key_info=0x30a type=2 
key_data_length=0
WPA: Received Key Nonce - hexdump(len=32): 00 00 00 00 00 00 00 00 00 00 00 00 
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
WPA: Received Replay Counter - hexdump(len=8): 00 00 00 00 00 00 00 02
wlan0: STA MA:Cx:AD:DR:ES:Sx WPA: received EAPOL-Key frame (4/4 Pairwise)

Now hit [Ctrl+c] and logout and exit the ssh session and terminal.

Next, use the web interface to login with the pi account and change the 
following in 'Network Configuration'...

Config mode         =   Physical isolation
Upstream Interface  =   eth0
Downstream Interface    =   wlan0

The rest of the settings can be left as it is for a small home network of 20 
hosts or less.

Save and reset!...

Once the TorBerry is back up connect and enjoy the Invisible Proxy 
Anonomizinggggg GooooooodnessssssssSSSSS!!!

Also I can still point wired hosts at the TorBerry's IP as the Default Gateway 
and DNS Server to give them the same benefit too.

Cheers.

And a massive thank you again to the author of this project for their awesome 
idea and prior efforts.
You Rock Mate!

Patt :D

Original comment by stuwertp...@googlemail.com on 29 Jun 2014 at 11:07

Attachments: