Configure WLAN Statically in Debian/Linux

If you want to configure WLAN settings on a Linux machine statically you can use the normal /etc/network/interfaces configuration method of Debian. For WPA-PSK you can use this 3 steps:

Install the “wpasupplicant” package

Generate a psk line with “wpa_passphrase” and copy the hex string after “psk=”

root@server:~# wpa_passphrase WLANNAME
# reading passphrase from stdin
thepassword
network={
ssid="WLANNAME"
#psk="thepassword"
psk=fe5409c4831b3daafff41fe2e6ed15ba7ed18c87bab254315e0be5f9180573d3
}

Add some lines to /etc/network/interfaces using this hex string

allow-hotplug wlan0
iface wlan0 inet dhcp
metric 4
wpa-essid WLANNAME
wpa-scan-ssid 1
wpa-psk fe5409c4831b3daafff41fe2e6ed15ba7ed18c87bab254315e0be5f9180573d3

The line “wpa-scan-ssid 1” allows to use hidden WLAN that are not broadcasted. With “metric 4” you can make WLAN less preferred if there is a second LAN connection that should be preferred (default is “metric 1”).

IPv6 Only Test

The IPv6 designers refused to define an IPv4/IPv6 gateway, because it’s a contradiction to the NO-NAT, End2End paradigm of IPv6. The result is that IPv6 doesn’t really lift off, because every IPv6 user has IPv4 too (Dual Stack), which gives no pressure to move on to implement IPv6.

Large providers had to implement NAT instead of IPv6 to give their users connectivity, because NAT implemented a solution to address exhaustion now. If there has been an NAT64 gateway right from the start, we would have IPv6-only on our smart phones now instead of 10.x.x.x. That would give End2End capabillities at least for IPv6.

To test and show the current status of IPv6, I’m running an open WLAN hotspot with IPv6 ONLY. The access point is located in Wien, Rudolf von Alt Platz with the SSID AKK-IPV6ONLY.

I will add an IPv6 Only + NAT64 hotspot in the future.

Cisco Access Point blocking PPTP

Vienna: 10. August 2011

Problem: A network of some Cisco Access Points AIR-AP1142N-E-K9 connected to an small router works good as expected but when the user tries to connect to en PPTP VPN the connection fails with a time-out.

Solution: it was no NAT problem in this case (I fixed this before). Cisco IOS 12.4(21)?? has officially a bug not sending GRE (Proto:47) packets from the network to the client. IOS Version 12.4(25d)JA fixed this bug.

Strange! An access point in bridging mode filters depending on protocol numbers. So I guess it’s not really a bridge that Cisco implemented in this IOS device.