Brizzled

... wherein I bloviate discursively

Brian Clapper, bmc@clapper.org

WAP! Ow!

| Comments

We bought my wife a new laptop. I finally got it configured today, but I was having trouble getting Windows to connect to our wireless access points for some reason. I was still using WEP. So, as a quick test, I switched the closest WAP to use WPA, made the appropriate change in Windows, and the laptop immediately connected. Okay, cool. Problem solved, finally. We go with WPA. It’s a bit more secure, anyway.

Of course, this immediately led to more work.

One of the four WAPs here (yes, four WAPs–it’s funny what an old farm house will do to high-frequency radio signals) is a router, one of those wireless routers that thinks it’s connecting to the Internet out one interface. I’d faked it out so I could use it as an internal WAP. I had it set up so its WAN (Internet) interface plugged into my LAN. Meanwhile, its LAN interface (on a separate segment) plugged into a hub that the other WAPs plugged into. With this thing in place, I actually had two LANS: the “regular” one and the “wireless” one. This is fine in theory (and is potentially more secure), but in practice, it turns out to be a pain in the ass. Besides, the router was being cranky about WPA. So, I decided to get rid of it. The other WAPs are Linksys WAP54G’s, and I like them, so I ordered another WAP54G from NewEgg.com. Then, I disconnected one of the existing WAP54Gs (the one that’s used the least), moved it into my office, and swapped it for the wireless router. The NewEgg one will replace the one I swiped.

Yay! Now everything’s on the same LAN again. And things are simpler, right?

Not so fast…

Of course, this new arrangement complicated my laptop’s connectivity, since Linux (and BSD, for that matter) systems use this less-than-trivial wpa_supplicant user-space program for WPA negotiation. And I’m running Fedora Core 4 on my laptop. WEP was handled directly by the wireless driver, but WPA negotiation is handled by this front-end program that brings up the interface after WPA negotiation is complete–but it doesn’t automatically fire up the DHCP client program to get an IP address. You have to jump through some hoops to get that done. (I ended up using ifplugd.) Straightening that out actually took me a couple hours, even though I’d already solved a similar problem to gain access to the WPA-secured environment at corporate headquarters. But, of course, I’ve upgraded software since my last visit to corporate HQ…

With all the configs, the scripts, and the jerry-rigging, getting WPA working on my Linux box makes me feel like Rube Goldberg. (Break one link in the chain, and the gun fires, awakening the monkey, who shits on a plate, which sags under the extra weight, flipping the switch to “off”–and, boom! no more network connection.)

But, finally, I was done, right?

Oh, crap. I’d forgotten about TiVo.

We have TiVo. TiVo downloads its program information over the Internet, using a wireless USB NIC.

Okay, simple enough to reconfigure, right?

Wrong. TiVo doesn’t do WPA, only WEP (update unless you have one of their adapters). That’s probably because they didn’t feel like dealing with the Rube Goldberg wpa_supplicant shit, either.

Dammit. Now what? I don’t have a wired USB NIC. And, there’s no RJ-45 on the back of the TiVo box, because TiVo requires a USB NIC. And there’s no CAT-5 jack near the TiVo anyway; I’d have to run cable from the hub in the basement, drill a hole in the floor, and poke it up into the living room. As if I wanted to be doing that at 10:30 PM, when I still had work waiting for me in the office.

“There has to be a less obnoxious solution to this mess,” I muttered to myself.

“Oh!” (more muttering) “I know! I’ll take the decommissioned wireless router down into the basement, hook it up to the hub I already have down there, then define a separate SSID and different authentication criteria for it.”

Another hour, five trips to the basement, and some scrounging for a power strip later, I finally managed to get TiVo back on the network.

As Bill the Cat might say, “Ack! Thbbbt!”

My home network is small, but it’s officially way more complicated than the networks of some companies I’ve worked for. I keep a diagram, for chrissakes. I’ve already told my wife, if I get hit by a truck or something, email the diagram to a couple of geeky friends.

Every time I go through an exercise like this, I think, “What the hell would my dad do?” I’m a software developer, and I have done my share of system administration; I understand this crap, and it’s still damned fragile at times. What about all those non-technical consumers who buy wireless gear and expect to be able to plug it in and have it Just Work? Sure, for many people, it’s as simple as plugging in a wireless router and firing up the laptop. But as soon as you get into MAC address filtering, encryption, disabling SSID broadcasts, and all that Good, Healthy, Secure Stuff, the average Joe would be lost.

No wonder half (at least!) of the neighborhood wireless access points are completely unsecured.

No wonder non-geeks hate computers.

Comments