=^.^=

ClearOS 6.3: I am an Access Point and So Can You

karma

Despite the crappy things I've had to say about 6.3 I've decided to tough it out on my new home router. Normally, where the modem and router-ap are separate pieces of equipment you can simply turn off DHCP on the old router and keep using it as an access point by plugging the switch side of it into the local network and moving its LAN IP somewhere it won't conflict with the new router. Unfortunately, my ISP has made the "step up" to all-in-one modem-router-APs and the only way to bypass the limitations of the built-in router is to put the device in "bridged mode;" effectively turning it into a modem and sacrificing all of its other functionality. This would require either purchasing a separate, stand-alone access point or adding AP functionality to the ClearOS router to keep wifi going.

I settled on the Ralink 3090 because at about $10 it's the cheapest 802.11n card offered on eBay at present. Unfortunately, the kernel module for this card seems to be the only Ralink module missing from those distributed with ClearOS by default - necessitating building and swapping in a new kernel.

First, it's necessary to install the build environment:

yum --enablerepo=clearos-developer,clearos-epel install clearos-devel

Now we'll grab and install the kernel sources:

# wget http://mirror2-houston.clearsdn.com/clearos/community/6.3.0/dev/SRPMS/kernel-2.6.32-279.2.1.v6.src.rpm
# rpm -iv kernel-2.6.32-279.2.1.v6.src.rpm
# cd ~/rpmbuild

Now we need to install a few dependencies and patch the kernel according to the rpm spec:

# yum install xmlto asciidoc elfutils-libelf-devel binutils-devel newt-devel python-devel "perl(ExtUtils::Embed)" hmaccalc
# rpmbuild -bp --target=x86_64 SPECS/kernel.spec
# cp -a BUILD/kernel-2.6.32-279.2.1.el6/ /usr/src
# ln -s kernel-2.6.32-279.2.1.el6/linux-2.6.32-279.2.1.v6.x86_64/ linux

We need to install ncurses-devel to run make menuconfig.

# yum install ncurses-devel

Since we're rolling our own kernel we can't rely on the stock initrd to get us booting. Once you're in menuconfig be sure to compile these modules into the kernel statically:

  • Your disk controller module(s)
  • Ext4
  • Multiple devices driver support (RAID and LVM)
  • Device mapper support
  • Wired network devices (optional but I'm fond of guarantees)

Once you've configured your kernel and module selection compile and install them:

# make
# make modules_install
# cp arch/x86_64/boot/bzImage /boot/vmlinuz-new

Now modify /boot/grub/grub.conf and copy-paste the existing entry so you have two identical entries. Modify the first one to reference the new kernel's file name and leave the second intact so if we can't boot the new kernel we can still get back in to do more tweaking without having to break out a livecd.

Your wireless card will probably require external firmware to be loaded with its module. Be sure to install the firmware image to /lib/firmware so it can be found easily on bootup. For the RT3090 a .bin image is available in the linux source code zip at http://www.ralinktech.com/en/04_support/support.php?sn=501.

You may at this point reboot, and if successful should be looking at a new interface (i.e. wlan0):

# iwconfig
lo        no wireless extensions.

eth0      no wireless extensions.

eth1      no wireless extensions.

wlan0     IEEE 802.11bgn  Mode:Master  Frequency:2.462 GHz  Tx-Power=27 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Power Management:off

imq0      no wireless extensions.

imq1      no wireless extensions.

Now we need to install hostapd, which will take care of WPA authentication and putting your card into Master mode:

# yum install hostapd

Edit /etc/hostapd/hostapd.conf to reflect your environment:

ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel

# Some usable default settings...
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0

# Uncomment these for base WPA & WPA2 support with a pre-shared key
wpa=3
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

# DO NOT FORGET TO SET A WPA PASSPHRASE!!
wpa_passphrase=mypassword

# Most modern wireless drivers in the kernel need driver=nl80211
driver=nl80211

# Customize these for your local configuration...
interface=wlan0
hw_mode=g
channel=11
ssid=mynetwork

# Wireless N
wme_enabled=1
ieee80211n=1
ht_capab=[HT40-][SHORT-GI-40][DSSS_CCK-40]

Now start hostapd and add it to the appropriate runlevels:

# /etc/init.d/hostapd start
# chkconfig --level 2345 hostapd on

If you want the wireless to be on the same subnet as your wired LAN you must bridge the wireless and wired interfaces using standard ifcfg config files and restart networking; webconfig will not allow you to edit a bridge interface's IP settings so these must be included in the ifcfg file. Otherwise, assign a different subnet to the wireless device and choose the LAN role to allow routing between the two subnets. Alternatively, choose the Hot LAN role if you want to keep wireless clients from poking around on your wired network (probably a good idea!).

Be sure to enable DHCP for your bridged or wireless interface and congratulations on your new ClearOS access point.

Documentary for Dinner: The Corporation (2003)

karma

The Corporation is a landmark documentary, possibly the first to bring the notion of corporations as pathological psychopaths to the common discourse. The film begins with the corporation's roots and traces them through its evolution into personhood under the 14th amendment - intended to protect the rights of former slaves - then into the modern era of globalization, examining the consequences this has had for workers abroad and democracy at home.

Documentary for Dinner: Pax Americana and the Weaponization of Space (2009)

karma

Pax Americana and the Weaponization of Space looks at the possible consequences of the American strategy of total military domination in space.

I have to take issue with how much emphasis is put on satellites in this documentary (and many others). Aside from weather observation, GPS and television broadcasting - all of which have feasible terrestrial alternatives - they are not particularly essential. Most global communications are carried by sub-marine fibre-optic loops. An illustrated "worst case" scenario seems to imply that GPS satellites are the only carriers of atomic clocks in the world and their failure would eventually mean the de-synchronization of the entire Internet and financial networks (including their carriers, like Datapac). This betrays a fundamental lack of understanding of Internet architecture, global timekeeping projects and the Network Time Protocol in particular. The thought that the "end of satellites" would render your mobile phone useless, a device that relies mostly on terrestrial microwave transmission and fibre optics is laughable when only a trans-continental call stands a very remote chance of being routed through space.

Documentary for Dinner: Human Resources (2010)

karma

Another excellent Metanoia Films documentary, Human Resources explores bahaviourism and how techniques for conditioning humans have been developed and employed as a means of mass social management.

I kept hearing this narrators' very wonderful, mood-setting voice in some of my most favourite documentaries (The Power Principle, The Corporation, many more) and decided to look her up. It turns out Mikela Jay is a fellow Torontonian and one smart cookie - not only does she lend her velvet voice to the films she works on but tends to play an active role in their production. Perhaps it's the genuine passion for the material she covers which makes her work so memorable. Here's hoping there will be plenty more in the future.

ksign-publickey.c:2:17: error: key.h: No such file or directory

karma

Encountered while compiling a new kernel and modules for ClearOS 6.2 kernel 2.6.32-279.2.1.v6.x86_64 to obtain the one wireless module that isn't offered (naturally):

scripts/kconfig/conf -s arch/x86/Kconfig
  CHK     include/linux/version.h
  CHK     include/linux/utsrelease.h
  SYMLINK include/asm -> include/asm-x86
  CALL    scripts/checksyscalls.sh
  CHK     include/linux/compile.h
  CC      crypto/signature/ksign-publickey.o
crypto/signature/ksign-publickey.c:2:17: error: key.h: No such file or directory
crypto/signature/ksign-publickey.c: In function ‘ksign_init’:
crypto/signature/ksign-publickey.c:10: error: ‘ksign_def_public_key’ undeclared (first use in this function)
crypto/signature/ksign-publickey.c:10: error: (Each undeclared identifier is reported only once
crypto/signature/ksign-publickey.c:10: error: for each function it appears in.)
crypto/signature/ksign-publickey.c:11: error: ‘ksign_def_public_key_size’ undeclared (first use in this function)
make[2]: *** [crypto/signature/ksign-publickey.o] Error 1
make[1]: *** [crypto/signature] Error 2
make: *** [crypto] Error 2

Thanks to this post:

1) Select "Enable loadable module support", then "Module signature verification (EXPERIMENTAL)". Disable it.
2) Then go back to the main menu, select "Cryptographic API" then "In-kernel signature checker (EXPERIMENTAL)" and disable that one too.

Now I just have to cross my paws that this is still a simple matter of compiling a module and not the slightly messier matter of replacing the kernel image as well.