From 2170e093ed4478e60eed19451bd6fcb82cea9353 Mon Sep 17 00:00:00 2001 From: morrownr Date: Mon, 26 Sep 2022 09:40:32 -0500 Subject: [PATCH] various updates to documentation --- README.md | 57 +- docs/AP_Mode-Bridged_Wireless_Access_Point.md | 820 ------------------ docs/Monitor_Mode.md | 297 ------- install-driver.sh | 2 - remove-driver.sh | 1 - 5 files changed, 24 insertions(+), 1153 deletions(-) delete mode 100644 docs/AP_Mode-Bridged_Wireless_Access_Point.md delete mode 100644 docs/Monitor_Mode.md diff --git a/README.md b/README.md index e2c2e4a..54db165 100644 --- a/README.md +++ b/README.md @@ -480,7 +480,7 @@ sudo ./remove-driver-no-dkms.sh Note: These are general recommendations, some of which may not apply to your specific situation. -- Security: Set WPA2-AES. Do not set WPA2 mixed mode or WPA or TKIP. +- Security: Set WPA2-AES or WPA2/WPA3 mixed or WPA3. Do not set WPA2 mixed mode or WPA or TKIP. - Channel width for 2.4 GHz: Set 20 MHz fixed width. Do not use 40 MHz or 20/40 automatic. @@ -548,42 +548,32 @@ sudo nano /etc/wpa_supplicant/wpa_supplicant.conf Question: Is WPA3 supported? -Answer: WPA3-SAE support is in this driver according to Realtek, however, for it -to work in client mode with some current Linux distros, you will need to -download, compile and install the current development version of wpa_supplicant -from the following site: - -https://w1.fi/cgit/ - -Note: There is a file in the `docs` folder called `Update_wpa_supplicant_v3a.md` -that may help with updating wpa_supplicant. - -Note: Some distros appear to have versions of Network Manager that are not -compatible with this driver. If that is the case, you may need to STOP or KILL -Network Manager and connect using wpa_supplicant. - -WPA3-SAE is working well in AP mode using hostapd with current versions of the -Raspberry Pi OS. +Answer: WPA3-SAE support is in this driver according to Realtek and it +works well on some Linux distros but not all. Generally the reason for +WPA3 not working on Linux distros is that the distro has an old version +of wpa_supplicant or Network Manager. Your options are to upgrade to a +more modern distro (most distros released after mid 2022) or compile and +install new versions of the wpa_supplicant and Network Manager utilities. ----- -Question: I bought two rtl8812bu based adapters and am planning to use both in -the same computer. How do I set that up? +Question: I bought two rtl8812bu based adapters and am planning to use +both in the same computer. How do I set that up? -Answer: You can't without considerable technical skills. Realtek drivers do not -support more than one adapter with the same chipset in the same computer. You -can have multiple Realtek based adapters in the same computer as long as the -adapters are based on different chipsets. +Answer: Realtek drivers do not support more than one adapter with the +same chipset in the same computer. You can have multiple Realtek based +adapters in the same computer as long as the adapters are based on +different chipsets. ----- -Question: Why do you recommend Mediatek based adapters when you maintain this -repo for a Realtek driver? +Question: Why do you recommend Mediatek based adapters when you maintain +this repo for a Realtek driver? -Answer: Many new and existing Linux users already have adapters based on Realtek -chipsets. This repo is for Linux users to support their existing adapters but my -STRONG recommendation is for Linux users to seek out USB WiFi solutions based on -Mediatek chipsets: +Answer: Many new and existing Linux users already have adapters based on +Realtek chipsets. This repo is for Linux users to support their existing +adapters but my STRONG recommendation is for Linux users to seek out USB +WiFi solutions based on Mediatek chipsets: https://github.com/morrownr/USB-WiFi @@ -644,8 +634,8 @@ to happen. Question: Are there any known problems with AP mode? -Answer: Overall this driver does a good job with AP mode. During testing and -work prior to making this driver available, the team working on this +Answer: Overall this driver does a good job with AP mode. During testing +and work prior to making this driver available, the team working on this driver noticed some problems in AP mode if used with a Raspberry Pi 4B. We were unable to discover or fix the exact cause of the problem but the workaround is to keep the driver in USB2 mode. This workaround only @@ -665,8 +655,9 @@ reports of success or failure are needed. If you have yet to buy an adapter to use with monitor mode, there are adapters available that are known to work very well with monitor mode. My recommendation for those looking to buy an adapter for monitor mode is to buy adapters based on -the following chipsets: mt7612u, mt7610u, rtl8812au and rtl8811au. My -specific recommendations for adapters in order of preference are: +the following chipsets: mt7921au, mt7612u, mt7610u, rtl8812au and +rtl8811au. My specific recommendations for adapters in order of +preference are: ALFA AWUS036ACHM - long range - in-kernel driver diff --git a/docs/AP_Mode-Bridged_Wireless_Access_Point.md b/docs/AP_Mode-Bridged_Wireless_Access_Point.md deleted file mode 100644 index 1636a30..0000000 --- a/docs/AP_Mode-Bridged_Wireless_Access_Point.md +++ /dev/null @@ -1,820 +0,0 @@ -2022-02-16 - -## Bridged Wireless Access Point - -A `Bridged Wireless Access Point` (aka Dumb AP) works within an existing -ethernet network to add WiFi capability where it does not exist or to -extend the network to WiFi capable computers and devices in areas where -the WiFi signal is weak or otherwise does not meet expectations. One big -advantage of this setup is that it can cost far less than many of the -Mesh kits that are available. Another advantage this setup has is that -the Raspberry Pi is a general purpose computer so it can be used for -additional tasks while performing as a `Bridged Wireless Access Point`. - -``` - ((((( tablet - ╱ -INTERNET >>>>>>> modem/router >>>>>>> RasPi ))))) ((((( laptop - (cable) ╱ ╲ - (fiber) CAT 5e+ ((((( phone - (dsl) Powerline AV2 - Ethernet Over Coax -``` - -Note: The connection from the router to the RasPi is best served by a -CAT 5e or greater ethernet cable but alternatives exist. One -alternative is to use your existing electrical wiring by using -`Powerline AV2` adapters. These adapters are also called `Homeplug AV2` -adapters and come in a variety of speeds and prices. I have had success -with `Powerline AV2` adapters but success depends on the quality and setup -of the electrical wiring to be used. Another option is `Ethernet Over -Coax (MoCa)`. Anyone considering `Powerline AV2` or `Ethernet Over -Coax (MoCa)` should research the products and be prepared to return -the products if expectations are not met. - -#### Single Band or Dual Band - Your Choice - -This document outlines single band and dual band WiFi setups using a -Raspberry Pi 3B, 3B+ or 4B with an AC600 USB2 or AC1200 USB3 WiFi -adapter for 5 GHz band and either an additional external WiFi adapter or -internal WiFi for 2.4 GHz band. There is a lot of flexibility and -capability available with this type of setup. - -#### Information - -This setup supports WPA3-SAE. It is disabled by default. - -WPA3-SAE will not work with some Realtek 88xx drivers. Let's just say -that this issue is in progress. - -WPA3-SAE works with Mediatek 761x chipset based USB WiFI adapters and, -as far as I can tell, with all usb wifi adapters that use Linux -in-kernel drivers and I have tested many. - -Note: This guide uses `systemd-networkd` for network management. If your -Linux distro uses Network Manager or Netplan, they must be disabled. -Sections that explain how to do this are located near the end of this -document. Please go to and follow the appropriate section now, if -required, before continuing with this setup guide. If you are using the -Raspberry Pi OS, you may continue with this setup guide now as the -Raspberry Pi OS does not use Network Manager or Netplan. - ------ - -#### Tested Setup - -[Raspberry Pi 4B (4gb)](https://www.raspberrypi.org/products/raspberry-pi-4-model-b/) - -[Raspberry Pi OS (2021-10-30) (32 bit) (kernel 5.10)](https://www.raspberrypi.org/software/operating-systems/#raspberry-pi-os-32-bit) - -Ethernet and Powerline AV2 connections providing internet (both tested) - -[USB WiFi Adapter(s)](https://github.com/morrownr/USB-WiFi) - -[Case](https://www.amazon.com/dp/B07T2CPC2H) - -[Right Angle USB Extender](https://www.amazon.com/dp/B07S6B5X76) - -[Power Supply](https://www.amazon.com/dp/B08C9VYLLK) - -[SD Card](https://www.amazon.com/Samsung-Endurance-32GB-Micro-Adapter/dp/B07B98GXQT) - -Note: I use the case upside down with little stick-on rubber feet. There -are several little things that work better with the case upside down and -no negatives that I can find. - -Note: Very few Powered USB 3 Hubs will work well with Raspberry Pi hardware. The -primary problem has to do with the backfeeding of current into the Raspberry Pi. -One that seems to work well here is: - -[Transcend USB 3.0 4-Port Hub TS-HUB3K](https://www.amazon.com/gp/product/B005D69QD8) - -Note: The rtl88XXxu chipset based USB3 WiFi adapters require from 504 mA of -power up to well over 800 mA of power depending on the adapter. The Raspberry -Pi 3B, 3B+ and 4B USB subsystems are only able to supply a total of 1200 -mA of power total divided between all attached devices. - -Note: The Alfa AWUS036ACM adapter, a mt7612u based adapter, requests a maximum -of 400 mA from the USB subsystem during initialization. Testing with a meter -shows actual usage of 360 mA during heavy load and usage of 180 mA during -light loads. This is much lower power usage than most AC1200 class adapters -which makes this adapter a good choice for a Raspberry Pi based access point. -Other mt7612u and mt7610u chipset based adapters also show low power usage. -Another adapter that is very good for use in this setup is the Alfa AWUS036ACHM -which is an AC600 class adapter that has very impressive range. - ------ - -#### Setup Steps - -USB WiFi adapter driver installation, if required, should be performed -and tested prior to continuing. - -Note: For USB3 adapters based on the Realtek rtl8812au, rtl8812bu and -rtl8814au chipsets, the following module parameters may be needed for -best performance when the adapter is set to support 5 GHz band: (if -using a rtl8812bu based adapter with a Raspberry Pi 4B or 400, you may -need to limit USB mode to USB2 due to a bug, probably in the Raspberry -Pi 4B, that causes dropped connections-- rtw_switch_usb_mode=2) - -``` -rtw_vht_enable=2 rtw_switch_usb_mode=1 -``` - -Note: For USB2 adapters based on the Realtek rtl8811au and rtl8821cu -chipset, the following module parameters may be needed for best -performance when the adapter is set to support 5 GHz band: - -``` -rtw_vht_enable=2 -``` - -Note: For USB3 adapters based on the Realtek rtl8812au, rtl8812bu and -rtl8814au chipsets, the following module parameters may be needed for -best performance when the adapter is set to support 2.4 GHz band: - -``` -rtw_vht_enable=1 rtw_switch_usb_mode=2 -``` - -Note: For USB2 adapters based on the Realtek rtl8811au and rtl8821cu -chipset, the following module parameters may be needed for best -performance when the adapter is set to support 2.4 GHz band: - -``` -rtw_vht_enable=1 -``` - -Note: For USB3 adapters based on Mediatek mt7612u chipsets, the -following module parameter may be needed for best performance: - -``` -disable_usb_sg=1 -``` - -Note: Here is a quick way to set the `disable_usb_sg` paramter: - -``` -sudo -i -echo "options mt76_usb disable_usb_sg=1" > /etc/modprobe.d/mt76_usb.conf -exit -``` - -Note: More information is available at the following site: - -https://github.com/morrownr/7612u - -Note: For this access point setup to support WPA3-SAE in a dual band -setup, two USB WiFi adapters with Mediatek or Atheros chipsets are -required as the Realtek and internal Raspberry Pi WiFi drivers do not -support WPA3-SAE as of the date of this document. - -The follow site provides links to adapters that support WPA3-SAE: [USB-WIFI](https://github.com/morrownr/USB-WiFi) - ------ - -Update, upgrade and clean up the operating system. -``` -sudo apt update && sudo apt upgrade && sudo apt autoremove -``` - -Note: Upgrading the operating system is not mandatory for this -installation but since some users forget to upgrade their system on a -regular basis, maybe it is a good idea. - ------ - -Reduce overall power consumption and overclock the CPU a modest amount. - -Note: All items in this step are optional and some items are specific to the -Raspberry Pi 4B. If installing to a Raspberry Pi 3B or 3B+ or other Pi you will -need to use the appropriate settings for that hardward. - -``` -sudo nano /boot/config.txt -``` - -Change: - -``` -# turn off onboard audio -#dtparam=audio=on - -# disable DRM VC4 V3D driver on top of the dispmanx display stack -#dtoverlay=vc4-fkms-v3d -#max_framebuffers=2 -``` -Add: -``` -# turn off Mainboard LEDs -dtoverlay=act-led - -# disable Activity LED -dtparam=act_led_trigger=none -dtparam=act_led_activelow=off - -# disable Power LED -dtparam=pwr_led_trigger=none -dtparam=pwr_led_activelow=off - -# turn off Ethernet port LEDs -dtparam=eth_led0=4 -dtparam=eth_led1=4 - -# turn off Bluetooth -dtoverlay=disable-bt - -# turn off onboard WiFi -dtoverlay=disable-wifi - -# overclock CPU -# (may not be required on current versions of the RasPiOS with a RasPi4B) -over_voltage=1 -arm_freq=1600 -``` - ------ - -Enable predictable network interface names - -Note: While this step is optional, problems can arise without it on dual -band setups. Some Linux distros have this capability enabled by default -but not the Raspberry Pi OS. - -``` -sudo raspi-config -``` - -Select: Advanced options > A4 Network Interface Names > Yes - ------ - -Reboot system. - -``` -sudo reboot -``` - ------ - -Determine name and state of the network interfaces. - -``` -ip a -``` - -You may need to additionally run the following commands in order to -determine which adapter, in a dual band setup, has which interface name. - -``` -iw list -``` -``` -iw dev -``` - -Note: If the interface names are not `eth0`, `wlan0` and `wlan1`, -then the interface names used in your system will have to replace -`eth0`, `wlan0` and `wlan1` for the remainder of this document. - ------ - -Install needed package. Website - [hostapd](https://w1.fi/hostapd/) - -``` -sudo apt install hostapd -``` - ------ - -Enable the wireless access point service and set it to start when your -Raspberry Pi boots. - -``` -sudo systemctl unmask hostapd -``` -``` -sudo systemctl enable hostapd -``` - ------ - -Note: The below steps include creating two hostapd configurations files -but only one is needed if using a single band setup. - -Create hostapd configuration file for 5 GHz band. - -``` -sudo nano /etc/hostapd/hostapd-5g.conf -``` - -File contents - -``` -# /etc/hostapd/hostapd-5g.conf -# Documentation: https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf -# 2022-02-11 - -# SSID -ssid=myPI-5g -# PASSPHRASE -wpa_passphrase=myPW1234 -# Band: a = 5g (a/n/ac), g = 2g (b/g/n) -hw_mode=a -# Channel -channel=36 -# Channel width -vht_oper_chwidth=1 -# VHT center channel (chan + 6) -vht_oper_centr_freq_seg0_idx=42 -# Country code -country_code=US -# Bridge interface -bridge=br0 -# WiFi interface -interface=wlan0 - -# nl80211 is used with all Linux mac80211 (in-kernel) and modern Realtek drivers -driver=nl80211 -#ctrl_interface=/var/run/hostapd -#ctrl_interface_group=0 - -ieee80211d=1 -# Enables support for 5GHz DFS channels -#ieee80211h=1 - -beacon_int=100 -dtim_period=2 -max_num_sta=32 -macaddr_acl=0 -rts_threshold=2347 -fragm_threshold=2346 -#send_probe_response=1 - -# security -# auth_algs=3 is required for WPA-3 SAE and WPA-3 SAE Transitional -auth_algs=1 -ignore_broadcast_ssid=0 -# wpa=2 is required for WPA2 and WPA3 (read the docs) -wpa=2 -rsn_pairwise=CCMP -# only one wpa_key_mgmt= line should be active. -# wpa_key_mgmt=WPA-PSK is required for WPA2-AES -wpa_key_mgmt=WPA-PSK -# wpa_key_mgmt=SAE WPA-PSK is required for WPA3-AES Transitional -#wpa_key_mgmt=SAE WPA-PSK -# wpa_key_mgmt=SAE is required for WPA3-SAE -#wpa_key_mgmt=SAE -#wpa_group_rekey=1800 -# ieee80211w=1 is required for WPA-3 SAE Transitional -# ieee80211w=2 is required for WPA-3 SAE -#ieee80211w=1 -# if parameter is not set, 19 is the default value. -#sae_groups=19 20 21 25 26 -# sae_require_mfp=1 is required for WPA-3 SAE Transitional -#sae_require_mfp=1 -# if parameter is not 9 set, 5 is the default value. -#sae_anti_clogging_threshold=10 - -# Note: Capabilities can vary even between adapters with the same chipset. -# -# Note: Only one ht_capab= line and one vht_capab= should be active. The -# content of these lines is determined by the capabilities of your adapter. -# -# IEEE 802.11n -ieee80211n=1 -wmm_enabled=1 -# -# generic setting -ht_capab=[HT40+][HT40-][SHORT-GI-20][SHORT-GI-40] -# -# mt7612u - mt7610u -#ht_capab=[HT40+][HT40-][GF][SHORT-GI-20][SHORT-GI-40] -# -# rtl8812au - rtl8811au - rtl8811cu -#ht_capab=[HT40+][HT40-][SHORT-GI-20][SHORT-GI-40][MAX-AMSDU-7935] -# rtl8812bu -#ht_capab=[LDPC][HT40+][HT40-][SHORT-GI-20][SHORT-GI-40][MAX-AMSDU-7935] -# rtl8814au -#ht_capab=[LDPC][HT40+][HT40-][SHORT-GI-20][SHORT-GI-40][MAX-AMSDU-7935][DSSS_CCK-40] -# - -# IEEE 802.11ac -ieee80211ac=1 -# -# generic setting -vht_capab=[SHORT-GI-80] -# -# mt7610u -#vht_capab=[SHORT-GI-80][MAX-A-MPDU-LEN-EXP3][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN] -# mt7612u -#vht_capab=[RXLDPC][SHORT-GI-80][TX-STBC-2BY1][RX-STBC-1][MAX-A-MPDU-LEN-EXP3][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN] -# -# rtl8812au - rtl8812bu -#vht_capab=[MAX-MPDU-11454][SHORT-GI-80][TX-STBC-2BY1][RX-STBC-1][HTC-VHT][MAX-A-MPDU-LEN-EXP7] -# rtl8814au -#vht_capab=[MAX-MPDU-11454][RXLDPC][SHORT-GI-80][TX-STBC-2BY1][RX-STBC-1][HTC-VHT][MAX-A-MPDU-LEN-EXP7] -# rtl8811au -#vht_capab=[MAX-MPDU-11454][SHORT-GI-80][RX-STBC-1][HTC-VHT][MAX-A-MPDU-LEN-EXP7] -# rtl8811cu -#vht_capab=[MAX-MPDU-11454][SHORT-GI-80][HTC-VHT][MAX-A-MPDU-LEN-EXP7] -# -# Note: [TX-STBC-2BY1] may cause problems with some Realtek drivers - -# end of hostapd-5g.conf -``` - ------ - -Create the 2g hostapd configuration file. -``` -sudo nano /etc/hostapd/hostapd-2g.conf -``` -File contents -``` -# /etc/hostapd/hostapd-2g.conf -# Documentation: https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf -# 2021-11-15 - -# SSID -ssid=myPI-2g -# PASSPHRASE -wpa_passphrase=myPW1234 -# Band: a = 5g (a/n/ac), g = 2g (b/g/n) -hw_mode=g -# Channel -channel=6 -# Country -country_code=US -# Bridge interface -bridge=br0 -# WiFi interface -interface=wlan1 - -# nl80211 is used with all Linux mac80211 (in-kernel) and modern Realtek drivers -driver=nl80211 -#ctrl_interface=/var/run/hostapd -#ctrl_interface_group=0 - -beacon_int=100 -dtim_period=2 -max_num_sta=32 -rts_threshold=2347 -fragm_threshold=2346 -#send_probe_response=1 - -# security -# auth_algs=3 is required for WPA-3 SAE and WPA-3 SAE Transitional -auth_algs=1 -macaddr_acl=0 -ignore_broadcast_ssid=0 -wpa=2 -wpa_pairwise=CCMP -# WPA-2 AES -wpa_key_mgmt=WPA-PSK -# WPA-3 SAE -#wpa_key_mgmt=SAE -#wpa_group_rekey=1800 -rsn_pairwise=CCMP -# ieee80211w=2 is required for WPA-3 SAE -#ieee80211w=2 -# If parameter is not set, 19 is the default value. -#sae_groups=19 20 21 25 26 -#sae_require_mfp=1 -# If parameter is not 9 set, 5 is the default value. -#sae_anti_clogging_threshold=10 - -# IEEE 802.11n -ieee80211n=1 -wmm_enabled=1 -# -# Note: Only one ht_capab= line should be active. The content of these lines is -# determined by the capabilities of your adapter. -# -# generic 20 NHz setting -ht_capab=[SHORT-GI-20] -# -# RasPi4B internal wifi -#ht_capab=[HT40+][HT40-][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40] -# -# ar9271 -#ht_capab=[HT40+][HT40-][SHORT-GI-20][SHORT-GI-40][RX-STBC1][DSSS_CCK-40] -# -# mt7612u - mt7610u -#ht_capab=[HT40+][HT40-][GF][SHORT-GI-20][SHORT-GI-40] -# -# rtl8812au - rtl8811au - rtl8812bu - rtl8811cu -#ht_capab=[HT40+][HT40-][SHORT-GI-20][SHORT-GI-40][MAX-AMSDU-7935] -# rtl8814au -#ht_capab=[LDPC][HT40+][HT40-][SHORT-GI-20][SHORT-GI-40][MAX-AMSDU-7935][DSSS_CCK-40] - -# End of hostapd-2g.conf -``` - ------ - -Establish hostapd conf file and log file locations. - -Note: Make sure to change to your home directory. - -``` -sudo nano /etc/default/hostapd -``` - -Select one of the following options - -Dual band option: Add to bottom of file - -``` -DAEMON_CONF="/etc/hostapd/hostapd-5g.conf /etc/hostapd/hostapd-2g.conf" -DAEMON_OPTS="-d -K -f /home//hostapd.log" -``` - -Single band option for 5g: Add to bottom of file -``` -DAEMON_CONF="/etc/hostapd/hostapd-5g.conf" -DAEMON_OPTS="-d -K -f /home//hostapd.log" -``` - -Single band option for 2g: Add to bottom of file -``` -DAEMON_CONF="/etc/hostapd/hostapd-2g.conf" -DAEMON_OPTS="-d -K -f /home//hostapd.log" -``` - ------ - -Modify hostapd.service file. - -Code: - -``` -sudo cp /usr/lib/systemd/system/hostapd.service /etc/systemd/system/hostapd.service -``` -``` -sudo nano /etc/systemd/system/hostapd.service -``` - -Select one of the following options - -Dual band option: Change the 'Environment=' line and 'ExecStart=' line to the following - -``` -Environment=DAEMON_CONF="/etc/hostapd/hostapd-5g.conf /etc/hostapd/hostapd-2g.conf" -ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid -B $DAEMON_OPTS $DAEMON_CONF -``` - -Single band option for 5g: Change the 'Environment=' line and 'ExecStart=' line to the following - -``` -Environment=DAEMON_CONF="/etc/hostapd/hostapd-5g.conf" -ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid -B $DAEMON_OPTS $DAEMON_CONF -``` -Single band option for 2g: Change the 'Environment=' line and 'ExecStart=' line to the following - -``` -Environment=DAEMON_CONF="/etc/hostapd/hostapd-2g.conf" -ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid -B $DAEMON_OPTS $DAEMON_CONF -``` ------ - -Block the ethernet and wlan interfaces from being processed, and let dhcpcd -configure only br0 via DHCP. - -``` -sudo nano /etc/dhcpcd.conf -``` - -Add the following line above the first `interface xxx` line, if any. - -``` -denyinterfaces e* wl* -``` - -Go to the end of the file and add the following line - -``` -interface br0 -``` - ------ - -Enable systemd-networkd service. Website - [systemd-network](https://www.freedesktop.org/software/systemd/man/systemd.network.html). - -``` -sudo systemctl enable systemd-networkd -``` - ------ - -Create bridge interface br0. - -``` -sudo nano /etc/systemd/network/10-create-bridge-br0.netdev -``` -File contents - -``` -[NetDev] -Name=br0 -Kind=bridge -``` - ------ - -Bind ethernet interface. - -``` -sudo nano /etc/systemd/network/20-bind-ethernet-with-bridge-br0.network -``` - -File contents - -``` -[Match] -Name=e* - -[Network] -Bridge=br0 -``` - ------ - -Configure bridge interface. - -``` -sudo nano /etc/systemd/network/30-config-bridge-br0.network -``` - -Note: The contents of the Network block below should reflect the needs of your network. - -File contents. - -``` -[Match] -Name=br0 - -[Network] -DHCP=yes -#Address=192.168.1.100/24 -#Gateway=192.168.1.1 -#DNS=8.8.8.8 - -``` - ------ - -Ensure WiFi radio not blocked. - -``` -sudo rfkill unblock wlan -``` - ------ - -Reboot system. - -``` -sudo reboot -``` - ------ - -End of installation. - ------ - ------ - -Notes: The following sections contain good to know information. - ------ - -Restart systemd-networkd service. - -``` -sudo systemctl restart systemd-networkd -``` - ------ - -Check status of the services. - -``` -systemctl status hostapd -``` -``` -systemctl status systemd-networkd -``` - ------ - -Install and autostart iperf3. - -``` -sudo apt install iperf3 -``` -``` -sudo nano /etc/systemd/system/iperf3.service -``` - -File contents - -``` -[Unit] -Description=iPerf3 Service -After=syslog.target network.target auditd.service - -[Service] -Type=simple -ExecStart=/usr/bin/iperf3 -s - -[Install] -WantedBy=multi-user.target -``` -``` -sudo systemctl enable iperf3 -``` -``` -sudo reboot -``` - -Check iperf3 status. -``` -sudo systemctl status iperf3 -``` - ------ - -Disable NetworkManager. - -Note: For systems not running the Gnome desktop, purging Network Manager -is the easiest solution. - -``` -sudo apt purge network-manager -``` - -Note: For systems running the Gnome desktop, use the following. - -``` -sudo systemctl stop NetworkManager.service -``` -``` -sudo systemctl disable NetworkManager.service -``` -``` -sudo systemctl stop NetworkManager-wait-online.service -``` -``` -sudo systemctl disable NetworkManager-wait-online.service -``` -``` -sudo systemctl stop NetworkManager-dispatcher.service -``` -``` -sudo systemctl disable NetworkManager-dispatcher.service -``` -``` -sudo systemctl stop network-manager.service -``` -``` -sudo systemctl disable network-manager.service -``` -``` -sudo reboot -``` - ------ - -Disable Netplan. - -Note: Netplan is the default network manager on Ubuntu server. - -Disable and mask networkd-dispatcher. - -Note: we are activating /etc/network/interfaces - -``` -sudo apt-get install ifupdown -``` -``` -sudo systemctl stop networkd-dispatcher -``` -``` -sudo systemctl disable networkd-dispatcher -``` -``` -sudo systemctl mask networkd-dispatcher -``` - -Purge netplan. - -``` -sudo apt-get purge nplan netplan.io -``` -``` -sudo reboot -``` - ------ diff --git a/docs/Monitor_Mode.md b/docs/Monitor_Mode.md deleted file mode 100644 index 7cf3c3e..0000000 --- a/docs/Monitor_Mode.md +++ /dev/null @@ -1,297 +0,0 @@ ------ - -2022-02-16 - -## Monitor Mode - -Purpose: Provide information and tools for testing and using monitor -mode with the following Realtek drivers: - -``` -https://github.com/morrownr/8812au-20210629 -https://github.com/morrownr/8821au-20210708 -https://github.com/morrownr/8821cu-20210118 -https://github.com/morrownr/88x2bu-20210702 -https://github.com/morrownr/8814au -``` -Note: This document and the `start-mon.sh` script will work with -adapters that use in-kernel drivers but it is not necessary as the use -of any of the many guides that are available should work fine as the -in-kernel drivers work in the textbook, standards compliant manner. - -Please submit corrections or additions via Issues. - -Monitor mode, or RFMON (Radio Frequency MONitor) mode, allows a computer -with a wireless network interface controller (WNIC) to monitor all -traffic received on a wireless channel. Monitor mode allows packets to -be captured without having to associate with an access point or ad hoc -network first. Monitor mode only applies to wireless networks, while -promiscuous mode can be used on both wired and wireless networks. -Monitor mode is one of the eight modes that 802.11 wireless cards and -adapters can operate in: Master (acting as an access point), Managed -(client, also known as station), Ad hoc, Repeater, Mesh, Wi-Fi Direct, -TDLS and Monitor mode. - -Note: This document and the `start-mon.sh` script have been tested on the -following: - -``` -Kali Linux -Raspberry Pi OS -Linux Mint -Ubuntu -``` ------ - -## Steps to start/test monitor mode - -#### Install USB WiFi adapter and driver per instructions. - - -#### Update system -``` -sudo apt update -``` -``` -sudo apt upgrade -``` - ------ - -#### Ensure WiFi radio is not blocked -``` -sudo rfkill unblock wlan -``` - ------ - -#### Install aircrack-ng (optional) -``` -sudo apt install -y aircrack-ng -``` - ------ - -#### Check wifi interface information -``` -iw dev -``` - ------ - -#### Information - -The wifi interface name `wlan0` is used in this document but you will -need to substitute the name of your wifi interface while using this -document. - ------ - -#### Enter and check monitor mode - -A script called `start-mon.sh` is available in the driver directory. -It will automate much of the following. - -Usage: - -``` -sudo ./start-mon.sh [interface:wlan0] -``` - -Note: If you want to do things manually, continue below. - ------ - -#### Disable interfering processes (see note about `start-mon.sh` below) - -``` -sudo airmon-ng check kill -``` - -Note: `start-mon.sh` is capable of disabling interfering processes. It -uses a different method than airmon-ng. Airmon-ng kills the processes -whereas `start-mon.sh` simply stops the processes and restarts them -when the script terminates. Stopping the processes seems to have some -advantages over killing them. - -Advantage 1: When killing the very clever interfering processes, you may -find that interfering processes are able to spawn new processes that will -continue to interfer. Stopping the interfering processes does not seem to -trigger the spawning of new processes. - -Advantage 2: If you use more than one wifi adapter/card in the system, -and if you need one of the adapter/cards to stay connected to the -internet, killing the processes may cause your internet connection to -drop. Stopping the processes does not cause your internet connection to -drop. - -Advantage 3: Stopping the processes allows the processes to be restarted. -The `start-mon.sh` script can put your interface in monitor mode, -properly configured, and then return your system, including stopped -processes and interface to original settings. This can reduce reboots -that sometimes might have been needed to reset things to normal operation. - - -#### Change to monitor mode - -Option 1 (the airmon-ng way) - -Note: This option may not work with some driver/adapter combinations -(I'm looking at you Realtek). If this option does not work, you can -use Option 2 or the `start-mon.sh` script that was previously mentioned. -``` -sudo airmon-ng start -``` - -Option 2 (the manual way) - -Check the wifi interface name and mode -``` -iw dev -``` - -Take the interface down -``` -sudo ip link set down -``` - -Set monitor mode -``` -sudo iw set monitor control -``` - -Bring the interface up -``` -sudo ip link set up -``` - -Verify the mode has changed -``` -iw dev -``` - ------ - -### Test injection - -Option for 5 GHz and 2.4 GHz -``` -sudo airodump-ng --band ag -``` -Option for 5 GHz only -``` -sudo airodump-ng --band a -``` -Option for 2.4 GHz only -``` -sudo airodump-ng --band g -``` -Set the channel of your choice -``` -sudo iw dev set channel [NOHT|HT20|HT40+|HT40-|5MHz|10MHz|80MHz] -``` -``` -sudo aireplay-ng --test -``` - ------ - -### Test deauth - -Option for 5 GHz and 2.4 GHz -``` -sudo airodump-ng --band ag -``` -Option for 5 GHz only -``` -sudo airodump-ng --band a -``` -Option for 2.4 GHz only -``` -sudo airodump-ng --band g -``` -``` -sudo airodump-ng --bssid --channel -``` -Option for 5 GHz: -``` -sudo aireplay-ng --deauth 0 -c -a -D -``` -Option for 2.4 GHz: -``` -sudo aireplay-ng --deauth 0 -c -a -``` - ------ - -### Revert to Managed Mode - -Check the wifi interface name and mode -``` -iw dev -``` - -Take the wifi interface down -``` -sudo ip link set down -``` - -Set managed mode -``` -sudo iw set type managed -``` - -Bring the wifi interface up -``` -sudo ip link set up -``` - -Verify the wifi interface name and mode has changed -``` -iw dev -``` - ------ - -### Change the MAC Address before entering Monitor Mode - -Check the wifi interface name, MAC address and mode -``` -iw dev -``` - -Take the wifi interface down -``` -sudo ip link set dev down -``` - -Change the MAC address -``` -sudo ip link set dev address -``` - -Set monitor mode -``` -sudo iw set monitor control -``` - -Bring the wifi interface up -``` -sudo ip link set dev up -``` - -Verify the wifi interface name, MAC address and mode has changed -``` -iw dev -``` - ------ - -### Change txpower -``` -sudo iw dev set txpower fixed 1600 -``` - -Note: 1600 = 16 dBm - ------ diff --git a/install-driver.sh b/install-driver.sh index 16abc50..abaf178 100755 --- a/install-driver.sh +++ b/install-driver.sh @@ -15,8 +15,6 @@ DRV_VERSION="5.13.1" DRV_DIR="$(pwd)" KRNL_VERSION="$(uname -r)" -clear - # support for NoPrompt allows non-interactive use of this script NO_PROMPT=0 diff --git a/remove-driver.sh b/remove-driver.sh index dc230f6..457778a 100755 --- a/remove-driver.sh +++ b/remove-driver.sh @@ -15,7 +15,6 @@ DRV_VERSION="5.13.1" DRV_DIR="$(pwd)" KRNL_VERSION="$(uname -r)" -clear echo "Running ${SCRIPT_NAME} version ${SCRIPT_VERSION}" # support for NoPrompt allows non-interactive use of this script