ハンドブック:AMD64/ネットワーク/無線

From Gentoo Wiki
Jump to: navigation, search
This page is a translated version of the page Handbook:AMD64/Networking/Wireless and the translation is 100% complete.

Other languages:
Deutsch • ‎English • ‎español • ‎日本語 • ‎한국어 • ‎polski • ‎русский • ‎українська • ‎中文(中国大陆)‎
AMD64 Handbook
Installation
About the installation
Choosing the media
Configuring the network
Preparing the disks
Installing stage3
Installing base system
Configuring the kernel
Configuring the system
Installing tools
Configuring the bootloader
Finalizing
Working with Gentoo
Portage introduction
USE flags
Portage features
Initscript system
Environment variables
Working with Portage
Files and directories
Variables
Mixing software branches
Additional tools
Custom package repository
Advanced features
Network configuration
Getting started
Advanced configuration
Modular networking
Wireless
Adding functionality
Dynamic management


はじめに

Linuxでの無線ネットワーキングは、多くの場合、極めて簡単です。wifiの設定には2つの方法があり、ひとつはグラフィカルクライアント、もうひとつはコマンドラインです。

もう既にデスクトップ環境をインストールしたなら、もっとも簡単な方法は、グラフィカルクライアントを使うことです。wicdやNetworkManagerといったほとんどのグラフィカルクライアントは、極めて直感的であり、これらの提供するマウスによる便利なインターフェースを使えば、ユーザーは数秒でネットワークに接続できます。

Note
Both NetworkManager and wicd offer text-mode interface utilities in addition to the main graphical interface. Emerge either the net-misc/networkmanager or net-misc/wicd package with the ncurses USE flag enabled. The nmtui or wicd-curses utilities are particularly useful for folks who do not use a X or Wayland based desktop environment, but still desire an easy-to-use tool that does not require hand-editing configuration files.

無線は、いくつかの設定ファイルの編集により、コマンドラインから設定することもできます。このやり方ではセットアップに多少時間がかかりますが、ダウンロードしてインストールするパッケージも最も少なくて済みます。グラフィカルクライアントの使い方は(彼らのホームページの親切なスクリーンショットも相まって)ほとんど自明ですから、ここではコマンドラインでの方法に注目することにします。

コマンドラインでの無線の設定をサポートするツールは3つあります。 net-wireless/iwnet-wireless/wireless-toolsnet-wireless/wpa_supplicant です。これらの2つでは、net-wireless/wpa_supplicant のほうが好ましいでしょう。覚えておくべき重要な事柄は、無線ネットワークはグローバルに設定されるのであり、インターフェースごとに設定されるのではないということです。

net-wireless/iw ソフトウェアはほとんど全てのカードとドライバーをサポートしますが、WPA-onlyのアクセスポイントには接続できません。ネットワークがWEPによる暗号化のみを提供するか、もしくは完全にオープンならば、net-wireless/iw はシンプリシティの面で他のパッケージに勝ります。

いくつかの無線カードはデフォルトで無効化されています。有効にするには、ハードウェアの文書を参照してください。これらのうちいくつかは、rfkill アプリケーションを使ってunblockできます。その場合、rfkill list で利用できるカードを確認し、rfkill unblock INDEX で無線機能を有効化してください。そうでない場合、無線カードはラップトップのボタンやスイッチ、特別なキーの組み合わせによってアンロックする必要があるかもしれません。

WPA supplicant

WPA supplicant projectは、WPAが有効なアクセスポイントに接続するためのパッケージを提供しています。

root #emerge --ask net-wireless/wpa_supplicant
Important
wpa_supplicantを動作させるためには、カーネルでCONFIG_PACKETが有効になっている必要があります。今のカーネルでこれが有効か確かめるには、これを試してみてください:
root #zgrep CONFIG_PACKET /proc/config.gz
root #grep CONFIG_PACKET /usr/src/linux/.config
Note
USEフラグによっては、wpa_supplicantはQt4で書かれた、KDEと親和性の高いグラフィカルインターフェースをインストールします。もしこれが欲しければ、net-wireless/wpa_supplicantUSE="qt4" を有効にしてください。

次に、wpa_supplicantモジュールがwireless-toolsより優先されるように、/etc/conf.d/net の設定をします(両方がインストールされている場合、wireless-toolsがデフォルトになります)。

FILE /etc/conf.d/netwpa_supplicantの利用を強制する
# wpa_supplicantをwireless-toolsより優先する
modules="wpa_supplicant"
  
# 推測がまだあまりうまくいかないので、wpa_supplicantに
# どのドライバーを使うべきか伝えることは重要です
wpa_supplicant_eth0="-Dnl80211"
Note
host-apドライバを利用する場合、カードをwpa_supplicantで正しく使えるようにするため、前もってカードを"マネージドモード"にしておく必要があります。このためには、/etc/conf.d/netiwconfig_eth0="mode managed"と設定します。

次に、wpa_supplicant自体の設定をします(アクセスポイントのセキュアさによっては、ややトリッキーになってきます)。下の例は、wpa_supplicantに付属する /usr/share/doc/wpa_supplicant-<version>/wpa_supplicant.conf.gz を抜き出し、簡単にしたものです。

FILE /etc/wpa_supplicant/wpa_supplicant.confやや簡単な例
# この行は変更しないこと。さもないと、wpa_supplicantは仕事をしません
ctrl_interface=/var/run/wpa_supplicant
  
# 確実にrootのみがWPAの設定を読めるようにする
ctrl_interface_group=0
  
# wpa_supplicantがスキャンとAP選択の面倒をみるようにする
ap_scan=1
  
# シンプルなケース: WPA-PSK、ASCIIパスフレーズのPSK、有効な暗号化方式を全て許可
network={
  ssid="simple"
  psk="very secret passphrase"
  # priorityが高いほど早くマッチする
  priority=5
}
  
# 上と同じ、但しSSIDを明確にしたスキャンを要求
# (ブロードキャストSSIDを拒否するAP向け)
network={
  ssid="second ssid"
  scan_ssid=1
  psk="very secret passphrase"
  priority=2
}
  
# WPA-PSKのみを使用。有効な暗号化方式の組み合わせを全て許可
network={
  ssid="example"
  proto=WPA
  key_mgmt=WPA-PSK
  pairwise=CCMP TKIP
  group=CCMP TKIP WEP104 WEP40
  psk=06b4be19da289f475aa46a33cb793029d4ab3db7a23ee92382eb0106c72ac7bb
  priority=2
}
  
# 平文での接続(WPAなし、IEEE 802.1Xなし)
network={
  ssid="plaintext-test"
  key_mgmt=NONE
}
  
# 共有WEPキー接続(WPAなし、IEEE 802.1Xなし)
network={
  ssid="static-wep-test"
  key_mgmt=NONE
  # 引用符で囲われたキーはASCIIキー
  wep_key0="abcde"
  # 引用符なしで指定されたキーは16進キー
  wep_key1=0102030405
  wep_key2="1234567890123"
  wep_tx_keyidx=0
  priority=5
}
  
# 共有キーによる共有WEPキー接続(WPAなし、IEEE 802.1Xなし)
# IEEE 802.11認証
network={
  ssid="static-wep-test2"
  key_mgmt=NONE
  wep_key0="abcde"
  wep_key1=0102030405
  wep_key2="1234567890123"
  wep_tx_keyidx=0
  priority=5
  auth_alg=SHARED
}
  
# WPA-None/TKIPを使ったIBSS/ad-hocネットワーク
network={
  ssid="test adhoc"
  mode=1
  proto=WPA
  key_mgmt=WPA-NONE
  pairwise=NONE
  group=TKIP
  psk="secret passphrase"
}

Wireless tools

Initial setup and managed mode

The wireless tools project provides a generic way to configure basic wireless interfaces up to the WEP security level. While WEP is a weak security method it's still prevalent in the world.

Wireless tools configuration is controlled by a few main variables. The sample configuration file below should describe all that is needed. One thing to bear in mind is that no configuration means "connect to the strongest unencrypted Access Point" - wireless tools will always try and connect the system to something.

root #emerge --ask net-wireless/wireless-tools
Note
Although net-wireless/iw is the current tool for the wireless stack, net-misc/netifrc does not work with the new commands. net-wireless/wireless-tools must be used with netifrc.
Important
You will need to consult the variable name documentation.
FILE /etc/conf.d/netSample iwconfig setup
# Prefer iwconfig over wpa_supplicant
modules="iwconfig"
  
# Configure WEP keys for Access Points called ESSID1 and ESSID2
# You may configure up to 4 WEP keys, but only 1 can be active at
# any time so we supply a default index of [1] to set key [1] and then
# again afterwards to change the active key to [1]
# We do this incase you define other ESSID's to use WEP keys other than 1
#
# Prefixing the key with s: means it's an ASCII key, otherwise a HEX key
#
# enc open specified open security (most secure)
# enc restricted specified restricted security (least secure)
key_ESSID1="[1] s:yourkeyhere key [1] enc open"
key_ESSID2="[1] aaaa-bbbb-cccc-dd key [1] enc restricted"
  
# The below only work when we scan for available Access Points
  
# Sometimes more than one Access Point is visible so we need to
# define a preferred order to connect in
preferred_aps="'ESSID1' 'ESSID2'"

Fine-tune AP selection

It is possible to add some extra options to fine-tune the AP selection, but these are not required.

One way is to configure the system so it only connects to preferred APs. By default if everything configured has failed and wireless-tools can connect to an unencrypted Access Point then it will. This can be controlled by the associate_order variable. Here's a table of values and how they control this.

Value Description
any Default behavior.
preferredonly Only connect to visible APs in the preferred list.
forcepreferred Forceably connect to APs in the preferred order if they are not found in a scan.
forcepreferredonly Do not scan for APs - instead just try to connect to each one in order.
forceany Same as forcepreferred + connect to any other available AP.

There is also the blacklist_aps and unique_ap selection. blacklist_aps works in a similar way to preferred_aps. unique_ap is a yes or no value that says if a second wireless interface can connect to the same Access Point as the first interface.

FILE /etc/conf.d/netblacklist_aps and unique_ap example
# Sometimes you never want to connect to certain access points
blacklist_aps="'ESSID3' 'ESSID4'"
  
# If you have more than one wireless card, you can say if you want
# to allow each card to associate with the same Access Point or not
# Values are "yes" and "no"
# Default is "yes"
unique_ap="yes"

Ad-hoc and master modes

To set the system up as an ad-hoc node when it fails to connect to any Access Point in managed mode, use this as a fallback:

FILE /etc/conf.d/netFallback to ad-hoc mode
adhoc_essid_eth0="This Adhoc Node"

It is also possible to connect to ad-hoc networks, or to run the system in master mode so it becomes an access point itself.

FILE /etc/conf.d/netSample ad-hoc/master configuration
# Set the mode - can be managed (default), ad-hoc or master
# Not all drivers support all modes
mode_eth0="ad-hoc"
  
# Set the ESSID of the interface
# In managed mode, this forces the interface to try and connect to the
# specified ESSID and nothing else
essid_eth0="This Adhoc Node"
  
# We use channel 3 if you don't specify one
channel_eth0="9"
Important
An important resource about channel selection is the BSD wavelan documentation found at the NetBSD documentation. There are 14 channels possible; We are told that channels 1-11 are legal for North America, channels 1-13 for most of Europe, channels 10-13 for France, and only channel 14 for Japan. If in doubt, please refer to the documentation that came with the card or access point. Make sure that the channel selected is the same channel the access point (or the other card in an ad-hoc network) is on. The default for cards sold in North America and most of Europe is 3; the default for cards sold in France is 11, and the default for cards sold in Japan is 14.

Troubleshooting wireless tools

There are some more variables that can help to get the wireless up and running due to driver or environment problems. Here's a table of other things that can be tried.

Variable name Default value Description
iwconfig_eth0 See the iwconfig man page for details on what to send iwconfig.
iwpriv_eth0 See the iwpriv man page for details on what to send iwpriv.
sleep_scan_eth0 0 The number of seconds to sleep before attempting to scan. This is needed when the driver/firmware needs more time to active before it can be used.
sleep_associate_eth0 5 The number of seconds to wait for the interface to associate with the Access Point before moving onto the next one.
associate_test_eth0 MAC Some drivers do not reset the MAC address associated with an invalid one when they lose or attempt association. Some drivers do not reset the quality level when they lose or attempt association. Valid settings are MAC, quality and all.
scan_mode_eth0 Some drivers have to scan in ad-hoc mode, so if scanning fails try setting ad-hoc here.
iwpriv_scan_pre_eth0 Sends some iwpriv commands to the interface before scanning. See the iwpriv man page for more details.
iwpriv_scan_post_eth0 Sends some iwpriv commands to the interface after scanning. See the iwpriv man page for more details.

Defining network configuration per ESSID

In this section, we show how to configure network settings based on the ESSID. For instance, with the wireless network with ESSID ESSID1 configure a static IP address while ESSID ESSID2 uses DHCP.

Note
This works with both wpa_supplicant as well as wireless-tools
Important
Please consult the variable name documentation.
FILE /etc/conf.d/netoverride network settings per ESSID
config_ESSID1="192.168.0.3/24 brd 192.168.0.255"
routes_ESSID1="default via 192.168.0.1"
  
config_ESSID2="dhcp"
fallback_ESSID2="192.168.3.4/24"
fallback_route_ESSID2="default via 192.168.3.1"
  
# We can define nameservers and other things too
# NOTE: DHCP will override these unless it's told not to
dns_servers_ESSID1="192.168.0.1 192.168.0.2"
dns_domain_ESSID1="some.domain"
dns_search_domains_ESSID1="search.this.domain search.that.domain"
  
# You override by the MAC address of the Access Point
# This handy if you goto different locations that have the same ESSID
config_001122334455="dhcp"
dhcpcd_001122334455="-t 10"
dns_servers_001122334455="192.168.0.1 192.168.0.2"