https://wiki.archlinux.org/api.php?action=feedcontributions&user=Puxx&feedformat=atomArchWiki - User contributions [en]2024-03-29T07:57:17ZUser contributionsMediaWiki 1.41.0https://wiki.archlinux.org/index.php?title=Software_access_point&diff=308077Software access point2014-04-03T10:25:39Z<p>Puxx: /* Wifi Link Layer */</p>
<hr />
<div>[[ru:Software Access Point]]<br />
[[Category:Wireless Networking]]<br />
{{Related articles start}}<br />
{{Related|Network configuration}}<br />
{{Related|Wireless network configuration}}<br />
{{Related|Ad-hoc networking}}<br />
{{Related|Internet sharing}}<br />
{{Related articles end}}<br />
A software access point is used when you want your computer to act as an wifi access point for the local wireless network. It saves you the trouble of getting a separate wireless router.<br />
<br />
== Requirements ==<br />
<br />
* A nl80211 compatible wireless device (e.g. ath9k)<br />
<br />
== Overview ==<br />
<br />
Setting up an access point comprises two main parts:<br />
* Setting up the '''wifi link layer''', so that wireless clients can associate to your computer's "software access point" and send/receive IP packets from/to your computer; this is what the hostapd package will do for you.<br />
* Setting up the '''network configuration''' on you computer, so that your computer will properly relay IP packets from/to its own Internet connection from/to wireless clients.<br />
<br />
== Wifi Link Layer ==<br />
<br />
The actual Wifi link is established via the {{Pkg|hostapd}} package (available in the [[official repositories]]). The package has WPA2 support.<br />
<br />
Adjust the options in ''hostapd'' configuration file if necessary. Especially, change the {{ic|ssid}} and the {{ic|wpa_passphrase}}. See [http://wireless.kernel.org/en/users/Documentation/hostapd hostapd Linux documentation page] for more information.<br />
<br />
{{hc|/etc/hostapd/hostapd.conf|<nowiki><br />
ssid=YourWifiName<br />
wpa_passphrase=Somepassphrase<br />
interface=wlan0<br />
bridge=br0<br />
auth_algs=3<br />
channel=7<br />
driver=nl80211<br />
hw_mode=g<br />
logger_stdout=-1<br />
logger_stdout_level=2<br />
max_num_sta=5<br />
rsn_pairwise=CCMP<br />
wpa=2<br />
wpa_key_mgmt=WPA-PSK<br />
wpa_pairwise=TKIP CCMP<br />
</nowiki>}}<br />
<br />
For automatically starting hostapd, [[Daemon|enable]] the {{ic|hostapd.service}}.<br />
<br />
{{Note|If you have a card based on RTL8192CU chipset, install {{AUR|hostapd-8192cu}} in the [[AUR]] and replace {{ic|1=driver=nl80211}} with {{ic|1=driver=rtl871xdrv}} in the {{ic|hostapd.conf}} file.}}<br />
<br />
== Network configuration ==<br />
<br />
There are two basic ways for implementing this:<br />
# '''bridge''': create a network ''bridge'' on your computer (wireless clients will appear to access the same network interface and the same subnet that's used by your computer)<br />
# '''NAT''': with IP forwarding/masquerading and DHCP service (wireless clients will use a dedicated subnet, data from/to that subnet is NAT-ted -- similar to a normal WiFi router that's connected to your DSL or cable modem)<br />
<br />
The bridge approach is simpler, but it requires that any service that's needed by your wireless clients (like, DHCP) is available on your computers external interface. That means it will not work if you have a dialup connection (e.g., via PPPoE or a 3G modem) or if you're using a cable modem that will supply exactly one IP address to you via DHCP.<br />
<br />
The NAT aproach is more versatile, as it clearly separates wifi clients from your computer and it's completely transparent to the outside world. It will work with any kind of network connection, and (if needed) you can introduce traffic policies using the usual iptables approach.<br />
<br />
Of course, it is possible to ''combine both things''. For that, studying both articles would be necessary. Example: Like having a bridge that contains both an ethernet device and the wireless device with an static ip, offering DHCP and setting NAT configured to relay the traffic to an additional network device - that can be ppp or eth.<br />
<br />
=== Bridge Setup ===<br />
<br />
You need to create a network ''bridge'' and add your network interface (e.g. {{ic|eth0}}) to it. You '''should not''' add the wireless device (e.g. {{ic|wlan0}}) to the bridge; hostapd will add it on its own. <br />
<br />
If you use [[netctl]], see [[Bridge with netctl]] for details (just do not add {{ic|tap0}} used in that example).<br />
<br />
{{Tip|You may wish to reuse an existing bridge, if you have one (e.g. used by a virtual machine).}}<br />
<br />
=== NAT Setup ===<br />
<br />
See [[Internet sharing]] for details.<br />
<br />
On that article, the device connected to the lan is {{ic|net0}}. That device would be in this case your wireless device (e.g. {{ic|wlan0}}).<br />
<br />
== Scripts ==<br />
<br />
[https://bbs.archlinux.org/viewtopic.php?pid=1269258 create_ap] script combines {{Pkg|hostapd}}, [[dnsmasq]] and [[iptables]] to create a Bridged/NATed Access Point (available in the [[AUR]] {{Aur|create_ap}}).<br />
<br />
== Troubleshooting ==<br />
<br />
===WLAN is very slow===<br />
<br />
This could be caused by low entropy. Consider installing [[haveged]].<br />
<br />
===NetworkManager is interfering===<br />
<br />
hostapd may not work, if the device is managed by NetworkManager. You can mask the device:<br />
<br />
{{hc|/etc/NetworkManager/NetworkManager.conf|<nowiki><br />
[keyfile]<br />
unmanaged-devices=mac:<hwaddr><br />
</nowiki>}}<br />
<br />
== See also ==<br />
<br />
* [[Router]]<br />
* [http://nims11.wordpress.com/2012/04/27/hostapd-the-linux-way-to-create-virtual-wifi-access-point/ Hostapd : The Linux Way to create Virtual Wifi Access Point]<br />
* [http://xyne.archlinux.ca/notes/network/dhcp_with_dns.html tutorial and script for configuring a subnet with DHCP and DNS]</div>Puxxhttps://wiki.archlinux.org/index.php?title=Software_access_point&diff=306944Software access point2014-03-25T07:31:49Z<p>Puxx: /* Scripts */</p>
<hr />
<div>[[ru:Software Access Point]]<br />
[[Category:Wireless Networking]]<br />
{{Related articles start}}<br />
{{Related|Network configuration}}<br />
{{Related|Wireless network configuration}}<br />
{{Related|Ad-hoc networking}}<br />
{{Related|Internet sharing}}<br />
{{Related articles end}}<br />
A software access point is used when you want your computer to act as an wifi access point for the local wireless network. It saves you the trouble of getting a separate wireless router.<br />
<br />
== Requirements ==<br />
<br />
* A nl80211 compatible wireless device (e.g. ath9k)<br />
<br />
== Overview ==<br />
<br />
Setting up an access point comprises two main parts:<br />
* Setting up the '''wifi link layer''', so that wireless clients can associate to your computer's "software access point" and send/receive IP packets from/to your computer; this is what the hostapd package will do for you.<br />
* Setting up the '''network configuration''' on you computer, so that your computer will properly relay IP packets from/to its own Internet connection from/to wireless clients.<br />
<br />
== Wifi Link Layer ==<br />
<br />
The actual Wifi link is established via the {{Pkg|hostapd}} package (available in the [[official repositories]]). The package has WPA2 support.<br />
<br />
Adjust the options in ''hostapd'' configuration file if necessary. Especially, change the {{ic|ssid}} and the {{ic|wpa_passphrase}}. See [http://wireless.kernel.org/en/users/Documentation/hostapd hostapd Linux documentation page] for more information.<br />
<br />
{{hc|/etc/hostapd/hostapd.conf|<nowiki><br />
ssid=YourWifiName<br />
wpa_passphrase=Somepassphrase<br />
interface=wlan0<br />
bridge=br0<br />
auth_algs=3<br />
channel=7<br />
driver=nl80211<br />
hw_mode=g<br />
logger_stdout=-1<br />
logger_stdout_level=2<br />
max_num_sta=5<br />
rsn_pairwise=CCMP<br />
wpa=2<br />
wpa_key_mgmt=WPA-PSK<br />
wpa_pairwise=TKIP CCMP<br />
</nowiki>}}<br />
<br />
For automatically starting hostapd, [[Daemon|enable]] the {{ic|hostapd.service}}.<br />
<br />
{{Note|If you have a card based on RTL8192CU chipset, you will have to build [http://anarsoul.blogspot.com.es/2013/08/access-point-with-raspberry-pi-and.html this] patched version of ''hostapd'' and replace {{ic|1=driver=nl80211}} with {{ic|1=driver=rtl871xdrv}} in the {{ic|hostapd.conf}} file.}}<br />
<br />
== Network configuration ==<br />
<br />
There are two basic ways for implementing this:<br />
# '''bridge''': create a network ''bridge'' on your computer (wireless clients will appear to access the same network interface and the same subnet that's used by your computer)<br />
# '''NAT''': with IP forwarding/masquerading and DHCP service (wireless clients will use a dedicated subnet, data from/to that subnet is NAT-ted -- similar to a normal WiFi router that's connected to your DSL or cable modem)<br />
<br />
The bridge approach is simpler, but it requires that any service that's needed by your wireless clients (like, DHCP) is available on your computers external interface. That means it will not work if you have a dialup connection (e.g., via PPPoE or a 3G modem) or if you're using a cable modem that will supply exactly one IP address to you via DHCP.<br />
<br />
The NAT aproach is more versatile, as it clearly separates wifi clients from your computer and it's completely transparent to the outside world. It will work with any kind of network connection, and (if needed) you can introduce traffic policies using the usual iptables approach.<br />
<br />
Of course, it is possible to ''combine both things''. For that, studying both articles would be necessary. Example: Like having a bridge that contains both an ethernet device and the wireless device with an static ip, offering DHCP and setting NAT configured to relay the traffic to an additional network device - that can be ppp or eth.<br />
<br />
=== Bridge Setup ===<br />
<br />
You need to create a network ''bridge'' and add your network interface (e.g. {{ic|eth0}}) to it. You '''should not''' add the wireless device (e.g. {{ic|wlan0}}) to the bridge; hostapd will add it on its own. <br />
<br />
If you use [[netctl]], see [[Bridge with netctl]] for details (just do not add {{ic|tap0}} used in that example).<br />
<br />
{{Tip|You may wish to reuse an existing bridge, if you have one (e.g. used by a virtual machine).}}<br />
<br />
=== NAT Setup ===<br />
<br />
See [[Internet sharing]] for details.<br />
<br />
On that article, the device connected to the lan is {{ic|net0}}. That device would be in this case your wireless device (e.g. {{ic|wlan0}}).<br />
<br />
== Scripts ==<br />
<br />
[https://bbs.archlinux.org/viewtopic.php?pid=1269258 create_ap] script combines {{Pkg|hostapd}}, [[dnsmasq]] and [[iptables]] to create a Bridged/NATed Access Point (available in the [[AUR]] {{Aur|create_ap}}).<br />
<br />
== Troubleshooting ==<br />
<br />
===WLAN is very slow===<br />
<br />
This could be caused by low entropy. Consider installing [[haveged]].<br />
<br />
===NetworkManager is interfering===<br />
<br />
hostapd may not work, if the device is managed by NetworkManager. You can mask the device:<br />
<br />
{{hc|/etc/NetworkManager/NetworkManager.conf|<nowiki><br />
[keyfile]<br />
unmanaged-devices=mac:<hwaddr><br />
</nowiki>}}<br />
<br />
== See also ==<br />
<br />
* [[Router]]<br />
* [http://nims11.wordpress.com/2012/04/27/hostapd-the-linux-way-to-create-virtual-wifi-access-point/ Hostapd : The Linux Way to create Virtual Wifi Access Point]<br />
* [http://xyne.archlinux.ca/notes/network/dhcp_with_dns.html tutorial and script for configuring a subnet with DHCP and DNS]</div>Puxxhttps://wiki.archlinux.org/index.php?title=GoAgent_(%E7%AE%80%E4%BD%93%E4%B8%AD%E6%96%87)&diff=302164GoAgent (简体中文)2014-02-26T04:49:03Z<p>Puxx: /* 亚全局 */</p>
<hr />
<div>[[Category:简体中文]]<br />
[[Category:Networking (简体中文)]]<br />
GoAgent 是使用 [[Python]] 和 Google App Engine SDK 编写的免费代理软件,利用 Google App Engine 充当代理服务器。<br />
<br />
GoAgent 的运行原理于其他代理工具基本相同,其借由 Google App Engine 的服务器作为中传,将数据数据包后传送至 Google 服务器,再由 Google 服务器转发至目的服务器,接收数据时方法也类似。相对其他代理工具而言 GoAgent 要稳定许多。<br />
<br />
==安装==<br />
[[Official Repositories (简体中文)|官方软件源]]已收录 {{Pkg|goagent}},直接用 [[pacman (简体中文)|pacman]] 安装即可.<br />
<br />
==配置==<br />
<br />
===服务器端===<br />
申请 Google Appengine 并创建 appid 。具体教程可参考[http://www.douban.com/note/262773856/ 此]。<br />
<br />
{{注意|appid请勿包含android/ios等关键词,否则有可能被某些网站识别为移动设备用户。}}<br />
<br />
上传:<br />
{{bc|# python2 /usr/share/goagent/server/uploader.zip}}<br />
{{注意|无效的 hosts 可能会导致上传失败,可尝试清空 {{ic|/etc/resolv.conf}} 再上传。<br />
将来的版本更新可能会要求重新上传。请参看[https://code.google.com/p/goagent/#更新历史_2013 官方的更新历史],带有[是]标记的则需要重新上传。此外是否需要重新上传是相对于前一版的,若您之前版本与当前版本之间某一版或多版带有[是]仍然需要重新上传}}<br />
{{提示|首次上传后,可以再任意修改 Appid,无需再重新上传,不过最好重启以生效}}<br />
<br />
执行时会要求您再输入 appid ,请保持与 {{ic|proxy.ini}} 中已有的一致;接着还要输入 Google 邮箱及密码。<br />
<br />
{{注意|若您的 Google 账户有开通两步验证功能,则密码应为16位的应用程序专用密码。}}<br />
<br />
至此,代理服务器 127.0.0.1:8087 已搭建完毕。现在以 [[Chromium (简体中文)|Chrome/Chromium]] 为例,示范使用代理服务器的方法。<br />
<br />
{{注意|若浏览器类软件要通过 GoAgent 代理访问 Internet,可能均需要导入证书}}<br />
<br />
===客户端===<br />
{{提示|goagent 3.1.2-2 引入了用户配置文件(goagent.user.ini), 配置方法有所变动. 如果您是从旧版本升级, 可以在按照如下方法配置后放心删除以前的 /etc/goagent.pacsave. 此次变动之后, 您将不再需要在每次升级后合并该配置文件.}}<br />
打开 {{ic|/etc/goagent}} (默认情况下该文件为空), 增加类似下面的段落:<br />
<br />
[gae]<br />
appid = your_appid<br />
password = yourpassword<br />
<br />
修改 {{ic|your_appid}} 为您所申请的 appid。如果您申请了多个 appid 用于负载均衡, 用竖线 | 分隔多个id (不含空格).<br />
如果您使用的服务端没有配置密码, 可以省略掉 {{ic|code=password =}} 开头的一整行.<br />
<br />
goagent 3.1.5-1 新增 dnsproxy 功能, 基本配置依然是修改 {{ic|/etc/goagent}} 文件, 加入类似以下内容:<br />
<br />
[dns]<br />
enable = 1<br />
listen = 127.0.0.1:5353<br />
<br />
如果希望 DNS 服务跑在 53 端口, 需要使用 root 用户运行服务. 新增 {{ic|/etc/systemd/system/goagent.service.d/use_root.conf}} 文件, 加入以下内容即可:<br />
<br />
[Service]<br />
User=root<br />
<br />
====Chrome/Chromium====<br />
请安装 [https://chrome.google.com/webstore/detail/proxy-switchysharp/dpplabbmogkhghncfbfdeeokoefdjegm SwitchySharp 插件],接着导入[https://goagent.googlecode.com/files/SwitchyOptions.bak 该设置]。可参考[https://code.google.com/p/switchysharp/wiki/SwitchySharp_GFW_List_2 该扩展提供的图解流程]。<br />
<br />
打开设置-管理证书-授权中心-Authorities,导入 {{ic|/usr/share/goagent/local/CA.crt}},弹出窗口的三条选项均勾选。<br />
<br />
{{注意|如果第一次安装 GoAgent 尝试到此步骤时发现该文件不存在,请先启动一次 GoAgent 后再重新尝试。}}<br />
<br />
====亚全局====<br />
在 Unix 和 GNU/Linix 中,大多 HTTP 应用程序均支持调用环境变量 {{ic|http_proxy}} 和 {{ic|https_proxy}} 进行代理,就像 lynx、 [[wget]] 和 curl,甚至也包括了 [[Chromium (简体中文)]] 和 [[git (简体中文)]]。此外该环境变量的大小写其实并没有统一标准,有个别程序就只支持全大写的环境变量。所以为方便起见,直接在 {{ic|~/.bash_profile}} 或 {{ic|~/.zshenv}} 添加以下即可:<br />
<br />
export http_proxy=http://127.0.0.1:8087/<br />
export https_proxy=$http_proxy<br />
export HTTP_PROXY=$http_proxy<br />
export HTTPS_PROXY=$HTTP_PROXY<br />
<br />
{{注意|虽然 Chrome 浏览器也可以通过其环境变量进行全局代理从而不再需要 Proxy Extension,但不建议这么做,因为会导致访问国内网站的速度下降,甚至个别网站就拒绝境外代理访问,例如收录了大量版权视频的网站。}}<br />
<br />
再执行以下命令,以导入证书进 Arch Linux。至此,就可以实现 Arch Linux 亚全局代理:<br />
<br />
# mkdir /usr/share/ca-certificates/goagent<br />
# cp /usr/share/goagent/local/CA.crt /usr/share/ca-certificates/goagent/GoAgent.crt<br />
# echo 'goagent/GoAgent.crt' >> /etc/ca-certificates.conf<br />
# update-ca-certificates<br />
<br />
==运行==<br />
==='''手动测试'''===<br />
cd /usr/share/goagent/local<br />
./goagent<br />
如果提示{{ic|GoAgent install certificate failed, Please run proxy.py by administrator/root/sudo}},请执行下面的操作:<br />
rm -rf ~/.pki <br />
mkdir -p ~/.pki/nssdb <br />
certutil -d ~/.pki/nssdb -N <br />
根据提示输入一个密码。<br />
再次运行goagent,根据提示输入刚才的密码。没问题后退出程序。<br />
将goagent加入系统服务:<br />
sudo systemctl enable goagent<br />
===以 daemon 形式运行 (推荐)===<br />
# systemctl start goagent<br />
若想开机自启动,执行:<br />
# systemctl enable goagent<br />
<br />
{{提示|可通过{{ic|# journalctl -u goagent}}来查询日志}}<br />
<br />
====屏蔽日志输出====<br />
如果不想让 GoAgent 的输出信息进入日志,可以通过屏蔽 goagent.service 里的对应行解决,方法如下:<br />
<br />
1. 创建目录 {{ic|/etc/systemd/system/goagent.service.d}}<br />
<br />
2. 创建文件 {{ic|/etc/systemd/system/goagent.service.d/nostdout.conf}}, 写入如下内容:<br />
[Service]<br />
StandardOutput=null<br />
<br />
===手动运行(不推荐+不支持)===<br />
由于不明原因,总有个别用户无法成功以 daemon 形式运行GoAgent,可改试手动运行:<br />
# python2 /usr/share/goagent/local/goagent<br />
<br />
若是在更新后发生问题,可尝试卸载并手动删除{{ic|/etc/}}和{{ic|/usr/share/}}下的有关文件并重新安装配置。<br />
<br />
==参阅==<br />
* [https://code.google.com/p/goagent/ GoAgent 在 Google Code 的主页]<br />
* [https://github.com/goagent/goagent GoAgent 在 GitHub 的主页]<br />
* 两位开发者的 Twitter 帐号:[https://twitter.com/hewigovens @hewigovens],[https://twitter.com/phuslu @phuslu]<br />
* [https://groups.google.com/forum/#!topic/archlinux-cn/_PPW2dZHltE 讨论亚全局代理的 Email List]</div>Puxx