In order to use recent WiFi networking, these prerequisites for 5GHz channel use need to be enabled:
Steps
- Include firmware packages for 802.11ac and 802.11n capable cards:
- echo 'firmware-atheros' >> $vyos-build-dir/data/live-build-config/package-lists/vyos-utils.list.chroot
- Firmware files may need to be cherry picked from linux kernel by users. For the Compex WLE600VX card, I needed to use
firmware-5.bin_10.2.4.70.61-2firmware-5.bin_10.2.4.70.66.
- Include a more recent hostapd (>2.4.x) [seems to work fine though with Jessie stock hostapd]
- Add configuration fields and options to the "vyatta-wireless" package. These might be free-text or options to input custom config file names to start with. hostapd will take multiple config files configuring multiple wifi cards in one go! (Proposed changes: see below)
- Build a custom Kernel with alterations to enable DFS. You may divert from common VyOS build scripts and use the approach from the next bullet instead.
- Using the script setup proposed by @carl.byington VyOS 1.2.x build scripts, build an image holding a custom Kernel with the needed alterations.
- Find the Kernel path file attached to this task and use it with Carl's scripts!
- You may want to downgrade wireless-regdb package to the 2014 version (better patch it or use fixed channels) to keep compatible with older 802.11ac gear not knowing about
clearance to use channels 144 to 157. Important update: frequencies 5755-5875MHz (channels 153-165) may NOT be cleared for private use within the EU. In Germany, they are for commercial provider use only. KEEP OUT!
Kernel Configuration
- Enable Kernel Device Drivers for 802.11ac and 802.11n capable cards (like Compex WLE600VX which uses ath10k)
- Enable Kernel support for DFS frequency scanning by enabling:
- "Configure standard kernel features (expert users)" under "General Setup"
- "cfg80211 certification onus" under "Networking support" -> "Wireless"
- "Ministrel 802.11ac support" under "Networking support" -> "Wireless"
- "Atheros DFS support for certified platforms" under "Device Drivers" -> "Network device support" -> "Wireless LAN" -> "Atheros Wireless Cards"
- "Atheros dynamic user regulatory hints" under "Device Drivers" -> "Network device support" -> "Wireless LAN" -> "Atheros Wireless Cards" (*)
- "Atheros dynamic user regulatory testing" under "Device Drivers" -> "Network device support" -> "Wireless LAN" ->"Atheros Wireless Cards" (*)
(*) I inferred this from this post (Reference: https://forum.ipfire.org/viewtopic.php?t=15300) and by looking up the Kernel source at ./drivers/net/wireless/ath/regd.c (see below). Without these settings the ATH10K driver will not allow the user to set different regulatory domains than what is preset in the device's firmware.
BE SURE TO SET THE CORRECT REGULATORY DOMAIN IN /etc/default/crda BEFORE STARTING HOSTAPD
BE SURE TO CREATE A FILE /etc/modprobe.d/cfg80211.conf CONTAINING YOUR REG DOMAIN PARAMETER: options cfg80211 ieee80211_regdom=DE (See op command in T529)
117 static bool dynamic_country_user_possible(struct ath_regulatory *reg) 118 { 119 if (IS_ENABLED(CONFIG_ATH_REG_DYNAMIC_USER_CERT_TESTING)) 120 return true; 121 122 switch (reg->country_code) { 123 case CTRY_UNITED_STATES: 124 case CTRY_JAPAN1: [...] 183 return false; 184 } 185 186 return true; 187 } 188 189 static bool ath_reg_dyn_country_user_allow(struct ath_regulatory *reg) 190 { 191 if (!IS_ENABLED(CONFIG_ATH_REG_DYNAMIC_USER_REG_HINTS)) 192 return false; 193 if (!dynamic_country_user_possible(reg)) 194 return false; 195 return true; 196 }
A working config for hostapd and the Compex WLE600VX card looks like this (Reference: ath10k configuration):
interface=wlan1 driver=nl80211 logger_syslog=-1 logger_syslog_level=2 logger_stdout=-1 logger_stdout_level=2 ctrl_interface=/var/run/hostapd_wlan1 ctrl_interface_group=0 ssid=testtest.ac wpa=2 wpa_passphrase=my-secret-key wpa_key_mgmt=WPA-PSK rsn_pairwise=CCMP wpa_ptk_rekey=600 country_code=DE ieee80211d=1 ieee80211h=1 hw_mode=a #channel=0 if you want automatic frequency selection (!!!DISCOURAGED UNLESS YOU KNOW WHAT YOU DO!!!) channel=36 vht_oper_centr_freq_seg0_idx=42 beacon_int=100 dtim_period=2 max_num_sta=32 rts_threshold=2347 macaddr_acl=0 auth_algs=1 ignore_broadcast_ssid=0 disassoc_low_ack=1 ieee80211n=1 ht_capab=[HT20][HT40+][HT40-][MAX-AMSDU-7935][SMPS-STATIC][LDPC][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40] ieee80211ac=1 vht_capab=[MAX-MPDU-11454][RXLDPC][SHORT-GI-80][TX-STBC-2BY1][RX-STBC-1][MAX-A-MPDU-LEN-EXP3][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN][BF-ANTENNA-2][SOUNDING-DIMENSION-2][VHT-LINK-ADAPT3] vht_oper_chwidth=1 local_pwr_constraint=3 tx_queue_data3_aifs=7 tx_queue_data3_cwmin=15 tx_queue_data3_cwmax=1023 tx_queue_data3_burst=0 tx_queue_data2_aifs=3 tx_queue_data2_cwmin=15 tx_queue_data2_cwmax=63 tx_queue_data2_burst=0 tx_queue_data1_aifs=1 tx_queue_data1_cwmin=7 tx_queue_data1_cwmax=15 tx_queue_data1_burst=3.0 tx_queue_data0_aifs=1 tx_queue_data0_cwmin=3 tx_queue_data0_cwmax=7 tx_queue_data0_burst=1.5 wmm_enabled=1 uapsd_advertisement_enabled=1 wmm_ac_bk_cwmin=4 wmm_ac_bk_cwmax=10 wmm_ac_bk_aifs=7 wmm_ac_bk_txop_limit=0 wmm_ac_bk_acm=0 wmm_ac_be_aifs=3 wmm_ac_be_cwmin=4 wmm_ac_be_cwmax=10 wmm_ac_be_txop_limit=0 wmm_ac_be_acm=0 wmm_ac_vi_aifs=2 wmm_ac_vi_cwmin=3 wmm_ac_vi_cwmax=4 wmm_ac_vi_txop_limit=94 wmm_ac_vi_acm=0 wmm_ac_vo_aifs=2 wmm_ac_vo_cwmin=2 wmm_ac_vo_cwmax=3 wmm_ac_vo_txop_limit=47 wmm_ac_vo_acm=0 disassoc_low_ack=1 eapol_key_index_workaround=0 eap_server=0 own_ip_addr=127.0.0.1
Proof of Concept for VyOS 1.2.x:
Kernel patch against debian/arch/amd64/config.amd64-vyos (with some long overdue hardware crypto acceleration added):
Kernel patch against arch/x86/configs/x86_64_vyos_defconfig:
Link to vyatta-wireless work in progress:
https://github.com/alainlamar/vyatta-wireless/commits/t452-802.11ac
Rebuild wireless-regdb
- On a Jessie build machine, do:
- sudo apt-get build-dep crda wireless-regdb
- git clone git://git.kernel.org/pub/scm/linux/kernel/git/sforshee/wireless-regdb.git
- cd wireless-regdb
- vim db.txt
- Restrict regdom settings for your country according to local law! For Germany, this means disabling channels greater 140 by prepending a # to the line: #(5725 - 5875 @ 80), (25 mW)
- make
- fakeroot checkinstall -D --install=no make install
- copy deb package to vyos
- On a VyOS instance, do:
- install package on vyos: dpkg -i <your-wireless-regdb-package.deb>
- reboot
- Test if your regdom settings have been applied accordingly:
- sudo regdbdump /lib/crda/regulatory.bin
- sudo iw reg get
- sudo iw phy phy0 info
- sudo iw dev wlan0 info
Wireless-regdb Patch suitable for Debian/Ubuntu/VyOS:
Useful References
- Linux Kernel wireless wiki pages, DFS section with subpages to specific regulatory domains
- Linux Kernel git repo for wireless-regdb with cleartext entries and links to certification documents
- Bundesnetzagentur: 5755-5875MHz open for commercial providers only! (means: Germans have to patch wireless-regdb to exclude channels > 140 from being used by automatic frequency selection)
- Linux Kernel Wireless Wiki: Regulatory rules processing
- Linux Kernel Wireless Wiki: The Regulatory Database
- 802.11ac channels explained (partially outdated)
- CWAP – HT Capabilities IE (very good explanation on HT capabilities)
Helpers
- Online calculator to transform power units (for ex: mW <--> dBm)
- Linux Kernel Wireless Wiki: iw tricks
- Altering wireless-regdb (German)
- WLAN Frequenzen (German, information compiled by Freifunk Franken)