Airbase working, but dhcpd is not

[chaohacker]

I have been trying to configure bt4r1 to use airbase along with dhcp. However, while the clients are able to connect, they never get ip addresses. The following is, from start to finish, my process. Note that I have replaced (consistently) all the MAC addresses with fakes. I'm a bit of a paranoid loony.

I insert my usb wireless card (Alfa AWUS036H), check dmesg to make sure everything went well.

Code:

usb 1-4: new high speed USB device using ehci_hcd and address 4
phy1: Selected rate control algorithm 'minstrel'
phy1: hwaddr 00:c0:ca:3e:f3:eb, RTL8187vB (default) V1 + rtl8225z2, rfkill mask 2
rtl8187: Customer ID is 0xFF
Registered led device: rtl8187-phy1::radio
Registered led device: rtl8187-phy1::tx
Registered led device: rtl8187-phy1::rx
rtl8187: wireless switch is on
usbcore: registered new interface driver rtl8187

All looking good, I put it into monitor mode.

Code:

root@bt:~# airmon-ng check
root@bt:~# airmon-ng start wlan1
Interface  Chipset   	   Driver

wlan0	   		   Intel 3945ABG	iwl3945 - [phy0]
wlan1			   	 RTL8187 	rtl8187 - [phy1]
				 			  (monitor mode enabled on mon

I now check to make sure my wireless card is up to snuff.

Code:

root@bt:~# aireplay-ng --test mon0
12:10:05  Trying broadcast probe requests...
12:10:05  Injection is working!
12:10:07  Found 2 APs

12:10:07  Trying directed probe requests...
12:10:07  C0:3F:0E:B5:03:5E - channel: 1 - 'redacted1'
12:10:08  Ping (min/avg/max): 3.401ms/26.161ms/44.078ms Power: -61.14
12:10:08  29/30:  96%

12:10:08  00:25:9C:D1:19:6A - channel: 1 - 'redacted2'
12:10:09  Ping (min/avg/max): 2.738ms/14.681ms/39.091ms Power: -66.52
12:10:09  23/30:  76%

I start airbase. I want the channel to be '5', the essid to be 'A trap', and some debugging info. I run this on the monitor mode enabled interface I created with airmon.

Code:

root@bt:~# airbase-ng -c 5 -e 'A trap' -v mon0 
12:15:03  Created tap interface at0
12:15:03  Trying to set MTU on at0 to 1500
12:15:03  Trying to set MTU on mon0 to 1800
12:15:03  Access Point with BSSID 00:C0:CA:3E:F3:EB started.

I grab my 802.11 enabled phone, switch on wireless, and connect

Code:

12:15:54  Got an auth request from 38:E7:D8:A7:C7:59 (open system)
12:15:54  Client 38:E7:D8:A7:C7:59 associated (unencrypted) to ESSID: "A trap"

Great! Works so far. Now I want to configure a DHCP server.

I want the network to be 192.168.2.0 (netmask: 255.255.255.0), gateway/AP (at0) to be 192.168.2.1, and ip address leases to span 192.168.2.100-200.

I configure at0 to match this scheme.

Code:

root@bt:~# ifconfig at0 up ip 192.168.2.1 netmask 255.255.255.0
root@bt:~# ifconfig at0
at0       Link encap:Ethernet  HWaddr 00:c0:ca:3e:f3:eb  
          inet addr:192.168.2.1  Bcast:192.168.2.255  Mask:255.255.255.0
          inet6 addr: fe80::2c0:caff:fe3e:f3eb/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:52 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:13364 (13.3 KB)  TX bytes:328 (328.0 B)

And then edit /etc/dhcp3/dhcpd.conf

Code:

ddns-update-style none;

# I had no idea what I should put for this so I settled on "home"
option domain-name "home";
# OpenDNS servers found in http://theos.in/windows-xp/free-fast-public-dns-server-list/
option domain-name-servers 208.67.222.222, 208.67.220.220;

default-lease-time 600;
max-lease-time 7200;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

subnet 192.168.2.0 netmask 255.255.255.0 {
  range 192.168.2.100 192.168.2.200;
}

Now, with crossed fingers, I start the dhcp server

Code:

root@bt:~# touch /var/run/dhcpd.pid
root@bt:~# chown dhcpd:dhcpd /var/run/dhcpd.pid
root@bt:~# dhcpd3 -d at0
Internet Systems Consortium DHCP Server V3.1.1
Copyright 2004-2008 Internet Systems Consortium.
All rights reserved.
For info, please visit http://www.isc.org/sw/dhcp/
Wrote 0 leases to leases file.
Listening on LPF/at0/00:c0:ca:3e:f3:eb/192.168.2/24
Sending on   LPF/at0/00:c0:ca:3e:f3:eb/192.168.2/24
Sending on   Socket/fallback/fallback-net

And once again I try to connect my phone..

Code:

12:36:12  Got an auth request from 38:E7:D8:A7:C7:59 (open system)
12:36:12  Client 38:E7:D8:A7:C7:59 associated (unencrypted) to ESSID: "A trap"

But dhcpd3 stays quiet and, after trying to obtain an ip address for awhile and failing, my phone gives up.

How come?

Thank you for reading,
Max Carini

[chaohacker]

My problem seems similar to "No IP from dhcpd with softAP/Airbase-ng [PARTLY SOLVED]." I will give his approach (enabling encryption) to see if I can at least get that portion working, but whether it then works or not I definitely want to figure out why this isn't working without encryption! Seems rather peculiar to me. I really wish the other post wasn't on the "old" forums.

[Xylos]

Exact same problem here, with the same observed behavior. Clients connect to the soft AP, but no DHCP response is seen. On my side I'm seeing all the packets truncated by 36 bytes; problem goes away when the outbound (Internet side) interface is secured in any fashion (WEP/WPA/WPA2).

[rbennu]

My problem seems similar to "No IP from dhcpd with softAP/Airbase-ng [PARTLY SOLVED]." I will give his approach (enabling encryption) to see if I can at least get that portion working, but whether it then works or not I definitely want to figure out why this isn't working without encryption! Seems rather peculiar to me. I really wish the other post wasn't on the "old" forums.

I've had the same issue, think I did a good job of searching for an answer but don't see much. I have 1 client that will not get an IP/connect unless the softAP is using WEP, a 2nd client get prompted for the WEP key but doesn't go further & doesn't connect with the SoftAP open. Partial success at best for me.

[sLiPpErY]

Search for "rogue ap" here in the forums, you may find some help.

[rbennu]

Slippery - I undertand the culture of being spoon fed and people with low post numbers not doing a proper search, however if there's a reference to this issue I haven't seen it and I've searched for a while..just to be clear my specific issue is:

Running BT 4 R1 from Live CD
NIC: ALFA AWUS036H
Client Dell Windows 7

The AP is created, however the only time the client connects/receives a dhcp addy is when WEP is used. If I set the AP to open, DHCP does not start. Among the many things I have tried:

Adjusted MTU
Made sure the Antennas aren't close, I've even went as far as manually lowering the antenna tx power.
Removed Airbase-ng -P & -C options

Really the only thing close to a solution I've seen was a post which basically said I've tried a few cards that didn't work but everything worked with the Atheros card. So if a post exists addressing my issue I haven't seen it but not because I haven't looked.

[aeronavi]

Code:

ddns-update-style none;

# I had no idea what I should put for this so I settled on "home"
option domain-name "home";
# OpenDNS servers found in http://theos.in/windows-xp/free-fast-public-dns-server-list/
option domain-name-servers 208.67.222.222, 208.67.220.220;

default-lease-time 600;
max-lease-time 7200;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

subnet 192.168.2.0 netmask 255.255.255.0 {
  range 192.168.2.100 192.168.2.200;
}

Do like following,

Code:

ddns-update-style none;

# I had no idea what I should put for this so I settled on "home"
#option domain-name "home"; //dont need this
# OpenDNS servers found in Free Fast Public DNS Servers List
#option domain-name-servers 208.67.222.222, 208.67.220.220; //dont need this

default-lease-time 600;
max-lease-time 7200;

# If this DHCP server is the official DHCP server for the local
# network, the authoritative directive should be uncommented.
authoritative;

# Use this to send dhcp log messages to a different log file (you also
# have to hack syslog.conf to complete the redirection).
log-facility local7;

subnet 192.168.2.0 netmask 255.255.255.0 {
  option subnet-mask 255.255.255.0;
  option broadcast-address 192.168.2.255;
  option routers 192.168.2.1;
  option domain-name-servers 4.2.2.2; //public 
  option domain-name-servers 128.8.5.2;
  range 192.168.2.100 192.168.2.200;
}

and instead of using dhcpd3, use just

Code:

/etc/init.d/dhcp3-server start

then don't forget to set up iptables and enable ip_forwarding

Code:

iptables --table nat --append POSTROUTING --out-interface eth1 -j MASQUERADE
iptables --append FORWARD --in-interface at0 -j ACCEPT
echo 1 > /proc/sys/net/ipv4/ip_forward

"eth1" is just an example, you should put there the active interface that connects you to the internet.

tell if it works