diff --git a/lnxrouter b/lnxrouter index 383c4fc..b5ee942 100755 --- a/lnxrouter +++ b/lnxrouter @@ -1,6 +1,6 @@ #!/bin/bash -VERSION=0.8.1 +VERSION=0.8.2-unstable1 PROGNAME="$(basename "$0")" export LC_ALL=C @@ -92,10 +92,11 @@ Options: (example: US) --freq-band Set frequency band: 2.4 or 5 (default: 2.4) --driver Choose your WiFi adapter driver (default: nl80211) - -w '2' for WPA2, '1' for WPA, '1+2' for both - (default: 2) - --psk Use 64 hex digits pre-shared-key instead of - passphrase + -w WPA version indicator, can be '2', '3', '1', '3+2', + '3+2+1', '2+1'. Requires '-p'. (default: '2') + (Note WPA1 is legacy and unsafe) + --psk Use 64 hex digits pre-shared-key. Value of '-p' + should be hex string instead of password --mac-filter Enable WiFi hotspot MAC address filtering --mac-filter-accept Location of WiFi hotspot MAC address filter list (defaults to /etc/hostapd/hostapd.accept) @@ -213,7 +214,9 @@ define_global_variables(){ WIFI_IFACE= CHANNEL=default HOTSPOT20=0 # For enabling Hotspot 2.0 - WPA_VERSION=2 + WPA1_ENABLE=0 # Enable legacy unsafe WPA1 + WPA2_ENABLE=1 # Enable WPA2 PSK-Personal + WPA3_ENABLE=0 # Enable WPA3 SAE MAC_FILTER=0 MAC_FILTER_ACCEPT=/etc/hostapd/hostapd.accept DRIVER=nl80211 @@ -430,8 +433,29 @@ parse_user_options(){ ;; -w) shift - WPA_VERSION="$1" - [[ "$WPA_VERSION" == "2+1" ]] && WPA_VERSION=1+2 + case "$1" in + "3") + WPA1_ENABLE=0; WPA2_ENABLE=0; WPA3_ENABLE=1 + ;; + "2") + WPA1_ENABLE=0; WPA2_ENABLE=1; WPA3_ENABLE=0 + ;; + "1") + WPA1_ENABLE=1; WPA2_ENABLE=0; WPA3_ENABLE=0 + ;; + "3+2") + WPA1_ENABLE=0; WPA2_ENABLE=1; WPA3_ENABLE=1 + ;; + "2+1"|"1+2") # '1+2' is for compatibility to old script. + WPA1_ENABLE=1; WPA2_ENABLE=1; WPA3_ENABLE=0 + ;; + "3+2+1") + WPA1_ENABLE=1; WPA2_ENABLE=1; WPA3_ENABLE=1 + ;; + *) + echo "Invalid -w value" >&2 + exit 1 + esac shift ;; --sta-timeout) @@ -1840,8 +1864,8 @@ check_wifi_settings() { fi if [[ $(get_adapter_kernel_module "${WIFI_IFACE}") =~ ^rtl[0-9].*$ ]]; then - if [[ $WPA_VERSION == '1' || $WPA_VERSION == '1+2' ]]; then - echo "WARN: Realtek drivers usually have problems with WPA1, WPA2 is recommended" >&2 + if [[ $WPA1_ENABLE == '1' ]]; then + echo "WARN: Realtek drivers usually have problems with legacy WPA1" >&2 fi echo "WARN: If AP doesn't work, read https://github.com/oblique/create_ap/blob/master/howto/realtek.md" >&2 fi @@ -1992,6 +2016,10 @@ dealwith_mac() { } write_hostapd_conf() { + local WPA_VERSION + local WPA_KEYMGMT + local WPA_KEY_TYPE + cat <<- EOF > "$CONFDIR/hostapd.conf" beacon_int=100 ssid=${SSID} @@ -2025,7 +2053,21 @@ write_hostapd_conf() { fi if [[ -n "$PASSPHRASE" ]]; then - [[ "$WPA_VERSION" == "1+2" ]] && WPA_VERSION=3 + WPA_VERSION=0 # 1 means wpa1. 2 means wpa2. 3 means wpa2+1 + WPA_KEYMGMT="" # WPA-PSK means wpa2 or wpa1. SAE means wpa3 + if [[ $WPA1_ENABLE -eq 1 ]]; then + WPA_VERSION=$(($WPA_VERSION + 1)) + fi + if [[ $WPA2_ENABLE -eq 1 || $WPA3_ENABLE -eq 1 ]]; then + WPA_VERSION=$(($WPA_VERSION + 2)) + fi + if [[ $WPA1_ENABLE -eq 1 || $WPA2_ENABLE -eq 1 ]]; then + WPA_KEYMGMT+="WPA-PSK" + fi + if [[ $WPA3_ENABLE -eq 1 ]]; then + [[ ! -z "$WPA_KEYMGMT" ]] && WPA_KEYMGMT+=" " + WPA_KEYMGMT+="SAE" + fi if [[ $USE_PSK -eq 0 ]]; then WPA_KEY_TYPE=passphrase else @@ -2034,7 +2076,7 @@ write_hostapd_conf() { cat <<- EOF >> "$CONFDIR/hostapd.conf" wpa=${WPA_VERSION} wpa_${WPA_KEY_TYPE}=${PASSPHRASE} - wpa_key_mgmt=WPA-PSK + wpa_key_mgmt=${WPA_KEYMGMT} wpa_pairwise=CCMP rsn_pairwise=CCMP EOF