wpa_supplicant with bridge

Chris Baechle bangular
Tue May 16 06:57:19 PDT 2006


We've got a remote house a few hundred yards away that needs internet
access. Running cable would be way too much work for so few computers.
Our idea was to create a bridge. One interface wired and the other
interface wireless. This way we can have 4 computers going into a
switch, which goes into the bridging computer (wired), goes out
wireless to the AP.

Well, we got it to work with an atheros based (madwifi) card and brctl.

Now it's time to secure it with WPA-PSK...

Looking through the lists, it seems the latest stable version of
wpa_supplicant (0.4.9) doesn't support bridging. However, 0.5.3's
README indicates an -b argument (for bridging) which seems to be
exactly what I want.

Great, right? Well, not exactly. 0.4.9 precompiled fedora version
works fine with my madwifi (just as a regular client). My 0.5.3
compile goes into an infinite loop where it connects for a second,
then disconnects (again, not even bothering with bridging yet. Just as
a regular client). My AP doesn't support logging so I don't know if it
was ever a real successful connect. But if I refresh iwconfig fast
enough it'll show me as being associated for a second, then not. I
tried debian unstable with the wpasupplicant experimental package with
the same exact results (as well as my own 0.5.3 compile). Looking
through the list, it seems at one point someone had the exact same
issue. It was suggested maybe it's a bug at the madwifi level, but
that's where the discussion ended.

So now it's question time.
 - Am I correct in assuming 0.4.9 doesn't support what I'm trying to
do (bridging)?
- Does the -b option in 0.5.3 actually accomplish what I'm trying to do?
- Are there any known issues with madwifi and wpa_supplicant?
- Has anyone ever accomplished what I'm trying to do with
wpa_supplicant and _any_ wireless card?
- Can any other linux/*bsd supplicant achieve bridging in this manner?

I suppose if I absolutly have to I can NAT. I'd rather not as the
outbound connection is already double natted and we are trying to get
it down to single NAT. My other option would be Proxy ARP. But really,
I'd rather do it this way because it will be best for our setup.

If need be I can sponsor (monitarily) any bug fixing to get this to
work because we have a few more places we'd be able to use this and
would be extremely useful to us.

More information about the Hostap mailing list