1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Generate random wpa key and email new key

Discussion in 'Tomato Firmware' started by recon1991, Feb 14, 2012.

  1. recon1991

    recon1991 Networkin' Nut Member

    Hello All,

    I have been working at a resort as the IT person and one of my daily functions is to change the wifi key for our tomato routers. This task gets tiring after changing them for 2 days. I have read this thread on generating a new key

    http://www.linksysinfo.org/index.php?threads/daily-change-of-wireless-password.31725/

    I felt that this would simplify my process but it doesn't detail a system to either e-mail or notify someone that the key has changed. I just started to look into the tomato firmware and this resort had it installed on all of their routers already so I know very little about it. I do know some tech stuff but as far as programming, im clueless. Any help is appreciated!

    Recon
     
  2. ntest7

    ntest7 Network Guru Member

    Interesting project.

    Sounds as if you have multiple routers that all need to updated with the same new key. That makes it more complicated, but still possible. Some pointers below to get you started...

    - at least one of your routers needs to be an "advanced" model such as a Linksys E3000/E4200v1 or Asus RT-N16. This router can act as a "master" to generate the key, a file server to share the key with the other routers, and also includes a sendmail command handy for notification. Alternately, I suppose you could generate and store the key on a little linux or windows box and share it from there, but that adds another dependency and (at least if you use windows) would require substantial rewriting of the example script.

    - the script in the thread you link to looks as if it should work to generate a new key on the "master" router. It will need minor changes to save the key to shared storage and to report the key via email using the sendmail command.

    - all the secondary routers will need to grab the key from shared storage rather than generating their own. This shouldn't be a real big change to the existing script. Probably better to have them frequently check for a changed key (say, every 10 minutes) rather than just once at the expected time. [retrieve the key; if it's the same, do nothing; if it's a new key, install it and restart the service]

    Actually, none of the individual steps here are all that complicated; but the way they all depend on each other will make this a complicated system.

    I and others here will be glad to offer advice or a nudge if you get stuck. You'll need to do some scripting yourself or find a buddy who can spend a day or two helping.
     
  3. recon1991

    recon1991 Networkin' Nut Member

    Thank you for replying.

    It isn't as complicated as I made it sound. We want each router to have different passwords. They are about 100-150 yards apart and we want to manage who asks for the password just to manage the network traffic.

    We have a bunch of WRT54GL routers all over property so each having different separate passwords is fine. The main router that is used frequently is the Guest lounge and we want to have the router generate a new password every morning when we open and email the password to our receptionists.

    I will test the password generator later on to get more comfortable with tomato.

    And again thank you for replying!
     
  4. ntest7

    ntest7 Network Guru Member

    Bunch of routers each with its own SSID and a key that changes daily? That sounds like a nightmare.

    If you're giving someone one-day access to your network it doesn't make sense to also limit where they can use it, and doesn't seem very convenient for the either the guests or staff.

    I'll assume you have a good reason to add that burden to everyone.
     
  5. recon1991

    recon1991 Networkin' Nut Member

    The reason we do this is because a lot of guest log on our network and hog the bandwidth with skype and other streaming websites. When I didn't change the password for one router after awhile, we noticed the network bandwidth always being capped. Went and checked how many where on the network and sure enough we had well over 40+ wireless clients running on one router.

    I wasn't too bothered with it since I use a separate business line but when a lot of guest would complain that the wifi wasn't working I couldn't think why it wasn't. I changed the wpa2 key and reset the router and the wifi worked again. I am not a router wiz but I am sure that with all that stress from 40+ clients on the same router at the same time could cause some failure.

    We have been changing the password daily and people are fine with it. They just have to ask the receptionist for the key and they are on. We are in the process of just sending all of the guest to our lounge and letting them use only that router and make the rest of the routers use one password that is secure.

    All of the receptionist are recommended to use the desktop computers but they are allowed to use personal wireless devices if they choose so.

    In the past we had people off the resort catch our wifi off property and abusing it. This was the reason we started to change the key daily since the key was only being changed every 2 months or so.

    All I am asking is how can the router generate a new key daily and then email that key to an email.
     
  6. lancethepants

    lancethepants Network Guru Member

    One way I imagine accomplishing this would be ...
    Utilize the master router (preferably something beefier as previously mentioned) to generate new keys for each router, ssh into them, push the key and restart the services. It would also keep a log of each router's new key, then send an email to the appropriate people.

    One question regarding sendmail, I've only played around with it just a little bit. I was attempting to use sendmail to conenct to gmail smtp. However, it appears that the OpenSSL module in tomato is stripped down, and doesn't have the necessary 's_client' command in order to create an secure session required by gmail. I did download OpenSSL via optware which appears to be more complete. However, it's still quite finicky as it want you to have a local cert which I haven't bothered working around yet. Let me know if I'm off spot. So without optware, would it require using an SMTP server that does not require a secure connection? If optware was required, I think I'd just recommend using Python to send email, as it's quite easy to setup. Something I've done here.
    http://linksysinfo.org/index.php?posts/177773/

    So then all the routers are connected to the main router, right? Are they on the same subnet, or is each access isolated from the others possibly using NAT and serving IP addresses each with their own DHCP?
     
  7. recon1991

    recon1991 Networkin' Nut Member

    I believe our routers are on the same network but different gateways. I'm not very good with networking so someone can say hey you are wrong. the ip's for the main wifi routers are 10.10.1.1, 10.20.1.1, and 10.30.1.1. The other ones are using static passwords as of today so we don't need to change them as daily.

    At this point having one router randomizing the key daily is fine with us. All of our guest are only allowed to use one ap and that is our guest lounge.
    We don't need to have the master router creating keys and ssh into others to change the key and etc.

    I have read your post "lancethepants" and it is very informative and may be a solution to emailing the key. I will mess with this and let you know my results. We have a bunch of WRT54GL's laying around so I can mess with them for testing purposes.

    -----

    I really feel that I have over complicated the question. Let me ask it again.

    Is it possible to have a WRT54GL randomize a password daily, and then email that password to someone.
     
  8. Nitro

    Nitro Networkin' Nut Member

    why not just set up a captive portal that requires users to log in with a password, that either expires after X hours or is removed when the guest checks out?.

    Tomato Firmware v1.28.7495 MIPSR2-Toastman-VLAN-RT-BETA K26 USB VPN-NOCAT
    has this functionality as standard.
     
  9. lancethepants

    lancethepants Network Guru Member

    It should be possible to have a WRT54GL change it's own key then email. I'm just wondering about the possible limitation of sendmail. If someone with more experience with sendmail could chime in.
     
  10. recon1991

    recon1991 Networkin' Nut Member

    I've been searching around and it seems that the sendmail isn't included with tomato. Is this true? Are there other programs that can access the jffs2 and email it from there? If possible, I'd like to use the routers we currently have because replacing some routers may be a hassle seeing where they are positioned. Although if replacing is the only option then I will notify my manager.
     
  11. lancethepants

    lancethepants Network Guru Member

    The Toastman builds come with sendmail. You would have to flash the routers with his firmware. It could be possible to load it to jffs2. I guess just a matter of getting the binary. You could possibly get away with flashing the new firmware without having to erase nvram though, and just continue from there. Else you could note the settings and reload them as they were.

    http://www.4shared.com/dir/v1BuINP3/Toastman_Builds.html
     
  12. recon1991

    recon1991 Networkin' Nut Member

    Thank you lancethepants. I will try that tonight. Let's hope all goes well!

    EDIT: Hey lancethepants, which version would I get for the Linksys WRT54GL v1.1?
     
  13. lancethepants

    lancethepants Network Guru Member

    ND (MIPSR1 - for older WRT series etc) - EXPERIMENTAL, WYSIWYG -> ND-MIPS32R1 Kernel 2.4 (WRT etc ONLY) -> 1.28.7632.3 -> tomato-ND-1.28.7632.3-Toastman-IPT-ND-Std.trx

    That's the latest right now. I imagine you'd be fine with just the standard version.
     
  14. recon1991

    recon1991 Networkin' Nut Member

    When I try to download the selected firmware it prompts me to sign in with a premium account. Am I forced to download all of the files?

    Recon
     
  15. lancethepants

    lancethepants Network Guru Member

    You can download without a premium account. Just select the individual firmware, you'll have to wait 20 seconds or so after hitting the download button.
     
  16. recon1991

    recon1991 Networkin' Nut Member

    Hey guys its been along time. I've had some life issues to deal with and I'm finally back in the loop with work. Just an update on the situation, we hired on a new IT member and he manually changes the wpa key on the days he works which is monday-thursday. Its a working method but not effective enough.

    I finally managed to get the toastman build downloaded and I will flash a test router with it and try to setup the random daily password change on it. Lancethepants, how would I go about making the router randomize a password daily and then use sendmail to send it? I do have a google apps business account that I can send emails through and I have been reading your post on setting up optware. Im clueless on what to do from here.

    Recon
     
  17. recon1991

    recon1991 Networkin' Nut Member

    Another update, I have used the code from another post here on linksysinfo and it seems to set a new password when I use the scheduler. I'm glad it worked. Now I want the router to email the new password when changed. I am updating the firmware to the toastman build and will dabble with the sendmail function.

    Recon
     
  18. recon1991

    recon1991 Networkin' Nut Member

    Sorry about replying so much. I've been trying to figure this email stuff out for the past 3 days and its killing me. I read over this thread like 10+ times to try to grasp what the hell I wanted and what you, the community/experts, were saying. After some long needed research I've come to a conclusion. I'm a real idiot. Not only that, but I do realize that I have been making this a lot harder on myself by creating ridiculous scripts and what not to handle emailing things. I've finally narrowed down what I "THINK" needs to be done.

    1. Forget everything I've done so far
    2. Thank Lancethepants and the community for the hard work they put into this stuff
    3. Figure out how to setup optware on a linksys WRT54GL v1.1 router using the latest 1.28 Tomato firmware
    4. Get Python installed via Optware
    5. Setup scheduler script to change Wifi Key and log the key change in jffs
    6. Create python script that emails to smtp.gmail.com with SSL
    7. Test and deploy
    8. Sleep for a week and check the router

    By now I probably look like a total idiot. I don't know how many times I've said this but I am a real newbie when it comes to this kind of stuff. I'd like to learn alittle more and I feel that I'm getting somewhere

    Recon
     

Share This Page