OpenBSD: Changing 104-bit WEP keys

November 12, 2008
Filed under: BSD

The 104-bit WEP key our home network uses has been in place since the 2nd quarter of this year. Time to change it.

WEP is a pain to implement because after changing the key on the OpenBSD firewall/router/gateway/AP, I have to change it manually on all the stations that use wireless as well. Until I upgrade this network’s security method to either WPA or authpf, that’s going to have to be the routine.

First off, go to a WEP key generator site and get a new pair of Hex and ASCII keys. One that I’d recommend would be WareWolf Labs’ Key Generator site.

Let’s assume you end up with the following 104-bit key pair:
ASCII: mywlanwepkeys (13 characters) HEX: 6d79776c616e7765706b657973
I. On the router:

On the OpenBSD router, edit your /etc/hostname.interface file (on my machine, that would be /etc/hostname.ral0) and integrate your new key. Remember to preface the HEX key with 0x.:
# vi /etc/hostname.ral0
After editing, it looks like this:
## Default: 104-bit WEP up media autoselect mediaopt hostap mode 11g chan 1 nwid eggdropphair \ nwkey 0×6d79776c616e7765706b657973 \ inet 172.16.0.1 255.255.255.0
Restart networking:
# sh /etc/netstart
II. On the stations:

The procedure is the same as what was done on the router. On OpenBSD, you would edit /etc/hostname.interface and change the key. On FreeBSD, it’s /etc/rc.conf you have to change.

OpenBSD (4.3-current)
# vi /etc/hostname.ral0
After editing, mine looks like this:
## Default: 104-bit WEP up media autoselect mode 11g chan 1 nwid eggdropphair nwkey \ mywlanwepkeys \ dhcp NONE NONE NONE
Restart networking:
# sh /etc/netstart # dhclient ral0
FreeBSD (7.0-RELEASE)
# vi /etc/rc.conf
After editing, the relevant line looks like this:
ifconfig_ral0="inet 172.16.0.4 netmask 255.255.255.0 ssid eggdropphair\ wepmode on wepkey mywlanwepkeys weptxkey 1 DHCP"
Restart networking:
# /etc/rc.d/netif start # dhclient ral0
Done.