<div dir="ltr">Also, to confirm IBSS-RSN encryption is in place, you can look for running a process named "wpa_supplicant" (even if you're using the wpad package). Likewise, you should see something like this in /var/run/wpa_supplicant-wlan0.conf:<br>
<br>ctrl_interface=/var/run/wpa_supplicant-wlan0<br>ap_scan=2<br>network={<br> mode=1<br> scan_ssid=0<br> ssid="MyMesh"<br> bssid=02:CA:FF:EE:BA:BE<br> key_mgmt=WPA-PSK<br> proto=RSN<br> frequency=2417<br>
fixed_freq=1<br> mcast_rate=6<br> psk="areallyreallyreallystrongpassword"<br>}<br><br></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Fri, Apr 4, 2014 at 10:13 AM, Ben West <span dir="ltr"><<a href="mailto:ben@gowasabi.net" target="_blank">ben@gowasabi.net</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Ah ha! Some surprises from the OpenWRT folks!<br><br></div>Apologies for not fully testing the parameter set I gave. That was actually what I'm migrating all nodes towards that I manage, to drop older/outdated encryption standards. Yes, it looks like "encryption=psk2+aes" does <i>not</i> work for adhoc mode, failing silently, even though it works just fine for ap/sta mode.<br>
<br>"encryption=psk2" works for me on OpenWRT AA r39928 using the wpad package, which I verified (at least superficially) by running iwlist on an adjacent node.<br><br></div><div class="gmail_extra"><div><div class="h5">
<br><br><div class="gmail_quote">
On Fri, Apr 4, 2014 at 5:18 AM, Henning Rogge <span dir="ltr"><<a href="mailto:hrogge@gmail.com" target="_blank">hrogge@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi,<br>
<br>
are you sure about this parameter set?<br>
<br>
I tested it between two Ubiquiti M Bullets (ath9k driver) on a up to<br>
date OpenWRT AA with installed wpad.<br>
<br>
I didn't got any error, everything worked. But then I noticed that<br>
there is no wpad process running. So I changed the password on one of<br>
the two nodes and rebooted it... and they still can talk to each<br>
other. I assume that the network still runs "open".<br>
<br>
Any tips what I could do?<br>
<span><font color="#888888"><br>
Henning<br>
</font></span><div><br>
On Thu, Apr 3, 2014 at 6:02 PM, Ben West <<a href="mailto:me@benwest.name" target="_blank">me@benwest.name</a>> wrote:<br>
</div><div><div>> This is possible in current generations of OpenWRT Attitude Adjustment,<br>
> although I'm not completely sure if the pre-compiled v12.09 binaries support<br>
> it reliably. It is called IBSS-RSN. You would need to include the package<br>
> wpad or hostapd + wpa_supplicant. The wpad_mini package as-is doesn't<br>
> include IBSS-RSN support.<br>
><br>
> Below is an example /etc/config/wireless which I use for adhoc encryption on<br>
> a UBNT Nano M2. To my knowledge, tho, IBSS-RSN is only possibly with<br>
> pre-shared keys (i.e. key stored locally on each node's flash), which does<br>
> bring up security issues. I.e. WPA Enterprise-style distribution encryption<br>
> management isn't available yet.<br>
><br>
> config wifi-device radio0<br>
> option type mac80211<br>
> option channel 5<br>
> option hwmode 11ng<br>
> option macaddr DC:XX:XX:XX:XX:XX<br>
> option htmode HT20<br>
> list ht_capab SHORT-GI-20<br>
> list ht_capab SHORT-GI-40<br>
> list ht_capab TX-STBC<br>
> list ht_capab RX-STBC1<br>
> list ht_capab DSSS_CCK-40<br>
> option beacon_int 337<br>
> # REMOVE THIS LINE TO ENABLE WIFI:<br>
> option disabled 0<br>
><br>
> config wifi-iface wmesh<br>
> option network 'mesh'<br>
> option mode 'adhoc'<br>
> option device 'radio0'<br>
> option ssid 'MyMesh'<br>
> option bssid '02:CA:FF:EE:BA:BE'<br>
> option encryption 'psk2+aes'<br>
> option key 'areallyreallyreallyreallystrongpassword'<br>
><br>
> To take advantage of all the entropy available, I'd recommend using a tool<br>
> like pwgen to generate a randomized with maximum entropy, and of maximum<br>
> length (e.g. 63chars).<br>
><br>
> 802.11s meshing, i.e. layer 2 meshing, will at some point support the<br>
> authsae encryption agent, i.e. for distributed encryption management that<br>
> does not depend on pre-shared keys. But, I don't believe it's at a usable<br>
> state just yet.<br>
><br>
><br>
><br>
><br>
> On Thu, Apr 3, 2014 at 8:57 AM, Andrea Mannoni <<a href="mailto:andrea.mannoni@email.it" target="_blank">andrea.mannoni@email.it</a>><br>
> wrote:<br>
>><br>
>> Hi all,<br>
>><br>
>> I'm working for the implementation of an ad-hoc network that works, in<br>
>> each repeater, with Openwrt + OLSR.<br>
>><br>
>> I discovered that one critical problem in an ad-hoc network is the<br>
>> impossibility to encrypt it.<br>
>><br>
>> Did you find a solution at this problem?<br>
>><br>
>> Thank you for your support.<br>
>><br>
>> --<br>
>><br>
>><br>
>> --<br>
>> Olsr-users mailing list<br>
>> <a href="mailto:Olsr-users@lists.olsr.org" target="_blank">Olsr-users@lists.olsr.org</a><br>
>> <a href="https://lists.olsr.org/mailman/listinfo/olsr-users" target="_blank">https://lists.olsr.org/mailman/listinfo/olsr-users</a><br>
><br>
><br>
><br>
><br>
> --<br>
> Ben West<br>
> <a href="mailto:me@benwest.name" target="_blank">me@benwest.name</a><br>
><br>
> --<br>
> Olsr-users mailing list<br>
> <a href="mailto:Olsr-users@lists.olsr.org" target="_blank">Olsr-users@lists.olsr.org</a><br>
> <a href="https://lists.olsr.org/mailman/listinfo/olsr-users" target="_blank">https://lists.olsr.org/mailman/listinfo/olsr-users</a><br>
</div></div></blockquote></div><br><br clear="all"><br></div></div><div class="">-- <br>Ben West<div><a href="http://gowasabi.net" target="_blank">http://gowasabi.net</a><br><a href="mailto:ben@gowasabi.net" target="_blank">ben@gowasabi.net</a><br>
<a href="tel:314-246-9434" value="+13142469434" target="_blank">314-246-9434</a><br></div>
</div></div>
</blockquote></div><br><br clear="all"><br>-- <br>Ben West<div><a href="http://gowasabi.net" target="_blank">http://gowasabi.net</a><br><a href="mailto:ben@gowasabi.net" target="_blank">ben@gowasabi.net</a><br>314-246-9434<br>
</div>
</div>