[Olsr-users] High-level questions about encryption on OLSR ad-hoc mesh

Ben West (spam-protected)
Wed Apr 13 03:32:29 CEST 2011


Hi Saverio,

Thanks for the references to tinc.

Going on the assumption that one still wouldn't want to run tinc on access
point itself (whose CPUs run at 180MHz or 400MHz), and that the end-user
wouldn't run tinc on their desktop, do you have experience running tinc on a
dedicated box at the mesh's edge, with the other end of the tinc tunnel
terminating at whatever box manages your mesh's wired uplink(s)?

For example, a scenario I see: a subscriber to my 5GHz adhoc mesh wants to
use a credit card reader, which has a 10baseT port. Although my mesh's
routing plane is somewhat secured using olsr_secure plugin, the actual
traffic is not encrypted due to lack of WEP/WPA/etc, and the reader would
furthermore be sending card numbers (possibly in plaintext!) over that link.

My mesh's wired uplink is managed by a Mikrotik board, 400MHz CPU / 64MB
RAM, running OpenWRT for QoS, but no radio or OLSR.  Assuming this board has
adequate CPU/RAM bandwidth spare to terminate one (or preferably several)
tinc tunnels thru the mesh, could I secure the reader's link with a ~50$US
box with 32MB RAM running OpenWRT+tinc, sitting between the reader's LAN
port and its mesh access point?

That is, something like this:
http://www.bizsyscon.com/product/MIKROTIK__+RB450__5038.html

Or even a WRT54GL running OpenWRT under 16MB RAM and 180MHz CPU?

Are there effective minimum hardware requirements for tinc?  The credit card
traffic in this example would be very small (e.g. <100kbs), but it would be
latency sensitive.

On Tue, Apr 5, 2011 at 2:49 AM, ZioPRoTo (Saverio Proto) <(spam-protected)
> wrote:

> > limited encryption is supported for adhoc/mesh modes, I'm curious if
> anyone
> > on the list has good experience using OpenVPN with OpenWRT meshes?  I'm
>
> we do not use tunnels on the mesh itself, however to convey traffic
> from the edge of the mesh towards our central server where the NAT to
> the actual Internet is done, we use tinc-vpn
>
> we like much more tinc than openvpn on embedded devices
>
> http://tinc-vpn.org/
> http://wiki.ninux.org/TincVPN
>
> regards
>
> Saverio
>



-- 
Ben West
(spam-protected)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.olsr.org/pipermail/olsr-users/attachments/20110412/a9b636e4/attachment.html>


More information about the Olsr-users mailing list