[Olsr-users] Encryption in ad-hoc network using Openwrt+OLSR

Ben West (spam-protected)
Thu Apr 3 18:02:16 CEST 2014

This is possible in current generations of OpenWRT Attitude Adjustment,
although I'm not completely sure if the pre-compiled v12.09 binaries
support it reliably.  It is called IBSS-RSN.  You would need to include the
package wpad or hostapd + wpa_supplicant.  The wpad_mini package as-is
doesn't include IBSS-RSN support.

Below is an example /etc/config/wireless which I use for adhoc encryption
on a UBNT Nano M2.  To my knowledge, tho, IBSS-RSN is only possibly with
pre-shared keys (i.e. key stored locally on each node's flash), which does
bring up security issues.  I.e. WPA Enterprise-style distribution
encryption management isn't available yet.

config wifi-device  radio0
    option type     mac80211
    option channel  5
    option hwmode   11ng
    option macaddr  DC:XX:XX:XX:XX:XX
    option htmode   HT20
    list ht_capab   SHORT-GI-20
    list ht_capab   SHORT-GI-40
    list ht_capab   TX-STBC
    list ht_capab   RX-STBC1
    list ht_capab   DSSS_CCK-40
    option beacon_int       337
    option disabled 0

config wifi-iface wmesh
    option network 'mesh'
    option mode 'adhoc'
    option device 'radio0'
    option ssid 'MyMesh'
    option bssid '02:CA:FF:EE:BA:BE'
    option encryption 'psk2+aes'
    option key 'areallyreallyreallyreallystrongpassword'

To take advantage of all the entropy available, I'd recommend using a tool
like pwgen to generate a randomized with maximum entropy, and of maximum
length (e.g. 63chars).

802.11s meshing, i.e. layer 2 meshing, will at some point support the
authsae encryption agent, i.e. for distributed encryption management that
does not depend on pre-shared keys.  But, I don't believe it's at a usable
state just yet.

On Thu, Apr 3, 2014 at 8:57 AM, Andrea Mannoni <(spam-protected)>wrote:

> Hi all,
> I'm working for the implementation of an ad-hoc network that works, in
> each repeater, with Openwrt + OLSR.
> I discovered that one critical problem in an ad-hoc network is the
> impossibility to encrypt it.
> Did you find a solution at this problem?
> Thank you for your support.
> --
> --
> Olsr-users mailing list
> (spam-protected)
> https://lists.olsr.org/mailman/listinfo/olsr-users

Ben West
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.olsr.org/pipermail/olsr-users/attachments/20140403/6bc46e14/attachment.html>

More information about the Olsr-users mailing list