[Olsr-users] Encryption in ad-hoc network using Openwrt+OLSR

Henning Rogge (spam-protected)
Fri Apr 4 12:18:56 CEST 2014


are you sure about this parameter set?

I tested it between two Ubiquiti M Bullets (ath9k driver) on a up to
date OpenWRT AA with installed wpad.

I didn't got any error, everything worked. But then I noticed that
there is no wpad process running. So I changed the password on one of
the two nodes and rebooted it... and they still can talk to each
other. I assume that the network still runs "open".

Any tips what I could do?


On Thu, Apr 3, 2014 at 6:02 PM, Ben West <(spam-protected)> wrote:
> This is possible in current generations of OpenWRT Attitude Adjustment,
> although I'm not completely sure if the pre-compiled v12.09 binaries support
> it reliably.  It is called IBSS-RSN.  You would need to include the package
> wpad or hostapd + wpa_supplicant.  The wpad_mini package as-is doesn't
> include IBSS-RSN support.
> Below is an example /etc/config/wireless which I use for adhoc encryption on
> a UBNT Nano M2.  To my knowledge, tho, IBSS-RSN is only possibly with
> pre-shared keys (i.e. key stored locally on each node's flash), which does
> bring up security issues.  I.e. WPA Enterprise-style distribution encryption
> management isn't available yet.
> config wifi-device  radio0
>     option type     mac80211
>     option channel  5
>     option hwmode   11ng
>     option macaddr  DC:XX:XX:XX:XX:XX
>     option htmode   HT20
>     list ht_capab   SHORT-GI-20
>     list ht_capab   SHORT-GI-40
>     list ht_capab   TX-STBC
>     list ht_capab   RX-STBC1
>     list ht_capab   DSSS_CCK-40
>     option beacon_int       337
>     option disabled 0
> config wifi-iface wmesh
>     option network 'mesh'
>     option mode 'adhoc'
>     option device 'radio0'
>     option ssid 'MyMesh'
>     option bssid '02:CA:FF:EE:BA:BE'
>     option encryption 'psk2+aes'
>     option key 'areallyreallyreallyreallystrongpassword'
> To take advantage of all the entropy available, I'd recommend using a tool
> like pwgen to generate a randomized with maximum entropy, and of maximum
> length (e.g. 63chars).
> 802.11s meshing, i.e. layer 2 meshing, will at some point support the
> authsae encryption agent, i.e. for distributed encryption management that
> does not depend on pre-shared keys.  But, I don't believe it's at a usable
> state just yet.
> On Thu, Apr 3, 2014 at 8:57 AM, Andrea Mannoni <(spam-protected)>
> wrote:
>> Hi all,
>> I'm working for the implementation of an ad-hoc network that works, in
>> each repeater, with Openwrt + OLSR.
>> I discovered that one critical problem in an ad-hoc network is the
>> impossibility to encrypt it.
>> Did you find a solution at this problem?
>> Thank you for your support.
>> --
>> --
>> Olsr-users mailing list
>> (spam-protected)
>> https://lists.olsr.org/mailman/listinfo/olsr-users
> --
> Ben West
> (spam-protected)
> --
> Olsr-users mailing list
> (spam-protected)
> https://lists.olsr.org/mailman/listinfo/olsr-users

More information about the Olsr-users mailing list