[Olsr-users] Encryption in ad-hoc network using Openwrt+OLSR
Ben West
(spam-protected)
Fri Apr 4 17:13:13 CEST 2014
Ah ha! Some surprises from the OpenWRT folks!
Apologies for not fully testing the parameter set I gave. That was
actually what I'm migrating all nodes towards that I manage, to drop
older/outdated encryption standards. Yes, it looks like
"encryption=psk2+aes" does *not* work for adhoc mode, failing silently,
even though it works just fine for ap/sta mode.
"encryption=psk2" works for me on OpenWRT AA r39928 using the wpad package,
which I verified (at least superficially) by running iwlist on an adjacent
node.
On Fri, Apr 4, 2014 at 5:18 AM, Henning Rogge <(spam-protected)> wrote:
> Hi,
>
> are you sure about this parameter set?
>
> I tested it between two Ubiquiti M Bullets (ath9k driver) on a up to
> date OpenWRT AA with installed wpad.
>
> I didn't got any error, everything worked. But then I noticed that
> there is no wpad process running. So I changed the password on one of
> the two nodes and rebooted it... and they still can talk to each
> other. I assume that the network still runs "open".
>
> Any tips what I could do?
>
> Henning
>
> On Thu, Apr 3, 2014 at 6:02 PM, Ben West <(spam-protected)> wrote:
> > This is possible in current generations of OpenWRT Attitude Adjustment,
> > although I'm not completely sure if the pre-compiled v12.09 binaries
> support
> > it reliably. It is called IBSS-RSN. You would need to include the
> package
> > wpad or hostapd + wpa_supplicant. The wpad_mini package as-is doesn't
> > include IBSS-RSN support.
> >
> > Below is an example /etc/config/wireless which I use for adhoc
> encryption on
> > a UBNT Nano M2. To my knowledge, tho, IBSS-RSN is only possibly with
> > pre-shared keys (i.e. key stored locally on each node's flash), which
> does
> > bring up security issues. I.e. WPA Enterprise-style distribution
> encryption
> > management isn't available yet.
> >
> > config wifi-device radio0
> > option type mac80211
> > option channel 5
> > option hwmode 11ng
> > option macaddr DC:XX:XX:XX:XX:XX
> > option htmode HT20
> > list ht_capab SHORT-GI-20
> > list ht_capab SHORT-GI-40
> > list ht_capab TX-STBC
> > list ht_capab RX-STBC1
> > list ht_capab DSSS_CCK-40
> > option beacon_int 337
> > # REMOVE THIS LINE TO ENABLE WIFI:
> > option disabled 0
> >
> > config wifi-iface wmesh
> > option network 'mesh'
> > option mode 'adhoc'
> > option device 'radio0'
> > option ssid 'MyMesh'
> > option bssid '02:CA:FF:EE:BA:BE'
> > option encryption 'psk2+aes'
> > option key 'areallyreallyreallyreallystrongpassword'
> >
> > To take advantage of all the entropy available, I'd recommend using a
> tool
> > like pwgen to generate a randomized with maximum entropy, and of maximum
> > length (e.g. 63chars).
> >
> > 802.11s meshing, i.e. layer 2 meshing, will at some point support the
> > authsae encryption agent, i.e. for distributed encryption management that
> > does not depend on pre-shared keys. But, I don't believe it's at a
> usable
> > state just yet.
> >
> >
> >
> >
> > On Thu, Apr 3, 2014 at 8:57 AM, Andrea Mannoni <(spam-protected)>
> > wrote:
> >>
> >> Hi all,
> >>
> >> I'm working for the implementation of an ad-hoc network that works, in
> >> each repeater, with Openwrt + OLSR.
> >>
> >> I discovered that one critical problem in an ad-hoc network is the
> >> impossibility to encrypt it.
> >>
> >> Did you find a solution at this problem?
> >>
> >> Thank you for your support.
> >>
> >> --
> >>
> >>
> >> --
> >> Olsr-users mailing list
> >> (spam-protected)
> >> https://lists.olsr.org/mailman/listinfo/olsr-users
> >
> >
> >
> >
> > --
> > Ben West
> > (spam-protected)
> >
> > --
> > Olsr-users mailing list
> > (spam-protected)
> > https://lists.olsr.org/mailman/listinfo/olsr-users
>
--
Ben West
http://gowasabi.net
(spam-protected)
314-246-9434
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.olsr.org/pipermail/olsr-users/attachments/20140404/fcf9d41b/attachment.html>
More information about the Olsr-users
mailing list