[Olsr-users] Encryption in ad-hoc network using Openwrt+OLSR

Ben West (spam-protected)
Fri Apr 4 18:06:18 CEST 2014


Also, to confirm IBSS-RSN encryption is in place, you can look for running
a process named "wpa_supplicant" (even if you're using the wpad package).
Likewise, you should see something like this in
/var/run/wpa_supplicant-wlan0.conf:

ctrl_interface=/var/run/wpa_supplicant-wlan0
ap_scan=2
network={
    mode=1
    scan_ssid=0
    ssid="MyMesh"
    bssid=02:CA:FF:EE:BA:BE
    key_mgmt=WPA-PSK
    proto=RSN
    frequency=2417
    fixed_freq=1
    mcast_rate=6
    psk="areallyreallyreallystrongpassword"
}



On Fri, Apr 4, 2014 at 10:13 AM, Ben West <(spam-protected)> wrote:

> Ah ha!  Some surprises from the OpenWRT folks!
>
> Apologies for not fully testing the parameter set I gave.  That was
> actually what I'm migrating all nodes towards that I manage, to drop
> older/outdated encryption standards.  Yes, it looks like
> "encryption=psk2+aes" does *not* work for adhoc mode, failing silently,
> even though it works just fine for ap/sta mode.
>
> "encryption=psk2" works for me on OpenWRT AA r39928 using the wpad
> package, which I verified (at least superficially) by running iwlist on an
> adjacent node.
>
>
>
> On Fri, Apr 4, 2014 at 5:18 AM, Henning Rogge <(spam-protected)> wrote:
>
>> Hi,
>>
>> are you sure about this parameter set?
>>
>> I tested it between two Ubiquiti M Bullets (ath9k driver) on a up to
>> date OpenWRT AA with installed wpad.
>>
>> I didn't got any error, everything worked. But then I noticed that
>> there is no wpad process running. So I changed the password on one of
>> the two nodes and rebooted it... and they still can talk to each
>> other. I assume that the network still runs "open".
>>
>> Any tips what I could do?
>>
>> Henning
>>
>> On Thu, Apr 3, 2014 at 6:02 PM, Ben West <(spam-protected)> wrote:
>> > This is possible in current generations of OpenWRT Attitude Adjustment,
>> > although I'm not completely sure if the pre-compiled v12.09 binaries
>> support
>> > it reliably.  It is called IBSS-RSN.  You would need to include the
>> package
>> > wpad or hostapd + wpa_supplicant.  The wpad_mini package as-is doesn't
>> > include IBSS-RSN support.
>> >
>> > Below is an example /etc/config/wireless which I use for adhoc
>> encryption on
>> > a UBNT Nano M2.  To my knowledge, tho, IBSS-RSN is only possibly with
>> > pre-shared keys (i.e. key stored locally on each node's flash), which
>> does
>> > bring up security issues.  I.e. WPA Enterprise-style distribution
>> encryption
>> > management isn't available yet.
>> >
>> > config wifi-device  radio0
>> >     option type     mac80211
>> >     option channel  5
>> >     option hwmode   11ng
>> >     option macaddr  DC:XX:XX:XX:XX:XX
>> >     option htmode   HT20
>> >     list ht_capab   SHORT-GI-20
>> >     list ht_capab   SHORT-GI-40
>> >     list ht_capab   TX-STBC
>> >     list ht_capab   RX-STBC1
>> >     list ht_capab   DSSS_CCK-40
>> >     option beacon_int       337
>> >     # REMOVE THIS LINE TO ENABLE WIFI:
>> >     option disabled 0
>> >
>> > config wifi-iface wmesh
>> >     option network 'mesh'
>> >     option mode 'adhoc'
>> >     option device 'radio0'
>> >     option ssid 'MyMesh'
>> >     option bssid '02:CA:FF:EE:BA:BE'
>> >     option encryption 'psk2+aes'
>> >     option key 'areallyreallyreallyreallystrongpassword'
>> >
>> > To take advantage of all the entropy available, I'd recommend using a
>> tool
>> > like pwgen to generate a randomized with maximum entropy, and of maximum
>> > length (e.g. 63chars).
>> >
>> > 802.11s meshing, i.e. layer 2 meshing, will at some point support the
>> > authsae encryption agent, i.e. for distributed encryption management
>> that
>> > does not depend on pre-shared keys.  But, I don't believe it's at a
>> usable
>> > state just yet.
>> >
>> >
>> >
>> >
>> > On Thu, Apr 3, 2014 at 8:57 AM, Andrea Mannoni <(spam-protected)
>> >
>> > wrote:
>> >>
>> >> Hi all,
>> >>
>> >> I'm working for the implementation of an ad-hoc network that works, in
>> >> each repeater, with Openwrt + OLSR.
>> >>
>> >> I discovered that one critical problem in an ad-hoc network is the
>> >> impossibility to encrypt it.
>> >>
>> >> Did you find a solution at this problem?
>> >>
>> >> Thank you for your support.
>> >>
>> >> --
>> >>
>> >>
>> >> --
>> >> Olsr-users mailing list
>> >> (spam-protected)
>> >> https://lists.olsr.org/mailman/listinfo/olsr-users
>> >
>> >
>> >
>> >
>> > --
>> > Ben West
>> > (spam-protected)
>> >
>> > --
>> > Olsr-users mailing list
>> > (spam-protected)
>> > https://lists.olsr.org/mailman/listinfo/olsr-users
>>
>
>
>
> --
> Ben West
> http://gowasabi.net
> (spam-protected)
> 314-246-9434
>



-- 
Ben West
http://gowasabi.net
(spam-protected)
314-246-9434
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.olsr.org/pipermail/olsr-users/attachments/20140404/670d5d72/attachment.html>


More information about the Olsr-users mailing list