[Olsr-users] Encryption in ad-hoc network using Openwrt+OLSR

Henning Rogge (spam-protected)
Sat Apr 5 07:26:23 CEST 2014 

Hi,

found out the "psk2" vs "psk2+aes" problem myself, after looking
through OpenWRT scripts for a few hours... something in /lib/wifi/...
just looks for the "psk2" string, without any wildcards. So now it
seems encryption is active, but I have no connectivity at all
anymore... but that is a step forward.

Will continue to look into this matter on Monday. Thanks for your help.

Henning

On Fri, Apr 4, 2014 at 5:13 PM, Ben West <(spam-protected)> wrote:
> Ah ha!  Some surprises from the OpenWRT folks!
>
> Apologies for not fully testing the parameter set I gave.  That was actually
> what I'm migrating all nodes towards that I manage, to drop older/outdated
> encryption standards.  Yes, it looks like "encryption=psk2+aes" does not
> work for adhoc mode, failing silently, even though it works just fine for
> ap/sta mode.
>
> "encryption=psk2" works for me on OpenWRT AA r39928 using the wpad package,
> which I verified (at least superficially) by running iwlist on an adjacent
> node.
>
>
>
> On Fri, Apr 4, 2014 at 5:18 AM, Henning Rogge <(spam-protected)> wrote:
>>
>> Hi,
>>
>> are you sure about this parameter set?
>>
>> I tested it between two Ubiquiti M Bullets (ath9k driver) on a up to
>> date OpenWRT AA with installed wpad.
>>
>> I didn't got any error, everything worked. But then I noticed that
>> there is no wpad process running. So I changed the password on one of
>> the two nodes and rebooted it... and they still can talk to each
>> other. I assume that the network still runs "open".
>>
>> Any tips what I could do?
>>
>> Henning
>>
>> On Thu, Apr 3, 2014 at 6:02 PM, Ben West <(spam-protected)> wrote:
>> > This is possible in current generations of OpenWRT Attitude Adjustment,
>> > although I'm not completely sure if the pre-compiled v12.09 binaries
>> > support
>> > it reliably.  It is called IBSS-RSN.  You would need to include the
>> > package
>> > wpad or hostapd + wpa_supplicant.  The wpad_mini package as-is doesn't
>> > include IBSS-RSN support.
>> >
>> > Below is an example /etc/config/wireless which I use for adhoc
>> > encryption on
>> > a UBNT Nano M2.  To my knowledge, tho, IBSS-RSN is only possibly with
>> > pre-shared keys (i.e. key stored locally on each node's flash), which
>> > does
>> > bring up security issues.  I.e. WPA Enterprise-style distribution
>> > encryption
>> > management isn't available yet.
>> >
>> > config wifi-device  radio0
>> >     option type     mac80211
>> >     option channel  5
>> >     option hwmode   11ng
>> >     option macaddr  DC:XX:XX:XX:XX:XX
>> >     option htmode   HT20
>> >     list ht_capab   SHORT-GI-20
>> >     list ht_capab   SHORT-GI-40
>> >     list ht_capab   TX-STBC
>> >     list ht_capab   RX-STBC1
>> >     list ht_capab   DSSS_CCK-40
>> >     option beacon_int       337
>> >     # REMOVE THIS LINE TO ENABLE WIFI:
>> >     option disabled 0
>> >
>> > config wifi-iface wmesh
>> >     option network 'mesh'
>> >     option mode 'adhoc'
>> >     option device 'radio0'
>> >     option ssid 'MyMesh'
>> >     option bssid '02:CA:FF:EE:BA:BE'
>> >     option encryption 'psk2+aes'
>> >     option key 'areallyreallyreallyreallystrongpassword'
>> >
>> > To take advantage of all the entropy available, I'd recommend using a
>> > tool
>> > like pwgen to generate a randomized with maximum entropy, and of maximum
>> > length (e.g. 63chars).
>> >
>> > 802.11s meshing, i.e. layer 2 meshing, will at some point support the
>> > authsae encryption agent, i.e. for distributed encryption management
>> > that
>> > does not depend on pre-shared keys.  But, I don't believe it's at a
>> > usable
>> > state just yet.
>> >
>> >
>> >
>> >
>> > On Thu, Apr 3, 2014 at 8:57 AM, Andrea Mannoni <(spam-protected)>
>> > wrote:
>> >>
>> >> Hi all,
>> >>
>> >> I'm working for the implementation of an ad-hoc network that works, in
>> >> each repeater, with Openwrt + OLSR.
>> >>
>> >> I discovered that one critical problem in an ad-hoc network is the
>> >> impossibility to encrypt it.
>> >>
>> >> Did you find a solution at this problem?
>> >>
>> >> Thank you for your support.
>> >>
>> >> --
>> >>
>> >>
>> >> --
>> >> Olsr-users mailing list
>> >> (spam-protected)
>> >> https://lists.olsr.org/mailman/listinfo/olsr-users
>> >
>> >
>> >
>> >
>> > --
>> > Ben West
>> > (spam-protected)
>> >
>> > --
>> > Olsr-users mailing list
>> > (spam-protected)
>> > https://lists.olsr.org/mailman/listinfo/olsr-users
>
>
>
>
> --
> Ben West
> http://gowasabi.net
> (spam-protected)
> 314-246-9434

More information about the Olsr-users mailing list