[Olsr-users] Encryption in ad-hoc network using Openwrt+OLSR

Henning Rogge (spam-protected)
Mon Apr 7 08:36:36 CEST 2014 

Hi,

things getting even more strange... WPA2 WORKS if I remove the wlan
interface from the openvswitch bridge...

connection over the bridge does also work without wpa2... but not with both.

very strange...

Henning Rogge

On Sat, Apr 5, 2014 at 7:26 AM, Henning Rogge <(spam-protected)> wrote:
> Hi,
>
> found out the "psk2" vs "psk2+aes" problem myself, after looking
> through OpenWRT scripts for a few hours... something in /lib/wifi/...
> just looks for the "psk2" string, without any wildcards. So now it
> seems encryption is active, but I have no connectivity at all
> anymore... but that is a step forward.
>
> Will continue to look into this matter on Monday. Thanks for your help.
>
> Henning
>
> On Fri, Apr 4, 2014 at 5:13 PM, Ben West <(spam-protected)> wrote:
>> Ah ha!  Some surprises from the OpenWRT folks!
>>
>> Apologies for not fully testing the parameter set I gave.  That was actually
>> what I'm migrating all nodes towards that I manage, to drop older/outdated
>> encryption standards.  Yes, it looks like "encryption=psk2+aes" does not
>> work for adhoc mode, failing silently, even though it works just fine for
>> ap/sta mode.
>>
>> "encryption=psk2" works for me on OpenWRT AA r39928 using the wpad package,
>> which I verified (at least superficially) by running iwlist on an adjacent
>> node.
>>
>>
>>
>> On Fri, Apr 4, 2014 at 5:18 AM, Henning Rogge <(spam-protected)> wrote:
>>>
>>> Hi,
>>>
>>> are you sure about this parameter set?
>>>
>>> I tested it between two Ubiquiti M Bullets (ath9k driver) on a up to
>>> date OpenWRT AA with installed wpad.
>>>
>>> I didn't got any error, everything worked. But then I noticed that
>>> there is no wpad process running. So I changed the password on one of
>>> the two nodes and rebooted it... and they still can talk to each
>>> other. I assume that the network still runs "open".
>>>
>>> Any tips what I could do?
>>>
>>> Henning
>>>
>>> On Thu, Apr 3, 2014 at 6:02 PM, Ben West <(spam-protected)> wrote:
>>> > This is possible in current generations of OpenWRT Attitude Adjustment,
>>> > although I'm not completely sure if the pre-compiled v12.09 binaries
>>> > support
>>> > it reliably.  It is called IBSS-RSN.  You would need to include the
>>> > package
>>> > wpad or hostapd + wpa_supplicant.  The wpad_mini package as-is doesn't
>>> > include IBSS-RSN support.
>>> >
>>> > Below is an example /etc/config/wireless which I use for adhoc
>>> > encryption on
>>> > a UBNT Nano M2.  To my knowledge, tho, IBSS-RSN is only possibly with
>>> > pre-shared keys (i.e. key stored locally on each node's flash), which
>>> > does
>>> > bring up security issues.  I.e. WPA Enterprise-style distribution
>>> > encryption
>>> > management isn't available yet.
>>> >
>>> > config wifi-device  radio0
>>> >     option type     mac80211
>>> >     option channel  5
>>> >     option hwmode   11ng
>>> >     option macaddr  DC:XX:XX:XX:XX:XX
>>> >     option htmode   HT20
>>> >     list ht_capab   SHORT-GI-20
>>> >     list ht_capab   SHORT-GI-40
>>> >     list ht_capab   TX-STBC
>>> >     list ht_capab   RX-STBC1
>>> >     list ht_capab   DSSS_CCK-40
>>> >     option beacon_int       337
>>> >     # REMOVE THIS LINE TO ENABLE WIFI:
>>> >     option disabled 0
>>> >
>>> > config wifi-iface wmesh
>>> >     option network 'mesh'
>>> >     option mode 'adhoc'
>>> >     option device 'radio0'
>>> >     option ssid 'MyMesh'
>>> >     option bssid '02:CA:FF:EE:BA:BE'
>>> >     option encryption 'psk2+aes'
>>> >     option key 'areallyreallyreallyreallystrongpassword'
>>> >
>>> > To take advantage of all the entropy available, I'd recommend using a
>>> > tool
>>> > like pwgen to generate a randomized with maximum entropy, and of maximum
>>> > length (e.g. 63chars).
>>> >
>>> > 802.11s meshing, i.e. layer 2 meshing, will at some point support the
>>> > authsae encryption agent, i.e. for distributed encryption management
>>> > that
>>> > does not depend on pre-shared keys.  But, I don't believe it's at a
>>> > usable
>>> > state just yet.
>>> >
>>> >
>>> >
>>> >
>>> > On Thu, Apr 3, 2014 at 8:57 AM, Andrea Mannoni <(spam-protected)>
>>> > wrote:
>>> >>
>>> >> Hi all,
>>> >>
>>> >> I'm working for the implementation of an ad-hoc network that works, in
>>> >> each repeater, with Openwrt + OLSR.
>>> >>
>>> >> I discovered that one critical problem in an ad-hoc network is the
>>> >> impossibility to encrypt it.
>>> >>
>>> >> Did you find a solution at this problem?
>>> >>
>>> >> Thank you for your support.
>>> >>
>>> >> --
>>> >>
>>> >>
>>> >> --
>>> >> Olsr-users mailing list
>>> >> (spam-protected)
>>> >> https://lists.olsr.org/mailman/listinfo/olsr-users
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> > Ben West
>>> > (spam-protected)
>>> >
>>> > --
>>> > Olsr-users mailing list
>>> > (spam-protected)
>>> > https://lists.olsr.org/mailman/listinfo/olsr-users
>>
>>
>>
>>
>> --
>> Ben West
>> http://gowasabi.net
>> (spam-protected)
>> 314-246-9434

More information about the Olsr-users mailing list