[Olsr-users] Encryption in ad-hoc network using Openwrt+OLSR
Henning Rogge
(spam-protected)
Mon Apr 7 08:36:36 CEST 2014
Hi,
things getting even more strange... WPA2 WORKS if I remove the wlan
interface from the openvswitch bridge...
connection over the bridge does also work without wpa2... but not with both.
very strange...
Henning Rogge
On Sat, Apr 5, 2014 at 7:26 AM, Henning Rogge <(spam-protected)> wrote:
> Hi,
>
> found out the "psk2" vs "psk2+aes" problem myself, after looking
> through OpenWRT scripts for a few hours... something in /lib/wifi/...
> just looks for the "psk2" string, without any wildcards. So now it
> seems encryption is active, but I have no connectivity at all
> anymore... but that is a step forward.
>
> Will continue to look into this matter on Monday. Thanks for your help.
>
> Henning
>
> On Fri, Apr 4, 2014 at 5:13 PM, Ben West <(spam-protected)> wrote:
>> Ah ha! Some surprises from the OpenWRT folks!
>>
>> Apologies for not fully testing the parameter set I gave. That was actually
>> what I'm migrating all nodes towards that I manage, to drop older/outdated
>> encryption standards. Yes, it looks like "encryption=psk2+aes" does not
>> work for adhoc mode, failing silently, even though it works just fine for
>> ap/sta mode.
>>
>> "encryption=psk2" works for me on OpenWRT AA r39928 using the wpad package,
>> which I verified (at least superficially) by running iwlist on an adjacent
>> node.
>>
>>
>>
>> On Fri, Apr 4, 2014 at 5:18 AM, Henning Rogge <(spam-protected)> wrote:
>>>
>>> Hi,
>>>
>>> are you sure about this parameter set?
>>>
>>> I tested it between two Ubiquiti M Bullets (ath9k driver) on a up to
>>> date OpenWRT AA with installed wpad.
>>>
>>> I didn't got any error, everything worked. But then I noticed that
>>> there is no wpad process running. So I changed the password on one of
>>> the two nodes and rebooted it... and they still can talk to each
>>> other. I assume that the network still runs "open".
>>>
>>> Any tips what I could do?
>>>
>>> Henning
>>>
>>> On Thu, Apr 3, 2014 at 6:02 PM, Ben West <(spam-protected)> wrote:
>>> > This is possible in current generations of OpenWRT Attitude Adjustment,
>>> > although I'm not completely sure if the pre-compiled v12.09 binaries
>>> > support
>>> > it reliably. It is called IBSS-RSN. You would need to include the
>>> > package
>>> > wpad or hostapd + wpa_supplicant. The wpad_mini package as-is doesn't
>>> > include IBSS-RSN support.
>>> >
>>> > Below is an example /etc/config/wireless which I use for adhoc
>>> > encryption on
>>> > a UBNT Nano M2. To my knowledge, tho, IBSS-RSN is only possibly with
>>> > pre-shared keys (i.e. key stored locally on each node's flash), which
>>> > does
>>> > bring up security issues. I.e. WPA Enterprise-style distribution
>>> > encryption
>>> > management isn't available yet.
>>> >
>>> > config wifi-device radio0
>>> > option type mac80211
>>> > option channel 5
>>> > option hwmode 11ng
>>> > option macaddr DC:XX:XX:XX:XX:XX
>>> > option htmode HT20
>>> > list ht_capab SHORT-GI-20
>>> > list ht_capab SHORT-GI-40
>>> > list ht_capab TX-STBC
>>> > list ht_capab RX-STBC1
>>> > list ht_capab DSSS_CCK-40
>>> > option beacon_int 337
>>> > # REMOVE THIS LINE TO ENABLE WIFI:
>>> > option disabled 0
>>> >
>>> > config wifi-iface wmesh
>>> > option network 'mesh'
>>> > option mode 'adhoc'
>>> > option device 'radio0'
>>> > option ssid 'MyMesh'
>>> > option bssid '02:CA:FF:EE:BA:BE'
>>> > option encryption 'psk2+aes'
>>> > option key 'areallyreallyreallyreallystrongpassword'
>>> >
>>> > To take advantage of all the entropy available, I'd recommend using a
>>> > tool
>>> > like pwgen to generate a randomized with maximum entropy, and of maximum
>>> > length (e.g. 63chars).
>>> >
>>> > 802.11s meshing, i.e. layer 2 meshing, will at some point support the
>>> > authsae encryption agent, i.e. for distributed encryption management
>>> > that
>>> > does not depend on pre-shared keys. But, I don't believe it's at a
>>> > usable
>>> > state just yet.
>>> >
>>> >
>>> >
>>> >
>>> > On Thu, Apr 3, 2014 at 8:57 AM, Andrea Mannoni <(spam-protected)>
>>> > wrote:
>>> >>
>>> >> Hi all,
>>> >>
>>> >> I'm working for the implementation of an ad-hoc network that works, in
>>> >> each repeater, with Openwrt + OLSR.
>>> >>
>>> >> I discovered that one critical problem in an ad-hoc network is the
>>> >> impossibility to encrypt it.
>>> >>
>>> >> Did you find a solution at this problem?
>>> >>
>>> >> Thank you for your support.
>>> >>
>>> >> --
>>> >>
>>> >>
>>> >> --
>>> >> Olsr-users mailing list
>>> >> (spam-protected)
>>> >> https://lists.olsr.org/mailman/listinfo/olsr-users
>>> >
>>> >
>>> >
>>> >
>>> > --
>>> > Ben West
>>> > (spam-protected)
>>> >
>>> > --
>>> > Olsr-users mailing list
>>> > (spam-protected)
>>> > https://lists.olsr.org/mailman/listinfo/olsr-users
>>
>>
>>
>>
>> --
>> Ben West
>> http://gowasabi.net
>> (spam-protected)
>> 314-246-9434
More information about the Olsr-users
mailing list