[Olsr-users] Encryption in ad-hoc network using Openwrt+OLSR
Ben West
(spam-protected)
Mon Apr 7 17:58:57 CEST 2014
Hi Andrea,
If you can ping all devices on the adhoc network, then that would indicate
the IBSS-RSN encryption (i.e. at layer 2) is working fine.
If ping appears to work, you could try restarting the olsrd on all devices
on the adhoc network.
Below is the /etc/config/olsrd which I use with OLSRd v0.6.5. This assumes
the adhoc wireless interface is associated with an interface in
/etc/config/network called 'mesh', and that interface is *not* bridged with
any other. Also, it assumes a wired uplink interface named 'wan'.
If you are not using the nameservice plugin, the dyn_gw plugin, or
SmartGateway, you don't need to add those options to your config.
config olsrd
# uncomment the following line to use a custom config file instead:
#option config_file '/etc/olsrd.conf'
option 'IpVersion' '4'
option 'LinkQualityLevel' '2'
option 'LinkQualityAlgorithm' 'etx_ffeth'
option 'SmartGateway' 'yes'
option 'Pollrate' '0.1'
option 'TcRedundancy' '2'
option 'MprCoverage' '5'
option 'LinkQualityFishEye' '0'
config 'LoadPlugin'
option 'library' 'olsrd_arprefresh.so.0.1'
config 'LoadPlugin'
option 'library' 'olsrd_dyn_gw.so.0.5'
option 'HNA' '0.0.0.0 0.0.0.0'
config 'LoadPlugin'
option 'library' 'olsrd_nameservice.so.0.3'
#option 'resolv_file' '/tmp/resolv.conf.auto'
option 'sighup_pid_file' '/var/run/dnsmasq.pid'
option 'suffix' '.mesh'
config 'LoadPlugin'
option 'library' 'olsrd_txtinfo.so.0.1'
option 'port' '2006'
option 'Accept' '127.0.0.1'
config 'Interface'
list 'interface' 'wan'
option 'Mode' 'ether'
config 'Interface'
list 'interface' 'mesh'
option 'Ip4Broadcast' '255.255.255.255'
option 'Mode' 'mesh'
On Mon, Apr 7, 2014 at 10:45 AM, Andrea Mannoni <(spam-protected)>wrote:
> Thanks Ben,
>
> I changed some specific.
>
> Now there is another problem, the encryption woks but the olsrd daemon
> doesn't work; in the overview tab of Openwrt there are the other devices
> connected in the ad-hoc network (wireless mode), but in the OLSR tab the
> neighbors aren't recognized.
>
> What could be wrong?
>
> Thanks.
>
>
> 2014-04-07 16:21 GMT+02:00 Ben West <(spam-protected)>:
>
> Hi Andrea,
>>
>> Please note the 'encryption=psk2' option is the one I've verified to
>> work. 'encryption=psk2+aes' actually does not enable any encryption.
>> Furthermore, I'm not sure the precompiled images for OpenWRT v12.09 support
>> IBSS-RSN reliably. I'm using r39928 which I compiled myself, I believe
>> versions newer than r37xxx are preferred for reliably IBSS-RSN.
>>
>> The 'wmesh' name given for the first interface stanza is not mandatory.
>> I give my wireless virtual interfaces explicit names to make configuration
>> changes via UCI command tools easier. In addition, the "beacon_int" option
>> is also not mandatory; it just sets a beacon interval to a known value.
>>
>> Besides that, do please note the device options /etc/config/wireless file
>> will vary from device to device, in particular the "ht_capab" options
>> listed do need to match your radio's capabilities. You can try
>> regenerating the minimal wireless config for your device file by
>> removing/backing-up your existing /etc/config/wireless, and then reading
>> the output "wifi detect" run at the shell prompt.
>>
>>
>>
>> On Mon, Apr 7, 2014 at 7:34 AM, Andrea Mannoni <(spam-protected)>wrote:
>>
>>> Hi ,
>>>
>>> thanks for your comments.
>>>
>>> I tried to modify the two scripts that you cited:
>>>
>>>
>>> - -* /etc/config/wireless* in this way (i removed the last three
>>> raws of the first block "option_beacon......." until "option disabed..."):
>>>
>>>
>>> config wifi-device radio0
>>> option type mac80211
>>> option channel 11
>>>
>>> option hwmode 11ng
>>> option macaddr DC:XX:XX:XX:XX:XX
>>> option htmode HT20
>>> list ht_capab SHORT-GI-20
>>> list ht_capab SHORT-GI-40
>>> list ht_capab TX-STBC
>>> list ht_capab RX-STBC1
>>> list ht_capab DSSS_CCK-40
>>> option beacon_int 337
>>> # REMOVE THIS LINE TO ENABLE WIFI:
>>> option disabled 0
>>>
>>> config wifi-iface wmesh
>>> option network 'mesh'
>>> option mode 'adhoc'
>>> option device 'radio0'
>>> option ssid 'MyMesh'
>>> option bssid '02:CA:FF:EE:BA:BE'
>>> option encryption 'psk2+aes'
>>> option key 'areallyreallyreallyreallystrongpassword'
>>>
>>> *First question*: it's mandatory the part "wmesh" at the beginning of
>>> the first raw of the second block?
>>>
>>>
>>> - Second change at the file */var/run/wpa_supplicant-wlan0.conf *in
>>> this mode*:*
>>>
>>>
>>>
>>> -
>>>
>>> ap_scan=2
>>> network={
>>> mode=1
>>> scan_ssid=0
>>> ssid="MyMesh"
>>> bssid=02:CA:FF:EE:BA:BE
>>> key_mgmt=WPA-PSK
>>> proto=RSN
>>> frequency=24xx
>>> fixed_freq=1
>>> mcast_rate=XX
>>> psk="areallyreallyreallystrongpassword"
>>> }
>>>
>>>
>>>
>>> Afther this changes, i tried to connect to the ad-hoc network with my
>>> laptop and it seems to by encrypted but it seems that the wi-fi card
>>> doesn't work....!? I'm using atheros art71xx A.A. 12.09 with Picostation
>>> M2-HP.
>>>
>>> Where I'm wrong? Have you other advices?
>>>
>>> Thanks.
>>>
>>> Andrea.
>>>
>>>
>>> 2014-04-04 8:49 GMT+02:00 Ben West <(spam-protected)>:
>>>
>>> Sorry for being ambiguous. My experience has been that either of these
>>>> package selections ...
>>>>
>>>> A. wpad
>>>> B. wpa_supplicant & hostapd, which are complimentary
>>>>
>>>> ... enable IBSS-RSN WPA encryption. Selecting all 3, i.e. wpad,
>>>> wpa_supplicant, and hostapd, cause conflicts. Also, I think hostapd +
>>>> wpa_supplicant is possibly slated for obsolescence at some point (even
>>>> though these packages are all basically invoking bits from the same hostapd
>>>> tarball).
>>>>
>>>> I've been using the wpad package with encryption=psk2+aes w/o problem
>>>> on r38xxx revisions of OpenWRT AA and higher.
>>>>
>>>> The Commotion folks are actually using wpad_mini, patched to include
>>>> IBSS_RSN. That works fine, too, and I can share the patch if you don't
>>>> mind cluttering your build tree.
>>>>
>>>>
>>>>
>>>> On Fri, Apr 4, 2014 at 1:26 AM, Henning Rogge <(spam-protected)> wrote:
>>>>
>>>>> On Thu, Apr 3, 2014 at 6:02 PM, Ben West <(spam-protected)> wrote:
>>>>> > This is possible in current generations of OpenWRT Attitude
>>>>> Adjustment,
>>>>> > although I'm not completely sure if the pre-compiled v12.09 binaries
>>>>> support
>>>>> > it reliably. It is called IBSS-RSN. You would need to include the
>>>>> package
>>>>> > wpad or hostapd + wpa_supplicant. The wpad_mini package as-is
>>>>> doesn't
>>>>> > include IBSS-RSN support.
>>>>>
>>>>> Just to make sure to get this right...
>>>>>
>>>>> is wpad alone enough? "wpad or (hostapd + wpa_supplicant)"
>>>>>
>>>>> or do I need wpad and wpa_supplicant? " (wpad or hostapd) and
>>>>> wpa_supplicant"
>>>>>
>>>>> I am in the process of building an OpenWRT image for our "dlep based
>>>>> hybrid node design" and would like to support the wpa2 mode.
>>>>>
>>>>> Henning Rogge
>>>>>
>>>>
>>>>
>>>>
>>>> --
>>>> Ben West
>>>> http://gowasabi.net
>>>> (spam-protected)
>>>> 314-246-9434
>>>>
>>>
>>>
>>>
>>> --
>>> Andrea Mannoni
>>> *Research Fellow at STO NATO-CMRE* (*Centre for Maritime Research and
>>> Experimentation*)
>>> Oristano, via Pesaria n°10
>>> Mobile: 3408251376
>>> Mobile2:3298282487
>>> Skype:andrea_mannoni
>>> e-mail: (spam-protected)
>>>
>>
>>
>>
>> --
>> Ben West
>> http://gowasabi.net
>> (spam-protected)
>> 314-246-9434
>>
>
>
>
> --
> Andrea Mannoni
> *Research Fellow at STO NATO-CMRE* (*Centre for Maritime Research and
> Experimentation*)
> Oristano, via Pesaria n°10
> Mobile: 3408251376
> Mobile2:3298282487
> Skype:andrea_mannoni
> e-mail: (spam-protected)
>
--
Ben West
http://gowasabi.net
(spam-protected)
314-246-9434
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.olsr.org/pipermail/olsr-users/attachments/20140407/afd79a3a/attachment.html>
More information about the Olsr-users
mailing list