From: Dave Taht <dave.taht@gmail.com>
To: Valdis Kletnieks <Valdis.Kletnieks@vt.edu>
Cc: "cerowrt-devel@lists.bufferbloat.net"
<cerowrt-devel@lists.bufferbloat.net>
Subject: Re: [Cerowrt-devel] Secure ad-hoc interface
Date: Fri, 6 Jun 2014 09:30:50 -0700 [thread overview]
Message-ID: <CAA93jw4qwrpBiZLUWE7Y-8PHbWS_Cq90=mTZDfmCf3bHKZ6U8A@mail.gmail.com> (raw)
In-Reply-To: <6835.1402071170@turing-police.cc.vt.edu>
On Fri, Jun 6, 2014 at 9:12 AM, <Valdis.Kletnieks@vt.edu> wrote:
> On Fri, 06 Jun 2014 08:53:12 -0700, Dave Taht said:
>
>> Not clear what you mean. adhoc doesn't work with wpa, so far as I know.
>
> I'm not even sure what it would *mean*, given the administrative model
> implied by WPA and the admin model implied by adhoc..
>
>> I HAVE long thought that shipping with wpa enabled on the main interfaces
>> was probably a good idea, but what I'd like in that case is to mandate that
>> the wpa keys, ssid, and root password be changed on first install, actually.
>
> That's actually a Really Good Idea.
Just needs someone to step up and do it. There should be a gui screen
that lets you name the machine, change the password, enable wpa,
change the ssid, and
all in one go, instead of the current
passwd
sed -i s/CEROwrt/your_new_ssid/g /etc/config/wireless
sed -i s/172.30.42/your_new_ip_range/g /etc/config/*
sed -i s/home.lan/your_newsubdomain/g /etc/config/*
sed -i s/cerowrt/your_new_name_for_the_router/g /etc/config/*
and adding wpa is currently hard from the command line.
Regular openwrt ships with telnet enabled and NO password,
but the gui will request you change it in that case. With the
default password we ship, it doesn't, and ssh is enabled.
That mechanism could
be made generic (if no password or default password,
prompt the user to change)
I do LIKE (and need) the wifi interfaces enabled at first boot, which
lets me update a box from clean flash in the field and get back into
it to configure it.
One overall architectural change in light of the hnetd work is that
I'd like the ipv4 address assignment to become symmetric with
the ipv6 address assignment scheme.
so instead of having a per interface
option network 172.30.42.1
option netmask 255.255.255.224
option ip6assign 64
you'd have a global section that specified
ipprefix 172.30.42.0/24
ip6prefix fd08::/48
(or if set dynamically, ipreqprefix and ip6reqprefix)
and per interface
option ipassign 27
option ip6assign 64
I don't know if the world is ready for prefix notation as the dotted
quad is embedded in too many brains, but it's saner.
--
Dave Täht
NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article
prev parent reply other threads:[~2014-06-06 16:30 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2014-06-05 5:53 Dane Medic
2014-06-06 15:53 ` Dave Taht
2014-06-06 16:04 ` Dane Medic
2014-06-06 16:09 ` Dave Taht
2014-06-06 16:12 ` Valdis.Kletnieks
2014-06-06 16:30 ` Dave Taht [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
List information: https://lists.bufferbloat.net/postorius/lists/cerowrt-devel.lists.bufferbloat.net/
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAA93jw4qwrpBiZLUWE7Y-8PHbWS_Cq90=mTZDfmCf3bHKZ6U8A@mail.gmail.com' \
--to=dave.taht@gmail.com \
--cc=Valdis.Kletnieks@vt.edu \
--cc=cerowrt-devel@lists.bufferbloat.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox