From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mail-wg0-x22c.google.com (mail-wg0-x22c.google.com [IPv6:2a00:1450:400c:c00::22c]) (using TLSv1 with cipher RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by huchra.bufferbloat.net (Postfix) with ESMTPS id D3E4421F2CE for ; Fri, 6 Jun 2014 09:30:52 -0700 (PDT) Received: by mail-wg0-f44.google.com with SMTP id x13so352998wgg.3 for ; Fri, 06 Jun 2014 09:30:51 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type:content-transfer-encoding; bh=9Tvm8+4zJn5JBEGLMq+UESuDQgcui8Fly3Tv0V+T7ho=; b=SsoyEQIdU0ycPsdR143skQJj1NqD6oIiFMUMHhPz6lbs9YFYveiJ3oBH6qdUYnVHVL XcMeHgEAmjRZb7tNZyJNnHJNc3V9eL+AtPKc891xCOCc6glgUILJMMshEogmn2jpNr57 8nmRf7K0JSgeSyM/3q+5OLoxoNuwx1nOozuzONidtW4J73pCeRHRGU10TL5AfJFJHjpp lowxFWllrJRz36y4NWhAKuH1uWODH+zEOVlcCRxfunDOnVDZe4c9GhRJ/WpUhMBVVr1a w6GQ+//gxFH8qu4ece40XgEeYEwwq7ViavGb+HZhCSOsQf2QROj5/S/A+tcRsriClHJg Itgw== MIME-Version: 1.0 X-Received: by 10.180.39.66 with SMTP id n2mr9564770wik.17.1402072250909; Fri, 06 Jun 2014 09:30:50 -0700 (PDT) Received: by 10.216.207.82 with HTTP; Fri, 6 Jun 2014 09:30:50 -0700 (PDT) In-Reply-To: <6835.1402071170@turing-police.cc.vt.edu> References: <6835.1402071170@turing-police.cc.vt.edu> Date: Fri, 6 Jun 2014 09:30:50 -0700 Message-ID: From: Dave Taht To: Valdis Kletnieks Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable Cc: "cerowrt-devel@lists.bufferbloat.net" Subject: Re: [Cerowrt-devel] Secure ad-hoc interface X-BeenThere: cerowrt-devel@lists.bufferbloat.net X-Mailman-Version: 2.1.13 Precedence: list List-Id: Development issues regarding the cerowrt test router project List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jun 2014 16:30:53 -0000 On Fri, Jun 6, 2014 at 9:12 AM, wrote: > On Fri, 06 Jun 2014 08:53:12 -0700, Dave Taht said: > >> Not clear what you mean. adhoc doesn't work with wpa, so far as I know. > > I'm not even sure what it would *mean*, given the administrative model > implied by WPA and the admin model implied by adhoc.. > >> I HAVE long thought that shipping with wpa enabled on the main interface= s >> was probably a good idea, but what I'd like in that case is to mandate t= hat >> the wpa keys, ssid, and root password be changed on first install, actua= lly. > > That's actually a Really Good Idea. Just needs someone to step up and do it. There should be a gui screen that lets you name the machine, change the password, enable wpa, change the ssid, and all in one go, instead of the current passwd sed -i s/CEROwrt/your_new_ssid/g /etc/config/wireless sed -i s/172.30.42/your_new_ip_range/g /etc/config/* sed -i s/home.lan/your_newsubdomain/g /etc/config/* sed -i s/cerowrt/your_new_name_for_the_router/g /etc/config/* and adding wpa is currently hard from the command line. Regular openwrt ships with telnet enabled and NO password, but the gui will request you change it in that case. With the default password we ship, it doesn't, and ssh is enabled. That mechanism could be made generic (if no password or default password, prompt the user to change) I do LIKE (and need) the wifi interfaces enabled at first boot, which lets me update a box from clean flash in the field and get back into it to configure it. One overall architectural change in light of the hnetd work is that I'd like the ipv4 address assignment to become symmetric with the ipv6 address assignment scheme. so instead of having a per interface option network 172.30.42.1 option netmask 255.255.255.224 option ip6assign 64 you'd have a global section that specified ipprefix 172.30.42.0/24 ip6prefix fd08::/48 (or if set dynamically, ipreqprefix and ip6reqprefix) and per interface option ipassign 27 option ip6assign 64 I don't know if the world is ready for prefix notation as the dotted quad is embedded in too many brains, but it's saner. --=20 Dave T=C3=A4ht NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_= indecent.article