* [Cerowrt-devel] Secure ad-hoc interface
@ 2014-06-05 5:53 Dane Medic
2014-06-06 15:53 ` Dave Taht
0 siblings, 1 reply; 6+ messages in thread
From: Dane Medic @ 2014-06-05 5:53 UTC (permalink / raw)
To: cerowrt-devel
[-- Attachment #1: Type: text/plain, Size: 86 bytes --]
Hi,
are there any plans to add WPA encryption on ibss interface in cerowrt?
Cheers
[-- Attachment #2: Type: text/html, Size: 148 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Cerowrt-devel] Secure ad-hoc interface
2014-06-05 5:53 [Cerowrt-devel] Secure ad-hoc interface Dane Medic
@ 2014-06-06 15:53 ` Dave Taht
2014-06-06 16:04 ` Dane Medic
2014-06-06 16:12 ` Valdis.Kletnieks
0 siblings, 2 replies; 6+ messages in thread
From: Dave Taht @ 2014-06-06 15:53 UTC (permalink / raw)
To: Dane Medic; +Cc: cerowrt-devel
On Wed, Jun 4, 2014 at 10:53 PM, Dane Medic <dm70dm@gmail.com> wrote:
> Hi,
>
> are there any plans to add WPA encryption on ibss interface in cerowrt?
Not clear what you mean. adhoc doesn't work with wpa, so far as I know.
I HAVE long thought that shipping with wpa enabled on the main interfaces
was probably a good idea, but what I'd like in that case is to mandate that
the wpa keys, ssid, and root password be changed on first install, actually.
>
>
> Cheers
>
> _______________________________________________
> Cerowrt-devel mailing list
> Cerowrt-devel@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cerowrt-devel
>
--
Dave Täht
NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Cerowrt-devel] Secure ad-hoc interface
2014-06-06 15:53 ` Dave Taht
@ 2014-06-06 16:04 ` Dane Medic
2014-06-06 16:09 ` Dave Taht
2014-06-06 16:12 ` Valdis.Kletnieks
1 sibling, 1 reply; 6+ messages in thread
From: Dane Medic @ 2014-06-06 16:04 UTC (permalink / raw)
To: Dave Taht; +Cc: cerowrt-devel
[-- Attachment #1: Type: text/plain, Size: 1077 bytes --]
I'm not sure which of this patches ->
https://github.com/opentechinstitute/commotion-router/tree/master/patches
but commotion wireless guys have a working adhoc with wpa2
2014-06-06 17:53 GMT+02:00 Dave Taht <dave.taht@gmail.com>:
> On Wed, Jun 4, 2014 at 10:53 PM, Dane Medic <dm70dm@gmail.com> wrote:
> > Hi,
> >
> > are there any plans to add WPA encryption on ibss interface in cerowrt?
>
> Not clear what you mean. adhoc doesn't work with wpa, so far as I know.
>
> I HAVE long thought that shipping with wpa enabled on the main interfaces
> was probably a good idea, but what I'd like in that case is to mandate that
> the wpa keys, ssid, and root password be changed on first install,
> actually.
>
> >
> >
> > Cheers
> >
> > _______________________________________________
> > Cerowrt-devel mailing list
> > Cerowrt-devel@lists.bufferbloat.net
> > https://lists.bufferbloat.net/listinfo/cerowrt-devel
> >
>
>
>
> --
> Dave Täht
>
> NSFW:
> https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article
>
[-- Attachment #2: Type: text/html, Size: 1965 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Cerowrt-devel] Secure ad-hoc interface
2014-06-06 16:04 ` Dane Medic
@ 2014-06-06 16:09 ` Dave Taht
0 siblings, 0 replies; 6+ messages in thread
From: Dave Taht @ 2014-06-06 16:09 UTC (permalink / raw)
To: Dane Medic; +Cc: cerowrt-devel
Commotion is way back on openwrt attitude adjustment still.
I see they too are expanding their router selection.
https://commotionwireless.net/
On Fri, Jun 6, 2014 at 9:04 AM, Dane Medic <dm70dm@gmail.com> wrote:
> I'm not sure which of this patches ->
> https://github.com/opentechinstitute/commotion-router/tree/master/patches
> but commotion wireless guys have a working adhoc with wpa2
>
>
> 2014-06-06 17:53 GMT+02:00 Dave Taht <dave.taht@gmail.com>:
>
>> On Wed, Jun 4, 2014 at 10:53 PM, Dane Medic <dm70dm@gmail.com> wrote:
>> > Hi,
>> >
>> > are there any plans to add WPA encryption on ibss interface in cerowrt?
>>
>> Not clear what you mean. adhoc doesn't work with wpa, so far as I know.
>>
>> I HAVE long thought that shipping with wpa enabled on the main interfaces
>> was probably a good idea, but what I'd like in that case is to mandate
>> that
>> the wpa keys, ssid, and root password be changed on first install,
>> actually.
>>
>> >
>> >
>> > Cheers
>> >
>> > _______________________________________________
>> > Cerowrt-devel mailing list
>> > Cerowrt-devel@lists.bufferbloat.net
>> > https://lists.bufferbloat.net/listinfo/cerowrt-devel
>> >
>>
>>
>>
>> --
>> Dave Täht
>>
>> NSFW:
>> https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article
>
>
--
Dave Täht
NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Cerowrt-devel] Secure ad-hoc interface
2014-06-06 15:53 ` Dave Taht
2014-06-06 16:04 ` Dane Medic
@ 2014-06-06 16:12 ` Valdis.Kletnieks
2014-06-06 16:30 ` Dave Taht
1 sibling, 1 reply; 6+ messages in thread
From: Valdis.Kletnieks @ 2014-06-06 16:12 UTC (permalink / raw)
To: Dave Taht; +Cc: cerowrt-devel
[-- Attachment #1: Type: text/plain, Size: 536 bytes --]
On Fri, 06 Jun 2014 08:53:12 -0700, Dave Taht said:
> Not clear what you mean. adhoc doesn't work with wpa, so far as I know.
I'm not even sure what it would *mean*, given the administrative model
implied by WPA and the admin model implied by adhoc..
> I HAVE long thought that shipping with wpa enabled on the main interfaces
> was probably a good idea, but what I'd like in that case is to mandate that
> the wpa keys, ssid, and root password be changed on first install, actually.
That's actually a Really Good Idea.
[-- Attachment #2: Type: application/pgp-signature, Size: 848 bytes --]
^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Cerowrt-devel] Secure ad-hoc interface
2014-06-06 16:12 ` Valdis.Kletnieks
@ 2014-06-06 16:30 ` Dave Taht
0 siblings, 0 replies; 6+ messages in thread
From: Dave Taht @ 2014-06-06 16:30 UTC (permalink / raw)
To: Valdis Kletnieks; +Cc: cerowrt-devel
On Fri, Jun 6, 2014 at 9:12 AM, <Valdis.Kletnieks@vt.edu> wrote:
> On Fri, 06 Jun 2014 08:53:12 -0700, Dave Taht said:
>
>> Not clear what you mean. adhoc doesn't work with wpa, so far as I know.
>
> I'm not even sure what it would *mean*, given the administrative model
> implied by WPA and the admin model implied by adhoc..
>
>> I HAVE long thought that shipping with wpa enabled on the main interfaces
>> was probably a good idea, but what I'd like in that case is to mandate that
>> the wpa keys, ssid, and root password be changed on first install, actually.
>
> That's actually a Really Good Idea.
Just needs someone to step up and do it. There should be a gui screen
that lets you name the machine, change the password, enable wpa,
change the ssid, and
all in one go, instead of the current
passwd
sed -i s/CEROwrt/your_new_ssid/g /etc/config/wireless
sed -i s/172.30.42/your_new_ip_range/g /etc/config/*
sed -i s/home.lan/your_newsubdomain/g /etc/config/*
sed -i s/cerowrt/your_new_name_for_the_router/g /etc/config/*
and adding wpa is currently hard from the command line.
Regular openwrt ships with telnet enabled and NO password,
but the gui will request you change it in that case. With the
default password we ship, it doesn't, and ssh is enabled.
That mechanism could
be made generic (if no password or default password,
prompt the user to change)
I do LIKE (and need) the wifi interfaces enabled at first boot, which
lets me update a box from clean flash in the field and get back into
it to configure it.
One overall architectural change in light of the hnetd work is that
I'd like the ipv4 address assignment to become symmetric with
the ipv6 address assignment scheme.
so instead of having a per interface
option network 172.30.42.1
option netmask 255.255.255.224
option ip6assign 64
you'd have a global section that specified
ipprefix 172.30.42.0/24
ip6prefix fd08::/48
(or if set dynamically, ipreqprefix and ip6reqprefix)
and per interface
option ipassign 27
option ip6assign 64
I don't know if the world is ready for prefix notation as the dotted
quad is embedded in too many brains, but it's saner.
--
Dave Täht
NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article
^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-06-06 16:30 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2014-06-05 5:53 [Cerowrt-devel] Secure ad-hoc interface Dane Medic
2014-06-06 15:53 ` Dave Taht
2014-06-06 16:04 ` Dane Medic
2014-06-06 16:09 ` Dave Taht
2014-06-06 16:12 ` Valdis.Kletnieks
2014-06-06 16:30 ` Dave Taht
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox