* [Cerowrt-devel] Secure ad-hoc interface @ 2014-06-05 5:53 Dane Medic 2014-06-06 15:53 ` Dave Taht 0 siblings, 1 reply; 6+ messages in thread From: Dane Medic @ 2014-06-05 5:53 UTC (permalink / raw) To: cerowrt-devel [-- Attachment #1: Type: text/plain, Size: 86 bytes --] Hi, are there any plans to add WPA encryption on ibss interface in cerowrt? Cheers [-- Attachment #2: Type: text/html, Size: 148 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Cerowrt-devel] Secure ad-hoc interface 2014-06-05 5:53 [Cerowrt-devel] Secure ad-hoc interface Dane Medic @ 2014-06-06 15:53 ` Dave Taht 2014-06-06 16:04 ` Dane Medic 2014-06-06 16:12 ` Valdis.Kletnieks 0 siblings, 2 replies; 6+ messages in thread From: Dave Taht @ 2014-06-06 15:53 UTC (permalink / raw) To: Dane Medic; +Cc: cerowrt-devel On Wed, Jun 4, 2014 at 10:53 PM, Dane Medic <dm70dm@gmail.com> wrote: > Hi, > > are there any plans to add WPA encryption on ibss interface in cerowrt? Not clear what you mean. adhoc doesn't work with wpa, so far as I know. I HAVE long thought that shipping with wpa enabled on the main interfaces was probably a good idea, but what I'd like in that case is to mandate that the wpa keys, ssid, and root password be changed on first install, actually. > > > Cheers > > _______________________________________________ > Cerowrt-devel mailing list > Cerowrt-devel@lists.bufferbloat.net > https://lists.bufferbloat.net/listinfo/cerowrt-devel > -- Dave Täht NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Cerowrt-devel] Secure ad-hoc interface 2014-06-06 15:53 ` Dave Taht @ 2014-06-06 16:04 ` Dane Medic 2014-06-06 16:09 ` Dave Taht 2014-06-06 16:12 ` Valdis.Kletnieks 1 sibling, 1 reply; 6+ messages in thread From: Dane Medic @ 2014-06-06 16:04 UTC (permalink / raw) To: Dave Taht; +Cc: cerowrt-devel [-- Attachment #1: Type: text/plain, Size: 1077 bytes --] I'm not sure which of this patches -> https://github.com/opentechinstitute/commotion-router/tree/master/patches but commotion wireless guys have a working adhoc with wpa2 2014-06-06 17:53 GMT+02:00 Dave Taht <dave.taht@gmail.com>: > On Wed, Jun 4, 2014 at 10:53 PM, Dane Medic <dm70dm@gmail.com> wrote: > > Hi, > > > > are there any plans to add WPA encryption on ibss interface in cerowrt? > > Not clear what you mean. adhoc doesn't work with wpa, so far as I know. > > I HAVE long thought that shipping with wpa enabled on the main interfaces > was probably a good idea, but what I'd like in that case is to mandate that > the wpa keys, ssid, and root password be changed on first install, > actually. > > > > > > > Cheers > > > > _______________________________________________ > > Cerowrt-devel mailing list > > Cerowrt-devel@lists.bufferbloat.net > > https://lists.bufferbloat.net/listinfo/cerowrt-devel > > > > > > -- > Dave Täht > > NSFW: > https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article > [-- Attachment #2: Type: text/html, Size: 1965 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Cerowrt-devel] Secure ad-hoc interface 2014-06-06 16:04 ` Dane Medic @ 2014-06-06 16:09 ` Dave Taht 0 siblings, 0 replies; 6+ messages in thread From: Dave Taht @ 2014-06-06 16:09 UTC (permalink / raw) To: Dane Medic; +Cc: cerowrt-devel Commotion is way back on openwrt attitude adjustment still. I see they too are expanding their router selection. https://commotionwireless.net/ On Fri, Jun 6, 2014 at 9:04 AM, Dane Medic <dm70dm@gmail.com> wrote: > I'm not sure which of this patches -> > https://github.com/opentechinstitute/commotion-router/tree/master/patches > but commotion wireless guys have a working adhoc with wpa2 > > > 2014-06-06 17:53 GMT+02:00 Dave Taht <dave.taht@gmail.com>: > >> On Wed, Jun 4, 2014 at 10:53 PM, Dane Medic <dm70dm@gmail.com> wrote: >> > Hi, >> > >> > are there any plans to add WPA encryption on ibss interface in cerowrt? >> >> Not clear what you mean. adhoc doesn't work with wpa, so far as I know. >> >> I HAVE long thought that shipping with wpa enabled on the main interfaces >> was probably a good idea, but what I'd like in that case is to mandate >> that >> the wpa keys, ssid, and root password be changed on first install, >> actually. >> >> > >> > >> > Cheers >> > >> > _______________________________________________ >> > Cerowrt-devel mailing list >> > Cerowrt-devel@lists.bufferbloat.net >> > https://lists.bufferbloat.net/listinfo/cerowrt-devel >> > >> >> >> >> -- >> Dave Täht >> >> NSFW: >> https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article > > -- Dave Täht NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Cerowrt-devel] Secure ad-hoc interface 2014-06-06 15:53 ` Dave Taht 2014-06-06 16:04 ` Dane Medic @ 2014-06-06 16:12 ` Valdis.Kletnieks 2014-06-06 16:30 ` Dave Taht 1 sibling, 1 reply; 6+ messages in thread From: Valdis.Kletnieks @ 2014-06-06 16:12 UTC (permalink / raw) To: Dave Taht; +Cc: cerowrt-devel [-- Attachment #1: Type: text/plain, Size: 536 bytes --] On Fri, 06 Jun 2014 08:53:12 -0700, Dave Taht said: > Not clear what you mean. adhoc doesn't work with wpa, so far as I know. I'm not even sure what it would *mean*, given the administrative model implied by WPA and the admin model implied by adhoc.. > I HAVE long thought that shipping with wpa enabled on the main interfaces > was probably a good idea, but what I'd like in that case is to mandate that > the wpa keys, ssid, and root password be changed on first install, actually. That's actually a Really Good Idea. [-- Attachment #2: Type: application/pgp-signature, Size: 848 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: [Cerowrt-devel] Secure ad-hoc interface 2014-06-06 16:12 ` Valdis.Kletnieks @ 2014-06-06 16:30 ` Dave Taht 0 siblings, 0 replies; 6+ messages in thread From: Dave Taht @ 2014-06-06 16:30 UTC (permalink / raw) To: Valdis Kletnieks; +Cc: cerowrt-devel On Fri, Jun 6, 2014 at 9:12 AM, <Valdis.Kletnieks@vt.edu> wrote: > On Fri, 06 Jun 2014 08:53:12 -0700, Dave Taht said: > >> Not clear what you mean. adhoc doesn't work with wpa, so far as I know. > > I'm not even sure what it would *mean*, given the administrative model > implied by WPA and the admin model implied by adhoc.. > >> I HAVE long thought that shipping with wpa enabled on the main interfaces >> was probably a good idea, but what I'd like in that case is to mandate that >> the wpa keys, ssid, and root password be changed on first install, actually. > > That's actually a Really Good Idea. Just needs someone to step up and do it. There should be a gui screen that lets you name the machine, change the password, enable wpa, change the ssid, and all in one go, instead of the current passwd sed -i s/CEROwrt/your_new_ssid/g /etc/config/wireless sed -i s/172.30.42/your_new_ip_range/g /etc/config/* sed -i s/home.lan/your_newsubdomain/g /etc/config/* sed -i s/cerowrt/your_new_name_for_the_router/g /etc/config/* and adding wpa is currently hard from the command line. Regular openwrt ships with telnet enabled and NO password, but the gui will request you change it in that case. With the default password we ship, it doesn't, and ssh is enabled. That mechanism could be made generic (if no password or default password, prompt the user to change) I do LIKE (and need) the wifi interfaces enabled at first boot, which lets me update a box from clean flash in the field and get back into it to configure it. One overall architectural change in light of the hnetd work is that I'd like the ipv4 address assignment to become symmetric with the ipv6 address assignment scheme. so instead of having a per interface option network 172.30.42.1 option netmask 255.255.255.224 option ip6assign 64 you'd have a global section that specified ipprefix 172.30.42.0/24 ip6prefix fd08::/48 (or if set dynamically, ipreqprefix and ip6reqprefix) and per interface option ipassign 27 option ip6assign 64 I don't know if the world is ready for prefix notation as the dotted quad is embedded in too many brains, but it's saner. -- Dave Täht NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2014-06-06 16:30 UTC | newest] Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2014-06-05 5:53 [Cerowrt-devel] Secure ad-hoc interface Dane Medic 2014-06-06 15:53 ` Dave Taht 2014-06-06 16:04 ` Dane Medic 2014-06-06 16:09 ` Dave Taht 2014-06-06 16:12 ` Valdis.Kletnieks 2014-06-06 16:30 ` Dave Taht
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox