[Cerowrt-devel] Secure ad-hoc interface
Dave Taht
dave.taht at gmail.com
Fri Jun 6 12:30:50 EDT 2014
On Fri, Jun 6, 2014 at 9:12 AM, <Valdis.Kletnieks at vt.edu> wrote:
> On Fri, 06 Jun 2014 08:53:12 -0700, Dave Taht said:
>
>> Not clear what you mean. adhoc doesn't work with wpa, so far as I know.
>
> I'm not even sure what it would *mean*, given the administrative model
> implied by WPA and the admin model implied by adhoc..
>
>> I HAVE long thought that shipping with wpa enabled on the main interfaces
>> was probably a good idea, but what I'd like in that case is to mandate that
>> the wpa keys, ssid, and root password be changed on first install, actually.
>
> That's actually a Really Good Idea.
Just needs someone to step up and do it. There should be a gui screen
that lets you name the machine, change the password, enable wpa,
change the ssid, and
all in one go, instead of the current
passwd
sed -i s/CEROwrt/your_new_ssid/g /etc/config/wireless
sed -i s/172.30.42/your_new_ip_range/g /etc/config/*
sed -i s/home.lan/your_newsubdomain/g /etc/config/*
sed -i s/cerowrt/your_new_name_for_the_router/g /etc/config/*
and adding wpa is currently hard from the command line.
Regular openwrt ships with telnet enabled and NO password,
but the gui will request you change it in that case. With the
default password we ship, it doesn't, and ssh is enabled.
That mechanism could
be made generic (if no password or default password,
prompt the user to change)
I do LIKE (and need) the wifi interfaces enabled at first boot, which
lets me update a box from clean flash in the field and get back into
it to configure it.
One overall architectural change in light of the hnetd work is that
I'd like the ipv4 address assignment to become symmetric with
the ipv6 address assignment scheme.
so instead of having a per interface
option network 172.30.42.1
option netmask 255.255.255.224
option ip6assign 64
you'd have a global section that specified
ipprefix 172.30.42.0/24
ip6prefix fd08::/48
(or if set dynamically, ipreqprefix and ip6reqprefix)
and per interface
option ipassign 27
option ip6assign 64
I don't know if the world is ready for prefix notation as the dotted
quad is embedded in too many brains, but it's saner.
--
Dave Täht
NSFW: https://w2.eff.org/Censorship/Internet_censorship_bills/russell_0296_indecent.article
More information about the Cerowrt-devel
mailing list