Open twpedersen opened 10 years ago
sritam2
commented
7 years ago Hi, Is the security that you are using for the MESH is authsae?? How to configure the "nohwcrypt" parameter. Is it the parameter setting for ath9k_htc device driver in linux kernel ??
chunyeow
commented
7 years ago Just load the ath9k_htc kernel module by appending "nohwcrypt=1".
For secured mesh, you can either use authsae or wpa_supplicant. wpa_supplicant is a prefer option.
Chun-Yeow
On Mon, May 1, 2017 at 4:35 AM, sritam2 notifications@github.com wrote:
Hi, Is the security that you are using for the MESH is authsae?? How to configure the "nohwcrypt" parameter. Is it the parameter setting for ath9k_htc device driver in linux kernel ??
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/o11s/open80211s/issues/40#issuecomment-298255355, or mute the thread https://github.com/notifications/unsubscribe-auth/ABBewuqaIIHV-G9TUUY56KzjnWrkJEa_ks5r1PB9gaJpZM4BceQ6 .
sritam2
commented
7 years ago Hi Chun-Yeow,
Thank you for the valuable suggestion.
My doubt is when we make the mesh secure, are the beacons (management frames) encrypted or in plain text. The data frames will always be encrypted in a secure mesh. But are the management frames and control frames also encrypted or are they in plain text. Will "nohwcrypt" parameter play any role in this context ??
Thanks and Regards, Sritam Paltasingh.
bcopeland
commented
7 years ago On Tue, May 02, 2017 at 12:37:18AM -0700, sritam2 wrote:
Hi Chun-Yeow,
Thank you for the valuable suggestion.
My doubt is when we make the mesh secure, are the beacons (management frames) encrypted or in plain text. The data frames will always be encrypted in a secure mesh. But are the management frames and control frames also encrypted or are they in plain text. Will "nohwcrypt" parameter play any role in this context ??
Beacons and other control frames will be plain text.
Management frames are either encrypted or integrity protected.
-- Bob Copeland %% http://bobcopeland.com/
chunyeow
commented
7 years ago In additional to Bob's comment, loading kernel module with nohwcrypt=1 is to disable the HW encryption and let the software manages it. But you still need to use wpa_supp or authsae to enable secured mesh.
On Tue, May 2, 2017 at 8:37 PM, Bob Copeland notifications@github.com wrote:
On Tue, May 02, 2017 at 12:37:18AM -0700, sritam2 wrote:
Hi Chun-Yeow,
Thank you for the valuable suggestion.
My doubt is when we make the mesh secure, are the beacons (management frames) encrypted or in plain text. The data frames will always be encrypted in a secure mesh. But are the management frames and control frames also encrypted or are they in plain text. Will "nohwcrypt" parameter play any role in this context ??
Beacons and other control frames will be plain text.
Management frames are either encrypted or integrity protected.
-- Bob Copeland %% http://bobcopeland.com/
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/o11s/open80211s/issues/40#issuecomment-298623045, or mute the thread https://github.com/notifications/unsubscribe-auth/ABBewuGmJm2e5XrIJLr51mkTvLruBgOWks5r1yN7gaJpZM4BceQ6 .
sritam2
commented
7 years ago Dear All,
Today after proper experimentation I found out that the TL-WN823N wifi adapter used by me has a real-tek chipset in it and it needs rtl8912eu driver. I installed everything and using "iw list" i discovered that this driver does not support MESH mode. But this WNIC is version2 of TL-WN823N. There is also version1 of TL-WN823N which uses the rtl8912cu device driver which supports the mesh mode.
In wiki/HOWTO page of open80211s it is written that non-mesh enabled mac80211 drivers may require minimal code changes in order to support open80211s.
Does anyone know what can be the code change in order to make rtl8912eu driver to support mesh mode. rtl8912cu chipset already supports mesh mode.
ath9k_htc chipsets in TP-Link WNICs are not commonly available in market nowadays. Another reason i want to stick to TL-WN82XN series is that they support IEEE 802.1X authentication in addition to mesh mode. My bad luck is that the driver (rtl8912eu) for the latest version2 of TL-WN823N does not support mesh mode.
Do you guys know any ath9k chipsets available in market which supports both mesh mode and IEEE 802.1X authentication ??
sritam2
commented
7 years ago I am using WNIC chipset from realtek which has support for MESH. The kernel module name is rtl8192cu.ko. In order to load it i am using the following command: "modprobe rtl8192cu nohwcrypt=1"
Is this the correct command to load the kernel module with hardware crypto disabled. As I am facing difficulty in setting up a secured mesh, I am trying to load it with HW crypto disabled.
The real issue is that I am not able to ping between laptops forming the secured mesh network. The secured network gets formed but after formation I am not able to ping.
Please advise.
Thanks and Regards, Sritam Paltasingh.
Right now mesh security only works with ath9k_htc with the nohwcrypt=1 parameter. This disables the hardware crypto engine entirely, and all crypto work is done by mac80211. The only reason we have to do this is so broadcast frames can be properly decrypted (I think, maybe it was management frames). Therefore it would be useful to do regular data crypto in hardware, but management or other "unusual" encryption in software.