Bumping this thread. Below is more info about the original patch that appeared to get ball rolling on IBSS-RSN encryption. There is also contact info for Antonio Quartulli, who seems to be a good person to ask about issues with nodes not reliably authenticating themselves upon joining an encrypted mesh.<br>
<br><a href="https://lists.openwrt.org/pipermail/openwrt-devel/2012-January/013509.html">https://lists.openwrt.org/pipermail/openwrt-devel/2012-January/013509.html</a><br><br><b>Antonio Quartulli</b>
<a href="mailto:openwrt-devel%40lists.openwrt.org?Subject=Re%3A%20%5BOpenWrt-Devel%5D%20%5BPATCH%5D%20mac80211%3A%20provide%20IBSS%20RSN%20support%20for%20ath5k&In-Reply-To=%3C1326711999-20522-1-git-send-email-ordex%40autistici.org%3E" title="[OpenWrt-Devel] [PATCH] mac80211: provide IBSS RSN support for ath5k">ordex at autistici.org
</a><br><br><div class="gmail_quote">On Thu, Aug 23, 2012 at 6:04 PM, Ben West <span dir="ltr"><<a href="mailto:ben@gowasabi.net" target="_blank">ben@gowasabi.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi All,<br>
<br>
Sharing some results from a couple weeks of surfing the choppy waters<br>
of recent OpenWRT trunk: I have been able to get 2 UBNT ar71xx nodes<br>
to mesh with PSK-encrypted adhoc, aka IBSS RSN.<br>
<br>
You can even configure the encryption in /etc/config/wireless,<br>
provided you use hostapd and wpa_supplicant packages instead of wpad<br>
or wpad-mini.<br>
<br>
Known so far:<br>
- The meshconfig tool bundled w/ Commotion does not work at all,<br>
likely due to significant changes made after trunk r31639 for netifd<br>
support. I unfortunately could not glean more info about this, since<br>
nodes flashed w/ the commotionbase package atop r33202 trunk became<br>
completely unresponsive. I have a TTL/serial cable on order, to<br>
hopefully learn more about this.<br>
- Likewise, the freifunk-watchdog service (ffwatchd), as configured &<br>
bundled w/ Commotion, doesn't seem to like an encrypted mesh. I saw<br>
it repeatedly restarting the wireless interfaces, so I removed that<br>
pkg from the firmware images I was testing with. I posted a query to<br>
this list previously if anyone knows of documentation available for<br>
ffwatchd.<br>
- Although you can indeed specify "encryption psk" for the mesh VAP in<br>
/etc/config/wireless, a bug with wpa_supplicant.sh causes that VAP to<br>
lose its assigned IP address thereafter. I had do "ifconfig wlan0<br>
10.12.x.x" after bringing up the wireless to restore the IP address.<br>
- "iw wlan0 station dump" suggests that nodes joining an encrypted<br>
mesh do not get reliably "authorized," even when they are<br>
"authenticated." On the un-authorized node where I observed this, I<br>
bringing its wlan0 down and then back up resolved this.<br>
- My UBNT nodes were able to ping each other (even at 10ms intervals<br>
using fping) OK for days, until a power blip reset them.<br>
<br>
Unknown, so far:<br>
- Whether this works for ath5k too. Trunk r33202 does not appear to<br>
boot at all on ath5k, although recent patches submitted to trunk do<br>
explicitly mention IBSS RSN support for ath5k.<br>
- What sort of speed penalty this imposes, or if the PSK encryption is<br>
done in hardware or software on either platform.<br>
- Whether ar71xx/ath5k driver will let you add more VAPs (encrypted or<br>
not) to a physical interface already broadcasting an encrypted mesh.<br>
- Whether hostapd-mini and wpa-supplicant-mini will correctly<br>
configure IBSS RSN, too.<br>
<br>
It looks like much thanks for getting IBSS RSN to a functional state<br>
on Atheros chips should go to Antonio Quartulli, who is involved with<br>
the BATMAN-based project <a href="http://open-mesh.org" target="_blank">http://open-mesh.org</a>.<br>
<span class="HOEnZb"><font color="#888888"><br>
--<br>
Ben West<br>
<a href="http://gowasabi.net" target="_blank">http://gowasabi.net</a><br>
<a href="mailto:ben@gowasabi.net">ben@gowasabi.net</a><br>
</font></span></blockquote></div><br><br clear="all"><br>-- <br>Ben West<div><a href="http://gowasabi.net" target="_blank">http://gowasabi.net</a><br><a href="mailto:ben@gowasabi.net" target="_blank">ben@gowasabi.net</a><br>
314-246-9434<br></div>