Modify

Opened 7 years ago

Closed 4 years ago

#5788 closed defect (fixed)

[PATCH] Allow more psk/psk2 and tkip/aes wireless configurations

Reported by: wberrier@… Owned by: developers
Priority: normal Milestone: Features Paradise
Component: base system Version: Trunk
Keywords: nas wpa wpa2 tkip aes psk psk2 Cc:

Description

Based on #4687 , but I didn't have permissions to open that ticket, so I'm posting a new one here.

Based on the recent tkip/wpa vulnerabilities, it would be nice to have more fine grained control over how the wireless is set up. This allows me to secure the network, but still allow older clients/drivers to connect.

This is a fix based from here:

http://www.mail-archive.com/openwrt-devel@lists.openwrt.org/msg00693.html

And allows the following combinations:

auth,wsec table (implemented in broadcom.sh):

4,2: psk/tkip
4,4: psk/aes
4,6: psk/tkip+aes (currently unsupported)

128,2: psk2/tkip (currently unsupported)
128,4: psk2/aes
128,6: psk2/tkip+aes (currently unsupported)

132,2: psk+psk2/tkip (currently unsupported)
132,4: psk+psk2/aes (currently unsupported)
132,6: psk+psk2/tkip+aes

------------------

2,2: wpa/tkip
2,4: wpa/aes (currently unsupported)
2,6: wpa/tkip+aes (currently unsupported)

64,2: wpa2/tkip (currently unsupported)
64,4: wpa2/aes
64,6: wpa2/tkip+aes (currently unsupported)

66,2: wpa+wpa2/tkip (currently unsupported)
66,4: wpa+wpa2/aes (currently unsupported)
66,6: wpa+wpa2/tkip+aes

Note, you'll have to use quotes around the config option if you want to use a pipe:

option encryption "psk+psk2|aes"

or, you can use a different char, such as a colon without quotes:

option encryption psk+psk2:aes

Attachments (2)

broadcom_nas_wpa_combinations.patch (2.2 KB) - added by wberrier@… 7 years ago.
Patch that applies against trunk
broadcom_nas_wpa_combinations_10.03.patch (1.8 KB) - added by wberrier@… 6 years ago.
Updated to patch against trunk (or 10.03)

Download all attachments as: .zip

Change History (6)

Changed 7 years ago by wberrier@…

Patch that applies against trunk

comment:1 Changed 7 years ago by nico

  • Milestone changed from Kamikaze 8.09.2 to Kamikaze Features Paradize
  • Version changed from Kamikaze 8.09 to Trunk

Changed 6 years ago by wberrier@…

Updated to patch against trunk (or 10.03)

comment:2 Changed 6 years ago by wberrier@…

Is anyone else interested in having support for all the available encryption combinations?

comment:3 Changed 4 years ago by Cody P Schafer <openwrt@…>

I'm interested in having support for all the available encryption combinations.

Even more useful would be documenting the options for nas, and forbidding/warning about options that aren't expected to work.

comment:4 Changed 4 years ago by nbd

  • Resolution set to fixed
  • Status changed from new to closed

this was fixed years ago, in r21997

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.