WDS and WPA: working?

Hugo Espuny hec at espuny.net
Sat Dec 18 08:27:25 EST 2004


Jouni Malinen wrote:

> I'm not completely sure I understood what you are trying to do.. 

Just securing my WDS wifi network over 104WEP.

> As far as I know, Linksys WRT54G does not support WPA-PSK with WDS links. Are
> you using a third party firmware on this AP?

You are right. I'm using Sveasoft Alchemy firmware.

> Host AP driver might have support for WPA-PSK when using WDS, but the
> hostapd/wpa_supplicant combination would need some changes to implement
> the 4-Way Handshake for this. I have tested TKIP on top of WDS links, so
> the encryption part should be working. Key management part is somewhat
> more open since there is no standard describing this operation for WDS.
> In other words, if you have this working with between some APs, one
> would at least need to figure out what they are doing (e.g., with a
> wireless sniffer) do negotiate the connection and then modify hostapd
> and wpa_supplicant to do something similar.

If i understand you, WDS over WPA protocol is not an standar and even vendor 
dependant, and wpa_supplicant/hostapd is not supporting that right now. I suppose 
i should better use some VPN like IPsec. Due to this limitation, how is other people 
implementing secure WDS networks? Note that WEP is not an option secure enough for me.

--
bye,

Hugo Espuny                 hec at espuny.net | GNUPG key:
debian developer            hec at debian.org | pub  1024D/E8074ECF 2002-06-28
For more info, visit http://www.debian.org | sub  2048g/6AA037B4 2002-10-22
GNUPG key fingerprint:   D324 3DC4 1F2A 0936 DEB9  A4D9 D24A 8237 E807 4ECF

---------------------------------------------------------------------------
| "I've seen things you people wouldn't believe, huh!                     |
|  Attack ships on fire off the shoulder of Orion.                        |
|  I've watched C-beams glittering in the dark near the Tannhauser Gate.  |
|  All those moments will be lost in time, like tears ... in the rain.    |
|  Time to die."                                                          |
|    -- Roy Batty, nexus 6 Tyrrel Corp. replicant, 2019 AC, L.A. --       |
---------------------------------------------------------------------------

Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html





More information about the HostAP mailing list