WDS and WPA: working?

Hugo Espuny hec at espuny.net
Sat Dec 18 08:27:25 EST 2004

Jouni Malinen wrote:

> I'm not completely sure I understood what you are trying to do.. 

Just securing my WDS wifi network over 104WEP.

> As far as I know, Linksys WRT54G does not support WPA-PSK with WDS links. Are
> you using a third party firmware on this AP?

You are right. I'm using Sveasoft Alchemy firmware.

> Host AP driver might have support for WPA-PSK when using WDS, but the
> hostapd/wpa_supplicant combination would need some changes to implement
> the 4-Way Handshake for this. I have tested TKIP on top of WDS links, so
> the encryption part should be working. Key management part is somewhat
> more open since there is no standard describing this operation for WDS.
> In other words, if you have this working with between some APs, one
> would at least need to figure out what they are doing (e.g., with a
> wireless sniffer) do negotiate the connection and then modify hostapd
> and wpa_supplicant to do something similar.

If i understand you, WDS over WPA protocol is not an standar and even vendor 
dependant, and wpa_supplicant/hostapd is not supporting that right now. I suppose 
i should better use some VPN like IPsec. Due to this limitation, how is other people 
implementing secure WDS networks? Note that WEP is not an option secure enough for me.


Hugo Espuny                 hec at espuny.net | GNUPG key:
debian developer            hec at debian.org | pub  1024D/E8074ECF 2002-06-28
For more info, visit http://www.debian.org | sub  2048g/6AA037B4 2002-10-22
GNUPG key fingerprint:   D324 3DC4 1F2A 0936 DEB9  A4D9 D24A 8237 E807 4ECF

| "I've seen things you people wouldn't believe, huh!                     |
|  Attack ships on fire off the shoulder of Orion.                        |
|  I've watched C-beams glittering in the dark near the Tannhauser Gate.  |
|  All those moments will be lost in time, like tears ... in the rain.    |
|  Time to die."                                                          |
|    -- Roy Batty, nexus 6 Tyrrel Corp. replicant, 2019 AC, L.A. --       |

Please avoid sending me Word or PowerPoint attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html

More information about the HostAP mailing list