WDS and WPA: working?

Hugo Espuny hec at espuny.net
Sat Dec 18 08:27:25 EST 2004

Jouni Malinen wrote:

> I'm not completely sure I understood what you are trying to do.. 

Just securing my WDS wifi network over 104WEP.

> As far as I know, Linksys WRT54G does not support WPA-PSK with WDS links. Are
> you using a third party firmware on this AP?

You are right. I'm using Sveasoft Alchemy firmware.

> Host AP driver might have support for WPA-PSK when using WDS, but the
> hostapd/wpa_supplicant combination would need some changes to implement
> the 4-Way Handshake for this. I have tested TKIP on top of WDS links, so
> the encryption part should be working. Key management part is somewhat
> more open since there is no standard describing this operation for WDS.
> In other words, if you have this working with between some APs, one
> would at least need to figure out what they are doing (e.g., with a
> wireless sniffer) do negotiate the connection and then modify hostapd
> and wpa_supplicant to do something similar.

If i understand you, WDS over WPA protocol is not an standar and even vendor 
dependant, and wpa_supplicant/hostapd is not supporting that right now. I suppose 
i should better use some VPN like IPsec. Due to this limitation, how is other people 
implementing secure WDS networks? Note that WEP is not an option secure enough for me.


