Security concerns in a Mesh Wi-Fi network

Pablo Osuna posuna at ehas.org
Mon Feb 6 10:41:55 EST 2006


Hi:

We are at the moment developing a Mesh Wi-Fi network in poor isolated
rural areas in Latin American countries. Our network is designed based
on Point to Point links among Wi-Fi nodes. We would like to use Ad-Mode
but due to instability problems we are using Master-Managed mode for
every link. We are using wireless cards running with Hostap (for links
up to 20km) and Madwifi (links longer than 20km).
The node hardware is based on Soekris board, which has 3 wireless
interfaces.

Lets say for example a node could have two Hostap cards (one in Master
mode and the other one in Managed Mode) and one Madwifi card running in
Master mode. So in the same Soekris we have three links with three
different ESSIDs. 

At the moment we are using WEP security for every of those links but we
would like to strengthen this point migrating to WPA PreShared Key
(WPA-PSK).
I am quite newbie to WPA but it seems we need an authenticator (Hostapd)
for the Master AP side and a client (Wpasupplicant) for the Managed
side. I have gone through Hostapd and Wpasupplicant and my questions
are:

- Can we use WPA-PSK in a network like ours? I mean, in the node
described before we would need:

1) Hostapd for the Master Hostap card. ESSID: Link1
2) Hostapd for the Master Madwifi card. ESSID: Link2
3) Wpasupplicant for the Managed Hostap card. ESSID: Link3

- Lets assume another case for the three interfaces scheme: One card
running in Master mode and two cards running in Managed mode. In that
case:

1) Hostapd for the Master Hostap card. ESSID: Link1
2) Wpasupplicant for the Managed Madwifi card. ESSID: Link2
3) Wpasupplicant for the Managed Hostap card. ESSID: Link3

The question could be summarized as: Is WPA thought for a
infrastructure-centralized network or it can be used for a topology like
us, that is, in the same computer running several cards for different
links?
If WPA was not a solution for us, which other security approaches you
suggest we could take (even in upper layers than wireless one)?

Hope you understand our questions and can help us.

Best regards:

Pablo Osuna




More information about the HostAP mailing list