ibss mode with wpa2 encryption?
Ben Greear
greearb
Mon Nov 24 15:50:57 PST 2014
On 11/24/2014 03:35 PM, Jouni Malinen wrote:
> On Mon, Nov 24, 2014 at 02:39:40PM -0800, Ben Greear wrote:
>> I'm trying to get ath9k NICs to do wpa2 encryption on ibss
>> networks with the config below. I do not see any obvious errors
>> in the supplicant logs, but it will not pass traffic.
>
>> Is this supposed to work? The peer station has a similar setup.
>
> RSN IBSS is supposed to work and well, works at least with
> mac80211_hwsim, but I have not tested with ath9k recently. Anyway, your
> configuration has some issues that would likely explain traffic not
> working.
>
>> proto=RSN
>> pairwise=NONE
>> group=TKIP
>
> While TKIP is allowed, I'd use CCMP with RSN since TKIP does not make
> much sense for a case where every single device supporting RSN will also
> support CCMP. Anyway, the larger issue is with pairwise=NONE. That is
> not really something I would have ever tested with RSN IBSS since proper
> pairwise encryption should be used with RSN STAs. In other words,
> replace those with pairwise=CCMP and group=CCMP to make this more
> meaningful.
I was trying to parse the meaning out of this entry, and it looks like
I got it wrong.
# mode: IEEE 802.11 operation mode
# 0 = infrastructure (Managed) mode, i.e., associate with an AP (default)
# 1 = IBSS (ad-hoc, peer-to-peer)
# 2 = AP (access point)
# Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP) and
# WPA-PSK (with proto=RSN). In addition, key_mgmt=WPA-NONE (fixed group key
# TKIP/CCMP) is available for backwards compatibility, but its use is
# deprecated. WPA-None requires following network block options:
# proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not
# both), and psk must also be set.
I'll retest this with your suggested config above.
Thanks,
Ben
--
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc http://www.candelatech.com
More information about the Hostap
mailing list