Mesh no encryption possible

Installing and Using OpenWrt Network and Wireless Configuration
1

hey,
i followed this steps to configure a mesh network https://openwrt.org/docs/guide-user/network/wifi/mesh/80211s, but i can't get a connection as soon i enable encryption. i tried "psk2/aes" and "sae".

installed wpad on both devices.

router 1:
ZyXEL NBG6617
OpenWrt SNAPSHOT r9427-02cd7f8b7a

router 2:
TP-Link TL-WDR3600 v1
OpenWrt SNAPSHOT r9427-02cd7f8b7a

settings on both devices

        option device 'radio1'
        option mode 'mesh'
        option mesh_id 'OpenWrt_5ghz'
        option mesh_fwding '1'
        option mesh_rssi_threshold '0'
        option network 'lan'
        option key '123'
        option encryption 'sae'

log

Mon Feb 25 14:32:48 2019 kern.info kernel: [ 2661.506150] br-lan: port 3(wlan1-1) entered blocking state
Mon Feb 25 14:32:48 2019 kern.info kernel: [ 2661.509756] br-lan: port 3(wlan1-1) entered forwarding state
Mon Feb 25 14:32:48 2019 daemon.notice hostapd: wlan1-1: interface state HT_SCAN->ENABLED
Mon Feb 25 14:32:48 2019 daemon.notice hostapd: wlan1-1: AP-ENABLED
Mon Feb 25 14:32:48 2019 kern.info kernel: [ 2661.620504] IPv6: ADDRCONF(NETDEV_UP): wlan1: link is not ready
Mon Feb 25 14:32:48 2019 daemon.notice wpa_supplicant[9281]: Successfully initialized wpa_supplicant
Mon Feb 25 14:32:48 2019 daemon.err wpa_supplicant[9281]: Line 6: invalid key_mgmt 'SAE'
Mon Feb 25 14:32:48 2019 daemon.err wpa_supplicant[9281]: Line 6: no key_mgmt values configured.
Mon Feb 25 14:32:48 2019 daemon.err wpa_supplicant[9281]: Line 6: failed to parse key_mgmt 'SAE'.
Mon Feb 25 14:32:48 2019 daemon.err wpa_supplicant[9281]: Line 7: too large mode (value=5 max_value=4)
Mon Feb 25 14:32:48 2019 daemon.err wpa_supplicant[9281]: Line 7: failed to parse mode '5'.
Mon Feb 25 14:32:48 2019 daemon.err wpa_supplicant[9281]: Line 8: unknown network field 'mesh_fwding'.
Mon Feb 25 14:32:48 2019 daemon.err wpa_supplicant[9281]: Line 9: unknown network field 'mesh_rssi_threshold'.
Mon Feb 25 14:32:48 2019 daemon.err wpa_supplicant[9281]: Line 17: failed to parse network block.
Mon Feb 25 14:32:48 2019 daemon.err wpa_supplicant[9281]: Failed to read or parse configuration '/var/run/wpa_supplicant-wlan1.conf'.
Mon Feb 25 14:32:48 2019 daemon.notice netifd: radio1 (8970): cat: can't open '/var/run/wpa_supplicant-wlan1.pid': No such file or directory
Mon Feb 25 14:32:48 2019 daemon.notice netifd: radio1 (8970): WARNING (wireless_add_process): executable path /usr/sbin/wpad does not match process  path (/proc/exe)
Mon Feb 25 14:32:48 2019 daemon.notice netifd: radio1 (8970): Command failed: Invalid argument
Mon Feb 25 14:32:48 2019 daemon.notice netifd: radio1 (8970): Interface 1 setup failed: WPA_SUPPLICANT_FAILED
Mon Feb 25 14:32:48 2019 daemon.notice netifd: radio1 (8970): command failed: Link has been severed (-67)
Mon Feb 25 14:32:48 2019 user.notice mac80211: Failed command: iw dev wlan1 set mesh_param mesh_rssi_threshold 0
Mon Feb 25 14:32:48 2019 daemon.notice netifd: radio1 (8970): command failed: Link has been severed (-67)
Mon Feb 25 14:32:48 2019 user.notice mac80211: Failed command: iw dev wlan1 set mesh_param mesh_fwding 1
Mon Feb 25 14:32:48 2019 daemon.notice netifd: Network device 'wlan1-1' link is up
Mon Feb 25 14:32:48 2019 daemon.info hostapd: wlan1-1: STA c4:6e:1f:14:18:0c IEEE 802.11: authenticated
Mon Feb 25 14:32:48 2019 daemon.info hostapd: wlan1-1: STA c4:6e:1f:14:18:0c IEEE 802.11: associated (aid 1)
Mon Feb 25 14:32:49 2019 daemon.notice hostapd: wlan1-1: AP-STA-CONNECTED c4:6e:1f:14:18:0c
Mon Feb 25 14:32:49 2019 daemon.info hostapd: wlan1-1: STA c4:6e:1f:14:18:0c WPA: pairwise key handshake completed (RSN)
Mon Feb 25 14:32:49 2019 daemon.info dnsmasq-dhcp[2032]: DHCPREQUEST(br-lan) 192.168.1.227 c4:6e:1f:14:18:0c
Mon Feb 25 14:32:49 2019 daemon.info dnsmasq-dhcp[2032]: DHCPACK(br-lan) 192.168.1.227 c4:6e:1f:14:18:0c DESKTOP-U23U3LE
Mon Feb 25 14:32:50 2019 daemon.warn odhcpd[826]: DHCPV6 CONFIRM IA_NA from 000100012346a7fb74d435fdd883 on lan: ok 2003:f5:83c2:bf00::da7/128 fd46:90ec:5a0f::da7/128
Mon Feb 25 14:32:52 2019 daemon.warn odhcpd[826]: DHCPV6 CONFIRM IA_NA from 000100012346a7fb74d435fdd883 on lan: ok 2003:f5:83c2:bf00::da7/128 fd46:90ec:5a0f::da7/128
Mon Feb 25 14:32:54 2019 daemon.warn odhcpd[826]: DHCPV6 CONFIRM IA_NA from 000100012346a7fb74d435fdd883 on lan: ok 2003:f5:83c2:bf00::da7/128 fd46:90ec:5a0f::da7/128
2

I believe wpad-mesh is required as, at least at one time, wpad surprisingly didn’t provide the needed bits like “full” would in many other packages.

1 Like
3

thank you. works now

1 Like
4

i was a bit to early :frowning: when i install wpad-mesh and set an encryption, it seems to ignore the encryption i set, because when i "scan" it shows the network is still open

oLe54nG.png726Ă—95 

        option device 'radio1'
        option mode 'mesh'
        option mesh_id 'OpenWrt_5ghz'
        option mesh_fwding '1'
        option mesh_rssi_threshold '0'
        option network 'lan'
        option key '123'
        option encryption 'psk2/aes'
5

I'm not sure that the scan function correctly parses the tagging of SAE encryption, so this isn't a good indication.

To see if the network is really secured, try setting up a rogue mesh point to see if it would be possible for an unauthorized user to join the network without the key. Also monitor packets to see if they are clear or encrypted.

2 Likes
6

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.