OpenWrt Forum Archive

Topic: authsae encrypted 802.11s mesh on ralink wifi

The content of this topic has been archived on 28 Mar 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
greybeard
1 Feb 2017, 07:02

After a lot of stuffing around I've finally managed to get an authsae encrypted link running on ralink hardware.
Previously I have achieved this on athxx hardware.

Trick was to add an entry to the ralink wifi driver.
On my test setup this was a NEXX WT3020 device
In /etc/modules.d/rt2800-soc
edit the file as follows
rt2800soc nohwcrypt=1

ie, add the nohwcrypt=1 entry to disable hardware crypto on the wifi chip

I have an encrypted (authsae) 802.11s link running between a tplink WR703 (with extroot) and a NEXX WT3020.
Hope this helps someone else.

[edit] and running on a a5-v11 device with extroot with the same config change

(Last edited by greybeard on 1 Feb 2017, 07:25)

Post #2
faruktezcan
1 Mar 2017, 23:42

Hı there!
I tried your method with my 2 wt3020 routers. There was no success with encryption.
Can you please post your configuration  files?

Thank you.

Post #3
greybeard
2 Mar 2017, 02:53

I haven't got those devices currently configured with 802.11s and authsae.
See this post https://forum.openwrt.org/viewtopic.php?id=64779 for configs uploaded previously.
The change regarding nohwcrypt is the only change I made to mt wt3020 to get it to work.
If you need any other help you'll need to provide more information than 'There was no success with encryption' to give me a chance of working out what the problem is that needs fixing.

Post #4
mk24
2 Mar 2017, 03:31

Set up a non encrypted mesh first and confirm it works.  Then with the authsae package installed, add two lines to each station's wireless interface config:

option encryption 'authsae'
option key '<pre-shared-secret>'

All the mesh stations using the same secret key of course.  Meshes need to be set up directly not through Luci.  Once entered, do not touch that interface with LuCI.

Post #5
faruktezcan
3 Mar 2017, 23:38

Hi there.

I finally managed to establish a secure 802.11s mesh network between my NEXX WT3020 routers by using "nohwcrypt=1" trick,

Thank you all.

Post #6
faruktezcan
5 Mar 2017, 22:14

Issue with nohwcrypt :
If I  use this option for encrypted connection between two routers than the CPUs have to deal with encryption. That means I  need powerful CPUs. In my example, the communication between NEXX WT3020 routers was not successful if I  start to watch a movie. Simply, the connection breaks and the router restarts by itself. So, technically it is possible with nohwcrypt option, but you need more powerful CPU to handle the encryption

(Last edited by faruktezcan on 5 Mar 2017, 22:22)

Post #7
greybeard
6 Mar 2017, 01:13

Interesting update. Didn't catch this as my testing wasn't under load, just for connectivity.

(Last edited by greybeard on 6 Mar 2017, 01:13)

The discussion might have continued from here.