Re: [lime-users] securing LiMe for private use

2017-01-20 17:01 GMT+01:00 bruno vianna <bruno(a)pobox.com>om>: I think that ad-hoc doesn't support encryption (but seems that 802.11s does [1]). In my opinion doing encryption at this level is a trouble, because if the encryption key is not public => the network is not open to participation (LibreMesh is made for "libre" networks); otherwise if the key is public => the security is gone. So the encryption has to be managed at an application layer (VPN, HTTPS...). I suppose that BMX6 supports some encryption... Dunno really... A closed-network profile for LibreMesh could be developed, it would need the lime-proto-client package (partially implemented [2]) and lime-proto-wpa. The mesh connections would be AP-Station (or 802.11s) instead of adhoc. The question from Koen was exactly if WPA was already automagic in LibreMesh: not yet, an idea which will be proposed for GSoC is about this. @Koen: if adding encryption just to the AP interface is enough, should be easy to manually modify the /etc/config/wireless file generated by lime-config adding WPA encryption to AP interface. [1] https://en.wikipedia.org/wiki/IEEE_802.11s#Peer_authentication_methods [2] https://github.com/libremesh/lime-packages/issues/47