Hi again
A followup on my initial feature request from back in may
I was able to get 802.11r working and tested by manually configuring it on my LiMe nodes also thanks to a friend.
It must be added to every node in /etc/config/wireless under every option ifname 'wlanX-ap’ stanza [I say every in case of multi-band nodes, such as a C7].
It has node-specific variables, so the same config works both for the 2.4GHz interface and the 5GHz interface, but must be adapted of course for every node on two lines. [4 and 5 here]
option ieee80211r '1'
option mobility_domain ‘1627’ # This is an arbitrary hex string, could be a concat of %N1 and %N2?
option pmk_r1_push '1'
option nasid ‘46D9E7FBDCCE’ # This must be the colon-stripped BSSID of the wlanX-ap SSID ON THIS NODE as found in Network > Wireless [see attached screenshot]
option r1_key_holder ‘46D9E7FBDCCE’ # Same as above
list r0kh '46:D9:E7:FB:DC:CE,46D9E7FBDCCE,8a7fcc966ed0691ff2809e1f38c16996’ # See below code snippet for r0kh and r1kh list
list r0kh 'A6:2B:B0:DE:AD:4B,A62BB0DEAD4B,8a7fcc966ed0691ff2809e1f38c16996'
list r1kh '46:D9:E7:FB:DC:CE,46:D9:E7:FB:DC:CE,8a7fcc966ed0691ff2809e1f38c16996'
list r1kh 'A6:2B:B0:DE:AD:4B,A6:2B:B0:DE:AD:4B,8a7fcc966ed0691ff2809e1f38c16996'
option ieee80211w ‘1’ # This has nothing to do with 11r, but instead is to enable 11w in optional mode [no config needed for this]
The r0kh and r1kh list seems to have to be as follows:
list r0kh [first BSSID with colons],[first BSSID without colons],[password]
list r0kh [second BSSID with colons],[second BSSID without colons],[password]
list r0kh [third BSSID with colons],[third BSSID without colons],[password]
list r1kh [first BSSID with colons],[first BSSID with colons],[password]
list r1kh [second BSSID with colons],[second BSSID with colons],[password]
list r1kh [third BSSID with colons],[third BSSID with colons],[password]
The [password] is a 32 hex character random string, could be a hash of a concat of %N1, %N2, etc…?
The only interventions needed are an updated list of every node in the LiMe cloud with their respective wlanX-ap BSSIDs, the addition and perpetual updating of this config inside every node’s /etc/config/wireless, and the initial substitution of lines 4 and 5 [in my example] to match that node’s colon-stripped BSSID.
Anyone who would be interested to work on this for LiMe?
Thanks again!
Nk
On May 12, 2017 at 1:45:10 PM, Nk (nk@os.vu) wrote:
Hi all
I’ve noticed LEDE supports 802.11r and 802.11w and has the
respective settings section in LUCI under wireless security. I’m
not familiar with these protocols other than knowing they exist and
I’m very happy to see them available for use with free and open
software. Is there any way we could start some testing for them for
LiMe [especially the first one, which would make roaming inside the
network even more seamless, since it’s one of the core advantages
and of LiMe]? I read that 802.11r requires only one DHCP server to
exist on the network and no separate subnets, but I assume that our
replication of such a network with every node handing out the same
leases on the same subnet perfectly simulates this behavior even in
this respect, and the “trickery” works also for this requirement,
is this correct?
Also, is there a good rule of thumb to figure out the right
way of enabling features available in LuCi from the LiMe
configuration in SDK? I’ve been trying to put all nodes on SSH port
42022 [I know, security by obscurity, but it’s better than nothing,
and our keys are 4096, so there’s a solid base already ;] and
disable password authentication for instance. Or adding hostnames,
and so on. If there’s a quick way of figuring these things out, I
won’t have to bother any of you for every single customization I
need to make ;]
Thank you in advance
Nk
_______________________________________________
lime-users mailing list
lime-users@lists.libremesh.org
https://lists.libremesh.org/mailman/listinfo/lime-users