12 May
2017
12 May
'17
11:45 a.m.
Hi all
I’ve noticed LEDE supports 802.11r and 802.11w and has the respective settings section in
LUCI under wireless security. I’m not familiar with these protocols other than knowing
they exist and I’m very happy to see them available for use with free and open software.
Is there any way we could start some testing for them for LiMe [especially the first one,
which would make roaming inside the network even more seamless, since it’s one of the core
advantages and of LiMe]? I read that 802.11r requires only one DHCP server to exist on the
network and no separate subnets, but I assume that our replication of such a network with
every node handing out the same leases on the same subnet perfectly simulates this
behavior even in this respect, and the “trickery” works also for this requirement, is this
correct?
Also, is there a good rule of thumb to figure out the right way of enabling features
available in LuCi from the LiMe configuration in SDK? I’ve been trying to put all nodes on
SSH port 42022 [I know, security by obscurity, but it’s better than nothing, and our keys
are 4096, so there’s a solid base already ;] and disable password authentication for
instance. Or adding hostnames, and so on. If there’s a quick way of figuring these things
out, I won’t have to bother any of you for every single customization I need to make ;]
Thank you in advance
Nk
22 Jul
22 Jul
2:15 p.m.
Hi again
A followup on my initial feature request from back in may
I was able to get 802.11r working and tested by manually configuring it on my LiMe nodes
also thanks to a friend.
First you install full wpad [instead of wpad-mini] [something that is already the case
with our https://github.com/libremesh/network-profiles/tree/master/openNET.io network
profiles].
Then the config is rather simple thanks to the one and only real reference on the web
about this topic
[https://www.reddit.com/r/openwrt/comments/515oea/finally_got_80211r_roaming…]
It must be added to every node in /etc/config/wireless under every option ifname
'wlanX-ap’ stanza [I say every in case of multi-band nodes, such as a C7].
It has node-specific variables, so the same config works both for the 2.4GHz interface and
the 5GHz interface, but must be adapted of course for every node on two lines. [4 and 5
here]
option ieee80211r '1'
option mobility_domain ‘1627’ # This is an arbitrary hex string, could be a concat
of %N1 and %N2?
option pmk_r1_push '1'
option nasid ‘46D9E7FBDCCE’ # This must be the colon-stripped BSSID of the
wlanX-ap SSID ON THIS NODE as found in Network > Wireless [see attached screenshot]
option r1_key_holder ‘46D9E7FBDCCE’ # Same as above
list r0kh '46:D9:E7:FB:DC:CE,46D9E7FBDCCE,8a7fcc966ed0691ff2809e1f38c16996’ #
See below code snippet for r0kh and r1kh list
list r0kh
'A6:2B:B0:DE:AD:4B,A62BB0DEAD4B,8a7fcc966ed0691ff2809e1f38c16996'
list r1kh
'46:D9:E7:FB:DC:CE,46:D9:E7:FB:DC:CE,8a7fcc966ed0691ff2809e1f38c16996'
list r1kh
'A6:2B:B0:DE:AD:4B,A6:2B:B0:DE:AD:4B,8a7fcc966ed0691ff2809e1f38c16996'
option ieee80211w ‘1’ # This has nothing to do with 11r, but instead is to enable
11w in optional mode [no config needed for this]
The r0kh and r1kh list seems to have to be as follows:
list r0kh [first BSSID with colons],[first BSSID without colons],[password]
list r0kh [second BSSID with colons],[second BSSID without colons],[password]
list r0kh [third BSSID with colons],[third BSSID without colons],[password]
list r1kh [first BSSID with colons],[first BSSID with colons],[password]
list r1kh [second BSSID with colons],[second BSSID with colons],[password]
list r1kh [third BSSID with colons],[third BSSID with colons],[password]
The [password] is a 32 hex character random string, could be a hash of a concat of %N1,
%N2, etc…?
The only interventions needed are an updated list of every node in the LiMe cloud with
their respective wlanX-ap BSSIDs, the addition and perpetual updating of this config
inside every node’s /etc/config/wireless, and the initial substitution of lines 4 and 5
[in my example] to match that node’s colon-stripped BSSID.
Anyone who would be interested to work on this for LiMe?
Thanks again!
Nk
On May 12, 2017 at 1:45:10 PM, Nk (nk(a)os.vu) wrote:
Hi all
I’ve noticed LEDE supports 802.11r and 802.11w and has the respective settings section in
LUCI under wireless security. I’m not familiar with these protocols other than knowing
they exist and I’m very happy to see them available for use with free and open software.
Is there any way we could start some testing for them for LiMe [especially the first one,
which would make roaming inside the network even more seamless, since it’s one of the core
advantages and of LiMe]? I read that 802.11r requires only one DHCP server to exist on the
network and no separate subnets, but I assume that our replication of such a network with
every node handing out the same leases on the same subnet perfectly simulates this
behavior even in this respect, and the “trickery” works also for this requirement, is this
correct?
Also, is there a good rule of thumb to figure out the right way of enabling features
available in LuCi from the LiMe configuration in SDK? I’ve been trying to put all nodes on
SSH port 42022 [I know, security by obscurity, but it’s better than nothing, and our keys
are 4096, so there’s a solid base already ;] and disable password authentication for
instance. Or adding hostnames, and so on. If there’s a quick way of figuring these things
out, I won’t have to bother any of you for every single customization I need to make ;]
Thank you in advance
Nk
_______________________________________________
lime-users mailing list
lime-users(a)lists.libremesh.org
https://lists.libremesh.org/mailman/listinfo/lime-users
2463
days inactive
2534
days old
lime-users@lists.libremesh.org
1 comments
1 participants
participants (1)
-
Nk