I could not get a password protected 802.11s up using only wpad-mesh with option encryption set to authsae or psk2/aes.
Having installed wpad-mini and authsae it seems to work with option encryption 'authsae'. My mesh nodes (FSC Futro S200 family thin clients and TL-WR703N (extrooted)) then only can communicate using the same password.
(Currently using LEDE-17.01.4 on all meshed systems.)
Uhm, I don't even have the /var/run/wpa_supplicant-wlan?.conf on my router, so I'm guessing it (and mesh support) is firmware/driver dependant. How can I check if my router radios support mesh?
I didn't have time lately to play around with this, but after some google-ing and experimenting I seem to have success with encryption (finally). The trick was to change "option encryption 'authsae' ". If seems we just need to put 'psk2' or 'psk2+ccmp' like "normal". I am using wpad-mesh (without authsae)
I had no success with wpad-mesh and encryption. My experiments are using the packages wpad-mini and authsae (17.01.4 on x86-legacy thin clients and extrooted TL-WR703Ns).
My guinea pigs only can join the mesh when the password matches, so it at least halfway works.
As long as I don't know how to verify that encryption really is doing its job I do not bridge the mesh to my LAN or WAN interfaces. So I have not tried bridging it yet.
The router is just plugged in one of my bedrooms in the "middle" of my apartment. I can connect just fine the its AP and get internet/lan via the Mesh. IP addresses are via DHCP on my main router, and my devices get these just fine via the "mesh". Using only wpad-mesh. The authsae package is really old and depreciated.
Does encryption really work...thats a good question. I don't know how to check, I can only confirm that without a key or wrong key it doesn't connect. Suppose it doesn't work, should I be able to see the mesh-traffic as "plain-text" using wireshark, and how?
I'll give it another shot when I have some free time, but I just wanted to say @drbrains -- huge thank you for replying in this thread and to PMs of multiple people trying to achieve working mesh setup.
Hi there.
I'm new to working with Mesh Networks. I've been trying to install packages on my R7800 Netgear router, via opkg. But everytime I try this 'opkg install wpad authsae', I get the following message :
Package authsae (2014-06-09-8531ab158910a525d4bcbb3ad02c08342f6987f2) installed
in root is up to date.
Configuring libnl-tiny.
//usr/lib/opkg/info/libnl-tiny.postinst: //usr/lib/opkg/info/libnl-tiny.postinst
: 4: default_postinst: not found
Configuring authsae.
//usr/lib/opkg/info/authsae.postinst: //usr/lib/opkg/info/authsae.postinst: 4: d
efault_postinst: not found
Configuring babeld.
//usr/lib/opkg/info/babeld.postinst: //usr/lib/opkg/info/babeld.postinst: 4: def
ault_postinst: not found
Configuring hostapd-common.
//usr/lib/opkg/info/hostapd-common.postinst: //usr/lib/opkg/info/hostapd-common.
postinst: 4: default_postinst: not found
Collected errors:
* check_data_file_clashes: Package wpad wants to install file /usr/sbin/hostapd
But that file is already provided by package * qca-hostap
* check_data_file_clashes: Package wpad wants to install file /usr/sbin/wpa_sup
plicant
But that file is already provided by package * qca-wpa-supplicant
* opkg_install_cmd: Cannot install package wpad.
* pkg_run_script: package "libnl-tiny" postinst script returned status 127.
* opkg_configure: libnl-tiny.postinst returned 127.
* pkg_run_script: package "authsae" postinst script returned status 127.
* opkg_configure: authsae.postinst returned 127.
* pkg_run_script: package "babeld" postinst script returned status 127.
* opkg_configure: babeld.postinst returned 127.
* pkg_run_script: package "hostapd-common" postinst script returned status 127.
* opkg_configure: hostapd-common.postinst returned 127.
This is the content of my opkg.conf file
dest root /
dest ram /tmp
lists_dir ext /var/opkg-lists
option overlay_root /overlay
option check_signature 1
src/gz snapshots_base http://downloads.openwrt.org/snapshots/trunk/ipq806x/generic/packages/base
If you do build libopenssl into an image, you might want to set CONFIG_OPENSSL_WITH_COMPRESSION=y otherwise uhttpd won't run TLS sucessfully, at least as configured by default.