-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
MGTK/IGTK changes do not work #50
Comments
What hardware are you on? This revision - master of my branch ( https://github.com/cococorp/authsae ) works fine on ath10k. |
we are running with 4.1.25 upstream kernel on ath9k if this only works with e newer version then the functionality should probably be disabled somehow. |
btw I changed nothing in our configuration, and therefore did not expect it to get enabled |
@alexgrin , I believe that/your master branch is not quite in sync with upstream and in fact does not include the MGTK/IGTK changes |
Ooops, I was wrong about what I'm running - I'm using this revision in my Makefile - uniumwifi@dca726e |
thanks for the patch link, maybe I can try it tomorrow |
That patch (upstream 46f6b06050b736dab4d41494dae27b883cddc365) went into 4.8 |
I'm currently running a 4.4 kernel, but I'm using compat-wireless 10-08-2016 from LEDE/OpenWRT. You might have to go same route. |
@bcopeland Bob, you added this code. Is it possible to somehow disable it when run on a kernel < 4.8? |
On Thu, Oct 27, 2016 at 12:42:37PM -0700, Ferry Huberts wrote:
I think the thing to do is optionally use the same key as the IGTK, I can cook up a patch for that tomorrow. Bob Copeland %% http://bobcopeland.com/ |
I think that need to set mesh config file with pmf to 1. Give it a try. On Oct 28, 2016 10:19 AM, "Bob Copeland" notifications@github.com wrote:
|
@fhuberts so I made such a patch, but I think @chunyeow's advice is better: just add What is going on here:
There are some scenarios where you would want GTK=IGTK, namely if you are running a mixture of old and new authsae daemons and an old kernel (since old authsae will configure IGTK using GTK), but if you are using the new version of authsae everywhere then just setting pmf=1 should work. |
ok, I can try that. |
ok, pmf=1 appears to work. thanks. I'll open a PR later with this as example in a config file. |
I do see that even with pmf=1 the old version is not interoperable with the new version |
Yes, in order to make that kind of interoperability work, you can try something like this:
|
Just wrote this: https://bobcopeland.com/blog/2016/10/encrypted-mesh-psa/ which is a somewhat more verbose explanation of the problem. |
thanks bob |
On 31/10/16 15:12, Bob Copeland wrote:
Well, I have full control of all the nodes so I'll just update them all ;-) |
We had to back out these changes (go back to 813ec0e).
The network appears to come up but we can't get data over it, even pings do not work
The text was updated successfully, but these errors were encountered: