Consider including wpad-mesh-openssl by default #613
Comments
|
would this also allow the use of ssl on uhttpd? |
|
I don't think so... Maybe that would be more overlapping if we use |
|
Yep, they share packages:
|
ilario
changed the title
Yes, you'd need to install |
|
This sounds great! |
|
I'm using wpad-mesh-wolfssl with libremesh (with lime-proto-batadv) on quite a lot of 4/32 MB devices (without LuCI). I agree that those should no longer be officially supported to discourage anyone from buying them. But I guess I will be needing to maintain quite a number of them for quite a while... |
|
Sure, we can try (and I agree that it would be great) to have also 4 MB images released (and even if we do not, it will be possible to obtain 4 MB images compiling a custom image). I think that if we include mesh encryption on the 8 MB image, we need to include it also on the 4 MB one, but we will discuss this elsewhere :) |
@ilario i started reflecting a bit about that here: https://hackmd.io/@nicopace/PWA-LibreRouter |
|
@ilario |
|
Thanks @AndyMcSchopf !!
Reading the thread you linked seems that a patch was created, but it is not present in 19.07.3. Surely it will be present in 19.07.4. |
|
@ilario I compiled the 19.07 branch (SNAPSHOT) Yesterday, and yes! I works with the new wolfssl Version. |
wolfssl has been fine for a while, it was hostapd which needed some fixing:
Is that ath10k? If so, which firmware you are using? (-ct?) And are you trying on DFS channels? |
Thanks for the correction ;-)
Meanwhile I found the hint in the openwrt wiki to not use the -ct driver and firmware for meshing. I got this one working too ;-) |
|
A small follow-up: OpenWrt 19.07.4 was released on past Wednesday and its Hostapd/Wolfssl already include the needed patch (https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=631c437a91c20df678b25dcc34fe23636116a35a) |
|
@ilario I might add that I compiled my whole images with 19.07.4 and they are all working with wolfssl. |
Sorry for not testing this before, I just tested compiling an image based on OpenWrt 19.07 with I did not test with OpenWrt 18.06, nor I tested if shared-state is affected. |
|
In order to consider this fixed, we have to resolve #799 and libremesh/libremesh.github.io#125 |
|
When compiling on top of OpenWrt 22.03 I didn't manage to deselect wpad-basic-wolfssl (which was selected by default) in order to select wpad-mesh-wolfssl. See openwrt/openwrt#8312 |
ilario
changed the title
|
From various sources, mainly users on the Element/Matrix chatroom, seems that WolfSSL is not good for lossy transport medium like wifi mesh, on which OpenSSL is much more stable. so it is approx 1.5 MB, maybe it takes more space when unpacked. |
and others
Currently we ship images with just wpad-mini.
This means that one willing to have encryption over the ieee802.11s mesh connections has to install additional packages.
This is incorrectly documented in lime-example: wpad-mesh should be replaced by wpad-mesh-wolfssl or wpad-mesh-openssl.
In my opinion we could just add wpad-mesh-wolfssl in the default packages list.
This also have the advantage of adding the support for WPA3-SAE, channel auto selection and DFS restricted channels (cit. @p4u on #268).
I tried to compile an image (with all the LibreMesh packages, for a TP-Link WDR3600) with just wpad-mini and one with just wpad-mesh-wolfssl (strange thing, the package does not appear at first in the menuconfig, it appears after selecting and deselecting wpad):
With only wpad-mini the sysupgrade.bin image is 4915204 bytes.
With only wpad-mesh-wolfssl the sysupgrade.bin image is 5308420 bytes.
So there's 384 kB difference.
Both if we agree on this or not, we should document this also on the website and update lime-example.
The text was updated successfully, but these errors were encountered: