Hello Yeoh, Javier, Just wanted to give an update.
I did get a TL-WN821N, patched my kernel (as per the link), and set ath9k_htc nohwcrypt=1. I was able to get the secure mesh working. I still get the timeout message, but I'm able to ping the different machines and they are all talking to each other. I also tried a TL-WN722N and a TL-WN422G and they are working ok too. I tried the rt2800usb devices again just to see if they might work, but they did not for the secure mesh. The devices above will get me through what I need to do. Thanks for the help. Best regards, Jason Farah -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Yeoh Chun-Yeow Sent: Sunday, April 15, 2012 9:57 AM To: [email protected] Subject: Re: Can't get secure mesh points to talk to each other Hi, Jason I have used ath9k thus far for secured mesh. For usb chipset, you may look into TL-WN821N as mentioned in the Javier's patch. http://www.spinics.net/lists/linux-wireless/msg81227.html Regards, Chun-Yeow On Sat, Apr 14, 2012 at 1:41 AM, Jason Farah <[email protected]> wrote: > Hi, > > That makes sense. > > I tried Yeoh's suggestion and set the parameter nohwcrypt=1. I verified > through /sys that it did take. However, I'm still running into the same > problem, which is the timeout for peer, state 4. It says it's established, > but still can't ping each other. > > I tried lengthening the various timeouts in the mesh parameters and also the > max retries, but that did not have any effect. > > What chipsets have you used to get a secure mesh? Do some chipsets perform > better than others for this task? This is an embedded board and I am limited > to using USB only. > > > Thanks, > Jason Farah > > > -----Original Message----- > From: [email protected] > [mailto:[email protected]] On Behalf Of Javier > Cardona > Sent: Friday, April 13, 2012 12:42 PM > To: [email protected] > Subject: Re: Can't get secure mesh points to talk to each other > > Hi Jason, > > Just to provide a bit more detail to Yeoh's response: > > To support mesh security in hardware, your wireless card needs to support > multiple encryption keys and management frame encryption. The driver > advertises this capability to the 802.11 stack via the flags: > IEEE80211_HW_MFP_CAPABLE and IEEE80211_HW_SUPPORTS_PER_STA_GTK. The > rt2800 driver does not seem to support these: > > in rt28000lib.c:rt2800_probe_hw_mode() > rt2x00dev->hw->flags = > IEEE80211_HW_SIGNAL_DBM | > IEEE80211_HW_SUPPORTS_PS | > IEEE80211_HW_PS_NULLFUNC_STACK | > IEEE80211_HW_AMPDU_AGGREGATION | > IEEE80211_HW_REPORTS_TX_ACK_STATUS; > > So your only option with that hardware would be to use software encryption, > and this is what the nohwcrypt module parameter will do. > If you look in the list archives I believe Yeoh had posted some results on > the performance implications of software encryption. > > Cheers, > > Javier > > On Fri, Apr 13, 2012 at 9:01 AM, Yeoh Chun-Yeow <[email protected]> > wrote: >> How about loading your kernel module rt2800usb with nohwcrypt=1. >> >> Chun-Yeow >> >> On Fri, Apr 13, 2012 at 11:00 PM, Jason Farah <[email protected]> wrote: >>> Hello all, >>> >>> >>> >>> I'm having a problem trying to get my secure mesh points talking to >>> each other. I've compiled authsae, I'm using linux kernel version >>> 3.2.13 with the necessary configs, and the adapters I'm working with >>> use the rt2800usb modules. >>> >>> >>> >>> In open mesh mode, everything works fine. But, I can't seem to >>> figure out the secure mesh. >>> >>> >>> >>> First, I start up meshd-nl80211 as per the webpage. Everything >>> seems ok here except the last few lines: >>> >>> >>> >>> electrum100:~/authsae/linux# ./meshd-nl80211 -c >>> ../config/authsae.sample.cfg -s byteme -i mesh0 & >>> >>> >>> >>> .... >>> >>> >>> >>> estab with 00:14:d1:7c:33:8f >>> >>> set auth flag (seq num=1334243328) >>> >>> set plink state (seq num=1334243333) >>> >>> mesh plink with 00:14:d1:7c:33:8f established >>> >>> nlerror, cmd 11, seq 1334243330: Invalid argument >>> >>> nlerror, cmd 11, seq 1334243331: Invalid argument >>> >>> Mesh plink timer for 00:14:d1:7c:33:8f fired on state ESTAB >>> >>> Timeout for peer 00:14:d1:7c:33:8f in state 4 >>> >>> >>> >>> >>> >>> It looks like an error, but appears to establish anyway? I do have >>> the full message if anyone is interested. Next, I do a station dump: >>> >>> >>> >>> electrum100:~/authsae/linux# iw dev mesh0 station dump >>> >>> Station cc:5d:4e:2b:76:d8 (on mesh0) >>> >>> inactive time: 542 ms >>> >>> rx bytes: 2148 >>> >>> rx packets: 40 >>> >>> tx bytes: 484 >>> >>> tx packets: 3 >>> >>> tx retries: 0 >>> >>> tx failed: 0 >>> >>> signal: -37 dBm >>> >>> signal avg: -36 dBm >>> >>> tx bitrate: 1.0 MBit/s >>> >>> mesh llid: 0 >>> >>> mesh plid: 0 >>> >>> mesh plink: ESTAB >>> >>> authorized: yes >>> >>> authenticated: yes >>> >>> preamble: long >>> >>> WMM/WME: yes >>> >>> MFP: yes >>> >>> >>> >>> >>> >>> The other device gives similar output. And this output looks >>> similar to the one on the o11s.org webpage. It says it's >>> established, but they still cannot ping each other. When I go back >>> to open mesh, everything works fine. Am I missing something on the secure >>> setup? >>> I'm using the default config file, which at first glance looks ok >>> for me. Any pointers would be greatly appreciated. >>> >>> >>> >>> >>> >>> Best regards, >>> >>> Jason Farah >>> >>> >>> >>> >>> _______________________________________________ >>> Devel mailing list >>> [email protected] >>> http://lists.open80211s.org/cgi-bin/mailman/listinfo/devel >>> >> _______________________________________________ >> Devel mailing list >> [email protected] >> http://lists.open80211s.org/cgi-bin/mailman/listinfo/devel > > > > -- > Javier Cardona > cozybit Inc. > http://www.cozybit.com > _______________________________________________ > Devel mailing list > [email protected] > http://lists.open80211s.org/cgi-bin/mailman/listinfo/devel > _______________________________________________ > Devel mailing list > [email protected] > http://lists.open80211s.org/cgi-bin/mailman/listinfo/devel _______________________________________________ Devel mailing list [email protected] http://lists.open80211s.org/cgi-bin/mailman/listinfo/devel _______________________________________________ Devel mailing list [email protected] http://lists.open80211s.org/cgi-bin/mailman/listinfo/devel
