Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FS#2673 - rsn_preauth_interface should be configurable #7580

Open
openwrt-bot opened this issue Dec 13, 2019 · 2 comments
Open

FS#2673 - rsn_preauth_interface should be configurable #7580

openwrt-bot opened this issue Dec 13, 2019 · 2 comments
Labels

Comments

@openwrt-bot
Copy link

hexa-:

OpenWrt currently automatically uses the client-facing interface ($network_bridge) as rsn_preauth_interface.

https://git.openwrt.org/?p=openwrt/openwrt.git;a=blob;f=package/network/services/hostapd/files/hostapd.sh;h=4bf6a6c9712785f40d059445f80f19d4f2992f4b;hb=HEAD#l554

It would be preferable to be able to configure this manually, since this is the interface where 802.11i preauthentication frames are transmitted over. This should not be mixed with the actual client network.

The hostapd configuration says the following:

# Space separated list of interfaces from which pre-authentication frames are # accepted (e.g., 'eth0' or 'eth0 wlan0wds0'. This list should include all # interface that are used for connections to other APs. This could include # wired interfaces and WDS links. The normal wireless data interface towards # associated stations (e.g., wlan0) should not be added, since # pre-authentication is only used with APs other than the currently associated # one. #rsn_preauth_interfaces=eth0
@openwrt-bot
Copy link
Author

hexa-:

On second thought without something to forward those frames to the management interface that wouldn't work either.

The rsn_preauth_copy_iface option was unfortunately never merge.
https://lists.infradead.org/pipermail/hostap/2016-February/035080.html

@openwrt-bot
Copy link
Author

dangowrt:

I believe something like rsn_preauth_copy-iface will be needed when using AP-STA isolation and bridge port isolation (which is common in public networks)...

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant