OLSR questions: DHCP routing, security
-
I am currently using (well, testing) a custom OLSR / dnsmasq configuration. Most people appear to be using OLSR/dnsmasq in a scenario whereby olsr 'access points" with statically assigned IP addresses provide dhcp access to non-OLSR clients.
What I need is to have the meshed computers themselves obtain their IP addresses via DHCP. Is this possible?
My other question relates to security. What steps have other people taken to secure their wireless olsr mesh networks? I am aware that OLSR has security extensions and there appears to be some people trying to use WPA with OLSR, but I am just looking to hear some opinions.
I apologise if these questions have already been asked and I realise that extensive googling may also provide an answer. If this is the case I would appreciate it if someone pointed me in the right direction. Thanks :)
-
www.olsr.org have lots of info
but normaly you don't have users on the interface where you eneabe the olsrd protocol
you don't whant users on you backbone directly -
What I need is to have the meshed computers themselves obtain their IP addresses via DHCP. Is this possible?
I don't think so, however I did read somewhere about a modified a dhcp server that offers a fixed IP in the 10...* range which is derived/hashed from the requesters MAC address; however I suspect the dhcp server would have to be within direct wireless range or installed on most/all mesh units.
My other question relates to security.
WPA may slow down embedded units with small processors, like wrap, sokris, or re-flashed off-the-shelf units. I have read about problems with olsr's built in security module, something about up-timestamps getting out of sync after reboot and nodes rejecting each other, plus it also slows embedded systems. Perhaps the best security is to use no security, then recommend or install vpn encryption on each client, such as…
http://www.iopus.com/iPig/ -
I believe ATH cards have a built in WPA support which operates at the hardware level. But take this with a grain of salt and research it further. Chances are that WPA support would work fine but I would double check.
-
The ATH cards has AES built in, WPA itself is provided by hostapd/wpa_supplicant. So setting up WPA with AES only should not steal much, but if you are running close to the HW limits, then hostapd/wpa_supplicant might become a problem.