WDS and security (WPA, WPA2)

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
View previous topic :: View next topic  
Author Message
leinad
DD-WRT Novice


Joined: 03 Dec 2010
Posts: 3
PostPosted: Sat Dec 11, 2010 2:11    Post subject: WDS and security (WPA, WPA2) Reply with quote
I want to apologize beforehand if this question has already been made, but the huge amount of hits when searching for this topic makes it almost impossible to find the answer.

I managed to set up two routers as a bridge using WDS.

One is a WDS AP, the other a WDS Station with an added Wireless Virtual Interface configured to be an AP.

All these three interfaces have the same security set up: WPA Personal, AES only, same passphrase, same SSID.

It seems to work fine, roaming works, but I have been only been playing a couple of hours with the setup.

Now the actual questions:
Is the traffic between the two routers also WPA encrypted? Or is only the traffic between clients (pc, notebook, smartphone) and the one router to which each client is connected encrypted?

Can I be sure that the weakest link in the entire wireless system is WPA encryption (ignoring the fact that clients could get compromised through other means like worms) and that there is no wireless data in the air being transferred either in the clear or only WEP encrypted?

I ask this because a third router (other manufacturer) which I have (which is not involved in this configuration) had in it's manual stated that regardless of which encryption you use between the AP and the clients, WDS will always be working in WEP, which would be unacceptable to me.

Kind regards,
Daniel
Back to top View user's profile Send private message
Sponsor
GeeTek
DD-WRT Guru


Joined: 06 Jun 2006
Posts: 3763
Location: I'm the one on the plate.
PostPosted: Sat Dec 11, 2010 2:59    Post subject: Re: WDS and security (WPA, WPA2) Reply with quote
leinad wrote:
I ask this because a third router (other manufacturer)... WDS will always be working in WEP, which would be unacceptable to me.

That is a typical problem with older routers and WDS. DD-WRT and most other modern implimentations of WDS do use WPA encryption when you select it.

Any WDS hardware/firmware that does not support WDS WPA will also not allow you to program it as such.

You can verify this for yourself if you want to play with it. WPA encryption uses the SSID as a component of the scramble key. With no encyryption or with WEP encryption the SSID of the two radios may be different. With WPA they must be the same or the link will not establish.
_________________
http://69.175.13.131:8015 Streaming Week-End Disco. Station Ripper V 1.1 will do.
Back to top View user's profile Send private message
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum