leinad DD-WRT Novice
Joined: 03 Dec 2010 Posts: 3
|
Posted: Sat Dec 11, 2010 2:11 Post subject: WDS and security (WPA, WPA2) |
|
I want to apologize beforehand if this question has already been made, but the huge amount of hits when searching for this topic makes it almost impossible to find the answer.
I managed to set up two routers as a bridge using WDS.
One is a WDS AP, the other a WDS Station with an added Wireless Virtual Interface configured to be an AP.
All these three interfaces have the same security set up: WPA Personal, AES only, same passphrase, same SSID.
It seems to work fine, roaming works, but I have been only been playing a couple of hours with the setup.
Now the actual questions:
Is the traffic between the two routers also WPA encrypted? Or is only the traffic between clients (pc, notebook, smartphone) and the one router to which each client is connected encrypted?
Can I be sure that the weakest link in the entire wireless system is WPA encryption (ignoring the fact that clients could get compromised through other means like worms) and that there is no wireless data in the air being transferred either in the clear or only WEP encrypted?
I ask this because a third router (other manufacturer) which I have (which is not involved in this configuration) had in it's manual stated that regardless of which encryption you use between the AP and the clients, WDS will always be working in WEP, which would be unacceptable to me.
Kind regards,
Daniel |
|
GeeTek DD-WRT Guru
Joined: 06 Jun 2006 Posts: 3763 Location: I'm the one on the plate.
|
Posted: Sat Dec 11, 2010 2:59 Post subject: Re: WDS and security (WPA, WPA2) |
|
leinad wrote: | I ask this because a third router (other manufacturer)... WDS will always be working in WEP, which would be unacceptable to me. |
That is a typical problem with older routers and WDS. DD-WRT and most other modern implimentations of WDS do use WPA encryption when you select it.
Any WDS hardware/firmware that does not support WDS WPA will also not allow you to program it as such.
You can verify this for yourself if you want to play with it. WPA encryption uses the SSID as a component of the scramble key. With no encyryption or with WEP encryption the SSID of the two radios may be different. With WPA they must be the same or the link will not establish. _________________ http://69.175.13.131:8015 Streaming Week-End Disco. Station Ripper V 1.1 will do. |
|