[opensource] DD-WRT bridge and OSU wireless

Brian Swaney swaneybr at cse.ohio-state.edu
Mon Feb 22 12:14:20 EST 2010

First off, I think OIT not only doesn't support routers for things like 
this, but strictly forbids them. You might get in a lot of trouble if 
you try to bridge osuwireless on something like that. I know ResNet 
does, but I'm pretty sure that applies everywhere. This is because your 
setup puts you in a position where to effectively perform a 
man-in-the-middle attack on anyone in range connecting to "osuwireless". 
Unless you have explicit permission from OIT to bridge a wireless 
connection with a router, I would stop right now. Also, everything said 
on this mailing list is logged and publicly archived, so if something 
happened, they could just see your inquiry on our website. I'm going to 
give a brief explanation of what I see going wrong; what you do with it 
is up to you.

As for your configuration, the biggest problem I see is you have it set 
to "WPA Personal". I don't know much about DD-WRT specifically, but WPA 
personal is a completely different setup from WPA enterprise, which is 
what you want. Therefore, DD-WRT is asking you for all the wrong 
settings. What you will want is WPA enterprise, TKIP, PEAP, and 
MSCHAPv2. In those settings, you will need enter a username and 
password, and probably select a certificate (authority) instead of 
entering a pre-shared key (PSK). I do not know the key renewal interval 
for osuwireless.

Furthermore, if you're trying to create an osuwireless SSID, OIT has 
their own specific (undocumented) settings you would need to configure. 
I think you will need a signed certificate for it to work, but I don't 
know the specific settings as to how many certs exist per device. 
Instead of trying to connect to osuwireless and share it, you'd want to 
consider connecting to a wired connection like most osuwireless routers.

Brian Swaney

S James S Stapleton wrote:
> I wasn't sure where to go for assistance on this one, and I figured 
> since my question involves a popular open source app, and an OSU 
> network, this might at least be a good place to check. I doubt 8-help 
> covers DD-WRT bridges since they aren't in the web documentation.
> Does anyone have experience using a router with DD-WRT installed as a 
> wireless bridge to the OSU network? I have a router (ASUS WL5200GC) 
> that I got DD-WRT on, and the firmware is "v24-sp2 10/10/09 micro". 
> The set up seems ok. I can navigate through the web interface, it 
> asked me to set a user name and password first logon. However, there 
> are many options in the setup not listed in the howto page. I was 
> hoping, if someone had some work done on this, they could share it. 
> The documentation seems to indicate needing a lot of knowledge about 
> the server setup for the wireless router you are connecting to. My 
> setup doesn't work right now. I'm testing someplace where wireless is 
> rarely used, and I'd like to have this configured before I go to some 
> place it is used a lot, so I don't accidentally interfere with someone 
> else's wireless connection.
> What I've tried so far (??? indicates things I'm suspicious about). 
> <This indicates a configuration page>, [this indicates a setting I've 
> entered]
> <wireless->wireless security>
> Security Mode: [WPA Personal[
> WPA Algorithms: [TKIP]
> WPA Shared Key: [] #???
> Key Renewal Interval (in seconds): [3600] #???
> <wireless->RADIUS>
> ??? Should I enable MAC RADIUS client, since some setup guides mention 
> using "WPA RADIUS" ???
> <wireless->basic setting>
> Wireless Mode: [client]
> Wireless Network Mode: [mixed]
> Wireless ssid: [osuwireless]
> Sensitivity Range (ACK timing): [500] #2000 is the default, WIKI 
> suggests using 0 on a bridge except for long distances.
> Network Configuration: [bridged]
> <setup->basic setup>
> Connection type: [DHCP]
> Thanks,
> -Jim Stapleton
> _______________________________________________
> Opensource mailing list
> Opensource at cse.ohio-state.edu
> http://mail.cse.ohio-state.edu/mailman/listinfo/opensource
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5284 bytes
Desc: S/MIME Cryptographic Signature
Url : http://mail.cse.ohio-state.edu/pipermail/opensource/attachments/20100222/77ddf6c2/smime.bin

More information about the Opensource mailing list