Re: OpenHarbors - Dynamic Tunneling of WPA over IP/L2TP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, 2024-06-19 at 11:03 +0200, Linus Lüssing wrote:
> 
> If a user uses user123@xxxxxxxxxxx they'd be forwarded to
> my-home.net. If customer333@xxxxxxxxxxxxxxxx then to
> vpn-provider.org. These domains wouldn't need to be added to a
> config on the AP due to being determined/parsed on-demand from EAPoL.

This seems ... problematic, to say the least? Who knows they won't
authenticate to pretend@xxxxxxxxxxxxxxxxx? Might want to have an allow-
list or so somewhere? That sort of defeats the purpose though, but seems
somewhat needed?

> 2) Get hostapd + Linux kernel to emit WPA CCMP frames encapsulated
> in an ethernet frame on the Wifi interface.
> 3) Get hostapd to use a wifi AP interface per STA for this, similar
> to WDS mode.

You forgot to mention the part where you _don't_ want the wireless side
to actually have the keys and decrypt the packet, I think? But that's
... tricky, hardware often requires the keys to do a proper connection
in the first place, and once you have management frame encryption you
also really need it. But then hardware will decrypt your data frames
too.

> 2) Get hostapd to create a special mac80211_hwsim virtual wifi
> interface based on received EAPoL, use it to receive and decrypt the
> WPA CCMP frames from the Linux kernel's WPA encryption/decryption
> code, have hostapd install the PMK to it.

You're confusing the key architecture and how it all works in Linux
enough that I don't even know how to comment on this.

johannes

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap




[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux