diff options
author | Alain Lamar <alain_lamar@yahoo.de> | 2020-04-17 22:52:55 +0200 |
---|---|---|
committer | Alain Lamar <alain_lamar@yahoo.de> | 2020-04-17 23:10:41 +0200 |
commit | dfc38d03261322dc9781cad5b4b66affb7682cb4 (patch) | |
tree | a75512921cc9ae17d3344426c1094a83221484ea /data/templates/wifi/hostapd.conf.tmpl | |
parent | 3b3b33e4ffe46747014342238807bfdacbe74db4 (diff) | |
download | vyos-1x-dfc38d03261322dc9781cad5b4b66affb7682cb4.tar.gz vyos-1x-dfc38d03261322dc9781cad5b4b66affb7682cb4.zip |
wireless: T2306: Add new cipher suites to the WiFi configuration
Yet, VyOS knows these two encryption schemes for WiFi:
1. CCMP = AES in Counter mode with CBC-MAC (CCMP-128)
2. TKIP = Temporal Key Integrity Protocol
These encryption schemes are new and especially the Galois counter mode
cipher suites are very desirable!
1. CCMP-256 = AES in Counter mode with CBC-MAC with 256-bit key
2. GCMP = Galois/counter mode protocol (GCMP-128)
3. GCMP-256 = Galois/counter mode protocol with 256-bit key
CCMP is supported by all WPA2 compatible NICs, so this remains the
default cipher for bidirectional and group packets while using WPA2.
Use 'iw list' to figure out which cipher suites your cards support
prior to configuring other cipher suites than CCMP. AP NICs and
STA NICs must both support at least one common cipher in a given
list in order to associate successfully.
Diffstat (limited to 'data/templates/wifi/hostapd.conf.tmpl')
-rw-r--r-- | data/templates/wifi/hostapd.conf.tmpl | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/data/templates/wifi/hostapd.conf.tmpl b/data/templates/wifi/hostapd.conf.tmpl index e2fb9ca8f..d6068e4db 100644 --- a/data/templates/wifi/hostapd.conf.tmpl +++ b/data/templates/wifi/hostapd.conf.tmpl @@ -572,6 +572,16 @@ wpa_pairwise={{ sec_wpa_cipher | join(" ") }} {%- endif -%} {% endif %} +{% if sec_wpa_group_cipher -%} +# Optional override for automatic group cipher selection +# This can be used to select a specific group cipher regardless of which +# pairwise ciphers were enabled for WPA and RSN. It should be noted that +# overriding the group cipher with an unexpected value can result in +# interoperability issues and in general, this parameter is mainly used for +# testing purposes. +group_cipher={{ sec_wpa_group_cipher | join(" ") }} +{% endif %} + {% if sec_wpa_passphrase -%} # IEEE 802.11 specifies two authentication algorithms. hostapd can be # configured to allow both of these or only one. Open system authentication |