summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorAlain Lamar <alain_lamar@yahoo.de>2020-04-17 22:52:55 +0200
committerAlain Lamar <alain_lamar@yahoo.de>2020-04-17 23:10:41 +0200
commitdfc38d03261322dc9781cad5b4b66affb7682cb4 (patch)
treea75512921cc9ae17d3344426c1094a83221484ea /src
parent3b3b33e4ffe46747014342238807bfdacbe74db4 (diff)
downloadvyos-1x-dfc38d03261322dc9781cad5b4b66affb7682cb4.tar.gz
vyos-1x-dfc38d03261322dc9781cad5b4b66affb7682cb4.zip
wireless: T2306: Add new cipher suites to the WiFi configuration
Yet, VyOS knows these two encryption schemes for WiFi: 1. CCMP = AES in Counter mode with CBC-MAC (CCMP-128) 2. TKIP = Temporal Key Integrity Protocol These encryption schemes are new and especially the Galois counter mode cipher suites are very desirable! 1. CCMP-256 = AES in Counter mode with CBC-MAC with 256-bit key 2. GCMP = Galois/counter mode protocol (GCMP-128) 3. GCMP-256 = Galois/counter mode protocol with 256-bit key CCMP is supported by all WPA2 compatible NICs, so this remains the default cipher for bidirectional and group packets while using WPA2. Use 'iw list' to figure out which cipher suites your cards support prior to configuring other cipher suites than CCMP. AP NICs and STA NICs must both support at least one common cipher in a given list in order to associate successfully.
Diffstat (limited to 'src')
-rwxr-xr-xsrc/conf_mode/interfaces-wireless.py4
1 files changed, 4 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py
index 498c24df0..1964af6e1 100755
--- a/src/conf_mode/interfaces-wireless.py
+++ b/src/conf_mode/interfaces-wireless.py
@@ -442,6 +442,10 @@ def get_config():
wifi['sec_wpa_cipher'].append('CCMP')
wifi['sec_wpa_cipher'].append('TKIP')
+ # WPA Group Cipher suite
+ if conf.exists('security wpa group-cipher'):
+ wifi['sec_wpa_group_cipher'] = conf.return_values('security wpa group-cipher')
+
# WPA personal shared pass phrase
if conf.exists('security wpa passphrase'):
wifi['sec_wpa_passphrase'] = conf.return_value('security wpa passphrase')