diff options
author | Alain Lamar <alain_lamar@yahoo.de> | 2020-04-17 22:52:55 +0200 |
---|---|---|
committer | Alain Lamar <alain_lamar@yahoo.de> | 2020-04-17 23:10:41 +0200 |
commit | dfc38d03261322dc9781cad5b4b66affb7682cb4 (patch) | |
tree | a75512921cc9ae17d3344426c1094a83221484ea /src | |
parent | 3b3b33e4ffe46747014342238807bfdacbe74db4 (diff) | |
download | vyos-1x-dfc38d03261322dc9781cad5b4b66affb7682cb4.tar.gz vyos-1x-dfc38d03261322dc9781cad5b4b66affb7682cb4.zip |
wireless: T2306: Add new cipher suites to the WiFi configuration
Yet, VyOS knows these two encryption schemes for WiFi:
1. CCMP = AES in Counter mode with CBC-MAC (CCMP-128)
2. TKIP = Temporal Key Integrity Protocol
These encryption schemes are new and especially the Galois counter mode
cipher suites are very desirable!
1. CCMP-256 = AES in Counter mode with CBC-MAC with 256-bit key
2. GCMP = Galois/counter mode protocol (GCMP-128)
3. GCMP-256 = Galois/counter mode protocol with 256-bit key
CCMP is supported by all WPA2 compatible NICs, so this remains the
default cipher for bidirectional and group packets while using WPA2.
Use 'iw list' to figure out which cipher suites your cards support
prior to configuring other cipher suites than CCMP. AP NICs and
STA NICs must both support at least one common cipher in a given
list in order to associate successfully.
Diffstat (limited to 'src')
-rwxr-xr-x | src/conf_mode/interfaces-wireless.py | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/conf_mode/interfaces-wireless.py b/src/conf_mode/interfaces-wireless.py index 498c24df0..1964af6e1 100755 --- a/src/conf_mode/interfaces-wireless.py +++ b/src/conf_mode/interfaces-wireless.py @@ -442,6 +442,10 @@ def get_config(): wifi['sec_wpa_cipher'].append('CCMP') wifi['sec_wpa_cipher'].append('TKIP') + # WPA Group Cipher suite + if conf.exists('security wpa group-cipher'): + wifi['sec_wpa_group_cipher'] = conf.return_values('security wpa group-cipher') + # WPA personal shared pass phrase if conf.exists('security wpa passphrase'): wifi['sec_wpa_passphrase'] = conf.return_value('security wpa passphrase') |