Does WPA work with DDWRT in WDS??

Discussion in 'DD-WRT Firmware' started by dellsweig, Jun 3, 2005.

  1. dellsweig

    dellsweig Network Guru Member


    Does WPA work between two WRT54G's running DD-WRT (pre5)??

    Are you running lazy WDS or MAC specific WDS??

    Which flavor of WPA are you using??

    I am currently doing WEP 128 but got rid of my last non-WPA compatible system so I am considering tightening things up a little.....
  2. Toxic

    Toxic Administrator Staff Member

    i had wds working on pre 3.3 fine. lazywds of disabled and each others mac addresses enetered into the wds page . you need to use the same ssid for wpa to wotk however.
  3. Toxic

    Toxic Administrator Staff Member

  4. RTSAnime

    RTSAnime Network Guru Member

    Unfortunately no, WDS does not work with WPA. As far as I know WPA will never work with WDS for any firmware due to the way it works (the APs would all generate different keys and then WDS wouldn't work anymore). You can, however, use WPA with client mode (I have done this myself and comfirmed it works) if all you want is a bridge.
  5. Toxic

    Toxic Administrator Staff Member

    WDS does work with WPA-PSK AES as long as you use the same PSK and SSID.
  6. grcore

    grcore Network Guru Member

    Don't tell my router that it does not work!

    WDS will, and does work with WPA. Not sure about DD-WRT, but it works with other firmwares. It even works on the stock Belkin firmware.

  7. RTSAnime

    RTSAnime Network Guru Member

    ok then. as far as I knew it did not (it wouldn't work with HyperWRT, only WEP would).
  8. dellsweig

    dellsweig Network Guru Member


    Well, I finally tried to take 2 of my WPA connected WRT54G (DD-WRT Pre5 June 5) from WEP 128 to WPA.

    I tried WPA AES, WPA TKIP and WPA AES&TKIP. No luck

    Both nodes were working with WEP 128, same SSID, same channel, lazy WDS off, MACs entered in WDS configs.
    For my test, I used a simple WPA PSK - "t3st". Obviously, I made the same settings on both WRT's. I could not get the WPA to associate. I could not ping though. RSSI readings showed the other WDS node.

    I am using mixed mode (B & G)

    As I said, I tried all three combinations of WPA. I made sure a client could connect to the WRT in each mode.

    I could not get WPA to work with WDS.

    I finally fell back to WEP 128 - all is back working again.

    Any ideas?? I would like to use WPA with my WDS network.
  9. RTSAnime

    RTSAnime Network Guru Member

    Actually I have since moved all my routers over to DD-WRT and can confirm that WDS works with WPA - AES. Did you disable the DHCP and Internet port on you client WRT?
  10. greenBastard

    greenBastard Guest

    I've got WPA-PSK working using D-WRT #22 prefinal4 on both routers(WRT54GSv2).
    I find that if I make any changes on the second router I have to power-cycle it to get it to reset the key. Otherwise it shows connected but I cannot pass any packets.
    I have the same SSID on both but I am not sure if that is required.
  11. dellsweig

    dellsweig Network Guru Member

    The answer is yes - DHCP and Inet port disabled on the client WDS node. WDS works fine with WEP128 but not with WPA....

    I am using mixed mode - I have some B clients. Are you running pure G or mixed??
  12. DevilStick

    DevilStick Network Guru Member

    I can confirm that at least in pre4 WDS with WPA-PSK AES works.
    Same SSID, WAN and DHCP disabled on 2nd router, G-only.

    I already had it work with TKI+AES.
  13. RTSAnime

    RTSAnime Network Guru Member

    I am running in a pure G mode.
  14. dellsweig

    dellsweig Network Guru Member

    G mode only seems to be the key to getting WPA to work with WDS...
  15. DevilStick

    DevilStick Network Guru Member

    Damn! - I'm playing with the thought to buy a zyxel prestige 2000W wireless ip phone which only supports 802.11b :cry:

    Hope the final version will also work with WPA in mixed mode.
  16. dellsweig

    dellsweig Network Guru Member

    Maybe this is why I could never make WDS work with WPA - I was changing from WEP to WPA!!!

    Brainslayer - are you going to migrate this TKIP fix into DD-WRT??

    [Wireless] WRT54G - New Firmware Released

    Download at: »

    Release Notes:

    Linksys, A division of Cisco Systems, Inc.

    Product: WRT54G

    Classification: Firmware Release History

    Firmware Date: 4/26/2005

    Release Date:

    Last Firmware Version: 4.00.7
    Firmware 4.00.7
    - Adds SecureEasySetup push button support
    - Resolves large file transfer issues
    - Resolves issue with enabling TKIP after enabling WEP
    - Updated QoS features
    - Resolves issues with multiple Access Restrictions policies
    - Resolves issue where multicast breaks when MAC filter status changes
  17. wrt54gs

    wrt54gs Network Guru Member

    Unfortunately , I have 2 WRT54G with HyperWRT 2.1. They could work with WPA-PSK AES in WDS mode.

    2 Router: G mode only , Same SSID, Channel and password.
    Client : disable DHCP, UPNP only .
  18. dellsweig

    dellsweig Network Guru Member

    This looks like the best answer I have found yet. It does not explain why some people have gotten WPA to work under WDS - there must be something epcific in their configurations which allow it to function.

    It's not a DD-WRT bug, but a known limitation of WDS itself:

    "Dynamically assigned and rotated encryption keys are not supported in a WDS connection. This means that Wi-Fi Protected Access (WPA) and other dynamic key assignment technology may not be used. Static WEP keys only may be used in a WDS connection, including any STAs that associate to a WDS repeating AP" (see:
  19. bani

    bani Network Guru Member

    yep, 100% confirmed WDS does not work with WPA on DD-WRT pre5 final. no matter how many different hundreds of configurations i tried.

    if i change WPA -> WEP then it works instantly and perfectly. that is the ONLY change made: WPA->WEP and it works. change to WPA and it stops working.

    so it is 100% confirmed non-working WDS-WPA here.
  20. RTSAnime

    RTSAnime Network Guru Member

    its not 100% comfirmed becuase it is working fine here at my house with 2 wrts a 1.0 and a 3.0 running pre-5. WDS using WPA-PSK and AES
  21. bani

    bani Network Guru Member

    RTSAnime, please post your nvram settings for us to examine. (minus the PSK's of course)

    something like this should be sufficient:

    nvram show | grep -v _key.= | grep -v _psk= | grep -v _key= | grep -v password | grep -v _pass
  22. bani

    bani Network Guru Member

    there are a lot of people unable to get WPA + WDS working on DD-WRT, so sharing your nvram config will let us determine what's wrong. it will be a great help to the community.
  23. jagboy

    jagboy Network Guru Member

    i never got wds working too.

    now when it comes to mac address do u really need to enter each other wrts mac address. do the wrts need to be on diff subnets?

    i dont know what i am doing wrond.
  24. dellsweig

    dellsweig Network Guru Member

    There most likely is an attempt to make WPA work inside the wireless drivers. This most likely works in some scenareos as some folks have WPA working over WDS. The drivers are NOT open source but included as 'black boxes' in the various builds (DD-WRT, Sveasoft, Hyperwrt) so no one outside of Broadcomm or Linksys has seen the driver source.

    It seems that the folks that have made it work usually have never set up WEP before (note there is a fix in the latest Linksys source to address this) and are using a pure G environment. There are most likely many other factors involved.

    Hopefully, the Broadcomm folks will work this out in a later driver release or someone will write a new set of drivers which includes a good working implementation of WPA over WDS.

    Until then, those that have it working make those who cant get it (WPA over WDS) working jealous

  25. jagboy

    jagboy Network Guru Member

    yup i am pissed off and jealious.
  26. RTSAnime

    RTSAnime Network Guru Member

    I'm at work right now so I can't post the info, but if it does help I have never run WEP on any of my routers before and have always run in a pure-G mode, so the bug fix from the latest Linksys release might be what is causing the issue you guys are experiencing. Also I don't know if this makes a difference but I also have Frame bursts enabled.
  27. RTSAnime

    RTSAnime Network Guru Member

    unfortunately the nvram show command spans too many lines and I cannot reach the top of it to post all the settings. I am using telnet should I try through another program?
  28. bani

    bani Network Guru Member

    nvram show | grep -v _key.= | grep -v _psk= | grep -v _key= | grep -v password | grep -v _pass | more

    then you can cut+paste a page at a time.
  29. jagboy

    jagboy Network Guru Member

    whoooo i just got it to work!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    enable frame burst. and make sure you have both routers wireless mac address!!!!!!!. use the one shown on the start-up page in dd-wrt.

    the problem i had was getting the mac address right on both routers.

    i am runningno mac adress filter but wpa this is so cool. no more wep for me!!!
  30. bani

    bani Network Guru Member

    are you using TKIP, AES or TKIP+AES ?
  31. jagboy

    jagboy Network Guru Member

    i am using tkip with a 11 character passpharse. and 3 numbers. this is great!!!!
  32. bani

    bani Network Guru Member

    can you try AES?
  33. jagboy

    jagboy Network Guru Member

    ok give me a 10min to post the results ok?
  34. jagboy

    jagboy Network Guru Member

    aes works!!
  35. jagboy

    jagboy Network Guru Member

    when making changes to the routers make sure to reboot. hwne i switched fomr tkip to aes to had to reboot both routers. i am using pre 5 the lastest pre5. on both routers.
  36. RTSAnime

    RTSAnime Network Guru Member

    it must be the frame bursting that is making the difference. I thought everyone used it by default since it speeds things up.
  37. jagboy

    jagboy Network Guru Member

    i think that Frame Burst did the trick. i was never succesful in setting up wds but as soon as i got the right mac addresses and fram burst it worked great. and the wpa works great too.
  38. sspilman

    sspilman Guest

    WPA works on prefinal 5

    Yep :wink: . Mine works as well. I just bought another WRT54GS tonight so I wouldn't have to run an ethernet cable to play xbox. It was such a hassel. I used the setup guide from this website and it worked like a charm. I am using DD-WRT prefinal 5, G only, same SSID, WPA tkip. Be sure to always reboot the router after all of your settings are set. I am also getting great speeds, comparatively speaking.
  39. dellsweig

    dellsweig Network Guru Member


    Did you ever have WEP enabled on either of your routers used??

    I have been unable to get WPA to work - the difference I see is that I am switching from WEP to WPA. There seems to be a linksys bug which was addressed in the latest build from Linksys which addressed this problem. Could be something as simple as an nvram clear for the WEP key....
  40. jagboy

    jagboy Network Guru Member

    i have never tired wep ever on these routers. and i dont plan too becuase of the bug. try to falsh to linksys firmware and flash back to dd-wrt pre 5. though this might mess with the jffs partiton.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice