Does WPA work with DDWRT in WDS??

Discussion in 'DD-WRT Firmware' started by dellsweig, Jun 3, 2005.

    Does WPA work between two WRT54G's running DD-WRT (pre5)??

    Are you running lazy WDS or MAC specific WDS??

    Which flavor of WPA are you using??

    I am currently doing WEP 128 but got rid of my last non-WPA compatible system so I am considering tightening things up a little.....
    i had wds working on pre 3.3 fine. lazywds of disabled and each others mac addresses enetered into the wds page . you need to use the same ssid for wpa to wotk however.
    Unfortunately no, WDS does not work with WPA. As far as I know WPA will never work with WDS for any firmware due to the way it works (the APs would all generate different keys and then WDS wouldn't work anymore). You can, however, use WPA with client mode (I have done this myself and comfirmed it works) if all you want is a bridge.
    WDS does work with WPA-PSK AES as long as you use the same PSK and SSID.
    Don't tell my router that it does not work!

    WDS will, and does work with WPA. Not sure about DD-WRT, but it works with other firmwares. It even works on the stock Belkin firmware.

    ok then. as far as I knew it did not (it wouldn't work with HyperWRT, only WEP would).
    Well, I finally tried to take 2 of my WPA connected WRT54G (DD-WRT Pre5 June 5) from WEP 128 to WPA.

    I tried WPA AES, WPA TKIP and WPA AES&TKIP. No luck

    Both nodes were working with WEP 128, same SSID, same channel, lazy WDS off, MACs entered in WDS configs.
    For my test, I used a simple WPA PSK - "t3st". Obviously, I made the same settings on both WRT's. I could not get the WPA to associate. I could not ping though. RSSI readings showed the other WDS node.

    I am using mixed mode (B & G)

    As I said, I tried all three combinations of WPA. I made sure a client could connect to the WRT in each mode.

    I could not get WPA to work with WDS.

    I finally fell back to WEP 128 - all is back working again.

    Any ideas?? I would like to use WPA with my WDS network.
    Actually I have since moved all my routers over to DD-WRT and can confirm that WDS works with WPA - AES. Did you disable the DHCP and Internet port on you client WRT?
    I've got WPA-PSK working using D-WRT #22 prefinal4 on both routers(WRT54GSv2).
    I find that if I make any changes on the second router I have to power-cycle it to get it to reset the key. Otherwise it shows connected but I cannot pass any packets.
    I have the same SSID on both but I am not sure if that is required.
    The answer is yes - DHCP and Inet port disabled on the client WDS node. WDS works fine with WEP128 but not with WPA....

    I am using mixed mode - I have some B clients. Are you running pure G or mixed??
    I can confirm that at least in pre4 WDS with WPA-PSK AES works.
    Same SSID, WAN and DHCP disabled on 2nd router, G-only.

    I already had it work with TKI+AES.
    I am running in a pure G mode.
    G mode only seems to be the key to getting WPA to work with WDS...
    Damn! - I'm playing with the thought to buy a zyxel prestige 2000W wireless ip phone which only supports 802.11b :cry:

    Hope the final version will also work with WPA in mixed mode.
    Maybe this is why I could never make WDS work with WPA - I was changing from WEP to WPA!!!

    Brainslayer - are you going to migrate this TKIP fix into DD-WRT??

    [Wireless] WRT54G - New Firmware Released

    Download at: »

    Release Notes:

    Linksys, A division of Cisco Systems, Inc.

    Product: WRT54G

    Classification: Firmware Release History

    Firmware Date: 4/26/2005

    Release Date:

    Last Firmware Version: 4.00.7
    Firmware 4.00.7
    - Adds SecureEasySetup push button support
    - Resolves large file transfer issues
    - Resolves issue with enabling TKIP after enabling WEP
    - Updated QoS features
    - Resolves issues with multiple Access Restrictions policies
    - Resolves issue where multicast breaks when MAC filter status changes
    Unfortunately , I have 2 WRT54G with HyperWRT 2.1. They could work with WPA-PSK AES in WDS mode.

    2 Router: G mode only , Same SSID, Channel and password.
    Client : disable DHCP, UPNP only .
    This looks like the best answer I have found yet. It does not explain why some people have gotten WPA to work under WDS - there must be something epcific in their configurations which allow it to function.

    It's not a DD-WRT bug, but a known limitation of WDS itself:

    "Dynamically assigned and rotated encryption keys are not supported in a WDS connection. This means that Wi-Fi Protected Access (WPA) and other dynamic key assignment technology may not be used. Static WEP keys only may be used in a WDS connection, including any STAs that associate to a WDS repeating AP" (see:
    yep, 100% confirmed WDS does not work with WPA on DD-WRT pre5 final. no matter how many different hundreds of configurations i tried.

    if i change WPA -> WEP then it works instantly and perfectly. that is the ONLY change made: WPA->WEP and it works. change to WPA and it stops working.

    so it is 100% confirmed non-working WDS-WPA here.
    its not 100% comfirmed becuase it is working fine here at my house with 2 wrts a 1.0 and a 3.0 running pre-5. WDS using WPA-PSK and AES
    RTSAnime, please post your nvram settings for us to examine. (minus the PSK's of course)

    something like this should be sufficient:

    nvram show | grep -v _key.= | grep -v _psk= | grep -v _key= | grep -v password | grep -v _pass
    there are a lot of people unable to get WPA + WDS working on DD-WRT, so sharing your nvram config will let us determine what's wrong. it will be a great help to the community.
    i never got wds working too.

    now when it comes to mac address do u really need to enter each other wrts mac address. do the wrts need to be on diff subnets?

    i dont know what i am doing wrond.
    There most likely is an attempt to make WPA work inside the wireless drivers. This most likely works in some scenareos as some folks have WPA working over WDS. The drivers are NOT open source but included as 'black boxes' in the various builds (DD-WRT, Sveasoft, Hyperwrt) so no one outside of Broadcomm or Linksys has seen the driver source.

    It seems that the folks that have made it work usually have never set up WEP before (note there is a fix in the latest Linksys source to address this) and are using a pure G environment. There are most likely many other factors involved.

    Hopefully, the Broadcomm folks will work this out in a later driver release or someone will write a new set of drivers which includes a good working implementation of WPA over WDS.

    Until then, those that have it working make those who cant get it (WPA over WDS) working jealous

    yup i am pissed off and jealious.
    I'm at work right now so I can't post the info, but if it does help I have never run WEP on any of my routers before and have always run in a pure-G mode, so the bug fix from the latest Linksys release might be what is causing the issue you guys are experiencing. Also I don't know if this makes a difference but I also have Frame bursts enabled.
    unfortunately the nvram show command spans too many lines and I cannot reach the top of it to post all the settings. I am using telnet should I try through another program?
    nvram show | grep -v _key.= | grep -v _psk= | grep -v _key= | grep -v password | grep -v _pass | more

    then you can cut+paste a page at a time.
    whoooo i just got it to work!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

    enable frame burst. and make sure you have both routers wireless mac address!!!!!!!. use the one shown on the start-up page in dd-wrt.

    the problem i had was getting the mac address right on both routers.

    i am runningno mac adress filter but wpa this is so cool. no more wep for me!!!
    are you using TKIP, AES or TKIP+AES ?
    i am using tkip with a 11 character passpharse. and 3 numbers. this is great!!!!
    can you try AES?
    ok give me a 10min to post the results ok?
    aes works!!
    when making changes to the routers make sure to reboot. hwne i switched fomr tkip to aes to had to reboot both routers. i am using pre 5 the lastest pre5. on both routers.
    it must be the frame bursting that is making the difference. I thought everyone used it by default since it speeds things up.
    i think that Frame Burst did the trick. i was never succesful in setting up wds but as soon as i got the right mac addresses and fram burst it worked great. and the wpa works great too.
    WPA works on prefinal 5

    Yep :wink: . Mine works as well. I just bought another WRT54GS tonight so I wouldn't have to run an ethernet cable to play xbox. It was such a hassel. I used the setup guide from this website and it worked like a charm. I am using DD-WRT prefinal 5, G only, same SSID, WPA tkip. Be sure to always reboot the router after all of your settings are set. I am also getting great speeds, comparatively speaking.
    Did you ever have WEP enabled on either of your routers used??

    I have been unable to get WPA to work - the difference I see is that I am switching from WEP to WPA. There seems to be a linksys bug which was addressed in the latest build from Linksys which addressed this problem. Could be something as simple as an nvram clear for the WEP key....
    i have never tired wep ever on these routers. and i dont plan too becuase of the bug. try to falsh to linksys firmware and flash back to dd-wrt pre 5. though this might mess with the jffs partiton.
