WDS + WPA2 in latest Tomato release

Discussion in 'Tomato Firmware' started by bigclaw, Mar 3, 2008.

  1. bigclaw

    bigclaw Network Guru Member

    Does anybody know whether WPA2 is supported when using WDS in the latest Tomato release?

    My main router has been a WRTSL54GS, but I have just acquired a dedicated NAS solution so that the storage link functionality of the WRTSL54GS is no longer needed. Therefore, I have removed one of the last remaining hurdles for me to try an all Tomato solution.

    However, I just noticed in some old posts that Tomato doesn't support WDS with WPA2. If that's true, I'm not sure I'm 100% comfortable with the switch.

  2. szfong

    szfong Network Guru Member

    if it's not supported, I believe it will inform you of that fact. Try "wpa/wpa2 personal"... it'll pick the one most appropriate for your situation, eg clients connect at wpa2, wds will connect to each other as wpa
  3. HennieM

    HennieM Network Guru Member

    At the risk of stating the obvious, there's very little difference between WPA/AES and WPA2/AES. WPA2 is about 99% WPA with CCMP (AES) encryption.

    The other benefits of of WPA2 is mostly "cosmetic", the main one being client pre-authentication (fast roaming). However, among WDS nodes, there's no "client" moving from one AP to another, so nothing to gain there. (Fast roaming should still hold for clients of the WDS nodes though, if the WPA/WPA2 mix works as intended).

    If it's about maintaining compatibility with existing clients, the WPA/WPA2 option suggested by szfong should solve that if it works, and the WDS nodes do not get confused by being set to WPA/WPA2.
  4. bigclaw

    bigclaw Network Guru Member

    I have about 6 wireless routers around my townhouse. Four of them are WPA, one unencrypted, and one WEP. I'm the only WPA2 on the block! I'd like to keep it that way! :)

    However, it seems that I still get WPA2 from all wireless clients and only WPA between WDS nodes. That should work... as long as my neighbors still see my router as WPA2, with envy!

    I know I'm superficial...
  5. aspoon

    aspoon LI Guru Member

    Do you mean that you have configured both your WDS nodes to use WPA2, and the WDS link would use WPA and all supported clients would use WPA2? I have a WDS over WEP at home, and would like to explore the WDS over WPA/WPA2 option.
  6. bigclaw

    bigclaw Network Guru Member

    Yes. That's what I meant. I hope it works that way. In fact, I just installed Tomato 1.17 on both routers, and the WPA/WPA2 mixed option does work. What I have not done is to verify that laptops are indeed communicating with the router using WPA2. The two laptops are in use by family members right now. I'll confirm shortly.
  7. szfong

    szfong Network Guru Member

    if your using the same wds supported firmware the mixed wpa/wpa2+aes/tkip is ok. but if you start adding openwrt & dd-wrt into the mix, I would recommend wpa+aes/tkip or else you'll notice some abrupt disconnects happening. wpa2 only does not work well in wds mode.
  8. bigclaw

    bigclaw Network Guru Member

    Good news and bad news.

    Good news is that I've confirmed that wireless clients (laptops) are indeed connected with WPA2. I assume the WDS link itself is using WPA as you guys mentioned, which is fine by me.

    Bad news is that I just did another wireless survey, and one of my neighbors is using WPA2 now! I'm no longer the coolest one on the block.

    See my signature for the current setup.

    Thanks all for the help!
  9. Katzenstreu

    Katzenstreu LI Guru Member

    WPA is not really saver than WPA2? When I could use WPA.
    I would eneble the eirelessfilter an accept only known MAC-adresses.
    I konow - they can be cloned. But it's better then nothing.
  10. bigclaw

    bigclaw Network Guru Member

    As a new Tomato user, I have to say QoS rules! So much instantaneous information it's scary.

    All in all a very well written, clean AJAX solution. I'm very impressed.
  11. Sunspark

    Sunspark LI Guru Member

    Ah! But there is 1 other benefit (I use WPA2 myself). As I have been led to understand on forums such as this, the linksys routers do the AES in hardware. So using WPA2-AES is faster than using WPA-TKIP.
  12. bigclaw

    bigclaw Network Guru Member

    But you can also use AES with WPA, no?
  13. HennieM

    HennieM Network Guru Member

    WPA and WPA2 are authentication and encryption schemes, while AES and TKIP are the encryption standards used by the schemes.

    To the best of my knowledge, all AES is done in hardware. AES uses a one-pass encryption technique for which you need hardware in both the client adapter and the AP.

    TKIP was thought up as a sort of encryption bridge between WEP and WPA2. Old APs that only supported WEP could do the WPA scheme with TKIP encryption, because TKIP can be done (slowish) in software.
    TKIP is sort of the black and white TV, just so you could say you watch TV, while AES is the full color or maybe even the HDTV.

    WPA was an "early release" of what is now known as the WPA2 scheme. Luckily, when AES encryption came, WPA was already set up to plug in another encryption standard, and WPA ended up as TKIP SHOULD be supported, while AES COULD also be supported.

    WPA2 came into existence via some some small changes to the WPA scheme, but specified that AES SHOULD be supported, while TKIP COULD also be supported.

    Bottom line: AES is not a "benefit" of WPA2 per se, as the same AES can (and is) used in WPA. Further, of WEP, WPA/TKIP, and WPA/AES, you should get the best speed and security with WPA/AES. You also get very little, if any, speed/security improvement to WPA2/AES (but it IS cool ;-).
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice