DD-WRT Wireless mode on WHR-G54S

The current documentation supplied with DD-WRT v23 SP2 for WDS says you can use WPA, but not WPA2:

[quote]

1. It is strongly recommended to enable Wireless Security. WPA Pre- shared Key with AES is recommended as it is secure and easy.

Note WDS is only available in AP mode. Also Wireless encryption WPA2 and Wireless network mode B-Only are not supported under WDS. [/quote].

http://192.168.1.1/help/HWDS.asp

Do you know for a fact that the documentation is wrong?

I now have WPA-PSK TKIP working on my setup.

WHR-G54S #1 (192.168.1.1), AP mode, DHCP server, WPA-PSK TKIP WHR-G54S #2 (192.168.1.2), Client-Bridge mode, WPA-PSK TKIP

Bryant Smith wrote:

On Thu, 30 Nov 2006 14:12:07 -0500, Seth Goodman wrote in :

I didn't say anything about the documentation -- I reported only what Jeff was saying.

As for the documentation, Google finds

So Jeff was apparently misinformed. But note that WPA apparently works with WDS _only_ with DD-WRT to DD-WRT.

No. I do know that WPA failed when I tried these configuration. There may be others that work, but I do know that these don't work:

1. WAP54G to WAP54G (ver 3.2) in bridge mode. WEP only, no WPA.
2. WRT54G v1.1 to WRT54G v3 in WDS mode. DD-WRT v23 sp1 final release. This was the latest at the time. WEP worked, but WPA and WPA2 failed.
3. Same setup as above but both in "client bridge" mode. WEP worked, but WPA did not. I forgot to try WPA2.

It's possible (and probable) that DD-WRT v23 SP2 is different. If so, I stand corrected.

Scroll down the above URL to near the bottom under Apple Airport Express. Quoting: WPA/WPA2 encryption does not appear to work over WDS (but will work when the Airport Express is configured in client mode - but in client mode, the RJ45 connection is not usable) Seems to confirm that WPA only works with WDS between DD-WRT routers.

Possibly. I didn't know that WPA now works with WDS. It's never worked when I tried it, but I can retest. It would really be nice if it did.

Incidentally, I just noticed that v23 SP2 now had a "WPA Mixed" mode that supports both WPA1 and WPA2 clients with both TKIP and AES encryption. Nice. WPA2 Mixed This mode allows for mixing WPA2 and WPA clients. If only some of your clients support WPA2 mode, then you should choose WPA2 Mixed. For maximum interoperability, you should choose WPA2 Mixed/TKIP+AES.

On Fri, 01 Dec 2006 05:06:45 GMT, Jeff Liebermann wrote in :

Nice indeed. So why isn't some enterprising hardware vendor shipping a product with DD-WRT installed? ;)

I saw someone selling WHR-G54S with DD-WRT already installed. But that is not a manufacturer selling with DD-WRT installed.

changelog.txt on v23 SP2 lists a bug supposedly fixed in July:

0001456 [DD-WRT v23] WDS with WPA TKIP does not work

I hope you will retest, though - especially since changelog.txt lists that bug as being fixed on two different dates. (I only have one router, so I can't do it myself.) Being able to use WPA instead of WEP is an important security feature.

Seth Goodman hath wroth:

I'll try it hopefully this weekend. I'll need to bring home some extra hardware and laptops from the office. It will be a mix of Linksys and Buffalo, but all with DD-WRT v23 SP2 (09/15/06). I also want to do a wireless thruput test per some previous long forgotten promise.

My guess(tm) is that there's something fishy going on with WPA working over WDS. It's my understanding that there's no easy way to assign dynamic keys through a mesh matrix of WDS access points. I can see how to kludge it with exactly one pair of access points, but not with a network of AP's. Therefore, I want to have 3ea WDS access points handy for testing.

"Dynamically assigned and rotated encryption keys are not supported in a WDS connection. This means that Wi-Fi Protected Access (WPA) and other dynamic key assignment technology may not be used. Static WEP keys only may be used in a WDS connection, including any STAs that associate to a WDS repeating AP."