Repository : ssh://git@diktynna/doc On branches: backup-redmine,main
commit 7cf1a46c50460a1c9a746b3e8f72d8d3a8c6b5b4 Author: Linus Lüssing linus.luessing@c0d3.blue Date: Mon Jul 8 11:56:44 2024 +0000
doc: open-mesh/OpenHarbors
7cf1a46c50460a1c9a746b3e8f72d8d3a8c6b5b4 open-mesh/OpenHarbors.textile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/open-mesh/OpenHarbors.textile b/open-mesh/OpenHarbors.textile index e5716a74..79cb85a9 100644 --- a/open-mesh/OpenHarbors.textile +++ b/open-mesh/OpenHarbors.textile @@ -21,7 +21,7 @@ Gluon also supports adding the following three types of WLAN encryption: # "OWE":https://en.wikipedia.org/wiki/Opportunistic_Wireless_Encryption to encrypt traffic from a user device to the direct mesh node / AP: "OWE on client network":https://gluon.readthedocs.io/en/latest/releases/v2020.2.html#owe-on-client-n... # A "''Private WiFi''":https://gluon.readthedocs.io/en/latest/features/private-wlan.html with WPA-Personal/preshared key encryption, simply bridged to a mesh node's WAN port
-While 1)+2) protects against passive snooping, it however does not protect against an active attacker in an open, public network like Freifunk. Due to the open nature of Freifunk, the SAE password would need to be published / added to the firmware (source code) to allow anyone to setup their own mesh node. So overall Freifunk even with 1)+2) would still be susceptible to Man-in-the-Middle attacks. +While 1)+2) protects against passive snooping, it however **does not protect against an active attacker** in an open, public network like Freifunk. Due to the open nature of Freifunk, the SAE password would need to be published / added to the firmware (source code) to allow anyone to setup their own mesh node. So overall Freifunk even with 1)+2) would still be susceptible to Man-in-the-Middle attacks.
The issue with option 3) is that while it is secure, as the mesh node owner can configure their own, private password for it in the Gluon Config-Mode Web-GUI of their Gluon mesh router, it can't be used on foreign, other mesh nodes over the mesh network. There is no secure tunneling or provisioning/collaboration between mesh nodes for the "Private WiFi" feature in Gluon.