Ubuntu
network-manager package

[FFe] Enable RSN (WPA2) encryption support for IBSS (ad-hoc)

Bug #1046918 reported by Mathieu Trudel-Lapierre
8
This bug affects 1 person
Affects Status Importance Assigned to Milestone
network-manager (Ubuntu)
Fix Released
Medium
Mathieu Trudel-Lapierre
Ubuntu ubuntu-12.10-beta-2
network-manager-applet (Ubuntu)
Fix Released
Medium
Mathieu Trudel-Lapierre
Ubuntu ubuntu-12.10-beta-2
networkmanagement (Ubuntu)
Fix Released
Medium
Mathieu Trudel-Lapierre
Ubuntu ubuntu-12.10-beta-2
wpa (Ubuntu)
Fix Released
Medium
Mathieu Trudel-Lapierre
Ubuntu ubuntu-12.10-beta-2

Bug Description

In Precise; WPA/WPA2 was disabled for ad-hoc networks because a bug in the kernel breaks WPA-None support (and actually creates networks unsecured rather than encrypted with WPA).

We now have support for actual IBSS-RSN (WPA2 security on ad-hoc) in wpasupplicant and it can be enabled in wpasupplicant, network-manager, nm-applet...

We should make use of this feature to offer our users a way to create properly secured IBSS networks rather than relying on WEP or using unsecured networks.

It will require modifications in three packages:

 - network-manager: drop the patch that disables WPA-None (if any) and add the necessary backend bits for using IBSS-RSN.
 - network-manager-applet: drop the patch that disables WPA-None (if any) and add the necessary frontend bits to not disable WPA/WPA2; and use IBSS-RSN when WPA/WPA2 is selected for ad-hoc networks.
 - wpa: build with CONFIG_IBSS_RSN=y so that IBSS-RSN support gets enabled.

*** While this involves some form of UI changes there is no UIFe request because there are no string changes; the option for WPA/WPA2 has been available since about Maverick, and the change only involves making it sensitive (clickable) again.

Testing was done between two systems; the created network appears secured from both systems and on an external device (used Android phone to detect the network from outside the tested systems; using Wifi-Radar). I've been running the test packages for 6 days; testing was done following the plan at http://wiki.ubuntu.com/NetworkManager/DistroTesting.

Availability of IBSS-RSN can still be dependent on hardware support; in the cases where hardware doesn't support IBSS-RSN; the option will remain disabled in UI.

Mathieu Trudel-Lapierre (cyphermox)
Changed in network-manager (Ubuntu):
assignee: nobody → Mathieu Trudel-Lapierre (mathieu-tl)
Changed in network-manager-applet (Ubuntu):
assignee: nobody → Mathieu Trudel-Lapierre (mathieu-tl)
Changed in wpa (Ubuntu):
assignee: nobody → Mathieu Trudel-Lapierre (mathieu-tl)
summary: - [FFe] Enable WPA2 for IBSS (ad-hoc)
+ [FFe] Enable RSN (WPA2) encryption support for IBSS (ad-hoc)
Revision history for this message
Scott Kitterman (kitterman) wrote : Re: [Bug 1046918] [NEW] [FFe] Enable RSN (WPA2) encryption support for IBSS (ad-hoc)

Since this affects the NM applet, does it also affect the KDE NM widget?

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Scott; the KDE NM applet was AFAIK never set to disable the WPA/WPA2 option. I think it will still try to create ad-hoc networks as WPA-None. But that would be a separate bug, I think.

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

I'm going to need to do some additional testing with the plasma applet. Looks unaffected by this (aside from the fact that using wpa-psk would now work for adhoc), meaning that using WPA-None was never disabled in the UI and will remain available; but it deserves a bit more testing just to be safe.

Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

So there's a small patch needed to networkmanagement to get it to use rsn/psk/ccmp for the protocol, pairwise and ciphers so that it creates the adhoc networks properly too.

Changed in networkmanagement (Ubuntu):
assignee: nobody → Mathieu Trudel-Lapierre (mathieu-tl)
Revision history for this message
Mathieu Trudel-Lapierre (cyphermox) wrote :

Diff for networkmanagement.

Revision history for this message
Scott Kitterman (kitterman) wrote :

Ack. Approved.

Changed in networkmanagement (Ubuntu):
importance: Undecided → Medium
status: New → Triaged
Changed in network-manager (Ubuntu):
status: New → Triaged
Changed in network-manager-applet (Ubuntu):
status: New → Triaged
Changed in wpa (Ubuntu):
status: New → Triaged
Changed in network-manager (Ubuntu):
importance: Undecided → Medium
Changed in network-manager-applet (Ubuntu):
importance: Undecided → Medium
Changed in wpa (Ubuntu):
importance: Undecided → Medium
Changed in networkmanagement (Ubuntu):
milestone: none → ubuntu-12.10-beta-2
Changed in network-manager (Ubuntu):
milestone: none → ubuntu-12.10-beta-2
Changed in network-manager-applet (Ubuntu):
milestone: none → ubuntu-12.10-beta-2
Changed in wpa (Ubuntu):
milestone: none → ubuntu-12.10-beta-2
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package wpa - 1.0-2ubuntu4

---------------
wpa (1.0-2ubuntu4) quantal; urgency=low

  * Enable CONFIG_IBSS_RSN, so that we can turn back on "secure" adhoc support
    in NetworkManager using IBSS RSN (WPA2). (LP: #1046918)
 -- Mathieu Trudel-Lapierre <email address hidden> Fri, 07 Sep 2012 15:49:45 -0400

Changed in wpa (Ubuntu):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package network-manager - 0.9.6.0-0ubuntu6

---------------
network-manager (0.9.6.0-0ubuntu6) quantal; urgency=low

  * debian/patches/adhoc_use_wpa_rsn_part1.patch,
    debian/patches/adhoc_use_wpa_rsn_part2.patch: Re-enable WPA for Adhoc; but
    use WPA2/RSN for encryption rather than WPA-None, which is clearly broken.
    (LP: #1046918)
  * debian/tests/nm: drop the test testNMConnected; in a build environment it
    tends to be racy; sometimes NM isn't quite ready to transition to the
    CONNECTING or CONNECTED states, we don't want to hold things up because of
    it. (LP: #1047224)
  * debian/tests/dnsmasq: update the test to correctly point to the new DBus
    address for NetworkManager's dnsmasq instance. (LP: #1047221)
 -- Mathieu Trudel-Lapierre <email address hidden> Fri, 07 Sep 2012 15:48:24 -0400

Changed in network-manager (Ubuntu):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package networkmanagement - 0.9.0.4-0ubuntu2

---------------
networkmanagement (0.9.0.4-0ubuntu2) quantal; urgency=low

  * debian/patches/use_ibss_rsn_instead_of_wpa-none.patch: Use IBSS-RSN rather
    than WPA-None when creating ad-hoc networks; WPA-None is broken in the
    kernel anyway. (LP: #1046918)
 -- Mathieu Trudel-Lapierre <email address hidden> Fri, 07 Sep 2012 16:10:28 -0400

Changed in networkmanagement (Ubuntu):
status: Triaged → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package network-manager-applet - 0.9.6.2-0ubuntu3

---------------
network-manager-applet (0.9.6.2-0ubuntu3) quantal; urgency=low

  * debian/patches/applet_adhoc_use_wpa_rsn_part1.patch: enable the use of
    WPA2/RSN for adhoc again, instead of WPA-None; to provide a way to get a
    "good" encryption method available for adhoc networks. (LP: #1046918)
 -- Mathieu Trudel-Lapierre <email address hidden> Fri, 07 Sep 2012 16:06:37 -0400

Changed in network-manager-applet (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.