19 Oct
2017
19 Oct
'17
10:54 a.m.
All,
LEDE version 17.01.4 was released yesterday. It includes the Dnsmasq and
WPA2 security updates.
In addition, there's an AP-side Krack countermeasure added. Also, an
"Enable key reinstallation (KRACK) countermeasures" check box was added
to Wireless Security web GUI. To see the option in the 17.01.4 GUI,
you'll need to opkg upgrade, as the functionality was added after the
firmware release.
To enable the countermeasure from from the command line (from
https://forum.lede-project.org/t/critical-wifi-vulnerability-found-krack/74…):
uci set
wireless.(a)wifi-iface[0].wpa_disable_eapol_key_retries='1'
# If you have a second interface (usually one for 2.4GHz wifi and one
for 5GHZ), also type:
uci set wireless.(a)wifi-iface[1].wpa_disable_eapol_key_retries='1'
# Then save your changes and apply them by rebooting your device:
uci commit
reboot
73,
- Lynwood
KB3VWG