802.11r Fast Transition how to understand that FT works?

Installing and Using OpenWrt
226

Yes. The level of strictness that the client enforces when roaming.

I was not able to get Arch Linux to roam. It worked in the past, but since August, it complains about some invalid information element:

Aug 05 13:46:44 dell-laptop wpa_supplicant[864]: wlp2s0: CTRL-EVENT-SIGNAL-CHANGE above=0 signal=-67 noise=9999 txrate=1080600
Aug 05 13:46:48 dell-laptop wpa_supplicant[864]: wlp2s0: SME: Trying to authenticate with 36:98:b5:19:b6:19 (SSID='ENT' freq=5500 MHz)
Aug 05 13:46:48 dell-laptop systemd-networkd[643]: wlp2s0: Lost carrier
Aug 05 13:46:48 dell-laptop kernel: wlp2s0: disconnect from AP e2:9f:80:d4:9e:c6 for new auth to 36:98:b5:19:b6:19
Aug 05 13:46:48 dell-laptop kernel: wlp2s0: authenticate with 36:98:b5:19:b6:19 (local address=10:51:07:8e:75:60)
Aug 05 13:46:48 dell-laptop NetworkManager[854]: <info>  [1722836808.5436] device (wlp2s0): supplicant interface state: completed -> authenticating
Aug 05 13:46:48 dell-laptop NetworkManager[854]: <info>  [1722836808.5437] device (p2p-dev-wlp2s0): supplicant management interface state: completed -> authenticating
Aug 05 13:46:48 dell-laptop kernel: wlp2s0: send auth to 36:98:b5:19:b6:19 (try 1/3)
Aug 05 13:46:48 dell-laptop kernel: wlp2s0: send auth to 36:98:b5:19:b6:19 (try 2/3)
Aug 05 13:46:48 dell-laptop wpa_supplicant[864]: nl80211: kernel reports: key not allowed
Aug 05 13:46:48 dell-laptop wpa_supplicant[864]: FT: Failed to set PTK to the driver
Aug 05 13:46:48 dell-laptop wpa_supplicant[864]: wlp2s0: Trying to associate with 36:98:b5:19:b6:19 (SSID='ENT' freq=5500 MHz)
Aug 05 13:46:48 dell-laptop NetworkManager[854]: <info>  [1722836808.6816] device (wlp2s0): supplicant interface state: authenticating -> associating
Aug 05 13:46:48 dell-laptop NetworkManager[854]: <info>  [1722836808.6817] device (p2p-dev-wlp2s0): supplicant management interface state: authenticating -> associating
Aug 05 13:46:48 dell-laptop kernel: wlp2s0: authenticated
Aug 05 13:46:48 dell-laptop kernel: wlp2s0: associate with 36:98:b5:19:b6:19 (try 1/3)
Aug 05 13:46:48 dell-laptop kernel: wlp2s0: RX ReassocResp from 36:98:b5:19:b6:19 (capab=0x1111 status=0 aid=1)
Aug 05 13:46:48 dell-laptop systemd-networkd[643]: wlp2s0: Connected WiFi access point: ENT (36:98:b5:19:b6:19)
Aug 05 13:46:48 dell-laptop wpa_supplicant[864]: FT: FTE indicated that AP uses RSNXE, but RSNXE was not included in Beacon/Probe Response frames
Aug 05 13:46:48 dell-laptop kernel: wlp2s0: associated
Aug 05 13:46:48 dell-laptop kernel: wlp2s0: deauthenticating from 36:98:b5:19:b6:19 by local choice (Reason: 13=INVALID_IE)

This log clearly blames the AP for not including the allegedly required RSNXE thingy, and I don't even know what it means.

EDIT: the commit that adds this message is 4 years old, so I don't know why it worked before or how to add this information element.

I have kept FT disabled since then. EDIT: found a workaround, see WPA3-Enterprise with FT needs fixing

Note: this is WPA3-enterprise, not SAE, because of a stupid mobile banking app that claims that WPA3-SAE is not secure.

1 Like