802.11r IPhone can not connect

starraiderx · February 5, 2023, 12:29pm

I am trying to set up Band Steering using Dawn on my ax3600 with snapshot [r21995-059263dd6e]. When I enable 802.11r, the IPhones on the network running the latest IOS 16.3 can no longer connect to the network. All other devices, even printers and such, connect without a problem.

I have two APs with the same password and SSID running on the 2.4 GHz and 5 GHz bands respectively

What i tried so far:
Default LuCI config for 802.11r
Setting NASID to different values on each AP
WPAD-openssl, WPAD-Wolfssl and the new wpad-mbedtls
Setting Reassociation Deadline to 20000 (https://github.com/openwrt/openwrt/issues/7907)
Setting DTIM Interval to 2

My wifi config:

	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid '***'
	option key '***'
	option encryption 'sae-mixed'
	option ieee80211k '1'
	option time_advertisement '2'
	option time_zone 'CET-1CEST,M3.5.0,M10.5.0/3'
	option wnm_sleep_mode '1'
	option bss_transition '1'


	option device 'radio2'
	option network 'lan'
	option mode 'ap'
	option ssid '***'
	option key '***'
	option encryption 'sae-mixed'
	option ieee80211k '1'
	option time_advertisement '2'
	option time_zone 'CET-1CEST,M3.5.0,M10.5.0/3'
	option wnm_sleep_mode '1'
	option bss_transition '1'

rossini · February 5, 2023, 12:52pm

i think there was also an issue with sae-mixed in combi with fastroaming. What happen if you try wpad2 or wpad3?

starraiderx · February 5, 2023, 12:54pm

Setting to either WPA2 or WPA3 solves the issue.
Is there any other workaround to this since I would like to use WPA3 but not all of my clients support it.
Is it fine if only the 2.4GHz channel has WPA2 and the 5Ghz has WPA3?

rossini · February 5, 2023, 1:03pm

see https://github.com/openwrt/openwrt/issues/7858

My „workaround“ was to disable ft at all.

starraiderx · February 5, 2023, 1:05pm

It is a requirement for DAWN so that's not an option either.

Edit: its not a requirement so i will drop it. Thanks for the Info
"If 802.11r is enabled for fast, seamless transfer of a device across AP's then it enhances the overall user experience, but DAWN doesn't directly use it." https://github.com/berlin-open-wireless-lab/DAWN/blob/master/README.md

bjo · February 26, 2023, 8:29pm

I also stumpled upon this issue with SAE-Mixed and FT enabled with an IPhone XR (16.3) and an IPad 9th gen (16.3). Switching to WPA2 (as some clients don't support WPA3) "fixed" it. 802.11w was turned off, as I remembered some older Apple devices has problems with it, but those devices now are new.

anom3 · February 27, 2023, 12:59pm

I have 2 AX3600 being delivered in about 3 to 4 hours.

I am fairly well versed in wireless roaming (k/v/r, neighbor reports, ft, sending out bss transition requests etc etc etc).

As it stands now on my current APs, ft works perfectly. I am swapping 2 of my APs out for these AX3600. Installing OpenWRT on them right away of course.

I do not / will not be using WPA3...

I have a small basket of clients that can properly use FT including 3 android devices as well as an ios device.

Although this doesn't apply to the AX3600 as its currently snapshot only.. 802.11r is / was broken using even the most latest stable build (22.03?). With fairly recent snapshots, without touching log_level in /etc/config/wireless you should be seeing this in your logs:

Mon Feb 27 13:15:57 2023 daemon.notice hostapd: phy1-ap0: AP-STA-CONNECTED xx:xx:xx:xx:xx:xx auth_alg=ft

Will post back here if the AX3600 with the most current build, WPA3 turned off and 802.11r turn on allows clients to seamlessly roam. I have a good base level to compare to... I can walk across my 3 floor (concrete) home maintaining a sub 10ms ping to my primary gateway without any packet loss, all while connected to only my 5.8ghz band. 2 of my APs are getting swapped for the AX3600s which raw hardware wise are much better than whats in place there now.