802.11s mesh - how to set mixed WPA2/WPA3 encryption?

i need to set WPA2/WPA3 mixed mode encryption for 802.11s mesh

as i googled i need these pachages
wpad-mesh-openssl
wpad-mesh-wolfssl
wpad-basic-wolfssl
wpad-basic-openssl
but it coflicts with each otther

what is right answer?

don't, mixed isn't more secure than WPA2, just use WPA2.

2 Likes

Ask google for next hallucination?

mesh will work with open or wpa3 crypto only.
you need maximum wpad-mbedtls in place of default wpad-basic-mbedtls.
If your clients need different crypto you have to start separate AP using mesh for backhaul.

1 Like

@frollic what package i need to insttall for WPA2? @brada4 replied that WPA2 is impossible for mesh

Please read my post
remove wpad-basic-mbedtls
install wpad-mbedtls
You do not need anything extra for basic WPA2 or WPA3

done, result:

image
image

i can set only WPA3-SAE, but it's mandatory to use WPA2

Mesh needs SAE or NONE, you can bridge extra WPA1 access points to mesh if you really have to.

Keep in mind that there are two different places for encryption:

  1. between the mesh nodes themselves. This is not for client connections as it is not the 'regular' 802.11 type connection that clients understand. The addition of the s standard makes it a special connection -- you can think of it as a transport/backhaul connection with some smarts built-in. The encryption here, as has been stated by others, is either WPA3 (SAE) or no encryption.

  2. Standard AP mode operation with (or without) encryption that is meant for normal client connections. Your phones/computers/tablets/etc will connect to this. You can use WPA2, WPA3, or WPA2/WPA3 Mixed mode on this without issue. However, mixed mode operation (sae-mixed) is not recommended because it can cause issues when the client devices don't play nice with this. Best bet is to stick to WPA2 or WPA3, but not mixed.

2 Likes