I have a working 802.11s mesh on my 5Ghz radio using my Zyxel NWA50AX Pro and Gl.iNet MT-3000 devices. In both Luci and in my /etc/config/wireless
I have set up WPA3-SAE encryption, but it appears that my mesh is in fact unencrypted.
One of the nodes' /etc/config/wireless
:
config wifi-iface 'wifinet4'
option device 'radio1'
option mode 'mesh'
option encryption 'sae'
option mesh_id 'home-mesh'
option mesh_fwding '1'
option mesh_rssi_threshold '0'
option key 'xxxxxxxxxxxxxxxxx'
option network 'lan'
When I scan using any tools, it shows the mesh as unencrypted.
root@mesh4:~# iwinfo phy1-mesh0 info
phy1-mesh0 ESSID: "home-mesh"
Access Point: 48:ED:E6:2A:20:84
Mode: Mesh Point Channel: 149 (5.745 GHz) HT Mode: VHT80
Center Channel 1: 155 2: unknown
Tx-Power: 28 dBm Link Quality: 49/70
Signal: -61 dBm Noise: -92 dBm
Bit Rate: 468.3 MBit/s
Encryption: none
Type: nl80211 HW Mode(s): 802.11ac/ax/n
Hardware: embedded [MediaTek MT7981]
TX power offset: none
Frequency offset: none
Supports VAPs: yes PHY name: phy1
On a separate network, I have a batman-adv/802.11s mesh, and that clearly is using encryption.
root@OpenWrt:/etc# iwinfo phy0-mesh0 info
phy0-mesh0 ESSID: "iot-mesh"
Access Point: 0C:80:63:5A:18:13
Mode: Mesh Point Channel: 36 (5.180 GHz) HT Mode: VHT80
Center Channel 1: 42 2: unknown
Tx-Power: 23 dBm Link Quality: 50/70
Signal: -60 dBm Noise: -101 dBm
Bit Rate: 500.5 MBit/s
Encryption: WPA3 SAE (CCMP)
Type: nl80211 HW Mode(s): 802.11ac/n
Hardware: 168C:003C 0000:0000 [Qualcomm Atheros QCA9880]
TX power offset: none
Frequency offset: none
Supports VAPs: yes PHY name: phy0
All nodes are 23.05.4.
I thought it was possibly a regression of #10687 but that's not the case, as my mesh truly appears to not be encrypted.
Output of iw dev phy1-mesh0 scan
:
BSS 96:83:c4:54:38:cb(on phy1-mesh0)
last seen: 109584.119s [boottime]
TSF: 101502156878 usec (1d, 04:11:42)
freq: 5745
beacon interval: 100 TUs
capability: (0x0000)
signal: -44.00 dBm
last seen: 780 ms ago
SSID:
HT capabilities:
Capabilities: 0x9ff
RX LDPC
HT20/HT40
SM Power Save disabled
RX Greenfield
RX HT20 SGI
RX HT40 SGI
TX STBC
RX STBC 1-stream
Max AMSDU length: 7935 bytes
No DSSS/CCK HT40
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 2 usec (0x04)
HT TX/RX MCS rate indexes supported: 0-15
HT operation:
* primary channel: 149
* secondary channel offset: above
* STA channel width: any
MESH ID: home-mesh
VHT capabilities:
VHT Capabilities (0x339a59f6):
Max MPDU length: 11454
Supported Channel Width: 160 MHz
RX LDPC
short GI (80 MHz)
short GI (160/80+80 MHz)
TX STBC
SU Beamformer
SU Beamformee
MU Beamformer
MU Beamformee
RX antenna pattern consistency
TX antenna pattern consistency
VHT RX MCS set:
1 streams: MCS 0-9
2 streams: MCS 0-9
3 streams: not supported
4 streams: not supported
5 streams: not supported
6 streams: not supported
7 streams: not supported
8 streams: not supported
VHT RX highest supported: 0 Mbps
VHT TX MCS set:
1 streams: MCS 0-9
2 streams: MCS 0-9
3 streams: not supported
4 streams: not supported
5 streams: not supported
6 streams: not supported
7 streams: not supported
8 streams: not supported
VHT TX highest supported: 0 Mbps
VHT extended NSS: supported
VHT operation:
* channel width: 1 (80 MHz)
* center freq segment 1: 155
* center freq segment 2: 0
* VHT basic MCS set: 0xffff
HE capabilities:
HE MAC Capabilities (0x00011a000040):
+HTC HE Supported
OM Control
Maximum A-MPDU Length Exponent: 3
A-MSDU in A-MPDU
HE PHY Capabilities: (0x0c200c0000000000008000):
HE40/HE80/5GHz
HE160/5GHz
LDPC Coding in Payload
STBC Tx <= 80MHz
STBC Rx <= 80MHz
HE RX MCS and NSS set <= 80 MHz
1 streams: MCS 0-11
2 streams: MCS 0-11
3 streams: not supported
4 streams: not supported
5 streams: not supported
6 streams: not supported
7 streams: not supported
8 streams: not supported
HE TX MCS and NSS set <= 80 MHz
1 streams: MCS 0-11
2 streams: MCS 0-11
3 streams: not supported
4 streams: not supported
5 streams: not supported
6 streams: not supported
7 streams: not supported
8 streams: not supported