A network bridge between a 5 GHz client network and 2.4GHz and 5 GHz access points while maintaining the pmkid cache

I wrote that there is definitely another implementation of the bridge through the gre package. it would not be bad to file this implementation.

[I] May 31 14:25:29 ndm: Network::Interface::Mtk::WifiMonitor: "WifiMaster0/AccessPoint0": STA(10:3f:44:73:60:6c) association rejected because PMKID expired or invalid.

[I] May 31 14:44:49 ndm: Network::Interface::Mtk::WifiMonitor: "WifiMaster1/AccessPoint0": STA(10:3f:44:73:60:6c) association rejected because PMKID expired or invalid.

Judging by the Keenetic logs, the client 10:3f:44:73:60:6c arrives with an expired or invalid PMKID.

Presumably, this is possible if the client first connected to OpenWRT, and then connected to Keenetic, trying to use the saved PMKID. But it doesn't exist on Keenetic yet or it has expired.

We have PMKID stored only on the access point. That is, when the client has already been on Keenetic, the access point stores its PMKID for a certain period of time and the client can use it when connecting. We do not know exactly how this works on OpenWRT, but it is possible that PMKID distribution between points (OKC Opportunistic Key Cashing) is used there, which is missing on Keenetic.

https://4pda.to/forum/index.php?showtopic=911457&view=findpost&p=93466775

It describes the GRETAP L2-level tunnel. Keenetic only supports regular GRE and GRE over IPsec. But in any case, it is unclear how this solves the problem of the impossibility of adding 2.4 and 5 GHz access points to one Bridge at the same time, this is all that is required from OpenWRT and tunnels in such a scheme are not
needed at all in a good way.

@psherman how is pmkid synchronization implemented between routers in openwrt?