Ap-sta-possible-psk-mismatch

stepini · January 1, 2019, 10:05pm

Hi guys,
I have some new ESP wireless device that fail to connect to my AP with psk mismatch error:

Tue Jan 1 23:03:21 2019 daemon.notice hostapd: wlan0: AP-STA-POSSIBLE-PSK-MISMATCH dc:4f:22:xx..

I tried a lot of configurations without success, do you have idea how to fix this problem?

My wireless config file is the follow:

config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11g'
	option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
	option country 'IT'
	option distance '12'
	option legacy_rates '1'
	option channel '11'
	option htmode 'HT20'
	option txpower '17'

config wifi-iface
	option device 'radio0'
	option key 'xxx'
	option mode 'ap'
	option ssid 'spw2'
	option network 'lan'
	option disassoc_low_ack '0'
	option short_preamble '0'
	option skip_inactivity_poll '1'
	option encryption 'psk2+ccmp'

Thanks a lot,
Stefano

Sparks · January 2, 2019, 6:13am

Try changing that to

option encryption 'psk2'

If that doesnt try the original wpa encryption

option encryption ‘psk’

stepini · January 2, 2019, 2:25pm

Thanks Sparks,
i tried all the possible configurations with psk psk2 and psk-mixed unsuccesfully
Is there a way to have more verbose log?
Thanks a lot,
Stefano

eduperez · January 2, 2019, 5:14pm

What router do you own? ESP devices are notorious to have troubles with some devices (or the other way around).

braian87b · February 12, 2019, 2:45am

same problem here on a AR9344 using the default MAC80211 802.11bgn on a TP-Link TL-WDR3600 v1
Any news on this?, I have two other routers same model, no problems so far.

8Wires · July 8, 2021, 5:17pm

Was this ever resolved?

16F84 · July 8, 2021, 6:16pm

I haven't connected one to OpenWrt - but I can tell you that configured as a STA, the 8266 doesn't like passwords greater than ~46 characters and will refuse to connect above that. One other thing, by default the 8266 country code is set to china - maybe set your router country code to match? Or better yet change the 8266's country code to match the router. Dedicated AP works best with these. Maybe try a short preamble?

Edit:

Tested:

2 x 8266 STA (ESP-01) --> AR750S, 19.07.7, AP = it works

config wifi-device 'radio1'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option path 'platform/ahb/18100000.wmac'
	option txpower_max '20'
	option txpower '20'
	option band '2G'
	

config wifi-iface 'wifinet0'
	option network 'lan'
	option ssid 'openwrt'
	option device 'radio1'
	option mode 'ap'
	option key 'approx 46 characters max'
	option encryption 'psk2+ccmp'

It prefers HT20 - but I actually got it to conect to the AR750S under HT40 - but I didn't test it beyond basic connectivity.

wurenjia · May 8, 2022, 5:35pm

my english is not good, so can use google translation to translate this . and hope this an help you.
这个问题我在linux上面用wpa_supplicant和wpa_cli来配置p2p时也出现了p2p0: AP-STA-POSSIBLE-PSK-MISMATCH这个问题，但是我发现我在将p2p的配置文件 p2p_supplicant.conf中的ap的psk修改为12345678后就没有这个问题了，这个是我找到的临时方案，希望能够给你提供一些解题思路，如果有更好的方法希望能回复我一下

/customer # cat p2p_supplicant.conf
ctrl_interface=/tmp/p2p_supplicant
update_config=1
device_name=IPC_DEVICES2
device_type=10-0050F204-5
config_methods=virtual_push_button physical_display keypad
p2p_listen_reg_class=81
p2p_listen_channel=1
p2p_oper_reg_class=115
p2p_oper_channel=36
p2p_go_intent=15
p2p_ssid_postfix=-IPC_DEVICES2
p2p_passphrase_len=8
p2p_no_group_iface=1
max_num_sta=8
network={
ssid="DIRECT-IPC_DEVICES2"
psk="12345678"
proto=RSN
key_mgmt=WPA-PSK
pairwise=CCMP
auth_alg=OPEN
mode=3
disabled=2
}

m95d · June 24, 2024, 9:52pm

I found out the hard way that this error is also caused by cryptodev when it is being used by hostapd/wpad via OpenSSL or other library with cryptodev support.

In case of OpenSSL, open /etc/ssl/modules.cnf.d/devcrypto.cnf and check that DIGESTS = NONE.
There is a warning in the comment, but I thought that an error here and there won't hurt; it would just retry the auth. The warning didn't say cryptodev gets permently corrupted.