Cannot use 802.11r on both radio's 2.4 and 5GHz with same SSID, clients unable to connect

Installing and Using OpenWrt
1

I'm running a stable custom NSS build from @ACwifidude from September 26 on a R7800. I've enabled 802.11k and 802.11v on the 5GHz and 2.4 GHz radio and clients (mostly Apple) are able to connect just fine. When I enable 802.11r on the 5GHz radio, all still works just fine. However, when I configure 802.11r on the 2.4GHz radio too, no client will connect to WiFi anymore. I'm using the same SSID for both radio devices. Here's my /etc/config/wireless:

config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11a'
	option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
	option htmode 'VHT80'
	option cell_density '0'
	option channel 'auto'
	option country 'NL'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option key 'REDACTED'
	option disassoc_low_ack '0'
	option ieee80211w '1'
	option encryption 'sae-mixed'
	option dtim_period '3'
	option ssid '🏠🌞'
	option ieee80211v '1'
	option ieee80211k '1'
	option bss_transition '1'
	option ieee80211r '1'
	option ft_over_ds '1'
	option ft_psk_generate_local '1'

config wifi-device 'radio1'
	option type 'mac80211'
	option hwmode '11g'
	option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
	option htmode 'HT40'
	option channel 'auto'
	option cell_density '0'
	option country 'NL'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option key 'REDACTED'
	option disassoc_low_ack '0'
	option ieee80211w '1'
	option encryption 'sae-mixed'
	option dtim_period '3'
	option ssid '🏠🌞'
	option ieee80211r '1'
	option ft_over_ds '1'
	option ft_psk_generate_local '1'
	option ieee80211v '1'
	option ieee80211k '1'
	option bss_transition '1'

config wifi-iface 'guest'
	option device 'radio1'
	option network 'guest'
	option mode 'ap'
	option key 'REDACTED'
	option ssid 'Guest (filtered)'
	option encryption 'psk2+ccmp'
	option dtim_period '3'
	option isolate '1'

When I enable 802.11r only on one radio device (the 5GHz for example), my iOS devices can connect. When I enable 802.11rv on both radio devices (both 5GHz and 2.4GHz) my iOS devices give a message like: "No connection possible with network ':house::sun_with_face:'". An Android device (Motorola G5 plus) can't connect either to the 2.4GHz network, although it doesn't give any message at all. When I disable 802.11r on the 2.4GHz network, the MotoG5 Plus connects just fine. Enabling 802.11 k and v on both radio devices with the same SSID doesn't seem to be a problem, it's the 802.11r that I can't seem to get working on both radio devices for the same SSID.

luci-app-dawn is installed and up and running. AFAIK 802.11r should also be possible with the same SSID on both 2.4 and 5GHz radio's? I haven't seen any clear warning that it doesn't work that way. I know that clients mostly determine by themselves whether they roam or not, but I've found that with just setting up 2 AP's (one is the main router, the other is just a dumb AP) clients tend to stick to the AP they connected to at the time of usage. I've also tried different SSID's between those AP's to see if that makes a difference but it doesn't; clients tend to stick to the AP they connected to. I thought I could employ 802.11r and 802.11k and 802.11v on the main router and the dumb AP to make it easier for clients to make a decision whether or not to roam. But I can only enable 802.11r on one single radio device per router/dumb AP, not on both. Although I do see messages where people succeed to do just that I'm trying too.

Any clues?

-- EDIT --
wpad-version:

# opkg list-installed | grep wpad
wpad-openssl - 2020-06-08-5a8b3662-35

# opkg info wpad-openssl
Package: wpad-openssl
Version: 2020-06-08-5a8b3662-35
Depends: libc, libnl-tiny1, hostapd-common, libubus20210630, libopenssl1.1
Provides: hostapd, wpa-supplicant
Conflicts: hostapd, hostapd-basic, hostapd-basic-openssl, hostapd-basic-wolfssl, hostapd-mini, hostapd-openssl, hostapd-wolfssl, wpad, wpad-mesh-openssl, wpad-mesh-wolfssl, wpad-basic, wpad-basic-openssl, wpad-basic-wolfssl, wpad-mini, wpad, wpad-mesh-openssl, wpad-mesh-wolfssl, wpad-basic, wpad-basic-openssl, wpad-basic-wolfssl, wpad-mini
Status: install user installed
Section: net
Architecture: arm_cortex-a15_neon-vfpv4
Size: 607900
Filename: wpad-openssl_2020-06-08-5a8b3662-35_arm_cortex-a15_neon-vfpv4.ipk
Description: This package contains a full featured IEEE 802.1x/WPA/EAP/RADIUS
 Authenticator and Supplicant
Installed-Time: 1632675076

-- EDIT 2 --

I'm using the old mainline ath10k driver by the way, not the ath10k-ct driver.

1 Like
2

I believe I've found something; the combination of 802.11r with WPA2-PSK/WPA3-SAE Mixed Mode (strong security) doesn't work, when switching to WPA2-PSK (strong security) both clients (iOS and Android) can connect.

And when searching more specifically after narrowing things down, I see more people coming to the same conclusion; perhaps this can be added to the 802.11r and/or 802.11w and/or WPA encryption modes as a footnote or something that this combination of 802.11r doesn't work with WPA3?

1 Like
3

https://openwrt.org/docs/guide-user/network/wifi/basic#encryption_modes

Encryption Modes
Besides the encryption mode, the encryption option also specifies the group and peer ciphers to use. To override the cipher, the value of encryption must be given in the form mode+cipher. See the listing below for possible combinations.

To use the WPA3 modes as access point, it is required to install the hostapd-openssl package.

To use the WPA3 modes as station (client), it is required to install the wpa-supplicant-openssl package.

To support both access point and station modes with WPA3, it is possible to install the wpad-openssl package.

4

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.