So I flashed 19.07 onto my Netgear R7800 and was pleased as punch to see that WPA3 support was available. I read the warning in the release notes saying that even with WPA2/WPA3 mixed mode, not all devices can connect. Nevertheless, I gave it a shot just to see how many devices on my network were compatible. I live in an apartment with 3 other roommates so we have a LOT of very different devices (smart phones, laptops, PCs, consoles, IoT, etc.).
To my surprise, the only devices that couldn't connect were my roommate's old Macbook Pro and a WiFi-enabled HP printer. Both devices would attempt to connect and immediately get disconnected. In the OpenWrt system logs, I would see
deauthenticated due to local deauth request
I've narrowed the issue down to 802.11w being set to anything other than Disabled. When you set WPA2/WPA3 mixed mode in Luci, 802.11w is automatically set to Optional but this apparently still breaks some clients. Shouldn't Optional allow these clients to still connect? What's happening behind the scenes that's causing this issue?
Anyways, I've reset my WiFi to use WPA2 with 802.11w disabled for now just to allow those two devices to connect. Ideally though, I want to get as many devices onto WPA3 as possible, but I have a few questions.
Is it possible or worthwhile to create two separate SSIDs on the same radio, one with WPA2/WPA3 mixed mode and the other with WPA2 with 802.11w disabled? I know there's some amount of overhead due to extra management packets being sent from the dual SSIDs, which I am sort of okay with. However, would I gain anything from a security standpoint? The clients that can authenticate with WPA3 will enjoy better encryption over the air, but does it even matter if people can crack WPA2 and get inside my network anyways?
Knowing that the issue with the two problematic devices is due to 802.11w, is there anyway I could potentially get around this? Like somehow force the Macbook Pro and HP printer to not even attempt to use 802.11w.
Hi,
I have the same problem as @urbenlegend with a WDR4300 v1 router on OpenWRT 19.07.4
When switching to WPA2 TKIP / WPA3 SAE mixed mode the 802.11w switch from disable to optional and then some client could not connect.
The error in log was:
Sat Nov 28 16:07:01 2020 daemon.info hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: deauthenticated due to local deauth request
Here the full trace with debug mode:
Sat Nov 28 16:06:52 2020 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authentication OK (open system)
Sat Nov 28 16:06:52 2020 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx MLME: MLME-AUTHENTICATE.indication(xx:xx:xx:xx:xx:xx, OPEN_SYSTEM)
Sat Nov 28 16:06:52 2020 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx MLME: MLME-DELETEKEYS.request(xx:xx:xx:xx:xx:xx)
Sat Nov 28 16:06:52 2020 daemon.info hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
Sat Nov 28 16:06:52 2020 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: association OK (aid 1)
Sat Nov 28 16:06:52 2020 daemon.info hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
Sat Nov 28 16:06:52 2020 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx MLME: MLME-REASSOCIATE.indication(xx:xx:xx:xx:xx:xx)
Sat Nov 28 16:06:52 2020 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx MLME: MLME-DELETEKEYS.request(xx:xx:xx:xx:xx:xx)
Sat Nov 28 16:06:52 2020 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: binding station to interface 'wlan0'
Sat Nov 28 16:06:52 2020 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: event 1 notification
Sat Nov 28 16:06:52 2020 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: start authentication
Sat Nov 28 16:06:52 2020 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.1X: unauthorizing port
Sat Nov 28 16:06:52 2020 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: sending 1/4 msg of 4-Way Handshake
Sat Nov 28 16:06:53 2020 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: EAPOL-Key timeout
Sat Nov 28 16:06:53 2020 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: sending 1/4 msg of 4-Way Handshake
Sat Nov 28 16:06:54 2020 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: EAPOL-Key timeout
Sat Nov 28 16:06:54 2020 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: sending 1/4 msg of 4-Way Handshake
Sat Nov 28 16:06:55 2020 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: EAPOL-Key timeout
Sat Nov 28 16:06:55 2020 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: sending 1/4 msg of 4-Way Handshake
Sat Nov 28 16:06:55 2020 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.1X: did not Ack EAPOL-Key frame (unicast index=61)
Sat Nov 28 16:06:56 2020 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: EAPOL-Key timeout
Sat Nov 28 16:06:56 2020 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: PTKSTART: Retry limit 4 reached
Sat Nov 28 16:06:56 2020 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: event 3 notification
Sat Nov 28 16:06:56 2020 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.1X: unauthorizing port
Sat Nov 28 16:06:56 2020 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx MLME: MLME-DEAUTHENTICATE.indication(xx:xx:xx:xx:xx:xx, 2)
Sat Nov 28 16:06:56 2020 daemon.debug hostapd: wlan0: STA xx:xx:xx:xx:xx:xx MLME: MLME-DELETEKEYS.request(xx:xx:xx:xx:xx:xx)
Sat Nov 28 16:07:01 2020 daemon.info hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: deauthenticated due to local deauth request
I have the same problem with WPA2 (CCMP) when 802.11w was in optional mode.
It work correctly with WPA2 (CCMP) and 802.11w disable.
Anyone have a solution for this ?
Thanks in advance,
There is no reason to run an outdated and unsupported release with known security issues on this device, give 19.07.x a chance and test it again (not that 17.01.x would support WPA3 in the first place).