I had to untag wpad to be able to * hostapd.
I modified hostapd-full.config to enable CONFIG_IEEE80211W=y
The question I have is how do I see what wpa2-psk is actually using for encryption?
This is a mamba and I am not sure if the driver supports sha256.
Thanks for your time.
The feature was enabled by https://git.lede-project.org/?p=source.git;a=commitdiff;h=388681fe535c2c40dea7a400ff044a54610a4a2f so looking at the changes it made, is the easiest way to figure out the easy way to check encryption in use.
You can see the encryption by looking at the hostapd/wpad config files in /tmp/run:
root@lede:~# grep wpa_key_mgmt /tmp/run/hostapd-phy*.conf
/tmp/run/hostapd-phy0.conf:wpa_key_mgmt=WPA-PSK
/tmp/run/hostapd-phy1.conf:wpa_key_mgmt=WPA-PSK
Based on "WPA-${auth_type}-SHA256" that should read WPA-PSK-SHA256 if SHA256 would be in use.
That is not based on mwlwifi in mvebu, but likely works.
Ps. It sounds wrong that you switched from wpad to hostapd. wpad is practically an alias for hostapd and they are defined in the same Makefile. You should probably install wpa-supplicant instead (and/or make sure that you use wpad instead of wpad-mini).
I found this yesterday /var/run/hostapd-phy1.conf same as the /tmp/run/hostapd-phy1.conf
I did not realize it would show there. Thanks for the info.
So I tried it using your reccomended settings and I get the same thing
wpa_key_mgmt=WPA-PSK there is no sha256
- hostapd-common
- wpad
wpa-supplicant can not be tagged as a "*" only a "M" I assume that the hostapd-common is the same thing?
What I am asking now is there a way to force sha256?
Thanks again for the info.
This is not ready for prime time at least for a 1900ac v1 Mamba.
It does prevent de-authentication but slows transfer massively.
iperf3 -c 192.168.1.183 -P6 -t 120
With ieee80211w
[SUM] 0.00-120.00 sec 1.47 GBytes 105 Mbits/sec 52 sender
[SUM] 0.00-120.00 sec 1.47 GBytes 105 Mbits/sec receiver
without ieee80211w
[SUM] 0.00-120.01 sec 5.45 GBytes 390 Mbits/sec 31 sender
[SUM] 0.00-120.01 sec 5.44 GBytes 390 Mbits/sec receiver
iperf3 -c 192.168.1.183 -P6 -t 120 -R
With ieee80211w
[SUM] 0.00-120.00 sec 1.64 GBytes 117 Mbits/sec sender
[SUM] 0.00-120.00 sec 1.63 GBytes 117 Mbits/sec receiver
without ieee80211w
[SUM] 0.00-120.00 sec 5.67 GBytes 406 Mbits/sec sender
[SUM] 0.00-120.00 sec 5.67 GBytes 406 Mbits/sec receiver
#############################################################################################
With 80211w and router as iperf3 server
C:\iperf3>iperf3 -c 192.168.1.1 -P6 -t 120
[SUM] 0.00-120.01 sec 610 MBytes 42.7 Mbits/sec sender
[SUM] 0.00-120.01 sec 610 MBytes 42.6 Mbits/sec receiver
without ieee80211w
[SUM] 0.00-120.00 sec 6.10 GBytes 436 Mbits/sec sender
[SUM] 0.00-120.00 sec 6.10 GBytes 436 Mbits/sec receiver
C:\iperf3>iperf3 -c 192.168.1.1 -P6 -t 120 -R
With ieee80211w
[SUM] 0.00-120.00 sec 305 MBytes 21.3 Mbits/sec 43 sender
[SUM] 0.00-120.00 sec 304 MBytes 21.3 Mbits/sec receiver
Without ieee80211w
[SUM] 0.00-120.00 sec 5.39 GBytes 386 Mbits/sec 40 sender
[SUM] 0.00-120.00 sec 5.39 GBytes 386 Mbits/sec receiver