HOSTAPD_START_FAILED with WPA3 enabled

Hi everyone,

as soon as I enable WPA3-SAE or WPA2-PSK/WPA3-SAE Mixed Mode via luci the WiFi interface(s) won't come up again.

Sun Sep 29 16:44:33 2019 kern.notice kernel: [   44.602575] random: crng init done
Sun Sep 29 16:44:33 2019 kern.notice kernel: [   44.602593] random: 6 urandom warning(s) missed due to ratelimiting
Sun Sep 29 16:44:36 2019 kern.info kernel: [   46.857033] device wlan0 left promiscuous mode
Sun Sep 29 16:44:36 2019 kern.info kernel: [   46.857154] br-lan: port 2(wlan0) entered disabled state
Sun Sep 29 16:44:36 2019 daemon.notice hostapd: wlan0: interface state ENABLED->DISABLED
Sun Sep 29 16:44:36 2019 daemon.notice hostapd: wlan0-1: AP-DISABLED
Sun Sep 29 16:44:36 2019 daemon.notice hostapd: wlan0-1: CTRL-EVENT-TERMINATING
Sun Sep 29 16:44:36 2019 daemon.notice netifd: Network device 'wlan0-1' link is down
Sun Sep 29 16:44:36 2019 kern.info kernel: [   47.137280] br-guest: port 2(wlan0-1) entered disabled state
Sun Sep 29 16:44:36 2019 kern.info kernel: [   47.140157] device wlan0-1 left promiscuous mode
Sun Sep 29 16:44:36 2019 kern.info kernel: [   47.140176] br-guest: port 2(wlan0-1) entered disabled state
Sun Sep 29 16:44:36 2019 daemon.notice hostapd: nl80211: Failed to remove interface wlan0-1 from bridge br-guest: No such device
Sun Sep 29 16:44:36 2019 daemon.notice hostapd: wlan0: AP-DISABLED
Sun Sep 29 16:44:36 2019 daemon.notice hostapd: wlan0: CTRL-EVENT-TERMINATING
Sun Sep 29 16:44:36 2019 daemon.notice hostapd: nl80211: deinit ifname=wlan0 disabled_11b_rates=0
Sun Sep 29 16:44:36 2019 daemon.notice hostapd: nl80211: Failed to remove interface wlan0 from bridge br-lan: Invalid argument
Sun Sep 29 16:44:37 2019 user.notice mac80211: Failed command: iw phy phy0 set antenna 0xffffffff 0xffffffff
Sun Sep 29 16:44:37 2019 daemon.notice netifd: radio0 (1290): command failed: Not supported (-122)
Sun Sep 29 16:44:37 2019 user.notice mac80211: Failed command: iw phy phy0 set distance 0
Sun Sep 29 16:44:37 2019 daemon.err hostapd: Configuration file: /var/run/hostapd-phy0.conf
Sun Sep 29 16:44:39 2019 kern.info kernel: [   48.019623] ieee80211 phy0: rt2800_rf_self_txdc_cal: Info - RF Tx self calibration start
Sun Sep 29 16:44:39 2019 kern.info kernel: [   48.020151] ieee80211 phy0: rt2800_rf_self_txdc_cal: Info - RF Tx self calibration end
Sun Sep 29 16:44:40 2019 kern.info kernel: [   49.931638] ieee80211 phy0: rt2800_loft_iq_calibration: Info - LOFT Calibration Done!
Sun Sep 29 16:44:40 2019 kern.info kernel: [   49.935653] ieee80211 phy0: rt2800_iq_search: Info - IQCalibration Start!
Sun Sep 29 16:44:40 2019 kern.info kernel: [   49.950058] ieee80211 phy0: rt2800_iq_search: Info - IQCalibration Done! CH = 0, (gain= f, phase=3f)
Sun Sep 29 16:44:40 2019 kern.info kernel: [   49.950977] ieee80211 phy0: rt2800_iq_search: Info - IQCalibration Start!
Sun Sep 29 16:44:40 2019 kern.info kernel: [   49.965384] ieee80211 phy0: rt2800_iq_search: Info - IQCalibration Done! CH = 1, (gain= f, phase= 2)
Sun Sep 29 16:44:40 2019 kern.info kernel: [   49.965419] ieee80211 phy0: rt2800_loft_iq_calibration: Info - TX IQ Calibration Done!
Sun Sep 29 16:44:40 2019 kern.info kernel: [   49.981240] ieee80211 phy0: rt2800_rxiq_calibration: Info - RXIQ G_imb=0, Ph_rx=-5
Sun Sep 29 16:44:40 2019 kern.info kernel: [   49.991501] ieee80211 phy0: rt2800_rxiq_calibration: Info - RXIQ G_imb=0, Ph_rx=1
Sun Sep 29 16:44:40 2019 kern.info kernel: [   49.998635] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
Sun Sep 29 16:44:40 2019 daemon.notice hostapd: wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE
Sun Sep 29 16:44:40 2019 daemon.err hostapd: Using interface wlan0 with hwaddr XX:XX:XX:XX:XX:XX and ssid "HOME"
Sun Sep 29 16:44:40 2019 kern.info kernel: [   50.004569] br-lan: port 2(wlan0) entered blocking state
Sun Sep 29 16:44:40 2019 kern.info kernel: [   50.004584] br-lan: port 2(wlan0) entered disabled state
Sun Sep 29 16:44:40 2019 kern.info kernel: [   50.004926] device wlan0 entered promiscuous mode
Sun Sep 29 16:44:40 2019 daemon.err hostapd: Interface initialization failed
Sun Sep 29 16:44:40 2019 daemon.notice hostapd: wlan0: interface state COUNTRY_UPDATE->DISABLED
Sun Sep 29 16:44:40 2019 daemon.notice hostapd: wlan0: AP-DISABLED
Sun Sep 29 16:44:40 2019 daemon.err hostapd: wlan0: Unable to setup interface.
Sun Sep 29 16:44:40 2019 daemon.notice hostapd: wlan0: interface state DISABLED->DISABLED
Sun Sep 29 16:44:40 2019 daemon.notice hostapd: wlan0-1: AP-DISABLED
Sun Sep 29 16:44:40 2019 daemon.notice hostapd: wlan0-1: CTRL-EVENT-TERMINATING
Sun Sep 29 16:44:40 2019 daemon.err hostapd: hostapd_free_hapd_data: Interface wlan0-1 wasn't started
Sun Sep 29 16:44:40 2019 daemon.notice hostapd: wlan0: AP-DISABLED
Sun Sep 29 16:44:40 2019 daemon.notice hostapd: wlan0: CTRL-EVENT-TERMINATING
Sun Sep 29 16:44:40 2019 daemon.err hostapd: hostapd_free_hapd_data: Interface wlan0 wasn't started
Sun Sep 29 16:44:40 2019 daemon.notice hostapd: nl80211: deinit ifname=wlan0 disabled_11b_rates=0
Sun Sep 29 16:44:40 2019 kern.info kernel: [   50.104599] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
Sun Sep 29 16:44:40 2019 kern.info kernel: [   50.104773] br-lan: port 2(wlan0) entered blocking state
Sun Sep 29 16:44:40 2019 kern.info kernel: [   50.104783] br-lan: port 2(wlan0) entered forwarding state
Sun Sep 29 16:44:40 2019 kern.info kernel: [   50.112079] device wlan0 left promiscuous mode
Sun Sep 29 16:44:40 2019 kern.info kernel: [   50.112191] br-lan: port 2(wlan0) entered disabled state
Sun Sep 29 16:44:40 2019 daemon.notice hostapd: ELOOP: remaining socket: sock=22 eloop_data=0x77d69c60 user_data=0 handler=0x46a51d
Sun Sep 29 16:44:40 2019 daemon.notice netifd: radio0 (1290): WARNING (wireless_add_process): executable path /usr/sbin/wpad does not match process 1123 path ()
Sun Sep 29 16:44:40 2019 daemon.notice netifd: radio0 (1290): Device setup failed: HOSTAPD_START_FAILED

Wpad-wolfssl is used in my case. I use the same openwrt version with the same packages on other access points(ar71xx) and WPA3 is working fine on them so my guess is this is a device/driver specific problem.

Model: Netgear EX2700
Architecture: MediaTek MT7620A
Version: OpenWrt 19.07-SNAPSHOT r10575-28d3afc8d6

My wireless config:

config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11g'
	option path 'platform/10180000.wmac'
	option txpower '20'
	option country 'AT'
	option legacy_rates '0'
	option noscan '1'
	option channel '5'
	option htmode 'HT40'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option mode 'ap'
	option ssid 'HOME'
	option network 'lan'
	option key 'XXXXXXXXXX'
	option encryption 'sae-mixed'

config wifi-iface
	option device 'radio0'
	option mode 'ap'
	option ssid 'GUEST'
	option network 'guest'
	option key 'XXXXXXXXXX'
	option isolate '1'
	option encryption 'psk2+ccmp'

What do you think could be the problem?

Before trying WPA3/ SAE, revert to WPA2PSK and test setting IEEE 802.11w = mandatory (option ieee80211w '2'). Quite a few drivers don't support 802.11w properly (or at all), but that is mandatory for WPA3 (SAE also works without 802.11w, but that wouldn't be WPA3). While I haven't been able to test newer rt2800_pci based devices yet (and don't have any mt7620 routers to begin with), at least rt61pci and rt73usb don't support 802.11w (you can play with disabling h/w encryption, at the expense of system load, maybe that helps a little).

Thank you for your answer, it was very helpful!

802.11w doesn't work either, same error message.

Trying to disable h/w encryption via the wireless config didn't work...is this an expected behavior?

uci set wireless.radio0.nohwcrypt='1'
uci commit
OR
uci set wireless.@wifi-iface[0].nohwcrypt='1'
uci commit

What did work was editing /etc/modules.d/rt2800-soc to:

rt2800soc nohwcrypt=1

Without h/w encryption WPA3-SAE... works fine.

Performance comparison:
With h/w encryption: up to 90 Mbit/s.
Without h/w encryption: up to 20 Mbit/s.

1 Like

Yes, that is a driver specific parameter of the kernel module, not an uci setting.

1 Like

I own a PC Engines APU3 that has 3 mini-PCIe sockets, but only one of these features a full PCIe-1x interface, the other 2 feature USB (and/or mSATA). Because of this I have a Atheros 10k card in the PCIe slot and a AzureWave AW-NU706H USB WiFi card in the other.

This worked great thus far, especially since the rt2800 drivers gained some more attention lately. But unfortunately 802.11w is indeed not supported in HW (random patch I found) and therefor WPA3 isn't either. I did disable HW encryption like @accelerate and the patch writer suggested. And it seems to work WPA3 can now be enabled and stations are able to connect.

But by doing encryption in software does that have any negative effect (except from the stated lower throughput)? Also I'm curious, my APU3's CPU is quite powerful as a dump AP and even has a HW AES engine build in. Maybe this can be used somehow?

There should not be any negative effects. As far as I know it's only about performance.

If you want to know more about when and how HW encryption is used in general, I suggest you better open a new thread.

1 Like

My intention was not to hijack your thread with questions about my device, but more like a general question to speed up AES while still using the rt2800 driver. My apologies if it seemed that way.

Since your device features a MT76x0 chipset, Did you try the MT76 driver? LuCI seems to indicate that the MT76 driver does support 802.11w:


EDIT: Never mind, while it is said to support MT76x0 chipsets the MT7620 is not supported.

Indeed, mt7620 is kind of a hybrid between the old RaLink and the newer Mediatek branded designs, the wireless hardware itself is still (exclusively) supported by rt2800pci.

Don't worry, I just suggested that because I thought you may get a better answer that way :slight_smile:

1 Like

Is the fact that rt2800soc doesn't support ieee802.11w a hardware limitation (ie it will never support it) of a software one (ie possibly support will be added in future)?

2 Likes