iPhone 13 Mini issues with 802.11r

Ever since I got my iPhone 13 Mini shortly after its launch it's been having issues with my 802.11r enabled network. This is what happens:

  1. The iPhone connects to the first AP without issues.
  2. When it is moved to an area where the signal strength is poor it initiates a roam, but it never switches to the new AP. The router logs seem to indicate that the FT authentication is successful, but the iPhone disconnects shortly after this. It only disconnects from the AP it tries to roam to, the connection to the original AP is never dropped.
  3. This process repeats itself for as long as the iPhone is in an area with poor signal strength.

This happens on a networks with WPA2+802.11r (FT-PSK) and WPA3+802.11r (FT-SAE). Enabling or disabling 802.11w doesn't have any effect, and I have confirmed that other Apple devices (an iPhone 8 and a 5th gen. iPad) roam just fine. This makes me suspect there's a firmware bug in the WiFi chipset of the iPhone 13 Mini. If my theory is correct, it's possible that other 12 and 13 series iPhones are affected since they use the same WiFi chipset (USI 339S00761).

Has anyone else with a 12 or 13 series iPhone seen this issue?


Excerpt from log showing seemingly successful FT-authentication and disconnect shortly afterwards:

log
Fri Dec 17 13:59:09 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Fri Dec 17 13:59:09 2021 daemon.debug hostapd: wlan1: STA 16:4c:fa:05:f5:05 IEEE 802.11: binding station to interface 'wlan1'
Fri Dec 17 13:59:09 2021 daemon.debug hostapd: wlan1: STA 16:4c:fa:05:f5:05 IEEE 802.11: authentication OK (FT)
Fri Dec 17 13:59:09 2021 daemon.debug hostapd: wlan1: STA 16:4c:fa:05:f5:05 MLME: MLME-AUTHENTICATE.indication(16:4c:fa:05:f5:05, FT)
Fri Dec 17 13:59:09 2021 daemon.debug hostapd: wlan1: STA 16:4c:fa:05:f5:05 IEEE 802.11: association OK (aid 2)
Fri Dec 17 13:59:09 2021 daemon.info hostapd: wlan1: STA 16:4c:fa:05:f5:05 IEEE 802.11: associated (aid 2)
Fri Dec 17 13:59:09 2021 daemon.notice hostapd: wlan1: AP-STA-CONNECTED 16:4c:fa:05:f5:05
Fri Dec 17 13:59:09 2021 daemon.debug hostapd: wlan1: STA 16:4c:fa:05:f5:05 MLME: MLME-REASSOCIATE.indication(16:4c:fa:05:f5:05)
Fri Dec 17 13:59:09 2021 daemon.debug hostapd: wlan1: STA 16:4c:fa:05:f5:05 IEEE 802.11: binding station to interface 'wlan1'
Fri Dec 17 13:59:09 2021 daemon.debug hostapd: wlan1: STA 16:4c:fa:05:f5:05 WPA: event 6 notification
Fri Dec 17 13:59:09 2021 daemon.debug hostapd: wlan1: STA 16:4c:fa:05:f5:05 WPA: FT authentication already completed - do not start 4-way handshake
Fri Dec 17 13:59:11 2021 daemon.notice hostapd: wlan1: AP-STA-DISCONNECTED 16:4c:fa:05:f5:05
Fri Dec 17 13:59:11 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Fri Dec 17 13:59:11 2021 daemon.debug hostapd: wlan1: STA 16:4c:fa:05:f5:05 IEEE 802.11: binding station to interface 'wlan1'
Fri Dec 17 13:59:11 2021 daemon.debug hostapd: wlan1: STA 16:4c:fa:05:f5:05 IEEE 802.11: authentication OK (FT)
Fri Dec 17 13:59:11 2021 daemon.debug hostapd: wlan1: STA 16:4c:fa:05:f5:05 MLME: MLME-AUTHENTICATE.indication(16:4c:fa:05:f5:05, FT)
Fri Dec 17 13:59:11 2021 daemon.debug hostapd: wlan1: STA 16:4c:fa:05:f5:05 IEEE 802.11: association OK (aid 2)
Fri Dec 17 13:59:11 2021 daemon.info hostapd: wlan1: STA 16:4c:fa:05:f5:05 IEEE 802.11: associated (aid 2)
Fri Dec 17 13:59:11 2021 daemon.notice hostapd: wlan1: AP-STA-CONNECTED 16:4c:fa:05:f5:05
Fri Dec 17 13:59:11 2021 daemon.debug hostapd: wlan1: STA 16:4c:fa:05:f5:05 MLME: MLME-REASSOCIATE.indication(16:4c:fa:05:f5:05)
Fri Dec 17 13:59:11 2021 daemon.debug hostapd: wlan1: STA 16:4c:fa:05:f5:05 IEEE 802.11: binding station to interface 'wlan1'
Fri Dec 17 13:59:11 2021 daemon.debug hostapd: wlan1: STA 16:4c:fa:05:f5:05 WPA: event 6 notification
Fri Dec 17 13:59:11 2021 daemon.debug hostapd: wlan1: STA 16:4c:fa:05:f5:05 WPA: FT authentication already completed - do not start 4-way handshake
Fri Dec 17 13:59:13 2021 daemon.notice hostapd: wlan1: AP-STA-DISCONNECTED 16:4c:fa:05:f5:05
1 Like

Try setting Time Interval for rekeying GTK to a larger value.

It's a known issue, multiple people have already reported. As far as I know there is no solution nor workaround.

I have an hypothesis this issue is some sort of incompatibility of OpenWRT with Apple's "PMKID caching " feature. See more details here.

@anon89577378 I still see key addition failed in the log when increasing it from 600 to 20000, but I don't actually think that message means that anything bad has happened. I seem to remember reading a post on the hostapd mailing list or some other linux wireless list where Jouni Malinen mentioned that the message is due to the driver not supporting key addition in an early phase of the authentication cycle. This just means that the key will be added at a later stage. Unfortunately, I can't find that email, and I've tried quite hard.

@dsouza I'm not entierly sure that's the same issue... I see that you initially created that thread way back in 2017, and a lot of things have changed since then (hostapd, iOS/iPadOS etc.). I don't have any issues with roaming on an iPad 5th gen. and an iPhone 8, although I haven't actually conducted any detailed latency analyses like you have. It could be due to me also using 802.11k which additionally speeds up the roaming process.

It may be same issue or not, but I’m running a fresh snapshot build and I’m still seeing this issue (see log below).

This problem only happens when iOS devices (iPhone 11, iPhone XR and iPad 2017) roam from one AP to another with 802.11r enabled.

FT Roaming with these devices is not really working. While they switch quickly from one AP to another, at least in my experience because of this error they need to reauthenticate. With a ping running, I can see about 3 or 4 packets lost whenroaming from one AP to another.

Anyway, in fact your issue might be different but I do believe they may have the same root cause.

log

root@ap1-router:~# logread | grep "key addition"
Sun Dec 19 17:15:22 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Sun Dec 19 17:34:01 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Sun Dec 19 19:01:36 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Sun Dec 19 19:02:44 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Sun Dec 19 19:03:33 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Sun Dec 19 19:05:57 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Sun Dec 19 19:09:01 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Sun Dec 19 19:21:13 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Sun Dec 19 19:31:46 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Sun Dec 19 20:03:23 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Sun Dec 19 20:03:23 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Sun Dec 19 20:15:19 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Sun Dec 19 20:20:48 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Sun Dec 19 20:22:32 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Sun Dec 19 20:24:03 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Sun Dec 19 20:54:01 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Sun Dec 19 21:16:28 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Sun Dec 19 21:50:34 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Sun Dec 19 21:52:09 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Sun Dec 19 21:52:25 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Sun Dec 19 21:53:59 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Sun Dec 19 21:54:26 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Sun Dec 19 21:56:41 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Sun Dec 19 22:02:50 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Sun Dec 19 22:08:03 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Sun Dec 19 22:09:16 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Mon Dec 20 05:47:52 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Mon Dec 20 06:17:23 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Mon Dec 20 06:47:33 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Mon Dec 20 06:50:20 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
Mon Dec 20 06:51:05 2021 daemon.err hostapd: nl80211: kernel reports: key addition failed
root@ap1-router:~#

Is your iPad 2017 a fifth gen. iPad (you can check under Settings -> General -> About)? If it is, then it's the same model as mine, and mine never needs to reauthenticate after roaming with 802.11r.

What else do you see in the log other than "key addition failed"? As I previously mentioned, I'm pretty sure that message doesn't mean that the roam is failing. Do you see that the devices have to do a full authentication after a failed roam?

Is it expected that the packet loss should be zero when 802.11r is enabled?