device
Wavlink WL-WN570HA1
Architecture
MediaTek MT7688 ver:1 eco:2
Firmware Version
OpenWrt 19.07.3 r11063-85e04e9f46
opkg remove wpad-basic;
opkg install wpad-mesh-openssl
When setting up mesh without encryption, the mesh works fine.
When configuring mesh with WPA3-SAE, the mesh does not sync.
Authentication error.
I've double verified that the passwords are identical.
Why?
I don't have any clue about mesh. But I would start with:
Is mesh encryption running as intended if you are using WPA2?
If the answer is yes then I would assume that WPA3 in combination with a mesh is not supported yet. I would expect that because mesh technology is older then WPA3 and WPA3 support in OpenWrt (or in general) is quite new.
Within the Luci interface, all variables of WPA2 is tagged as incompatible. In the dropdown box, I have 9 options of encryption and "no encryption". Only 2 is accepted, "no ecncription" and WPA3-SAE.
What else should I look for?
Did you install wpa-supplicant-mesh-openssl also?
Shoulg I replace wpad-mesh-openssl with wpa-supplicant-mesh-openssl?
root@OpenWrt:~# opkg install wpa-supplicant-mesh-openssl
Installing wpa-supplicant-mesh-openssl (2019-08-08-ca8c2bd2-4) to root...
Collected errors:
* check_conflicts_for: The following packages conflict with wpa-supplicant-mesh-openssl:
* check_conflicts_for: wpad-mesh-openssl *
* opkg_install_cmd: Cannot install package wpa-supplicant-mesh-openssl.
Ah, O. K. it conflicts so its fine.
But I have to say I have no idea anymore. 
In the wiki the setup is like:
config wifi-iface 'mesh'
option network 'mesh'
option device 'radio0'
option mode 'mesh'
option mesh_id 'your-mesh-name' # anything, this connects the nodes into one mesh (plus the password if there's any)
option encryption 'psk2/aes' # or 'none'
option key 'your-secret-password'
So it is set to psk2. So it should work at least with WPA2. oO
What is the content of your /etc/config/wireless?
EDIT: It might be irrelevant. But did you setup e.g. an ap on the same radio with different encryption settings?
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11g'
option path 'platform/10300000.wmac'
option country 'DE'
option htmode 'HT40'
option channel '6'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option encryption 'none'
option ssid 'www.Pose.Cafe'
option network 'CentreVille'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11a'
option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
option htmode 'VHT80'
option channel '44'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'AD'
option mesh_rssi_threshold '0'
option mesh_fwding '1'
option mode 'mesh'
option mesh_id 'PoseAD'
option disassoc_low_ack '0'
option encryption 'none'
Well try to set encryption manually in config directly:
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'AD'
option mesh_rssi_threshold '0'
option mesh_fwding '1'
option mode 'mesh'
option mesh_id 'PoseAD'
option disassoc_low_ack '0'
option encryption 'psk2/aes'
option key 'mesh_password'
and restart wpad/network
While inserting "option encryption 'psk2/aes'" manually, Luci gives this "Encryption: WPA3 SAE (CCMP)".
I still have no success. Remote station blocked.
root@OpenWrt:~# iw dev wlan1 station dump
Station 80:3f:5d:c3:4f:d6 (on wlan1)
inactive time: 100 ms
rx bytes: 142738
rx packets: 2586
tx bytes: 33856
tx packets: 463
tx retries: 0
tx failed: 0
rx drop misc: 62
signal: -2 [-2] dBm
signal avg: -2 [-2] dBm
tx bitrate: 6.0 MBit/s
rx duration: 113743 us
mesh llid: 0
mesh plid: 0
mesh plink: BLOCKED
mesh local PS mode: UNKNOWN
mesh peer PS mode: UNKNOWN
mesh non-peer PS mode: ACTIVE
authorized: no
authenticated: no
associated: no
preamble: long
WMM/WME: yes
MFP: yes
TDLS peer: no
DTIM period: 2
beacon interval:100
connected time: 71 seconds
From Wiki:
Block single peer from meshing
This may require the iw-full package! Block a peer from meshing using its MAC address
iw dev $MESH_IFACE station set $MAC_TO_BLOCK plink_action block
Verify using section above (iw dev $MESH_IFACE station dump)
mesh plink: BLOCKED
Unblock:
iw dev $MESH_IFACE station set $MAC_TO_UNBLOCK plink_action open
according to this source plink_action is not persisted across reconnects of mesh links.
So it might be your station is blocked on master? I have really no clue. Just guessing. 
As far as I know, I don't believe there is a master in a mesh config.
Well lets try to get more information:
uci set wireless.radio1.log_level=1
uci commit wireless
wifi up
Then try to connect and drop logread here.
I think I found it. While testing on another wireless card, I get this
root@linux:/home/george# iw list | grep "Supported Ciphers" -A 6
Supported Ciphers:
* WEP40 (00-0f-ac:1)
* WEP104 (00-0f-ac:5)
* TKIP (00-0f-ac:2)
* CCMP-128 (00-0f-ac:4)
While doing the same command on the mesh device I'm tring to setup, I get this
root@OpenWrt:~# iw list | grep "Supported Ciphers" -A 6
root@OpenWrt:~#
Nothing! Looks like
Wavlink WL-WN570HA1
Chip set
MediaTek MT7610E
does not support encryption.
I appoligize for the waist of time this occured. I should of looked it to this to beggin with.
Thanks for your help.
Ah O.K. That makes sense for a simple repeater. So mark this thread as solved so that others will not have a look into this what we have produced in this thread. xD
How do I mark this thread as solved?
Just mark your post with your finding about the encryption as the solution. Then this thread gets marked with a small check mark.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.