Now that Fast Transition (802.11r
) is working again, my attention moves on to further advances in my home WiFi setup. I'd like to adopt WPA3.
WPA3 requires Protected Management Frames (OpenWRT terms 802.11w Management Frame Protection
). It seems that OpenWRT requires more than just the default wpad-basic-wolfssl
for PMF. I have now replaced that with wpad-wolfssl
and . Yet Analiti suggests that PMF is still "Not supported". This on BT Home Hub 5A (lantiq/xrx-200) & TP-Link EAP235-Wall & EAP615-Wall (both ramips/mt7621) devices.
With wpad-wolfssl
, 802.11w MFP
& WPA3 installed/enabled, WPA3 itself works despite the apparent lack of PMF, but my Android device doesn't roam at all well. It would rather drop back to mobile data than find the next access point as I walk through the house. The are no auth_alg=ft
messages in any of my logs.
By the way, a surprising side effect of upgrading wpad
is that the 3 802.11k Radio Resource Management
options appeared in luci
(Network ¦ Wireless ¦ Edit ¦ Interface Configuration - Advanced Settings). Before I had to enable this in /etc/config/wireless
with option ieee80211k '1'
(plus option rrm_neighbor_report '0'
& option rrm_beacon_report '0'
if these 2 options aren't desired - unusually an absence of these entries enables the option(s)). Analati had already reported this as supported when enabled in config. It seems luci
thinks that 802.11k RRM
requires more than wpad-basic
when this isn't a strict requirement.
That said 802.11k RRM
lists don't seem to be populated on their own via radio measurements. Likely too early for me to give up on https://github.com/simonyiszk/openwrt-rrm-nr-distributor.
Has anyone gotten WPA3 working with Fast Transition? How about 802.11k RRM
?
UPDATE: Further testing suggests that neighbor report via radio management doesn't actually populate the RRM neighbor report. Same for beacon report, although the latter relies on client (STA) functionality so can't be sure that my device isn't to blame. Thus reliance on rrm-nr-distributor
plus option rrm_neighbor_report '0'
& option rrm_beacon_report '0'
remains sensible. And that I can go back to wpad-basic-wolfssl
without missing anything important.