OWE and transition SSID

lantis1008 · August 28, 2019, 11:35am

Has anyone managed to get OWE with Transition SSID/BSSID to work? Can you provide an example config file to demonstrate?

I've tried locally and devices which support OWE can see it correctly and join.
Devices that don't support OWE mistake it for a WPA2 network and ask for a password, then failing to connect. This is the behaviour that apparently is indicative of the transition network not working.

lantis1008 · September 6, 2019, 1:38pm

I eventually got this working (i think). There's a pretty specific way you need to configure this.
Each AP has to point to the other one, which is not very intuitive (at least to me) from reading the documentation, which i read as only the OPEN AP needs to point to the OWE AP.
It is also recommended (don't know if mandatory) to have the OWE AP hidden.

Instead of pointing to each network by ssid/bssid, you can use owe_transition_ifname=wlan0 or wlan0-1 for example, however the Openwrt hostapd script is not setup to pass that to hostapd (yet?).

For a client that was not OWE aware, this appeared as just an open network and connection occurred as normal.
For a client that was OWE aware, connection took an extra 5 or so seconds on average, and i could see from iwinfo that the client was pushed onto the OWE AP. It continued to show 'open test' as the network it was connected to and no encryption. However an AP scan from this device recognised the AP as having OWE encryption.
If there's a way to verify what encryption a client has connected with i'd be happy to try it.

Config:

config wifi-device 'radio0'
    option type 'mac80211'
    option channel '11'
    option hwmode '11g'
    option path 'pci0000:00/0000:00:11.0'
    option htmode 'HT20'

config wifi-iface 'ap_g_owe'
    option device 'radio0'
    option mode 'ap'
    option network 'lan'
    option ssid 'owe test'
    option bssid '11:22:33:44:55:77'
    option encryption 'owe'
    option hidden '1'
    option owe_transition_ssid 'open test'
    option owe_transition_bssid '11:22:33:44:55:66'

config wifi-iface 'ap_g_open'
    option device 'radio0'
    option mode 'ap'
    option network 'lan'
    option ssid 'open test'
    option bssid '11:22:33:44:55:66'
    option encryption 'open'
    option owe_transition_ssid 'owe test'
    option owe_transition_bssid '11:22:33:44:55:77'

system · September 16, 2019, 1:38pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.