Problems trying out WPA3

twinkleLED · November 27, 2019, 3:48pm

I have a TP c7v5. I have installed 19.07 rc1 on it, along with wolfSSL wpad.

I created three testing networks, using SAE, SAE-Mixed, and OWE, the first two of which have a simple encryption key.

If I enable only the SAE network, then I can connect from my iOS 13 ipad. When I enable the other two networks I can no longer connect to SAE network, nor to the new networks.

Should I expect problems if I have different types of WPA3 networks defined on the same radio?

My config, done though LUCI, is as follows:

wireless.radio1=wifi-device
wireless.radio1.type='mac80211'
wireless.radio1.channel='11'
wireless.radio1.hwmode='11g'
wireless.radio1.path='platform/ahb/ahb:apb/18100000.wmac'
wireless.radio1.htmode='HT20'
wireless.radio1.legacy_rates='0'
wireless.wifinet0=wifi-iface
wireless.wifinet0.device='radio1'
wireless.wifinet0.mode='ap'
wireless.wifinet0.ssid='wpa3only'
wireless.wifinet0.ieee80211w='2'
wireless.wifinet0.encryption='sae'
wireless.wifinet0.network='lan'
wireless.wifinet0.key='abcdefghijk'
wireless.wifinet1=wifi-iface
wireless.wifinet1.device='radio1'
wireless.wifinet1.mode='ap'
wireless.wifinet1.ssid='wpa3mixed'
wireless.wifinet1.ieee80211w='1'
wireless.wifinet1.encryption='sae-mixed'
wireless.wifinet1.network='lan'
wireless.wifinet1.key='abcdefghijk'
wireless.wifinet2=wifi-iface
wireless.wifinet2.device='radio1'
wireless.wifinet2.mode='ap'
wireless.wifinet2.ieee80211w='2'
wireless.wifinet2.ssid='owe'
wireless.wifinet2.encryption='owe'

lantis1008 · November 27, 2019, 8:17pm

Have you tried the openssl variant of wpad/hostapd? I think some people were having trouble initially.

Have you tried without specifying the 80211w options?

twinkleLED · November 29, 2019, 8:40pm

Have you tried without specifying the 80211w options?

Those values (Required == 2) were interestingly the default when I created the new networks.

I have changed to use wpad-openssl and it seems to work. OWE does not work well on either, but that might also be a iOS client issue.

lantis1008 · November 29, 2019, 8:55pm

Interesting. I've never specified them.

I've only tried OWE with an android device and a pre ios 13 apple device.
It worked fine on android which understood OWE.
It failed on iPhone.
Putting the network in transition mods had both working fine (obviously the iPhone not on OWE)

Need to test with new OS

slh · November 29, 2019, 11:33pm

WPA3-only defaults to ieee80211w=2 (requried), as 11w/ pmf is a mandatory feature of the WPA3 standard.

WPA3/ WPA2 mixed defaults to ieee80211w=1 (optional), as 11w/ pmf isn't a required feature of WPA2 - and many (most) existing wireless devices don't support (properly or at all) yet (and many never will).

It is possible to explicitly configure SAE without 11w/ pmf, while not WPA3 standards compliant, it will be easier to existing clients.

knacky · November 30, 2019, 3:05am

When using hostapd-wolfssl I had bad experiences with my Pixel 3 running Android 10 getting or staying connected with WPA3 when config was 'sae' or 'sae-mixed'. Sometimes would connect, usually kept trying and failing. Would never stay connected more than an hour before dropping. Same symptoms with a Win10 1904 laptop and Intel 9260 card.

Changed to hostapd-openssl and now it's solid, zero issues getting or staying connected WPA3 with phone or laptop.

This is from compiling off trunk btw.