Problems with WIFI roaming Fast transitions/Frame protection in some devices

I don't know if this is a problem just with openWRT or a general problem with all routers.

I have recently activated Fast Transitions (802.11r) using FT over the air to get smooth roaming from two devices.
It works great.... when it works.

Some devices (mainly Android devices with version previous to 11, but also a windows 10 devices too) could not even connect to the Wifi when I activate it.
They do not complain or give any error, just try and disconnect, apearing the network as "saved".

After some tweaking and investigation, I have found that there seems to be some incompatibility (in some devices) between Fast transitions (802.11r) and Management Frame Protection (802.11w).
If I deactivate MFP (802.11w) they can connect and everything seems to work (or if I keep it activated and do not activate 802.11r FT, of course).
I have tried change transition from FT over the air to FT over DS, with the same results.

The problem is that there are other devices running Android 11 (at least one mobile I have) that do not connect to the network if MFP 802.11w is deactivated and fail to connec silently, it seems that it need at least Optional level or Enabled, but disallow connection if it is set to disabled.
It seems a security measure taken by Android developers.

It does not sem a good idea to deactivate MFP (802.11w) as some attacks come from sniffing management data interchanged by devices and access points, so keeping it cyphered seems a good measured.

Thus, I have not found a configurations that keeps everybody in the city happy.

Is there a configuration that lets you activate FT and MFP without connection problems with many devices?

Is it a problem only with openWRT or is a general problem?

I am now a bit desperate
After reverting configuration of both routers to default, without Fast transitions and Managemente Frame Protection set to Optional, most devices can connect to WIFI.
But there is one device with windows 10 (a surface 3) that can't connect to the WIFI.
It was connecting normally previous to config changes, and yesterday it get connected after reverting to no fast transition.
But today it does not connect to any of the AP and don't know why (I have double checked the configuration of both AP).

The only thing I have done is config SQM in the main router, but it has not anything to do with WIFI and the devices does not connect in the other AP either, which has not been changed and has no SQM activated.

Well the problem with the windows 10 device (surface 3) was not caused by the Fast transition or frame protection setups.

The problem was that in openWRT the new WPA3 security protocol (WPA2/WPA3) is the default, as it provides enhanced security.

Even if it seems to be backward compatible with WPA2-PSK, the Marvel wifi chipset seems to have problems with it.
It only worked when I used WPA2-PSK only in the router.

After a driver upgrade to the last marvel driver, I could it to work.
But that driver is not in windows update, you need to install it manually.

I could find the driver here: Catálogo de Microsoft Update

The strange thing is that it was working without the driver upgrade, and suddenly I could not connect to the wifi. May be due to having forgotten the wifi connection.

But now it works without problems.

But there remain the problems with Fast transitions and management frame protection.

May be an upgrade of the wifi driver in the android 10 devices would solve the problems.

But in Android you only can upgrade the whole firmware and there is no new firmware for that mobiles.

So I had to deactivate fast transitions for now.

Nobody has problems with fast transitions and management frame protection on Android 10 devices?

Is there a way to upgrade the WIFI driver in a Android 10 device?

I suppose upgrading the driver to a newer one would solve the problem, as more recent android devices work well.

But usually in Android you can only upgrade the complete firmware with the upgrades provided by the manufactures, and manufacturer has abandoned these devices time ago.

I have noticed problems when using WPA-2-PSK+FT (over the air and over ds) and 802.11w too.
In my case the android device in question (a xiaomi phone) doesn't re-authenticate after a period of inactvity and i get a Wi-Fi connected without internet notification and of course there is no connectivity. The only way to solve it is to manually toggle on/off the Wi-Fi.
When using WPA2-PSK+FT (over the air in my case because i find it faster) without 802.11w there are no problems at all.
The problem occurs with 802.11w set to either optional or required.

In my case, devices with android 10 do not connect when 802.11r and 802.11w are activated at the same time.

Qith a android 11 device ut does no connect if 802.11w is disabled.

I noticed this problem too - If I have option ieee80211r '1' and option ieee80211w '1' then several 2.4g wifi devices refuse to connect, including my Honeywell Lyric thermostats (T6 Pro) and some wifi IP-cameras (LaView B9 - requiring both r and w set to 0).

Confusing because, setting ieee80211w '0' allows the thermostats to connect, but '1' is supposed to be 'optional' according to https://openwrt.org/docs/guide-user/network/wifi/basic
(note: I have the full wpad/hostapd version installed).

Probably a bug?