Hi there - I have a Redmi AC2100 that I was trying to setup as an 802.11s mesh AP, and no matter what I tried on OpenWrt 23.05.5 and 24.10 RC5, I was not able to get encryption to work with 802.11s.
As part of my setup I ensured that the full version of wpad-openssl was installed and rebooted, yet when I select WPA3-SAE, it would revert back to "none" on the encryption type. I'm not keen on using unencrypted mesh so I had to switch to WDS instead.
Just wondering if this is a known issue? I'm not quite sure if I am missing something here. I used the exact same process with an Archer C7 (after replacing the appropriate packages "ct" for "non-ct") and Redmi AX6s and those worked fine. Suggestions appreciated!
Yes, very likely.
The problem with iwinfo is definitely still "fixed", ie not reverted, but luci is broken with many things do do with mesh configs.
You can check the encryption by opening an ssh terminal session and running iwinfo
Here is an example on my test system where there are numerous virtual wireless interfaces with various encryption types as well as some open networks (stress testing ) See the first entry for interface m-11s-0
:
root@meshnode-8ecb:~# iwinfo
m-11s-0 ESSID: "92d490daf46cfe534c56ddd669297e"
Access Point: 96:83:C4:A2:8E:CB
Mode: Mesh Point Channel: 1 (2.412 GHz) HT Mode: HT40
Center Channel 1: 3 2: unknown
Tx-Power: 20 dBm Link Quality: 70/70
Signal: -35 dBm Noise: -83 dBm
Bit Rate: 135.5 MBit/s
Encryption: WPA3 SAE (CCMP)
Type: nl80211 HW Mode(s): 802.11ax/b/g/n
Hardware: embedded [MediaTek MT7986]
TX power offset: none
Frequency offset: none
Supports VAPs: yes PHY name: phy0
open0-0 ESSID: "OpenWrt-2g-8ecb"
Access Point: 96:83:C4:A3:8E:CB
Mode: Master Channel: 1 (2.412 GHz) HT Mode: HE40
Center Channel 1: 3 2: unknown
Tx-Power: 20 dBm Link Quality: unknown/70
Signal: unknown Noise: -83 dBm
Bit Rate: unknown
Encryption: none
Type: nl80211 HW Mode(s): 802.11ax/b/g/n
Hardware: embedded [MediaTek MT7986]
TX power offset: none
Frequency offset: none
Supports VAPs: yes PHY name: phy0
open1-1 ESSID: "OpenWrt-5g-8ecb"
Access Point: 96:83:C4:A4:8E:CB
Mode: Master Channel: 36 (5.180 GHz) HT Mode: HE80
Center Channel 1: 42 2: unknown
Tx-Power: 23 dBm Link Quality: unknown/70
Signal: unknown Noise: -92 dBm
Bit Rate: unknown
Encryption: none
Type: nl80211 HW Mode(s): 802.11ac/ax/n
Hardware: embedded [MediaTek MT7986]
TX power offset: none
Frequency offset: none
Supports VAPs: yes PHY name: phy1
open2-0 ESSID: "Guest-2g-8ecb"
Access Point: 96:83:C4:A5:8E:CB
Mode: Master Channel: 1 (2.412 GHz) HT Mode: HE40
Center Channel 1: 3 2: unknown
Tx-Power: 20 dBm Link Quality: unknown/70
Signal: unknown Noise: -83 dBm
Bit Rate: unknown
Encryption: none
Type: nl80211 HW Mode(s): 802.11ax/b/g/n
Hardware: embedded [MediaTek MT7986]
TX power offset: none
Frequency offset: none
Supports VAPs: yes PHY name: phy0
open3-1 ESSID: "Guest-5g-8ecb"
Access Point: 96:83:C4:A6:8E:CB
Mode: Master Channel: 36 (5.180 GHz) HT Mode: HE80
Center Channel 1: 42 2: unknown
Tx-Power: 23 dBm Link Quality: unknown/70
Signal: unknown Noise: -92 dBm
Bit Rate: unknown
Encryption: none
Type: nl80211 HW Mode(s): 802.11ac/ax/n
Hardware: embedded [MediaTek MT7986]
TX power offset: none
Frequency offset: none
Supports VAPs: yes PHY name: phy1
owe0-0 ESSID: "OpenWrt-2g-8ecb"
Access Point: 96:83:C4:A7:8E:CB
Mode: Master Channel: 1 (2.412 GHz) HT Mode: HE40
Center Channel 1: 3 2: unknown
Tx-Power: 20 dBm Link Quality: unknown/70
Signal: unknown Noise: -83 dBm
Bit Rate: unknown
Encryption: WPA3 OWE (CCMP)
Type: nl80211 HW Mode(s): 802.11ax/b/g/n
Hardware: embedded [MediaTek MT7986]
TX power offset: none
Frequency offset: none
Supports VAPs: yes PHY name: phy0
owe1-1 ESSID: "OpenWrt-5g-8ecb"
Access Point: 96:83:C4:A8:8E:CB
Mode: Master Channel: 36 (5.180 GHz) HT Mode: HE80
Center Channel 1: 42 2: unknown
Tx-Power: 23 dBm Link Quality: unknown/70
Signal: unknown Noise: -92 dBm
Bit Rate: unknown
Encryption: WPA3 OWE (CCMP)
Type: nl80211 HW Mode(s): 802.11ac/ax/n
Hardware: embedded [MediaTek MT7986]
TX power offset: none
Frequency offset: none
Supports VAPs: yes PHY name: phy1
owe2-0 ESSID: "Guest-2g-8ecb"
Access Point: 96:83:C4:A9:8E:CB
Mode: Master Channel: 1 (2.412 GHz) HT Mode: HE40
Center Channel 1: 3 2: unknown
Tx-Power: 20 dBm Link Quality: unknown/70
Signal: unknown Noise: -83 dBm
Bit Rate: unknown
Encryption: WPA3 OWE (CCMP)
Type: nl80211 HW Mode(s): 802.11ax/b/g/n
Hardware: embedded [MediaTek MT7986]
TX power offset: none
Frequency offset: none
Supports VAPs: yes PHY name: phy0
owe3-1 ESSID: "Guest-5g-8ecb"
Access Point: 96:83:C4:AA:8E:CB
Mode: Master Channel: 36 (5.180 GHz) HT Mode: HE80
Center Channel 1: 42 2: unknown
Tx-Power: 23 dBm Link Quality: unknown/70
Signal: unknown Noise: -92 dBm
Bit Rate: unknown
Encryption: WPA3 OWE (CCMP)
Type: nl80211 HW Mode(s): 802.11ac/ax/n
Hardware: embedded [MediaTek MT7986]
TX power offset: none
Frequency offset: none
Supports VAPs: yes PHY name: phy1
root@meshnode-8ecb:~#
You can do another test to confirm encryption on the mesh backhaul.
Configure one node with encryption set to "none".
Now restart it and see if it manages to join the mesh. If encryption is really working on the others, it will fail to connect.
It failed to connect unless I switched my AP's encryption to "none". Which means it's not just a display bug, unless I am missing something. I only tried wolfssl and openssl, not wpad-mesh-mbedtls, although it would be strange that this would not work.