Redmi AC2100 802.11s Encryption Not Working

Hi there - I have a Redmi AC2100 that I was trying to setup as an 802.11s mesh AP, and no matter what I tried on OpenWrt 23.05.5 and 24.10 RC5, I was not able to get encryption to work with 802.11s.

As part of my setup I ensured that the full version of wpad-openssl was installed and rebooted, yet when I select WPA3-SAE, it would revert back to "none" on the encryption type. I'm not keen on using unencrypted mesh so I had to switch to WDS instead.

Just wondering if this is a known issue? I'm not quite sure if I am missing something here. I used the exact same process with an Archer C7 (after replacing the appropriate packages "ct" for "non-ct") and Redmi AX6s and those worked fine. Suggestions appreciated!

This may help:

Yes, very likely.
The problem with iwinfo is definitely still "fixed", ie not reverted, but luci is broken with many things do do with mesh configs.

You can check the encryption by opening an ssh terminal session and running iwinfo

Here is an example on my test system where there are numerous virtual wireless interfaces with various encryption types as well as some open networks (stress testing :wink: ) See the first entry for interface m-11s-0:

root@meshnode-8ecb:~# iwinfo
m-11s-0   ESSID: "92d490daf46cfe534c56ddd669297e"
          Access Point: 96:83:C4:A2:8E:CB
          Mode: Mesh Point  Channel: 1 (2.412 GHz)  HT Mode: HT40
          Center Channel 1: 3 2: unknown
          Tx-Power: 20 dBm  Link Quality: 70/70
          Signal: -35 dBm  Noise: -83 dBm
          Bit Rate: 135.5 MBit/s
          Encryption: WPA3 SAE (CCMP)
          Type: nl80211  HW Mode(s): 802.11ax/b/g/n
          Hardware: embedded [MediaTek MT7986]
          TX power offset: none
          Frequency offset: none
          Supports VAPs: yes  PHY name: phy0

open0-0   ESSID: "OpenWrt-2g-8ecb"
          Access Point: 96:83:C4:A3:8E:CB
          Mode: Master  Channel: 1 (2.412 GHz)  HT Mode: HE40
          Center Channel 1: 3 2: unknown
          Tx-Power: 20 dBm  Link Quality: unknown/70
          Signal: unknown  Noise: -83 dBm
          Bit Rate: unknown
          Encryption: none
          Type: nl80211  HW Mode(s): 802.11ax/b/g/n
          Hardware: embedded [MediaTek MT7986]
          TX power offset: none
          Frequency offset: none
          Supports VAPs: yes  PHY name: phy0

open1-1   ESSID: "OpenWrt-5g-8ecb"
          Access Point: 96:83:C4:A4:8E:CB
          Mode: Master  Channel: 36 (5.180 GHz)  HT Mode: HE80
          Center Channel 1: 42 2: unknown
          Tx-Power: 23 dBm  Link Quality: unknown/70
          Signal: unknown  Noise: -92 dBm
          Bit Rate: unknown
          Encryption: none
          Type: nl80211  HW Mode(s): 802.11ac/ax/n
          Hardware: embedded [MediaTek MT7986]
          TX power offset: none
          Frequency offset: none
          Supports VAPs: yes  PHY name: phy1

open2-0   ESSID: "Guest-2g-8ecb"
          Access Point: 96:83:C4:A5:8E:CB
          Mode: Master  Channel: 1 (2.412 GHz)  HT Mode: HE40
          Center Channel 1: 3 2: unknown
          Tx-Power: 20 dBm  Link Quality: unknown/70
          Signal: unknown  Noise: -83 dBm
          Bit Rate: unknown
          Encryption: none
          Type: nl80211  HW Mode(s): 802.11ax/b/g/n
          Hardware: embedded [MediaTek MT7986]
          TX power offset: none
          Frequency offset: none
          Supports VAPs: yes  PHY name: phy0

open3-1   ESSID: "Guest-5g-8ecb"
          Access Point: 96:83:C4:A6:8E:CB
          Mode: Master  Channel: 36 (5.180 GHz)  HT Mode: HE80
          Center Channel 1: 42 2: unknown
          Tx-Power: 23 dBm  Link Quality: unknown/70
          Signal: unknown  Noise: -92 dBm
          Bit Rate: unknown
          Encryption: none
          Type: nl80211  HW Mode(s): 802.11ac/ax/n
          Hardware: embedded [MediaTek MT7986]
          TX power offset: none
          Frequency offset: none
          Supports VAPs: yes  PHY name: phy1

owe0-0    ESSID: "OpenWrt-2g-8ecb"
          Access Point: 96:83:C4:A7:8E:CB
          Mode: Master  Channel: 1 (2.412 GHz)  HT Mode: HE40
          Center Channel 1: 3 2: unknown
          Tx-Power: 20 dBm  Link Quality: unknown/70
          Signal: unknown  Noise: -83 dBm
          Bit Rate: unknown
          Encryption: WPA3 OWE (CCMP)
          Type: nl80211  HW Mode(s): 802.11ax/b/g/n
          Hardware: embedded [MediaTek MT7986]
          TX power offset: none
          Frequency offset: none
          Supports VAPs: yes  PHY name: phy0

owe1-1    ESSID: "OpenWrt-5g-8ecb"
          Access Point: 96:83:C4:A8:8E:CB
          Mode: Master  Channel: 36 (5.180 GHz)  HT Mode: HE80
          Center Channel 1: 42 2: unknown
          Tx-Power: 23 dBm  Link Quality: unknown/70
          Signal: unknown  Noise: -92 dBm
          Bit Rate: unknown
          Encryption: WPA3 OWE (CCMP)
          Type: nl80211  HW Mode(s): 802.11ac/ax/n
          Hardware: embedded [MediaTek MT7986]
          TX power offset: none
          Frequency offset: none
          Supports VAPs: yes  PHY name: phy1

owe2-0    ESSID: "Guest-2g-8ecb"
          Access Point: 96:83:C4:A9:8E:CB
          Mode: Master  Channel: 1 (2.412 GHz)  HT Mode: HE40
          Center Channel 1: 3 2: unknown
          Tx-Power: 20 dBm  Link Quality: unknown/70
          Signal: unknown  Noise: -83 dBm
          Bit Rate: unknown
          Encryption: WPA3 OWE (CCMP)
          Type: nl80211  HW Mode(s): 802.11ax/b/g/n
          Hardware: embedded [MediaTek MT7986]
          TX power offset: none
          Frequency offset: none
          Supports VAPs: yes  PHY name: phy0

owe3-1    ESSID: "Guest-5g-8ecb"
          Access Point: 96:83:C4:AA:8E:CB
          Mode: Master  Channel: 36 (5.180 GHz)  HT Mode: HE80
          Center Channel 1: 42 2: unknown
          Tx-Power: 23 dBm  Link Quality: unknown/70
          Signal: unknown  Noise: -92 dBm
          Bit Rate: unknown
          Encryption: WPA3 OWE (CCMP)
          Type: nl80211  HW Mode(s): 802.11ac/ax/n
          Hardware: embedded [MediaTek MT7986]
          TX power offset: none
          Frequency offset: none
          Supports VAPs: yes  PHY name: phy1

root@meshnode-8ecb:~# 

You can do another test to confirm encryption on the mesh backhaul.
Configure one node with encryption set to "none".
Now restart it and see if it manages to join the mesh. If encryption is really working on the others, it will fail to connect.

It failed to connect unless I switched my AP's encryption to "none". Which means it's not just a display bug, unless I am missing something. I only tried wolfssl and openssl, not wpad-mesh-mbedtls, although it would be strange that this would not work.