[Solved] WPA3 Personal on OpenWrt 19.07.5


tried to get WPA3 Personal on my D-Link DIR-860L B1 router running OpenWrt 19.07.5 by following the instructions from here:

And got into this error:
# opkg install hostapd-openssl
Installing hostapd-openssl (2019-08-08-ca8c2bd2-4) to root...
Downloading http://downloads.openwrt.org/releases/19.07.5/packages/mipsel_24kc/base/hostapd-openssl_2019-08-08-ca8c2bd2-4_mipsel_24kc.ipk
Collected errors:
 * check_data_file_clashes: Package hostapd-openssl wants to install file /usr/sbin/hostapd
        But that file is already provided by package  * wpad-basic
 * opkg_install_cmd: Cannot install package hostapd-openssl.

Should I install the wpad-openssl ? But that would also (I guess) conflict with the available wpad-basic. Should I uninstall wpad-basic first? Is that even possible? (it comes by default included in the OpenWrt firmware image).

Any help appreciated.

And how could I clean the crap left by the failed installation attempt described above?
/dev/mtdblock8 11648 6448 5200 55% /overlay
overlayfs:/overlay 11648 6448 5200 55% /
/dev/mtdblock8 11648 6460 5188 55% /overlay
overlayfs:/overlay 11648 6460 5188 55% /

If this command fails no changes are made to filesystem - no need to cleanup (you can clean up ram by reboot).

Yes, you have to remove wpad-basic and install hostapd-openssl.
You will not restore flash space on uninstalling wpad-basic, because it is included by default in OpenWRT image (squashfs does not allow to modify filesystem, so removing files will actually take a little space instead of freeing it).

After you install hostapd-openssl, you should be able to setup wpa3 ap. But you can also install smaller alternative: hostapd-wolfssl, if you do not use openssl now.

1 Like

Thanks for the quick reply!

Will try it tomorrow, it's already late now and I'm pretty tired too.

Well, it appears I lost 12kb with this failed attempt and I remember opkg wasn't really cleaning up the temp files after a failed installation attempt on OpenWrt 15.x. At that time there were some elaborated scripts posted here in the forum that searched for leftovers and cleaned them up.
I guess reinstalling the hostapd-openssl after uninstalling the wpad-basic will overwrite the temp files and opkg will properly finalize the installation & clean (move) them.

I do appreciate the efforts put in these other ssl libs, but I'm reluctant to use them and prefer to stick with openssl, plenty of free space on the router to accommodate it (BTW, openssl packages are already installed&available for OpenVPN and other services). It's the main opensource ssl lib and it looks properly cared about nowadays (after the past "big" issues and overhauling).

If openssl was already installed, it is best to choose openssl version of hostapd/wpad.

The only place opkg could not clean - as I know is /tmp.
Do not know why you lost 12kb, but remember that you can never rely on jffs2 free space reporting (even creating a file and deleting it could not always restore space).

Ok, got it done with the following sequence:

opkg update
opkg remove wpad-basic
opkg install hostapd-openssl
/etc/init.d/uhttpd restart

Problem is, I lost half of the speed on both 2,4GHz & 5GHz while still connected on WPA2 with the Android clients (don't know why they didn't switch to WPA3), with the router configured as:
sae-mixed WPA2/WPA3 Personal (PSK/SAE) mixed mode

I switched back to my original WPA2 PSK (CCMP) - Force CCMP (AES) and will keep it like that. At least now I'm "WPA3 ready".

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.