xsnoopy
September 15, 2025, 6:09pm
1
Hi,
I have a router Flint 2 and a dump access point. Both running the same Wifi settings. SSDI, Encyption, Password,... and I followed this https://openwrt.org/docs/guide-user/network/wifi/roaming manual to activate fast transition.
It doesn't seem to work as I see:
hostapd: FT: Missing required pairwise in pull response from
as well as this:
hostapd: phy1-ap0: STA asdfasdasd WPA: pairwise key handshake completed (RSN)
if a device disconnects from one AP and connects to the next.
On the Wifi Roaming Tab in Lucie, I have only filled out the mobility domain. Nothing else. Do the other fields need to be filled out too or will they default to a standard value? E.G. Reassociation time.
brada4
September 15, 2025, 9:21pm
3
What application 11R is supposed to serve (what client operating system)?
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
xsnoopy
September 15, 2025, 11:41pm
4
It's supposed to work with Android, Iphones and Windows 11.
Here are the outputs I hope I catched everything to be removed.
"kernel": "6.6.93",
"hostname": "OpenWrtRouter",
"system": "ARMv8 Processor rev 4",
"model": "GL.iNet GL-MT6000",
"board_name": "glinet,gl-mt6000",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "24.10.2",
"revision": "r28739-d9340319c6",
"target": "mediatek/filogic",
"description": "OpenWrt 24.10.2 r28739-d9340319c6",
"builddate": "1750711236"
}
}
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'dfgdfg'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr 'sdfgsdfg'
option netmask '255.255.255.0'
option ip6assign '60'
list dns 'dsfgsdg'
config interface 'wan'
option device 'eth1'
option proto 'dhcp'
config interface 'wan6'
option device 'eth1'
option proto 'dhcpv6'
config interface 'wg0'
option proto 'wireguard'
option private_key 'dfgdfg'
option listen_port 'sdfgdfg'
list addresses 'asdfasdfasf.1/24'
config wireguard_wg0
option description 'S25'
option public_key 'sdfgsdfg='
option private_key '4Btosdsdfg'
option route_allowed_ips '1'
option endpoint_port 'asdfasdfasf'
option persistent_keepalive '25'
option endpoint_host 'asdfasdfasf'
list allowed_ips 'asdfasdfasf.10/32'
option preshared_key 'sadfsdf='
config device
option name 'wg0'
config wireguard_wg0
option description 'sdfsdf'
option public_key 'sdfsdf+sdf='
option private_key 'sdfsdf'
option route_allowed_ips '1'
option endpoint_host 'asdfasdfasf'
option endpoint_port 'asdfasdfasf'
option persistent_keepalive '25'
list allowed_ips 'asdfasdfasf.11/32'
config wireguard_wg0
option description 'sdfsdf sdf'
option public_key 'sxgsfg='
option private_key 'zxczxc+zxczxc='
list allowed_ips 'asdfasdfasf.12/32'
option route_allowed_ips '1'
option endpoint_port 'asdfasdfasf'
option persistent_keepalive '25'
option endpoint_host 'asdfasdfasf'
option preshared_key 'sdfsdf'
config wireguard_wg0
option description 'sdfsdf'
option public_key 'Psdfsdfsdf'
option private_key 'sdfsdfsdf'
option preshared_key 'sdfsdfsdf'
list allowed_ips 'asdfasdfasf.13/32'
option route_allowed_ips '1'
option endpoint_host 'asdfasdfasf'
option endpoint_port 'asdfasdfasf'
option persistent_keepalive '25'
config wireguard_wg0
option description 'sdfsdf'
option public_key 'sdfsdfsdf'
option private_key 'sdfsdf'
option preshared_key 'sdfsdf'
list allowed_ips 'asdfasdfasf.14/32'
option route_allowed_ips '1'
option endpoint_host 'asdfasdfasf'
option endpoint_port 'asdfasdfasf'
option persistent_keepalive '25'
config wireguard_wg0
option description 'sdsdfsdf'
option public_key 'sdfsdf'
option private_key 'sdfsdf'
option preshared_key 'sdfsdfdsf'
list allowed_ips 'asdfasdfasf.15/32'
option route_allowed_ips '1'
option endpoint_host 'asdfasdfasf'
option endpoint_port 'asdfasdfasf'
option persistent_keepalive '25'
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/18000000.wifi'
option band '2g'
option channel 'auto'
option htmode 'HE20'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'asdfasdfasf-2.4GHZ'
option encryption 'psk2'
option key 'asdfasdfasf'
option ieee80211r '1'
option mobility_domain 'sdfsd'
option ft_over_ds '0'
option ft_psk_generate_local '1'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc/18000000.wifi+1'
option band '5g'
option channel 'auto'
option htmode 'HE80'
option cell_density '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'asdfasdfasf'
option encryption 'sae'
option key 'asdfasdfasf'
option ocv '0'
option ieee80211r '1'
option mobility_domain '1234'
option ft_over_ds '0'
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'asdfasdfasf-'
option encryption 'psk2'
option key 'asdfasdfasf'
option network 'lan'
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/local/'
option domain 'local'
option expandhosts '1'
option cachesize '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
option port '53'
option noresolv '1'
list server 'asdfasdfasf'
config dhcp 'lan'
option interface 'lan'
option start '3'
option limit '248'
option leasetime '12h'
option dhcpv4 'asd'
option dhcpv6 'asd'
option ra 'asdaasd'
list ra_flags 'managed-config'
list ra_flags 'other-config'
list dns 'asdfasdfasf'
list dhcp_option '3,asdasd'
list dhcp_option '6,asdfasdfasf'
list dhcp_option '66,asdfasdfasf'
list dhcp_option '15,lan'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config defaults
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
option mtu_fix '1'
option name 'WireguardVPN'
list network 'lan'
list network 'wg0'
config forwarding
option dest 'lan'
config forwarding
option dest 'wan'
config forwarding
option src 'lan'
config forwarding
option dest 'lan'
config forwarding
option dest 'wan'
config forwarding
option src 'lan'
config forwarding
option src 'WireguardVPN'
option dest 'lan'
config forwarding
option src 'WireguardVPN'
option dest 'wan'
config forwarding
option src 'lan'
option dest 'WireguardVPN'
config rule
option src 'wan'
option name 'WireGuard-incoming'
list proto 'udp'
option dest_port 'asdfasdfasf'
option target 'ACCEPT'
brada4
September 16, 2025, 4:09am
5
Maybe too much edited - but mobility domain and AP parameters must be identical
xsnoopy
September 16, 2025, 11:46am
6
I can confirm they are the same. I just tried to add a Reassociation Deadline.
Do I need a NAS ID?
brada4
September 16, 2025, 12:08pm
7
You just need mobiity domain so that clients attempt shorthand authentication.
IF one client proceeds right away to full authentication it is a clear sign it does not support ft.
xsnoopy
September 16, 2025, 1:49pm
8
The mobility domain is 4 digit letters and numbers like 7h43 and is identical on both APs.
AP-STA-CONNECTED $$MAC$$ auth_alg=ft
I see this in the logs. Does auth_alg=ft means fast transition?
xsnoopy
September 16, 2025, 1:52pm
9
I just noticed one is WiFi AX the other is WiFi AC. Maybe that's the problem?
brada4
September 16, 2025, 2:47pm
10
Usually not, there are factory made routers with AX in 5ghz and N in 2.4GHz, but if you are able to document that AC and AX mix sabotages FT with some client operating system, we take it as a fact. Start of exploration would be changing HE80 to VHT80 and HE20 to HT20 and checking again.
1 Like
xsnoopy:
It doesn't seem to work
it would seem the FT is from SAE to PSK2 (and vice versa). Is this known to work ?
1 Like
brada4
September 17, 2025, 7:09pm
12
Good eye - totally not work….
xsnoopy
September 18, 2025, 1:54am
13
No, the PSK2 Network is a 2.4GHZ Network. The network where I try FT to work is with WPA3 SAE (CCMP) on both APs and in the 5Ghz Band.
xsnoopy
September 18, 2025, 1:58am
14
To clarify: I have FT activated at the 2.4Ghz and 5Ghz networks. But my devices are usually only on the 5Ghz Network.
I have not tested if FT works on the 2.4Ghz.
Both 5Ghz APs have exactly the same set up. Just the Mac of the Wifi Hotspot is different.
brada4
September 18, 2025, 6:11am
15
Then why 11R is enabled on 2.4GHz?
If your client is apple then you must have same AP on all possible radios, indifferent if you use 11R or not.
Note that 11R is not required for roaming. It is still clients decision based on air sgnals.
xsnoopy
September 19, 2025, 12:23pm
16
I have 2 APs in my house. On each AP are at least 2 Wifi SSIDs One for 2.4GHZ and another one for 5GHZ. I prefer my devices to be on the 5GHZ.
I activated 11R on the 2.4GHZ as well, in case I would connect to that network.
I thought with 11R the swap from one AP to another one goes faster and it's more likely that the device will switch instead of sitting on a bad connection until its out of range.
Does FT work on the 2.4GHz network? If so SAE may be the cause (and trying it with PSK2 could confirm this).
I believe a few people have posted on SAE FT before
xsnoopy
September 20, 2025, 9:58am
18
I have to test 11R on the 2.4GHZ network.
Where you able to resolve your issue?
xsnoopy
October 28, 2025, 6:43pm
20
I have not yet tested it on the 2.4GHZ
