WPA3 incompatible with Fast-BSS?

maximushugus · March 6, 2021, 4:10pm

Hello everyone,
I have a problem trying to upgrade my configuration with WPA3.

I have a setup with 2 access point. On each wireless AP, I have multiple SSID (personnal wifi, IOT, Guest), but I have the same SSID and wifi password for both of my wireless AP.
I configured fast transition beetween those wireless AP to rapidly switch from one to another without loosing connection when I move, and it's working properly.

Here's the configuration that's working for fast transition on both of my WAP (with 2 different mobility-domain :

config wifi-iface 'wifinet0'
	option device 'radio0'
	option mode 'ap'
	option ssid 'MYSSID'
	option key 'MYPASSPHRASE'
	option network 'lan'
	option ieee80211r '1'
	option nasid 'MYNASID'
	option mobility_domain 'XXXX'
	option ft_over_ds '1'
	option ft_psk_generate_local '1'
	option ieee80211v '1'
	option bss_transition '1'
	option ieee80211k '1'
	option encryption 'psk2+tkip+ccmp'

Today I'm trying to add WPA3 in my configuration. I have to choose WPA2 (PSK) / WPA3 (SAE) to keep compatibility with some of my devices.

I installed wpad-openssl on both of my access point.

Here is the configuration I'm trying :

config wifi-iface 'wifinet0'
	option device 'radio0'
	option mode 'ap'
	option ssid 'MYSSID'
	option key 'MYPASSPHRASE'
	option network 'lan'
	option ieee80211r '1'
	option nasid 'MYNASID'
	option mobility_domain 'XXXX'
	option ft_over_ds '1'
	option ft_psk_generate_local '1'
	option ieee80211v '1'
	option bss_transition '1'
	option ieee80211k '1'
	option encryption 'sae-mixed'

But with this configuration, by just changing WPA2 (PSK) to WPA2 (PSK) + WAP3 (SAE), fast transition doesn't work for my wifi client devices anymore.

Did someone experience this before or know why I have this problem ?
Many thanks

Stefan1 · March 6, 2021, 4:25pm

What openwrt version do you use ?

maximushugus · March 6, 2021, 4:26pm

I'm on OpenWrt 19.07.6 and 19.07.2.
Both of my WAP are Xiaomi Mi Routeur 3G v1, and are connected via Ethernet

maximushugus · March 6, 2021, 8:31pm

Anyone has an idea ?

slh · March 7, 2021, 12:56am

WPA3 and IEEE 802.11r is kind of at odds, especially in terms of client support (mobile phones in particular; afaik it's even worse in combination with iOS).

Stefan1 · March 7, 2021, 8:08am

In addition there are a lot of threads here stating that 802.11v and 802.11k do only work in master branch. That was why I was asking for your openwrt version.

Regarding wpa3:
I tried to use wpa3 once, then figured out that many of my devices do not support wpa3 at all, and especially wpa3/enterprise is not really supported by many clients. Then I stopped going further into that direction.

maximushugus · March 7, 2021, 10:58am

Ok thanks, I will wait a few months to see if with updates to OpenWrt and to my client the situation will be better.

McGiverGim · January 29, 2023, 11:59am

Some change about this? I'm trying the same without luck.

lleachii · January 29, 2023, 12:36pm

(Perhaps you should create a new thread for your issue, instead of reviving a 2 year old one.)

EricHughes · July 14, 2023, 7:28pm

Is there any news here since OpenWRT 22.03. or soon 23.05.? I also use WPA3 only and have problems that FT does not happen.

greetings