WPA3 incompatible with Fast-BSS?

Hello everyone,
I have a problem trying to upgrade my configuration with WPA3.

I have a setup with 2 access point. On each wireless AP, I have multiple SSID (personnal wifi, IOT, Guest), but I have the same SSID and wifi password for both of my wireless AP.
I configured fast transition beetween those wireless AP to rapidly switch from one to another without loosing connection when I move, and it's working properly.

Here's the configuration that's working for fast transition on both of my WAP (with 2 different mobility-domain :

config wifi-iface 'wifinet0'
	option device 'radio0'
	option mode 'ap'
	option ssid 'MYSSID'
	option key 'MYPASSPHRASE'
	option network 'lan'
	option ieee80211r '1'
	option nasid 'MYNASID'
	option mobility_domain 'XXXX'
	option ft_over_ds '1'
	option ft_psk_generate_local '1'
	option ieee80211v '1'
	option bss_transition '1'
	option ieee80211k '1'
	option encryption 'psk2+tkip+ccmp'

Today I'm trying to add WPA3 in my configuration. I have to choose WPA2 (PSK) / WPA3 (SAE) to keep compatibility with some of my devices.

I installed wpad-openssl on both of my access point.

Here is the configuration I'm trying :

config wifi-iface 'wifinet0'
	option device 'radio0'
	option mode 'ap'
	option ssid 'MYSSID'
	option key 'MYPASSPHRASE'
	option network 'lan'
	option ieee80211r '1'
	option nasid 'MYNASID'
	option mobility_domain 'XXXX'
	option ft_over_ds '1'
	option ft_psk_generate_local '1'
	option ieee80211v '1'
	option bss_transition '1'
	option ieee80211k '1'
	option encryption 'sae-mixed'

But with this configuration, by just changing WPA2 (PSK) to WPA2 (PSK) + WAP3 (SAE), fast transition doesn't work for my wifi client devices anymore.

Did someone experience this before or know why I have this problem ?
Many thanks

What openwrt version do you use ?

I'm on OpenWrt 19.07.6 and 19.07.2.
Both of my WAP are Xiaomi Mi Routeur 3G v1, and are connected via Ethernet

Anyone has an idea ? :frowning_face:

WPA3 and IEEE 802.11r is kind of at odds, especially in terms of client support (mobile phones in particular; afaik it's even worse in combination with iOS).

In addition there are a lot of threads here stating that 802.11v and 802.11k do only work in master branch. That was why I was asking for your openwrt version.

Regarding wpa3:
I tried to use wpa3 once, then figured out that many of my devices do not support wpa3 at all, and especially wpa3/enterprise is not really supported by many clients. Then I stopped going further into that direction.

1 Like

Ok thanks, I will wait a few months to see if with updates to OpenWrt and to my client the situation will be better.

Some change about this? I'm trying the same without luck.

(Perhaps you should create a new thread for your issue, instead of reviving a 2 year old one.)