WPA3 not working on TL-wr1043NDv1

It seems that h/w crypto support of these draft-N ath9k chipsets doesn't work with WPA3SAE. Once you disable it and use nl80211's softmac implementation instead, WPA3SAE works just fine (yes, doing this comes at a performance penalty).

Change /etc/modules.d/ath9k to say (so add nohwcrypt=1):

ath9k nohwcrypt=1

Router:

# dmesg | grep -e AR9 -e machine
[    0.000000] MIPS: machine is TP-Link TL-WR1043ND v1
[    0.000000] SoC: Atheros AR9132 rev 2
[   23.454604] ieee80211 phy0: Atheros AR9100 MAC/BB Rev:7 AR2133 RF Rev:a2 mem=0xb80c0000, irq=2

# iwinfo 
wlan0     ESSID: "XXX"
          Access Point: 00:27:19:XX:XX:XX
          Mode: Master  Channel: 6 (2.437 GHz)
          Tx-Power: 20 dBm  Link Quality: 70/70
          Signal: -24 dBm  Noise: -95 dBm
          Bit Rate: 54.0 MBit/s
          Encryption: WPA3 SAE (CCMP)
          Type: nl80211  HW Mode(s): 802.11bgn
          Hardware: unknown [Generic MAC80211]
          TX power offset: unknown
          Frequency offset: unknown
          Supports VAPs: yes  PHY name: phy0

# hostapd_cli -i wlan0 get_config
bssid=00:27:19:XX:XX:XX
ssid=XXX
wps_state=disabled
wpa=2
key_mgmt=SAE
group_cipher=CCMP
rsn_pairwise_cipher=CCMP

# hostapd_cli -i wlan0 status
state=ENABLED
phy=phy0
freq=2437
num_sta_non_erp=0
num_sta_no_short_slot_time=0
num_sta_no_short_preamble=0
olbc=0
num_sta_ht_no_gf=0
num_sta_no_ht=1
num_sta_ht_20_mhz=0
num_sta_ht40_intolerant=0
olbc_ht=1
ht_op_mode=0x13
cac_time_seconds=0
cac_time_left_seconds=N/A
channel=6
secondary_channel=0
ieee80211n=1
ieee80211ac=0
ieee80211ax=0
beacon_int=100
dtim_period=2
ht_caps_info=104e
supported_rates=02 04 0b 16 0c 12 18 24 30 48 60 6c
max_txpower=20
bss[0]=wlan0
bssid[0]=00:27:19:XX:XX:XX
ssid[0]=XXX
num_sta[0]=1
chan_util_avg=26

Client:

# wpa_cli -i wlp3s0 status
bssid=00:27:19:XX:XX:XX
freq=2437
ssid=XXX
id=3
id_str=tl-wr1043nd
mode=station
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=SAE
pmf=2
mgmt_group_cipher=BIP
sae_group=19
wpa_state=COMPLETED
ip_address=192.168.2.154
address=00:22:68:XX:XX:XX
uuid=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX

These draft-N chipsets have a lot of problems, both in terms of stability and plain bugs. If you can, scheduling a replacement with a newer chipset (ath9k, ath10k, maybe ath11k in the future) is a good idea, before even thinking about the RAM constraints and the low-end CPU performance (e.g. luci is effectively unusable).

I've got good instincts as it turns out

Lucky there's not too many of these chips running around, but they have been a longtime favourite for running OpenWrt...

It would really help to get this reported upstream (linux-wireless/ ath9k), so a hardware quirk can be added to disable hwcrypt automatically for this chipset/ when using 802.11w+WPA3SAE, as modifying /etc/modules.d/ath9k is neither user, nor sysupgrade friendly.

Thanks for help.
When I use software crypting. Interface works with WPA3 Info about network and signal status is dispalyed, but other clients cannot connect with Access Point. @slh - which software you use?

If you aren't using a rather recent linux distribution, client support for WPA3 is still dire. I'm using Debian/ unstable, kernel 5.3, wpasupplicant 2.9 with ath5k hardware.

Please write me which software you are using on tp-link: wolfssl or openssl wpad or hostapd.
For checking WPA3 I have tplink tl-wr1043nd v3 and archer c7 v5.
I want to make connection between tplink tl-wr1043nd v1 ans tl-wr1043nd v3.

As pasted above, TP-Link TL-WR1043ND v1.4 acting as AP (respectively several other more recent devices, which don't require disabling hwcrypto) and wpad-openssl, as client, among others, an old QCA-Atheros AR5007EG+AR2425 mini-PCIe card in a netbook running Linux.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.