Wpa3 support in OpenWrt?

pwned · October 9, 2018, 7:06am

I don't know if its interesting. For me it was so I'll post it here. I know this site is written in german. So in short:
Lancom has released LCOS 10.20 firmware including WPA3 for their routers. The company announced it for all recent access points and wlan routers. A list for the supported older products is not available currently. But they announced that many older hardware is capable running LCOS 10.20.

lantis1008 · October 9, 2018, 8:53am

@hauke any chance you might do a rebased version on 18.06 please? Or push some updates for the 18.06 branch to bring hostapd up to the same point so that your patches can be applied cleanly?

Any help appreciated, and understand this is a bit of an ask. Otherwise i'll rebase it myself this weekend and try to test.
Thanks

robimarko · October 9, 2018, 8:55am

There is no way that 18.06 will see such a rebase or hostapd update.
Use master branch to apply the patches

lantis1008 · October 9, 2018, 9:06am

I kind of thought an 18.06.2 might receive WPA3, but i'm only guessing of course.
Seeing as my dev environment is built on 18.06 i'd prefer to try to test it there, but can appreciate that i might have to make that effort myself of course. This is why i asked the question, with a please on it, without any expectation of result

hnyman · October 9, 2018, 9:45am

You likely guessed wrong. 18.06 is supposed to be feature-stable stable branch, so having wpa3 there in the near future is unlikely. First wpa3 should work at least for some time in master. Then backporting it to 18.06 might be considered, but would still sound a bit strange.

And if there is going to be 19.01 stable release, WPA3 might get into that if WPA3 works in master before the forthcoming 19.01 branching.

wgqoufsn · November 27, 2018, 2:49pm

It would be great if some of the people here in the forum could report how good wpa3-enterprise is working for them using latest openwrt that supports wpa3-enterprise thanks to for example https://git.openwrt.org/?p=openwrt/openwrt.git;a=commit;h=4c3fae4adcd41f43cf734e4d07a457b111a3d864

To test it out please just download the image for your device here https://downloads.openwrt.org/snapshots/targets/ and report how well its working for you (and dont forget to tell the device its beeing tested on).

@Ansuel
If you want your phone to support WPA3 then configure your LineageOS build like that and report how well its working. Your phone should have kernel 3.8 or up. You can check that in the about section on your phone before starting.

Ansuel · November 27, 2018, 2:58pm

What about windows?

wgqoufsn · November 27, 2018, 3:07pm

@Ansuel
Please dont use Windows. This is closed source software that violates the basic rules about possible secure systems. You can learn more about the basic rules of security by understanding the requirement of the project https://reproducible-builds.org/ for every software that is running on any system.

If you HAVE to run any closed source software because there is none free as in freedom replacement for it, then you can run it in most cases in wine. Even huge software blobs like modern games run now in wine: https://www.youtube.com/watch?v=IWJUphbYnpg

ryrhrbhdd · February 3, 2019, 7:33pm

It seems 18.06.2 has no wpa3?

slh · February 3, 2019, 8:00pm

and it won't get wpa3 support either.

18.06.2 is a maintenance release of the 18.06.x branch, it gets bugfixes - not new features, that's what master and the next major release are for.

ryrhrbhdd · March 2, 2019, 12:37pm

Is wpa3 psk already in master branch?

robimarko · March 2, 2019, 1:05pm

Yes, for a couple of months now

HectoPascal · June 6, 2019, 12:29pm

I have WPA3-SAE with RT2870 (x86_64) but WPA2-only on ath9k (TP-Link TL-WR1043ND v1). Maybe its not ready for MIPS yet or something.

ryrhrbhdd · June 6, 2019, 2:41pm

Is wpa3 able to coexist with wpa2 on same interface?

jeff · June 6, 2019, 2:53pm

A properly implemented WPA3 system will handle WPA2 clients, though without the WPA3 feature set.

slh · June 6, 2019, 4:35pm

Only in sae-mixed mode, not sae.

Ansuel · June 6, 2019, 5:29pm

can you tell me the difference? do you know if openwrt (hostapd) supports it ?

slh · June 6, 2019, 5:35pm

It requires wpad-openssl (or wpad-wolfssl), other than that, current master is supporting WPA3 just fine (client support is a much bigger issue, at least for non-linux clients or with older hardware; the tl-wr1043ndv1 should support it though).

Ansuel · June 6, 2019, 6:47pm

well wpa3-mixed works well... problem is that my s8 and win doesn't support wpa3 so i can test only the fallback part... will test the owa part

Fun thing... it looks like the mvebu wireless driver doesn't like WPA3 (the authentication is broken and crash the router...)
On R7800 (ipq8065) it's all good....

HectoPascal · June 7, 2019, 6:45pm

I have none of these installed but 'hostapd-openssl' and 'wpa-supplicant-mesh-openssl' and WPA3 has SAE and SAE mixed-mode.