WPS along with WPA3-SAE

pavol · April 4, 2023, 7:42pm

Hi, I would like to enable WPS feature, I know about its vulnerabilities, but my printer requires it. I prefer to use packages with working WPA3-SAE support. I am using GL-B1300 device, target: ipq40xx. According to WPS ON/OFF in LuCI? - #3 by alexceltare2 I have this:

# opkg list-installed | grep -E 'wpad|hostapd'
hostapd-common - 2022-01-16-cff80b4f-16.2
hostapd-utils - 2022-01-16-cff80b4f-16.2
wpad-wolfssl - 2022-01-16-cff80b4f-16.2

and wireless config - I am using same SSID and password for 2G and 5G

# cat /etc/config/wireless
config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/a000000.wifi'
        option band '2g'
        option cell_density '0'
        option country 'SK'
        option txpower '20'
        option channel '6'
        option htmode 'HT20'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'SSID'
        option key 'PASSWORD'
        option wps_pushbutton '1'
        option encryption 'psk2'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/soc/a800000.wifi'
        option band '5g'
        option htmode 'VHT40'
        option channel '128'
        option cell_density '0'
        option country 'SK'
        option txpower '26'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'SSID'
        option encryption 'psk2'
        option key 'PASSWORD'

After enabling WPS via luci I can see it is enabled:

# hostapd_cli -i wlan0 wps_get_status
PBC Status: Active
Last WPS result: None

But my printer nor Windows PC can not connect:

Mon Apr  4 14:45:39 2023 daemon.notice hostapd: wlan0: WPS-PBC-ACTIVE
Mon Apr  4 14:45:43 2023 daemon.info hostapd: wlan0: STA my:ma:ca:dd:re:ss IEEE 802.11: authenticated
Mon Apr  4 14:45:43 2023 daemon.info hostapd: wlan0: STA my:ma:ca:dd:re:ss IEEE 802.11: associated (aid 1)
Mon Apr  4 14:45:43 2023 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-STARTED my:ma:ca:dd:re:ss
Mon Apr  4 14:45:43 2023 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Mon Apr  4 14:45:43 2023 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-STARTED my:ma:ca:dd:re:ss
Mon Apr  4 14:45:43 2023 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Mon Apr  4 14:45:43 2023 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=14122 method=254
Mon Apr  4 14:45:43 2023 daemon.notice hostapd: EAP: SEND_REQUEST - no eapReqData
Mon Apr  4 14:45:43 2023 daemon.notice hostapd: wlan0: CTRL-EVENT-EAP-FAILURE my:ma:ca:dd:re:ss
Mon Apr  4 14:45:43 2023 daemon.warn hostapd: wlan0: STA my:ma:ca:dd:re:ss IEEE 802.1X: authentication failed - EAP type: 0 (unknown)
Mon Apr  4 14:45:43 2023 daemon.info hostapd: wlan0: STA my:ma:ca:dd:re:ss IEEE 802.1X: Supplicant used different EAP type: 254 (expanded)
Mon Apr  4 14:45:43 2023 daemon.info hostapd: wlan0: STA my:ma:ca:dd:re:ss IEEE 802.11: disassociated
Mon Apr  4 14:45:48 2023 daemon.info hostapd: wlan0: STA my:ma:ca:dd:re:ss IEEE 802.11: deauthenticated due to local deauth request

Do you have any clue, what could cause "authentication failed - EAP type: 0 (unknown)" and "Supplicant used different EAP type: 254 (expanded)"? Same error for printer and Windows PC connect.

May be related to: WPS Not working - #3 by castillofrancodamian

alexceltare2 · April 4, 2023, 7:54pm

Make sure you use "WPA2-PSK/WPA3-SAE" and not just "WPA3-SAE". WPS isn't working in WPA3 standard anymore. Alternatively, you may use a 'soft button' instead.

pavol · April 4, 2023, 8:13pm

Both 2G and 5G use WPA2 PSK (CCMP) encryption. I will try to enable WPA3 only at 5G later, but now I need working WPS at 2G.