WPS Pushbutton times out

Hi!
Is it possible that WPS doesn't work with package wpad-openssl?
The package description states:

This package contains a full featured IEEE 802.1x/WPA/EAP/RADIUS

However, judging from the menuconfig layout...
The package could also be based on the wpad-mini package...

Please excuse my extremely bad paint skills.

I followed the steps mentioned here:
https://openwrt.org/docs/guide-user/network/wifi/basic#wps_options

I know I got it working a few weeks/months ago.
But I can't get it working now, invoking hostapd_cli wps_pbc just fails.

root@cerberus:~# hostapd_cli wps_pbc
Selected interface 'wlan1'
FAIL

You have to install hostapd-utils to use WPS.
opkg update && opkg install hostapd-utils

Thanks for your suggestion.
But hostapd-utils is installed.

opkg list-installed | grep hostapd-utils
hostapd-utils - 2019-08-08-ca8c2bd2-1

You also have to add option wps '1' in /etc/config/wireless.

And to activate WPS

hostapd_cli -i INTERFACE_NAME_WPS wps_pbc

And to cancel WPS

hostapd_cli -i INTERFACE_NAME_WPS wps_cancel

1 Like

As I wrote in my first post, I followed the steps in the wiki guide.
Looking at the hostapd.sh script,
(https://github.com/openwrt/openwrt/blob/master/package/network/services/hostapd/files/hostapd.sh)
it seems like there is no option 'wps'.
The wiki guide states to use: wps_pushbutton,
luci also uses this config variable, so this is the correct one, I guess.
(option wps_label for wps pin mode is also available).

Here is a summary:

opkg list-installed | grep -E 'wpad|hostapd-utils'
hostapd-utils - 2019-08-08-ca8c2bd2-1
wpad-openssl - 2019-08-08-ca8c2bd2-1

wifi config:


config wifi-device 'radio0'
	option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
	option type 'mac80211'
	option hwmode '11a'
	option htmode 'VHT40'
	option country 'DE'
	option txpower '12'
	option beacon_int '125'
	option channel 'auto'
	option channels '36 40 44 48'
	option acs_exclude_dfs '1'
	option supported_rates '24000 36000 48000 54000'
	option basic_rate '24000'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option macaddr 'somemac'
	option network 'lan'
	option mode 'ap'
	option ssid 'anon'
	option hidden '1'
	option encryption 'psk2+ccmp'
	option key 'somekey'
	option wpa_group_rekey '86400'
	option wpa_disable_eapol_key_retries '1'
	option tdls_prohibit '1'
	option max_inactivity '1800'
	option disassoc_low_ack '0'
	option dtim_period '4'
	option wps_pushbutton '1'

config wifi-device 'radio1'
	option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
	option type 'mac80211'
	option hwmode '11g'
	option htmode 'HT20'
	option country 'DE'	
	option txpower '6'
	option beacon_int '125'
	option channel 'auto'
	option channels '1 6 11'
	option supported_rates '24000 36000 48000 54000'
	option basic_rate '24000'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option macaddr 'somemac'
	option network 'lan'
	option mode 'ap'
	option ssid 'anon'
	option hidden '1'
	option encryption 'psk2+ccmp'
	option key 'somekey'
	option wpa_group_rekey '86400'
	option wpa_disable_eapol_key_retries '1'
	option tdls_prohibit '1'
	option max_inactivity '1800'
	option disassoc_low_ack '0'
	option dtim_period '4'
	option wps_pushbutton '1'

generated hostapd.conf (wlan0)

driver=nl80211
logger_syslog=127
logger_syslog_level=2
logger_stdout=127
logger_stdout_level=2
country_code=DE
ieee80211d=1
ieee80211h=1
hw_mode=a
supported_rates=240 360 480 540
basic_rates=240
beacon_int=125
channel=acs_survey
chanlist=36 40 44 48

tx_queue_data2_burst=2.0
acs_exclude_dfs=1
ieee80211n=1
ht_coex=0
ht_capab=[HT40+][LDPC][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]
vht_oper_chwidth=0
vht_oper_centr_freq_seg0_idx=-2
ieee80211ac=1
vht_capab=[RXLDPC][SHORT-GI-80][SU-BEAMFORMER][SU-BEAMFORMEE][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN][RX-STBC-1][MAX-A-MPDU-LEN-EXP7]

interface=wlan0
ctrl_interface=/var/run/hostapd
ap_isolate=1
ap_max_inactivity=1800
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=0
preamble=1
wmm_enabled=1
ignore_broadcast_ssid=1
uapsd_advertisement_enabled=1
utf8_ssid=1
multi_ap=0
tdls_prohibit=1
wpa_group_rekey=86400
wpa_passphrase=somekey
auth_algs=1
wpa=2
wpa_pairwise=CCMP
eap_server=1
wps_state=2
device_type=6-0050F204-1
device_name=OpenWrt AP
manufacturer=www.openwrt.org
config_methods=push_button
wps_independent=1
ssid=anon
bridge=br-lan
wpa_disable_eapol_key_retries=1
wpa_key_mgmt=WPA-PSK
okc=0
disable_pmksa_caching=1
bssid=somebssid
dtim_period=4

generated hostapd.conf (wlan1)

driver=nl80211
logger_syslog=127
logger_syslog_level=2
logger_stdout=127
logger_stdout_level=2
country_code=DE
ieee80211d=1
hw_mode=g
supported_rates=240 360 480 540
basic_rates=240
beacon_int=125
channel=acs_survey
chanlist=1 6 11


ieee80211n=1
ht_coex=0
ht_capab=[LDPC][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]

interface=wlan1
ctrl_interface=/var/run/hostapd
ap_isolate=1
ap_max_inactivity=1800
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=0
preamble=1
wmm_enabled=1
ignore_broadcast_ssid=1
uapsd_advertisement_enabled=1
utf8_ssid=1
multi_ap=0
tdls_prohibit=1
wpa_group_rekey=86400
wpa_passphrase=somekey
auth_algs=1
wpa=2
wpa_pairwise=CCMP
eap_server=1
wps_state=2
device_type=6-0050F204-1
device_name=OpenWrt AP
manufacturer=www.openwrt.org
config_methods=push_button
wps_independent=1
ssid=anon
bridge=br-lan
wpa_disable_eapol_key_retries=1
wpa_key_mgmt=WPA-PSK
okc=0
disable_pmksa_caching=1
bssid=somebssid
dtim_period=4

So, it seems like wps options are correctly applied but:

hostapd_cli -i wlan0 wps_pbc
FAIL
hostapd_cli -i wlan1 wps_pbc
FAIL

If I have some time later,
I will make a build with wpad-full instead of wpad-openssl to rule this option out.

This is my wireless configuration with an AP with WPS enabled and it works perfectly when sending the command hostapd_cli -i 2G_ap_guest wps_pbc:

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '36'
        option hwmode '11a'
        option path 'pci0000:00/0000:00:00.0'
        option htmode 'VHT80'
        option country 'AR'
        option legacy_rates '0'
        option disabled '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'My WiFi'
        option ifname '5G_ap'
        option encryption 'psk2+ccmp'
        option key 'p@ssword'
        option wps_pushbutton '0'
        option network 'lan'

config wifi-device 'radio1'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'platform/qca956x_wmac'
        option htmode 'HT40'
        option country 'AR'
        option legacy_rates '0'
        option disabled '0'
        option noscan '1'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option mode 'ap'
        option ssid 'My WiFi'
        option ifname '2G_ap'
        option encryption 'psk2+ccmp'
        option wps_pushbutton '0'
        option network 'lan'
        option key 'p@ssword'

config wifi-iface
        option device 'radio1'
        option mode 'ap'
        option ssid 'Guest'
        option network 'guest'
        option ifname '2G_ap_guest'
        option key 'p@ssword'
        option wps_pushbutton '1'
        option encryption 'psk2+ccmp'

I also realized that I have option wps_pushbutton '1' and I got confused with WDS which is option wds '1'

Doh. I should have read the log more carefully.
Using hidden '1' (hide ssid) in conjunction with WPS doesn't work.

daemon.notice hostapd: WPS: ignore_broadcast_ssid configuration forced WPS to be disabled

However, I couldn't get WPS Pushbutton working, always timed out, tried switching interfacing, no luck.
But WPS Pin Mode worked fine.

The log is a bit cluttered now. Not sure if this message is related to pushbotton or pin method.

Tue Oct 29 00:47:29 2019 daemon.notice hostapd: wlan1: CTRL-EVENT-EAP-STARTED 2c:2b:f9:
Tue Oct 29 00:47:29 2019 daemon.notice hostapd: wlan1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Tue Oct 29 00:47:29 2019 daemon.notice hostapd: wlan1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=14122 method=254
Tue Oct 29 00:47:29 2019 daemon.notice hostapd: wlan1: WPS-FAIL msg=8 config_error=18
Tue Oct 29 00:47:29 2019 daemon.notice hostapd: wlan1: CTRL-EVENT-EAP-FAILURE 2c:2b:f9:
Tue Oct 29 00:47:29 2019 daemon.warn hostapd: wlan1: STA 2c:2b:f9: IEEE 802.1X: authentication failed - EAP type: 0 (unknown)
Tue Oct 29 00:47:29 2019 daemon.info hostapd: wlan1: STA 2c:2b:f9: IEEE 802.1X: Supplicant used different EAP type: 254 (expanded)
Tue Oct 29 00:49:10 2019 daemon.info hostapd: wlan0: STA 2c:2b:f9: IEEE 802.11: authenticated
Tue Oct 29 00:49:10 2019 daemon.info hostapd: wlan0: STA 2c:2b:f9: IEEE 802.11: associated (aid 1)

I will report back if this is related to pushbutton or pin method in a few minutes.
//edit
WPS Pushbutton nothing interesting in the logs.
Only WPS Start and WPS Timeout events.

The "authentication failed - EAP type: 0 (unknown)" is related to the WPS Pin method but seems to work fine anyway.

But I can't reproduce the WPS-FAIL msg=8 config_error=18 message. :thinking:

Tried with wpad and wpad-openssl. Same timeout issue. So this is not wpad-openssl related.
Thread title updated.

If you are talking about using the physical button, you would have to change the function of the buttons and I don't know. When I want to connect via WPS I use SSH Button on one cell phone to connect another.

No I also use the "(virtual) SSH Button" Method.
But the PushButton Method is a hit and miss.
Some devices don't work at all, others need a few tries to succefully get paired.
WPS Pin Method seems to work better.
I'm curious if there are some settings that make the PushButton Method more reliable?

SSH Button is an Android app to send commands by ssh. I have a Widget with the activation command and then I press the "virtual" button of the client to connect to transfer the key.

I seem to be having a problem getting my WPS to work on my Linksys WRT1900ACSv2. I installed hostapd-utils and wpad-openssl and check the box in LuCI, press the WPS button on the back of the router and nothing happens.