-
-
Notifications
You must be signed in to change notification settings - Fork 431
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
wifi: add key_mgmt=WPA-PSK-SHA256
and ieee80211w=1
by default
#1254
base: master
Are you sure you want to change the base?
Conversation
Interesting. Will it work if you set |
I have tested it on my RPI-4B with pikvm + OpenWRT 23.05.2 Router with mt76 wifi drivers. It works on WPA2-PSK/WPA3-SAE mixed mode, but it does not work on WPA2-PSK with CCMP(AES) encryption. The log shows: [root@pikvm ~]# systemctl status wpa_supplicant@wlan0.service
* wpa_supplicant@wlan0.service - WPA supplicant daemon (interface-specific version)
Loaded: loaded (/usr/lib/systemd/system/wpa_supplicant@.service; enabled; preset: disabled)
Active: active (running) since Mon 2024-02-19 20:11:34 UTC; 2min 11s ago
Main PID: 1531 (wpa_supplicant)
Tasks: 1 (limit: 4025)
CPU: 112ms
CGroup: /system.slice/system-wpa_supplicant.slice/wpa_supplicant@wlan0.service
`-1531 /usr/bin/wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant-wlan0.conf -iwlan0
Feb 19 20:12:47 pikvm wpa_supplicant[1531]: wlan0: Failed to initiate sched scan
Feb 19 20:12:53 pikvm wpa_supplicant[1531]: wlan0: Failed to initiate sched scan
Feb 19 20:12:59 pikvm wpa_supplicant[1531]: wlan0: Failed to initiate sched scan
Feb 19 20:13:05 pikvm wpa_supplicant[1531]: wlan0: Failed to initiate sched scan
Feb 19 20:13:11 pikvm wpa_supplicant[1531]: wlan0: Failed to initiate sched scan
Feb 19 20:13:17 pikvm wpa_supplicant[1531]: wlan0: Failed to initiate sched scan
Feb 19 20:13:23 pikvm wpa_supplicant[1531]: wlan0: Failed to initiate sched scan
Feb 19 20:13:29 pikvm wpa_supplicant[1531]: wlan0: Failed to initiate sched scan
Feb 19 20:13:35 pikvm wpa_supplicant[1531]: wlan0: Failed to initiate sched scan
Feb 19 20:13:41 pikvm wpa_supplicant[1531]: wlan0: Failed to initiate sched scan However, I can find my ssid using |
I have an interesting finding now. I use another AP in my home which model is ZTE AX5400Pro+ with factory firmware and I set the wifi encryption method to WPA2-PSK/WPA3-SAE mixed on the AP side. However, RPI with this wpa_supplicant configuration cannot connect to it when we have |
After some debugging, I found that we also need to set This configuration works on every AP with every configuration except "WPA3-SAE only" and "WPA(2)-PSK with TKIP only" as far as I can try.
However, WPA with TKIP is hardly used today for weak security reasons. As for "WPA-EAP", it is only used as enterprise wifi which usually needs username + password or smartcard authentication, which is very complex, I don't think we need it for pikvm configuration and expert users should find their way to configure their specific network. So we might need to set |
Some APs with WPA2-PSK/WPA3-SAE mixed mode only support WPA-PSK-SHA256 key management mode and also require IEEE 802.11w support. Adding these two lines to the configuration will avoid some troubles when connecting to some newer APs. Signed-off-by: Yangyu Chen <cyy@cyyself.name>
key_mgmt=WPA-PSK-SHA256
and ieee80211w=1
by default
I force-pushed a new commit which used |
Thank you! I'll check it myself in my network too and merge it. |
63fe1b0
to
36d5746
Compare
Connect to WPA2/WPA3 mixed Access Point without setting
key_mgmt=WPA-PSK-SHA256
will fail. Add this note to users to avoid the same trouble.