Bug#1003907: fails to successfully associate

Mon, 21 Mar 2022 03:27:16 -0700 

Some more data points:
Disabling NetworkManager completely and using wpasupplicant alone with the following config: 

network={
        ssid="wgrouter"
        psk="<hidden>"
        key_mgmt=WPA-PSK
        id_str="wgrouter"
}

does indeed work.


As soon as I enable NetworkManager though, my connection fails, even 
though /etc/NetworkManager/system-connections/wgrouter.nmconnection

contains

[wifi-security]
key-mgmt=wpa-psk
psk=<hidden>

In journalctl -u NetworkManager I see


Mär 21 11:15:07 pluto NetworkManager[2450]: <info>  [1647857707.7752] 
Config: added 'key_mgmt' value 'WPA-PSK WPA-PSK-SHA256 FT-PSK SAE FT-SAE'



Ľubomír, is there a way how I can tell NetworkManager to *not* use SAE?



Am 21.03.22 um 09:38 schrieb Andrej Shadura:

Hi,

On Sun, 20 Mar 2022, at 00:23, Masashi Honma wrote:

In my opinion, this issue could be closed.

These are reasons.
1) It is not wpa_supplicant issue but AP issue.
2) Users affected by this issue have some workarounds.


It’s true, but I’m not quite happy about not being able to fix this.

Ľubomír (cc'ed), how did you deal with this issue in Fedora? I assume you must 
also have received reports from Fritzbox users.


Details of the 1)
The investigation has revealed that the AP is in violation of "2.3
WPA3-Personal transition mode" of the "WPA3 Specification v3.0", which
is causing the issue. Specifically, the target AP is setting MFPR to 1
even though it implicitly requires IEEE 802.11w. By "implicitly" we
mean that the Assocation Request fails with WLAN_STATUS_INVALID_IE
when using a Wi-Fi NIC with IEEE 802.11w disabled.


Details of the 2)
We know that users who meet the following conditions are affected by this issue.
- Using FRITZ!Box 7580/7590 with WPA2+WPA3 mode


I've tested it with both 7490 and 7530 AX, fwiw.


- Using wpa_supplicant with wpa_key_mgmt=SAE WPA-PSK
- Local Wi-Fi NIC does not support IEEE802.11w

Users affected by this issue can work around the issue in one of the
following ways.
- Use wpa_supplicant with WPA2 only mode (specify wpa_key_mgmt=WPA-PSK)
- Use FRITZ!Box 7580/7590 with WPA2 only mode
- Use IEEE 802.11w supporting Wi-Fi NIC





Masashi, if I understand you correctly, you argue that this is an issue 
with the AP (or its firmware).


If so, should the company AVM be contacted about this?
I'm afraid I'm not too knowledgeable in that regard.



Attachment:
OpenPGP_signature

Description: OpenPGP digital signature






















					Reply via email to