On Tue, Mar 22, 2022 at 11:52:00AM +0100, Alfonso Sanchez-Beato via 
networkmanager-list wrote:
> Hi there!
> I have been using NetworkManager 1.36.2 to create an Access Point, but I am
> having some problems. Only devices that support WPA3 are able to connect to
> the AP. Looking at the history, I see that
> https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/f5d78c2d289c9e4a4c247d2520c7c3e2baf537c8
> introduced a change that configures wpa_supplicant to be able to connect to
> any of WPA, WPA2 or WPA3 and choose the best candidate. However, it looks
> like this is breaking the hotspot case, at least for me - when I revert the
> change I am able to connect again from WPA2-only devices.
> I have seen these problems on
> * An intel NUC with Intel wifi driver
> * On a VM, when loading mac80211_hwsim with two radios (one for hotspot,
> the other for connecting to it)

Hi, I can reproduce the problem with mac80211_hwsim. The root cause is
that NM passes both SAE and FT-SAE as key-mgmt to
wpa_supplicant. wpa_supplicant currently doesn't support FT in AP
mode, but still advertises FT-SAEit to the STA, leading to a key
derivation mismatch.

This patch works for me:


Arguably, we could also fix this in NM by not passing FT-SAE in AP
mode; however I prefer that the fix is done in wpa_supplicant so that
in the future, when FT support is added to AP mode it will work
automatically with NM.


Attachment: signature.asc
Description: PGP signature

networkmanager-list mailing list

Reply via email to