On Tue, Mar 22, 2022 at 11:52:00AM +0100, Alfonso Sanchez-Beato via networkmanager-list wrote: > Hi there! > > I have been using NetworkManager 1.36.2 to create an Access Point, but I am > having some problems. Only devices that support WPA3 are able to connect to > the AP. Looking at the history, I see that > https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/f5d78c2d289c9e4a4c247d2520c7c3e2baf537c8 > introduced a change that configures wpa_supplicant to be able to connect to > any of WPA, WPA2 or WPA3 and choose the best candidate. However, it looks > like this is breaking the hotspot case, at least for me - when I revert the > change I am able to connect again from WPA2-only devices. > > I have seen these problems on > * An intel NUC with Intel wifi driver > * On a VM, when loading mac80211_hwsim with two radios (one for hotspot, > the other for connecting to it)
Hi, I can reproduce the problem with mac80211_hwsim. The root cause is that NM passes both SAE and FT-SAE as key-mgmt to wpa_supplicant. wpa_supplicant currently doesn't support FT in AP mode, but still advertises FT-SAEit to the STA, leading to a key derivation mismatch. This patch works for me: http://lists.infradead.org/pipermail/hostap/2022-April/040352.html Arguably, we could also fix this in NM by not passing FT-SAE in AP mode; however I prefer that the fix is done in wpa_supplicant so that in the future, when FT support is added to AP mode it will work automatically with NM. Beniamino
signature.asc
Description: PGP signature
_______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list