On Mon, Apr 04, 2022 at 11:08:26AM +0200, Beniamino Galvani wrote: > On Tue, Mar 22, 2022 at 11:52:00AM +0100, Alfonso Sanchez-Beato via > networkmanager-list wrote: > > Hi there! > > > > I have been using NetworkManager 1.36.2 to create an Access Point, but I am > > having some problems. Only devices that support WPA3 are able to connect to > > the AP. Looking at the history, I see that > > https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/commit/f5d78c2d289c9e4a4c247d2520c7c3e2baf537c8 > > introduced a change that configures wpa_supplicant to be able to connect to > > any of WPA, WPA2 or WPA3 and choose the best candidate. However, it looks > > like this is breaking the hotspot case, at least for me - when I revert the > > change I am able to connect again from WPA2-only devices. > > > > I have seen these problems on > > * An intel NUC with Intel wifi driver > > * On a VM, when loading mac80211_hwsim with two radios (one for hotspot, > > the other for connecting to it) > > Hi, I can reproduce the problem with mac80211_hwsim. The root cause is > that NM passes both SAE and FT-SAE as key-mgmt to > wpa_supplicant. wpa_supplicant currently doesn't support FT in AP > mode, but still advertises FT-SAEit to the STA, leading to a key > derivation mismatch. > > This patch works for me: > > http://lists.infradead.org/pipermail/hostap/2022-April/040352.html > > Arguably, we could also fix this in NM by not passing FT-SAE in AP > mode; however I prefer that the fix is done in wpa_supplicant so that > in the future, when FT support is added to AP mode it will work > automatically with NM.
I changed my mind. FT requires special configuration in the AP and so it doesn't make sense that NM automatically enables because it would be useless and in some cases (FT-SAE) harmful. In the end, I did this patch to disable FT when NM configures the supplicant in AP mode: https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1184 Beniamino
signature.asc
Description: PGP signature
_______________________________________________ networkmanager-list mailing list networkmanager-list@gnome.org https://mail.gnome.org/mailman/listinfo/networkmanager-list
