Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FS#3147 - 802.11w settings on LUCI WIFI page doesn't work properly and causes serious connection problems #7894

Open
openwrt-bot opened this issue Jun 3, 2020 · 1 comment
Labels
flyspray release/19.07 pull request/issue targeted (also) for OpenWrt 19.07 release

Comments

@openwrt-bot
Copy link

sunshinejnjn:

=====Host device=====
Device problem occurs on: Phicomm PSG1218A (MTK7620, 64M, 8MB, 802.11AC+N)
Software versions of OpenWrt/LEDE release: OpenWRT 19.07.3 Stable (r11063-85e04e9f46 / LuCI openwrt-19.07 branch git-20.136.49537-fb2f363)
Package: wpad-openssl OR hostapd-openssl

=====External server/service=====
RADIUS server: Windows Server 2019 NPAS, worked fine with WPA2-EAP

=====Client=====
Client WIFI chip and driver: Intel Dual Band Wireless-AC 8265 running newest driver version 20.70.16.4 (driver date: 01/01/2020)

=====Steps to reproduce:=====

  1. initialize default settings, then remove wpad-basic and install wpad-openssl OR hostapd-openssl to enable WPA3 AP mode

  2. leave 802.11w to default setting which is "Required"

  3. set country setting, ssid, and etc. as required such as radius for EAP
    4 if use WPA2-PSK or WPA2-EAP with default settings, everything works fine.

  4. switch WIFI (AC/N) to WPA2-PSK/WPA3-SAE mixed mode (sae+ccmp or something like that) OR WPA2-EAP/WPA3-EAP mixed mode (wpa3-mixed+ccmp or something like that)

  5. apply settings wait until effective or reboot to take effect
    6.1 ssid won't come up on 802.11g/n interface if in PSK/SAE mixed mode.

  6. Client (Intel 8265) won't be able to connect to SSID,
    7.1 if ssid would come up (802.11a/ac), it would be seen on client scan, but the client (Intel 8265) won't be able to connect to SSID, reports "Can't connect", in EAP mode, router side log "Deauthenticated due to local request" after "EAP-SUCCESS"

  7. switch 802.11w to other settings, including "Optional", problem remains, router config file /etc/config/wireless would list "option ieee80211w '1'"

  8. switch 802.11w to other settings, including "Optional", problem still remains, router config file /etc/config/wireless will be missing the "option ieee80211w" completely, and it seems wpad or hostapd would assume "optional" (code '1') as default value instead of the documented "disabled" (code '0').

=====Steps to workaround:=====
Manually set "option ieee80211w '0'" in /etc/config/wireless to disable 802.11w and don't update settings through LUCI on the problematic ssid, restart wifi. Everything would work.

@openwrt-bot
Copy link
Author

ziesemer:

See also: https://community.intel.com/t5/Wireless/WPA2-Enterprise-unable-to-connect-in-Windows-10-version-2004/m-p/1187887#M29624

I have spent significant time recently trying to troubleshoot this, and just managed to find this ticket with some different keywords ("wpad intel radius"). Assuming this is the same issue - I've not been able to reproduce this outside of an Intel wireless adapter (including 8265 or 9260), and not outside of Windows 10 - specifically, version 2004 (works in 1909).

As of yesterday, I was finally able to reproduce the configurations on an enterprise wireless access point, and was able to determine that this does not appear to be reproducible outside of using OpenWrt.

In some network traces I've completed with Intel, an OTA trace shows multiple rounds of the EAPOL 4-way handshake being attempted. OpenWrt sends message 1, the client responds with message 2, but OpenWrt never sends the 3rd message. It's as if OpenWrt does not properly receive or handle message 2, and repeats sending message 1. The client then re-sends message 2, but OpenWrt never sends message 3. This happens a total of 4 times, before OpenWrt then sends a deauthentication.

I had tried changing the 802.11w settings via Luci, but did not yet confirm if the settings were actually taking - which given the description here, might be the issue. Will investigate further and report back!

@aparcar aparcar added the release/19.07 pull request/issue targeted (also) for OpenWrt 19.07 release label Feb 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
flyspray release/19.07 pull request/issue targeted (also) for OpenWrt 19.07 release
Projects
None yet
Development

No branches or pull requests

2 participants