Does 802.11u require 802.1x?

[Jouni Malinen]

On Sat, Aug 31, 2013 at 08:58:10AM -0700, Ben Greear wrote:
> I left SSID set to "" on supplicant, and after scanning it then went and did
> interworking/HS20 stuff and chose the proper AP based on
> the realm/domain....

What is the purpose of that network block in wpa_supplicant
configuration file? That's not the way Interworking network selection is
supposed to be used.. You are only expected to configure the cred block
and then use interworking_select/interworking_connect control interface
commands or auto_interworking=1 configuration parameter. Temporary
network block will be generated automatically for matching networks.


> hostapd config file:

> auth_algs=3

auth_algs=3 (i.e., also enabling Shared Key authentication) is not valid
for a WPA2 network. This should be either removed or set to the default
value 1.

> wpa_pairwise=TKIP CCMP

Enabling TKIP for a Hotspot 2.0 is not allowed.

> and supplicant below...  Some of the stuff at the top is only supported by some patches

> # 802.11u / Interworking configuration.
> interworking=1
> hessid=00:00:00:00:00:01
> auto_interworking=1
> access_network_type=0

Are you setting hessid and access_network_type here on purpose? I would
never include those for a real world use case..

> network={
>     ssid=""
...

This should not be here if you are trying to use Interworking network
selection / Hotspot 2.0.

> cred={
>     username="client"
>     password="lanforge"
>     ca_cert="/home/lanforge/ca.pem"
>     private_key="/home/lanforge/client.p12"
>     private_key_passwd="lanforge"
>     realm="lanforge.org"
>     domain="lanforge.org"
>     eap=TLS
> }

This is used to generate a temporary network block automatically
whenever a matching AP is selected for a connection.

-- 
Jouni Malinen                                            PGP id EFC895FA