Getting started with HS20 r2 (OSU client/server and such?)

Ben Greear greearb
Tue Mar 17 08:06:54 PDT 2015

On 03/17/2015 12:04 AM, Jouni Malinen wrote:
> On Mon, Mar 16, 2015 at 05:12:53PM -0700, Ben Greear wrote:
>>  From reading a bunch of whitepapers on the topic, it appears that
>> you need an open or OSEN ap for the initial OSU traffic.
>> a) So, for a simplistic setup, perhaps you use one virtual AP interface
>> as the OSEN, and then have a second that is running 802.1x.
>> Or, is there some way to make one hostapd instance able to do both?
> What do you mean with a hostapd instance in this context? A single
> hostapd process can do this with two virtual interfaces.

I mean one hostapd instance per virtual interface..that is my preferred
way to do hostapd.

I'm guessing now that I need two different vdevs.

>> (I tried just adding osen=1, but now the thing shows up as WEP encrypted,
>>   in the scan results of wpa_cli, which I am not sure is right...)
> Number of clients may recognize OSEN configuration as WEP.

Should this be fixed in the wpa-cli scan output to show OSEN instead
of WEP?

>> Assuming a) is right, then maybe the connection logic is to look for any
>> Open or OSEN APs advertising HS20, connect to them if we can find them, fetch list of icons
>> using 'wpa_cli ... fetch_osu', present these to the user, and let them make the selection.
> Not exactly.. Take a look at how hs20-osu-client implements the signup
> command (cmd_signup() function). It goes through the full sequence of
> FETCH_OSU, OSU provider information parsing and selection by the user,
> connection to open or OSEN network, SPP or OMA-DM -based subscription
> registration, and connection to the main data network.

Ok.  What should happen before the cmd_signup() is called, or maybe a better
question, how should a station determine that it should do cmd_signup?


Ben Greear <greearb at>
Candela Technologies Inc

More information about the Hostap mailing list