Question on wpa_supplicant setup for MKA

Jaap Keuter jaap.keuter at
Sun Apr 2 03:51:22 PDT 2017

On 29-03-17 18:50, Jaap Keuter wrote:
> Hi Sabrina,
> Thanks for taking the time to look at this.
> I’ve added my replies inline.

> While on the veth1 and veth2 interfaces only EAPOL-MKA and MACsec frames are whizzing by.
> So, can I claim success? I hope so. Have to test more of the features though.
> Thanks,
> Jaap
> PS: I should look into the veth device code to see what’s keeping wpa_supplicant from working with it. The current interface stack is ridiculous :)

So I went back to my earlier test setups to find out what was going on, why the
virtual ethernet interfaces won't play nice. I'm glad to say that indeed they
can play nice, as in, it does allow to stack a macsec device right on top of it
and have it work, with the use of wpa-supplicant. I did have some strange
situations occur, eg. missing RXSC, but I wasn't able to narrow it down to
either having the macsec device created before or through wpa_supplicant, having
it up or down in both these situations, even forgetting about the underlying
device or IPv4 address assignment and the ordering and timing of these events.

Anyway, it can work, mind some fiddling, so I'm back on track now to look at
point-multipoint setups.


More information about the Hostap mailing list