AP mode with SAE/WPA3

Beniamino Galvani bgalvani at redhat.com
Tue Dec 13 02:49:25 PST 2022 

On Thu, Dec 08, 2022 at 02:52:35PM +0100, Heiko Thiery wrote:
> Hi,
> 
> I try to setup an AP using network-manager (NM) as frontend. When
> configuring the NM connection with "wifi-sec.key-mgmt wpa-psk" the AP
> is setup as expected. But when changing this value to
> "wifi-sec.key-mgmt sae" I see the following errors in the
> wpa_supplicant journal (using systemd):
> 
> Dec 08 14:21:06 hthiery wpa_supplicant[489]: Note: nl80211 driver
> interface is not designed to be used with ap_scan=2; this can result
> in connection failures
> Dec 08 14:21:06 hthiery wpa_supplicant[489]: Could not generate WPA IE.
> Dec 08 14:21:06 hthiery wpa_supplicant[489]: WPA initialization failed.
> [...]
> 
> I'm using NM 1.40.6 and wpa_supplicant v2.10.
> 
> I currently have no idea where to look for the problem. If it is a NM,
> wpa_supplicant or kernel/driver problem. Can someone give me a hint or
> know where the problem comes from?

Hi,

first, check what configuration NM is passing to wpa_supplicant:

  # journalctl -u NetworkManager -e | grep "Config: added"
  <info>  [1670927639.1914] Config: added 'ssid' value 'Hotspot'
  <info>  [1670927639.1915] Config: added 'mode' value '2'
  <info>  [1670927639.1915] Config: added 'frequency' value '2462'
  <info>  [1670927639.1915] Config: added 'key_mgmt' value 'SAE'
  <info>  [1670927639.1915] Config: added 'psk' value '<hidden>'
  <info>  [1670927639.1916] Config: added 'proto' value 'RSN'
  <info>  [1670927639.1917] Config: added 'pairwise' value 'CCMP'
  <info>  [1670927639.1917] Config: added 'group' value 'CCMP'
  <info>  [1670927639.1917] Config: added 'ieee80211w' value

Then, try to set up an AP with wpa_supplicant directly using the same
parameters, for example:

  # cat ap.conf 
  ctrl_interface=/var/run/wpa_supplicant
  ap_scan=2
  
  network={
  	ssid="Hotspot"
  	mode=2
  	frequency=2462
  	key_mgmt=SAE
  	psk="12345678"
  	proto=RSN
  	pairwise=CCMP
  	group=CCMP
  	ieee80211w=2
  }

  # wpa_supplicant -i wlan0 -D nl80211 -c ap.conf

and check if the result is the same.

Beniamino
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.infradead.org/pipermail/hostap/attachments/20221213/39e32a22/attachment.sig>

More information about the Hostap mailing list