FT authentication fails on FT-SAE
Michael Yartys
michael.yartys at protonmail.com
Thu Sep 23 11:04:34 PDT 2021
Hi
Thanks for the heads up! Things appear to be working fine now, at least with the preliminary testing I've done with the iPad and my two R7800 routers running OpenWrt.
Someone else asked whether it's possible to get a "ft_psk_generate_local" function for FT-SAE. Is there anything about SAE that would prohibit that?
Michael
‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
On Thursday, September 23rd, 2021 at 10:13, michael-dev <michael-dev at fami-braun.de> wrote:
> Hi,
>
> you're missing most of the required settings in section IEEE 802.11r
>
> configuration of https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf .
>
> You don't need r0kh/r1kh only if only using FT-PSK with
>
> ft_psk_generate_local, because otherwise both hostapd instances need to
>
> communicate to faciliate roaming (exchange keys etc.) - which they
>
> cannot unless r0kh/r1kh is configured.
>
> Regards,
>
> M. Braun
>
> Am 13.08.2021 09:34, schrieb Michael Yartys:
>
> > --- LAPTOP 1 ---
> >
> > interface=wlp18s0
> >
> > driver=nl80211
> >
> > ssid=test1
> >
> > hw_mode=g
> >
> > channel=1
> >
> > auth_algs=3
> >
> > wmm_enabled=1
> >
> > nas_identifier=first_example
> >
> > wpa=2
> >
> > wpa_passphrase=testingstuff123
> >
> > wpa_key_mgmt=SAE FT-SAE
> >
> > wpa_pairwise=CCMP
> >
> > ieee80211w=2
> >
> > sae_pwe=2
> >
> > mobility_domain=a1b2
> >
> > ft_over_ds=0
> >
> > ft_psk_generate_local=0
> >
> > --- LAPTOP 2 ---
> >
> > interface=wlp18s0
> >
> > driver=nl80211
> >
> > ssid=test1
> >
> > hw_mode=g
> >
> > channel=6
> >
> > auth_algs=3
> >
> > wmm_enabled=1
> >
> > nas_identifier=second_example
> >
> > wpa=2
> >
> > wpa_passphrase=testingstuff123
> >
> > wpa_key_mgmt=SAE FT-SAE
> >
> > wpa_pairwise=CCMP
> >
> > ieee80211w=2
> >
> > sae_pwe=2
> >
> > mobility_domain=a1b2
> >
> > ft_over_ds=0
> >
> > ft_psk_generate_local=0
More information about the Hostap
mailing list