FT authentication fails on FT-SAE

Sun Sep 26 13:41:18 PDT 2021

Hi

I suspected that would be the case.

So the APs need to communicate for FT-SAE to work, but how does that communication take place? In my setup one R7800 acts as the "main" router and provides IP addresses through DHCP while the other one is connected to it via Ethernet and is simply a dumb AP. Do the APs communicate via Ethernet or via WiFi?

Michael

‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐

On Sunday, September 26th, 2021 at 22:32, michael-dev <michael-dev at fami-braun.de> wrote:

> Hi,
>
> this is not possible by the way the EAP authentication backing FT-SAE
>
> works.
>
> Regards,
>
> M. Braun
>
> Am 23.09.2021 11:08, schrieb S330錢小偉qianxiaowei:
>
> > Dear Braun,
> >
> > Do we have plans to support functions similar to ft_psk_generate_local
> >
> > on FT-SAE?
> >
> > As we know, before ft_psk_generate_local is not supported, we also
> >
> > need to manually configure r0kh and r1kh.
> >
> > This is not very friendly for home users who have APs from different
> >
> > manufacturers.
> >
> > Thanks to the emergence of ft_psk_generate_local, which makes FT-PSK
> >
> > very simple Well!
> >
> > If FT-SAE can also support such a function, it would be great!!!
> >
> > Thanks.
> >
> > Best Regards!
> >
> > > On Sep 23, 2021, at 4:13 PM, michael-dev michael-dev at fami-braun.de
> > >
> > > wrote:
> > >
> > > Hi,
> > >
> > > you're missing most of the required settings in section IEEE 802.11r
> > >
> > > configuration of
> > >
> > > https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf .
> > >
> > > You don't need r0kh/r1kh only if only using FT-PSK with
> > >
> > > ft_psk_generate_local, because otherwise both hostapd instances need
> > >
> > > to communicate to faciliate roaming (exchange keys etc.) - which
> > >
> > > they cannot unless r0kh/r1kh is configured.
> > >
> > > Regards,
> > >
> > > M. Braun
> > >
> > > Am 13.08.2021 09:34, schrieb Michael Yartys:
> > >
> > > > --- LAPTOP 1 ---
> > > >
> > > > interface=wlp18s0
> > > >
> > > > driver=nl80211
> > > >
> > > > ssid=test1
> > > >
> > > > hw_mode=g
> > > >
> > > > channel=1
> > > >
> > > > auth_algs=3
> > > >
> > > > wmm_enabled=1
> > > >
> > > > nas_identifier=first_example
> > > >
> > > > wpa=2
> > > >
> > > > wpa_passphrase=testingstuff123
> > > >
> > > > wpa_key_mgmt=SAE FT-SAE
> > > >
> > > > wpa_pairwise=CCMP
> > > >
> > > > ieee80211w=2
> > > >
> > > > sae_pwe=2
> > > >
> > > > mobility_domain=a1b2
> > > >
> > > > ft_over_ds=0
> > > >
> > > > ft_psk_generate_local=0
> > > >
> > > > --- LAPTOP 2 ---
> > > >
> > > > interface=wlp18s0
> > > >
> > > > driver=nl80211
> > > >
> > > > ssid=test1
> > > >
> > > > hw_mode=g
> > > >
> > > > channel=6
> > > >
> > > > auth_algs=3
> > > >
> > > > wmm_enabled=1
> > > >
> > > > nas_identifier=second_example
> > > >
> > > > wpa=2
> > > >
> > > > wpa_passphrase=testingstuff123
> > > >
> > > > wpa_key_mgmt=SAE FT-SAE
> > > >
> > > > wpa_pairwise=CCMP
> > > >
> > > > ieee80211w=2
> > > >
> > > > sae_pwe=2
> > > >
> > > > mobility_domain=a1b2
> > > >
> > > > ft_over_ds=0
> > > >
> > > > ft_psk_generate_local=0
> > >
> > > Hostap mailing list
> > >
> > > Hostap at lists.infradead.org
> > >
> > > http://lists.infradead.org/mailman/listinfo/hostap
> >
> > This message including any attachment is intended only for the use of
> >
> > the addressee(s) and may contain privileged and confidential
> >
> > information. If you are not the intended recipient, you are hereby
> >
> > notified that any dissemination of this message is strictly
> >
> > prohibited. Disclosure, copying, distribution, or use of the contents
> >
> > of this e-mail by persons other than the intended recipient may
> >
> > violate applicable laws. Abuse or dissemination by the intended
> >
> > recipient is also forbidden. Please kindly return the e-mail and
> >
> > delete it if you have received this message in error. Thank you.
> >
> > 本郵件內容涉及商業或私人秘密，非收件人請勿散佈或使用，收件人亦應遵守保密義務不得散佈或濫用本郵件，否則可能違反相關法令。如因傳遞錯誤，請立即刪除並回覆通知寄件人。感謝您。