FS#77270 - [wpa_supplicant] 2.10-8: WPA3 (SAE) fails in access point mode

Attached to Project: Arch Linux
Opened by Kai Schmidt-Brauns (etothepii) - Thursday, 26 January 2023, 18:38 GMT
Last edited by Toolybird (Toolybird) - Tuesday, 21 February 2023, 04:22 GMT
Task Type Bug Report
Category Packages: Core
Status Closed
Assigned To No-one
Architecture x86_64
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description: Trying to start wpa_supplicant in access point mode with SAE key management results in an "Invalid key management type (1024)" error message and fails.


Additional info:
* package version(s): Seen in 2.10-8
* config and/or log files etc.
Output of journalctl -f -u wpa_supplicant.service -u NetworkManager -u systemd-networkd while trying to nmcli connection up the profile
* link to upstream bug report, if any

Steps to reproduce:
1. Create a NetworkManager profile with Wi-Fi in Access Point mode and WPA3 Personal security
2. try to nmcli connection up <name of profile>
3. watch output of journalctl as indicated above
4. no access point is created
   journalctl.txt (105.9 KiB)
This task depends upon

Closed by  Toolybird (Toolybird)
Tuesday, 21 February 2023, 04:22 GMT
Reason for closing:  Fixed
Additional comments about closing:  See comments
Comment by Toolybird (Toolybird) - Friday, 27 January 2023, 22:03 GMT
Related:  FS#65314 . Is this something that used to work and now it doesn't i.e. it's a regression, or is it just something you're trying to get working? You mention both "NetworkManager" and "systemd-networkd" (although I don't see systemd-networkd in the log). Just checking you don't have both of those enabled do you? Have you reported this upstream? But first have a look at abovementioned ticket as that was only implemented recently and it might have broken something.
Comment by Kai Schmidt-Brauns (etothepii) - Sunday, 29 January 2023, 12:44 GMT
Related: I've taken a look at your reference and I'm pretty sure the problem I encounter is quite different from that; they are talking about WPA3 Enterprise, this issue is about WPA3 Personal
Regression: It has been a while since I set up a WPA3 access point, but IIRC it worked very well (with a usb wifi adapter though) and now with iwlwifi it doesn't, so I suspect that to be a regression.

NetworkManager: I run NetworkManager, any occurrence of "systemd-networkd" is just from the catch-all command I found on StackExchange ;)

Upstream: I haven't reported this problem to upstream yet because the error message seems to indicate a packaging/build problem, maybe missing build flags or something like that?
Comment by loqs (loqs) - Sunday, 29 January 2023, 23:58 GMT
If you rebuild wpa_supplicant with line 249 of wpa_supplicant_config which contains CONFIG_SAE=y deleted, so the package is built without SAE support is the same error message produced?
Comment by Kai Schmidt-Brauns (etothepii) - Monday, 30 January 2023, 19:09 GMT
Interesting, without CONFIG_SAE=y, wpa_supplicant fails much earlier; there is no "Invalid key management" message anymore, just "Could not generate WPA IE". For details, see attached journalctl.txt
   journalctl.txt (8 KiB)
Comment by Kai Schmidt-Brauns (etothepii) - Thursday, 02 February 2023, 21:17 GMT
Ok, no I was wrong… The output is pretty much similar to when CONFIG_SAE=y is enabled. I just forgot to enable log_level debug in wpa_supplicant.
Comment by Kai Schmidt-Brauns (etothepii) - Monday, 20 February 2023, 22:36 GMT
Looks like the issue has been resolved (maybe in NetworkManager, because after a recent update today, SAE works).

Loading...