Re: wpa_supplicant: configuring opportunistic WPA3

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I tested your solution a bit and it seems to be working: it's a bit
slower because wpa_supplicant makes more than one attempt before
disabling the block and trying the other, but it does work.

Thank you!

rnhmjoj

On 02-01-22, Dennis Bland wrote:
> Hi Michele:
> 
> You can create two similar netblocks of different priority (higher
> number = higher priority).  The higher priority netblock will be
> compared with the scan results first.
> 
> For example, to try matching with SAE first:
> 
> network={
>     ssid="mynetwork"
>     psk="mypassword"
>     key_mgmt=SAE
>     ieee80211w=2
>     priority=10
> }
> network={
>     ssid="mynetwork"
>     psk="mypassword"
>     key_mgmt=WPA-PSK
>     ieee80211w=1
>     priority=5
> }
> 
> Best regards,
> 
> Dennis
> 
> > Hi all,
> >
> > I'm the maintainer of the NixOS module[^1] for wpa_supplicant.
> > I'd like to know if it's possible to write a network block that will
> > always work for to both WPA2 and WPA3 networks. Based on the
> > documentation I wrote:
> >
> >   network={
> >     ssid="mynetwork"
> >     psk="mypassword"
> >     key_mgmt=SAE WPA-PSK
> >     ieee80211w=1
> >   }
> >
> > This seem to work:
> >   1. if the network is mixed SAE WPA-PSK, wpa_supplicant uses SAE
> >   2. if the network is WPA-PSK or SAE only, wpa_supplicant uses that
> > However, if (in case 1.) SAE fails for some reason, wpa_supplicant
> > will not fallback to WPA-PSK but keep trying SAE forever.
> > This is an issue, for example, if the hardware lacks PMF support.
> >
> > Is there a way to configure SAE opportunistically? Try SAE first,
> > if it succeeds use that, otherwise try another protocol.
> >
> > Thank you,
> >
> > rnhmjoj
> >
> >
> > [^1]: If you never heard of NixOS, that is basically a high-level
> > interface for generating wpa_supplicant config file.
> 
> _______________________________________________
> Hostap mailing list
> Hostap@xxxxxxxxxxxxxxxxxxx
> http://lists.infradead.org/mailman/listinfo/hostap

Attachment: signature.asc
Description: PGP signature

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux