Pablo MG:
Apologies for not replying in the thread. Having difficulty getting my email client to import the
email to reply.
Based on a quick look, it doesn't seem like NetworkManager explicitly supports RSN overriding (in
fairness, the feature was only recently introduced to WPA3 late last year). I'm also not familiar
with how NetworkManager may be used with a pre-existing wpa_supplicant configuration file while
wpa_supplicant uses its DBus interface, so I cannot provide much input there.
That said, I wanted to share a couple example configuration files that may help should you still be
looking to setup WPA3 Compatibility Mode for your client.
Attached are two config files. One is a hostapd config which will configure an AP to advertise WPA3
RSN Override and RSN Override 2 IEs while also advertising WPA2 in the regular RSN IE. The other
file is a wpa_supplicant config which will support connecting to the configured AP in three
different authentication configurations.
The first is uses SAE-EXT-KEY and GCMP-256 with RSN overriding (WPA3, AP RSN Override 2 IE), the
second SAE and CCMP with RSN overriding (WPA3, AP RSN Override IE), and the third standard PSK and
CCMP without RSN overriding (WPA2, RSN IE).
Example usage for hostapd is in the example config [1]. The wpa_supplicant example config [2]
details the 'rsn_overriding' configurable, but you may be better served by referencing the
wpa_supplicant hwsim test logic [3].
Hope this helps!
[1] https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf
[2] https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf
[3] https://w1.fi/cgit/hostap/tree/tests/hwsim/test_rsn_override.py#n374
--
Alex Gavin
Candela Technologies, USA (PST/GMT-8)
hw_mode=a
channel=36
country_code=US
ieee80211n=1
ieee80211ac=1
ieee80211ax=1
#ieee80211be=1
ssid=testssid
wpa=2
wpa_passphrase=password
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP
sae_pwe=2
ieee80211w=0
rsn_override_key_mgmt=SAE
rsn_override_pairwise=CCMP
rsn_override_mfp=2
rsn_override_key_mgmt_2=SAE-EXT-KEY
rsn_override_pairwise_2=GCMP-256
rsn_override_mfp_2=2
# WPA3 Compatibility Mode (SAE GROUP-DEPEND, GCMP-256)
network={
ssid="testssid"
sae_password="password"
rsn_overriding=1
pairwise=GCMP-256
key_mgmt=SAE-EXT-KEY
ieee80211w=2
}
# WPA3 Compatibility Mode (SAE, CCMP)
network={
ssid="testssid"
sae_password="password"
rsn_overriding=1
pairwise=CCMP
key_mgmt=SAE
ieee80211w=2
}
# WPA2 (PSK, CCMP)
network={
ssid="testssid"
#psk="password"
psk=f5c5597eaf6f2374fd24bd4914981750c119ff97ba9dd67988eac97533e5d02b
pairwise=CCMP
key_mgmt=WPA-PSK
ieee80211w=0
}
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
