**** BEGIN LOGGING AT Mon Nov 19 03:00:00 2018 Nov 19 03:38:54 I'm experimenting with SAE (wpa3), installed wpad-openssl and can see /var/run/hostapd....conf file stating sae as available, and updated my wpa_supplicant to git version, compiled with CONFIG_SAE=y Nov 19 03:39:28 but I'm unable to connect with my laptop when I set openwrt wireless to sae only Nov 19 03:40:41 however when I set it to sae-mixed, I can connect. In this instance I'm still using wpa2, so with wpa_cli, I set key_mgmt to sae manually and tried to reassociate Nov 19 03:41:13 I get: Nov 19 03:41:15 <3>SME: Deauth request to the driver failed Nov 19 03:41:50 laptops card: Qualcomm Atheros QCA9565 / AR9565 Wireless Network Adapter Nov 19 03:42:19 Router AR9531 Nov 19 03:44:50 abenz: wpad-openssl and wpad-wolfssl in master should support wpa3 as is, but SAE and friends hard-depends on building wpad against a tls library (as in openssl or wolfssl), the normal wpad can't do that Nov 19 03:47:23 pkgadd: with sae I meant simultaneous authentication of equals Nov 19 03:48:10 which is wpa3 basically, and I have wpad-openssl installed :) Nov 19 03:48:15 abenz: OWE? same story but I haven't really tested wpa3 yet (although I do have a router here that claims to support it) Nov 19 03:49:33 I actually enabled both of those, and hostapd runs with them enabled no problem (with the normal wpad it complained that key_mgmt of sae is unknown.. so after wpad-openssl it starts normally without complaining about that..) Nov 19 03:50:35 abenz, if you have another laptop, you could set one up as hostapd to see if the issue is in the openwrt package Nov 19 03:53:27 my impression is that the entire wpa3 cert doesn't require new hardware (not from 11n+ at least).. but the wpa_cli error about driver failing to deauth makes me wonder? Nov 19 03:55:30 my other devices have old broadcom wl chips unfortunately Nov 19 03:56:29 your impression should be correct for the more recent 'better' drivers (ath9k and ath10k{,-ct} for sure), but it really depends on driver and firmware (e.g. not all drivers support ieee802.11w/ pmf) Nov 19 03:58:00 ath10k-ct? Nov 19 03:59:50 Mister_X: https://www.candelatech.com/ath10k.php Nov 19 04:03:52 pkgadd: what wpa3 router do you have? Nov 19 04:05:30 lancom 1781ef+ Nov 19 04:06:40 err, s/ef/ew/ Nov 19 04:11:31 I will try setting up two openwrt devices one ap and the other sta Nov 19 04:11:48 my ancient laptops are more likely to have issues Nov 19 04:47:43 abenz: I'd say at least ath5k should also have a good chance working Nov 19 04:50:14 it does at least support pmf Nov 19 04:52:37 pkgadd: I will try with two AR9531 routers and see how it goes Nov 19 04:53:01 I dont think I can specify sae in uci (not for sta at least) Nov 19 04:53:04 will see Nov 19 04:53:41 I'm curious how it goes (as my early tests with OpenWrt weren't that successful either, although I blame that more on the non-OpenWrt client/ notebook than the routers, didn't really get to deeper debugging) Nov 19 04:55:14 at least key_mgmt=WPA2-PSK-SHA256 pmf=1 mgmt_group_cipher=BIP seem to work Nov 19 05:01:51 Hauke, nbd: I think I've found the reason for WDS/ 4addr being broken with the 4.18/ 4.19 based mac80211 backports, db3bdcb9c3ff ("mac80211: allow AP_VLAN operation on crypto controlled devices"), seems to be the culprit - current HEAD with that reverted works for me http://paste.debian.net/hidden/c35d7e4b/ (QCA9984 WDS-AP <--> AR9344 WDS-client) Nov 19 05:38:05 pkgadd: its hard to pinponint, for example I set my AP to sae-mixed, my newer android phone connects fine Nov 19 05:38:11 but my older phone can't Nov 19 05:38:32 that same older phone can connect to wpa2-psk-ccmp Nov 19 05:39:15 when I check hostapd---conf, I see key_mgmt wpa-psk as available (alongside sae).. so in this case I can safely assume its client side Nov 19 05:45:00 abenz: I 'think' I've successfully tested an android 2.3.7 phone (TI WL1271A wlan) against OpenWrt in wpa3psk in mixed mode (so using the WPA2 code paths), but I don't have it at hand right now to confirm Nov 19 05:46:53 at least BCM4330 and BCM4334 don't have any problem with that Nov 19 05:47:31 nor do rtl8723bs, ipw2200 or AR5007EG Nov 19 05:48:00 rt2561 and rt73 are also o.k. Nov 19 05:48:25 pkgadd: do you check its actually using sae? Nov 19 05:48:35 eg: wpa_cli status | grep key_mgmt Nov 19 05:48:46 abenz: all of those tests are in WPA2PSK fallback mode Nov 19 05:48:54 mixed Nov 19 05:50:08 I've enabled it (in mixed mode), but couldn't really dwelve into the details of getting the clients working in wpa3 mode so far (at least ipw2200 is a complete no go, no pmf) Nov 19 05:52:32 I see Nov 19 07:32:06 hrm. So is there any mechanism for a device definition to "hook" certain events, like "after opkg installs, let me run this script" Nov 19 07:32:22 Specifically, I want to add a "dest" to /etc/opkg.conf Nov 19 07:33:00 why not just ship a files/etc/opkg/mycustomdest.conf ? Nov 19 07:34:01 oh! and everything under /etc/opkg will get loaded? Nov 19 07:34:16 It's treated like an /etc/opkg.d? Nov 19 07:35:31 let me test that out... Nov 19 07:36:35 Cool, it works, thanks jow Nov 19 07:36:46 :) Nov 19 07:39:54 But as far as having the file copied for a specific device, I don't see a specific variable that I can set under Device/Init or DEFAULT_DEVICE_VARS in include/image.mk Nov 19 07:40:44 How or where can I tell it "copy this specific file to the rootfs staging dir"? Nov 19 07:41:19 I suppose I can create a package for that Nov 19 07:47:54 creating a package just to copy a few files seems extraneous. Is there a cleaner way to add device-specific base-files? Nov 19 08:05:30 openwrt buildroot has no concept of devoce specific files, the only way is through a package Nov 19 08:05:41 ok Nov 19 08:07:00 Hi jow You know in the new luci-app-opkg can I ask for a small a11y fix pleas? Nov 19 08:07:07 I was trying to understand the variables that each device uses. Nov 19 08:07:28 Would you like me to make a issue or just explane it here? Nov 19 08:18:06 Tapper: sure explain Nov 19 08:19:26 Some of the buttons on the page are not showing to my screen reader as buttons. Nov 19 08:20:13 They do what there designed to do and I know what they do because I am use to using the set up as it was befor. Nov 19 08:20:56 but any comming to openwrt for the first time using a screen reader would not know that the remove and install buttons can be pressed like buttons Nov 19 08:21:57 same gos for the Download and install package: button and the OK button under the edit field called Download and install package: Nov 19 08:22:33 same gos for Update lists… Nov 19 08:24:51 One more thing is the message that shows up at the bottom of the page after instaling or removeing a package can not be closed buy pressing enter or the space bar on it. Nov 19 08:25:13 It's not a biggy tho for me. Nov 19 08:26:25 jow: There seems to be a hook for base-files. It will look for a base-files.mk under PLATFORM_DIR and PLATFORM_SUBDIR from where you can define Package/base-files/install-target Nov 19 08:26:58 So I guess I just need to figure out how to check what the device is... Nov 19 08:27:25 Tapper: https://github.com/openwrt/luci/commit/1ca5a99a49c515d4bab61220893961445ce9653f Nov 19 08:34:52 jow thanks Nov 19 08:37:24 jow nice one for the other work you have dun on luci btw all works nicely so far! Nov 19 08:58:53 jow: OK, so this works but maybe I can clean it up a bit. I've added the file target/linux/ramips/mt7620/base-files.mk containing this: https://bpaste.net/show/4e5cfb54ee7e Nov 19 08:59:20 Then I added my device-specific files into target/linux/ramips/mt7620/mydevice/ Nov 19 09:03:13 Maybe base-files and include/image.mk can be extended to add an optional DEVICE_BASE_FILES and/or a Device/base-files/install-target function to clean this up. Nov 19 09:03:45 I'm not sure, but at least I have a (possibly temporary) solution Nov 19 09:12:22 pkgadd: can you show me output of: Nov 19 09:12:32 wpa_cli get_capability key_mgmt Nov 19 09:12:52 on whichever device you tried to connect using sae/wpa3 Nov 19 09:22:06 hi Nov 19 09:23:49 is it not possible to set the txpower on wrt* devices (mwlwifi) ? seems like max tx power is always used. iw reports the correct txpower. however when i set like 1mw my device still shows full bars through one wall. Nov 19 09:43:51 this is a wrt1200 v1, not the v2, so the power table should not be eeprom locked? Nov 19 09:55:49 I don't know, but I've always wondered what the added risk of cancer is for having one at 11 next to your desk Nov 19 22:16:57 well, it did not work exactly like i planned, the bananapi rpi has an realtek chip, i thought it was a atheros, so no virtual interfaces here Nov 19 22:33:09 so i gotta try it again with my x86_64 tablet. what confuses myself is that ubuntu (i gotta check which driver exactly) is working and openwrt is not. the device is initialized at the start, i can create virtual interfaces, but nothing goes out or in Nov 19 22:40:30 anybody here with atheros experience? Nov 19 22:40:39 dont know what to do anymore Nov 19 23:41:42 any wifi-freak around here? Nov 19 23:43:08 i have an atheros chip, connected to 2 stations at the same time, iam just able to use 1 interface, the seconds seems to be blocked, i guess this is driver limited? should it be possible to unblock this ? i mean i can use an ap+sta on a chip at a same time, why not 2 clients at the same time Nov 19 23:44:12 because the hardware doesn't allow more than that Nov 19 23:44:57 something like: valid interface combinations: * #{ managed } <= 1, #{ AP, mesh point } <= 16, total <= 16, #channels <= 1, STA/AP BI must match, radar detect widths: { 20 MHz (no HT), 20 MHz, 40 MHz, 80 MHz } Nov 19 23:45:46 shouldnt be there something like hopping? Nov 19 23:46:26 no Nov 19 23:47:51 obviously you could write a userspace service doing just that, disassociating from AP1, reconfigure for AP2 associate, stay connected for whatever amount of time, disassociate from AP2, reconfigure for AP1, yada, yada Nov 19 23:48:29 but it's not possible to stay connected in STA mode to two APs at the same time or virtually the same time Nov 19 23:49:41 i see i would need a wifi chip foreach connection then Nov 19 23:49:57 correct Nov 19 23:51:18 well, i just wanted to check my providers hotspot limitations. each login has 10mbit, so i thought i could just add some vifs, connect em and maybe balance it together over mwan3 Nov 19 23:51:28 but that pointed out to be a dream then Nov 19 23:52:37 it would have been nice if the connections could just been held and traffic was going thru a queue or anything like that Nov 19 23:52:40 multi-wan can be 'fun' enough with wired connections already, for wlan it would be an advanced course in masochism Nov 19 23:52:46 :D Nov 20 00:05:01 pkgadd, well0ne you can use two STA vdevs connect to two different APs, but both APs must use the same center freq Nov 20 00:05:17 its the same ap tho Nov 20 00:05:20 our users do this with our ath10k and ath9k systems Nov 20 00:05:47 okay Nov 20 00:05:47 er, can do that too with our 'special' firmware, but why would you want to? Nov 20 00:06:09 its just a test more or less Nov 20 00:06:18 ahh, yeah, we make testing equipment :) Nov 20 00:06:29 ath9k can do it with sw-crypt mode Nov 20 00:06:41 hw crypt mode breaks in that scenario though Nov 20 00:07:00 aah i see Nov 20 00:07:56 so i need to reload the module with the nohwcrypt option i guess? Nov 20 00:09:30 what radio/driver/firmware are you using? Nov 20 00:09:36 ath9k Nov 20 00:09:45 yeah, hw-crypt should do the trick Nov 20 00:09:55 sorry, no-hw-crypt should do the trick Nov 20 00:10:01 ar5b225 Nov 20 00:16:18 can i pass this argument into the bootprocess? Nov 20 00:19:17 1 vsta is getting an ip address Nov 20 00:19:20 the other dont Nov 20 00:19:27 even while with nohwcrypt Nov 20 00:19:57 i dont even know if nohwcrypt is beeing accepted as option parameter, because modinfo tells me nothing Nov 20 00:22:52 modules.d was the answer for module parameters Nov 20 00:24:39 am i missing somethiong greearb_ Nov 20 00:25:42 dunno, I have never done this on stock openwrt. If you disable encryption will it work? Nov 20 00:26:31 if so, then nohwcrypt is not doing its thing I guess Nov 20 00:26:41 hm iam not able to disable the encryption Nov 20 00:26:45 hmkey Nov 20 00:27:01 if you bring first one down, will second come up OK? Nov 20 00:27:10 that also points to nohwcrypt not working if true Nov 20 00:29:31 its working Nov 20 00:29:34 hah Nov 20 00:29:54 when i disable one connection shortly Nov 20 00:30:03 then disable it again both are working Nov 20 00:30:56 i dont even need to disable one it seems Nov 20 00:31:10 after some reboots both vsta are connected Nov 20 00:31:23 and iam able to call curl request to each interface Nov 20 00:32:05 thanks man Nov 20 00:32:19 just for curiosity i will try to combine them Nov 20 00:32:29 you need VRF or special routing rules to make it work well, but maybe binding curl is enough. I'd sniff the air to make certain Nov 20 00:32:52 every interface has its own outgoing ip address Nov 20 00:33:03 and i call my server which returns the ip Nov 20 00:33:13 so i can be 100% sure its called on each interface Nov 20 00:33:34 you can trust me that the devil is in the details, and you need to watch for ARP caches not being as expected and so forth. Nov 20 00:34:22 every hotspot connection is getting its own ip by my isp Nov 20 00:34:26 i am really sure :) Nov 20 00:34:44 but i will consider that thanks Nov 20 02:27:30 well this is good Nov 20 02:27:35 iodine is totally broken Nov 20 02:27:44 on uh, musl... Nov 20 02:27:53 for no apparent reason **** ENDING LOGGING AT Tue Nov 20 02:59:58 2018