From nobody Mon Dec 04 18:06:24 2023 X-Original-To: freebsd-wireless@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4SkWpH644Sz52dY0 for ; Mon, 4 Dec 2023 18:07:03 +0000 (UTC) (envelope-from freebsd@walstatt-de.de) Received: from smtp6.goneo.de (smtp6.goneo.de [85.220.129.31]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4SkWpG2PdBz3Q14 for ; Mon, 4 Dec 2023 18:07:02 +0000 (UTC) (envelope-from freebsd@walstatt-de.de) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=walstatt-de.de header.s=DKIM001 header.b=d4cQ8ive; spf=none (mx1.freebsd.org: domain of freebsd@walstatt-de.de has no SPF policy when checking 85.220.129.31) smtp.mailfrom=freebsd@walstatt-de.de; dmarc=none Received: from hub1.goneo.de (hub1.goneo.de [85.220.129.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by smtp6.goneo.de (Postfix) with ESMTPS id 61C6D24082D for ; Mon, 4 Dec 2023 19:06:54 +0100 (CET) Received: from hub1.goneo.de (localhost [127.0.0.1]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (No client certificate requested) by hub1.goneo.de (Postfix) with ESMTPS id C3D24240A5B for ; Mon, 4 Dec 2023 19:06:52 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=walstatt-de.de; s=DKIM001; t=1701713212; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=H0O2Dz7fPp1fde3ATwpFw4M+MkNbemE09F0vx2SVA48=; b=d4cQ8iveCDhfH26d9iaP9FznhAvE/YU5GPEg3vGeL2zMTu76xmGo/6Bq3m+ZlitDyeIugj CNLOulad1IbL7dPohhRiezta75LzkQNjlKaIB/Zwh04E7vl3OpdZxgEbdBcQ9wEz7cATUf zs5mEvmpdIglkrhHPOLvtTupZBTYQoZwg89dM34DUDmeZWnvI9yb+9tQDGqY1bu0QuRxep WAqggaBonCiSMv7vL3RnFW4YUHkkODmv7OqZbfSSsvQnTF5Ga5qFqiK++SjkPhjCzTDQ5x nvRtVr5WZ34hiAf0fOZM0fmDittt85DCvFesZl0fRwi5Wdw/qAXGQSFnfUcCYg== Received: from thor.intern.walstatt.dynvpn.de (dynamic-089-014-123-199.89.14.pool.telefonica.de [89.14.123.199]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (prime256v1) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by hub1.goneo.de (Postfix) with ESMTPSA id 869962407F6 for ; Mon, 4 Dec 2023 19:06:52 +0100 (CET) Date: Mon, 4 Dec 2023 19:06:24 +0100 From: FreeBSD User To: freebsd-wireless Subject: IEEE802.11w: iwm/iwlwifi not connecting to AP Message-ID: <20231204190651.14ea3a03@thor.intern.walstatt.dynvpn.de> Organization: walstatt-de.de List-Id: Discussions List-Archive: https://lists.freebsd.org/archives/freebsd-wireless List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-wireless@freebsd.org X-BeenThere: freebsd-wireless@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit X-Rspamd-UID: f6d8bf X-Rspamd-UID: 5ead8b X-Spamd-Result: default: False [-3.30 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; R_DKIM_ALLOW(-0.20)[walstatt-de.de:s=DKIM001]; MIME_GOOD(-0.10)[text/plain]; MLMMJ_DEST(0.00)[freebsd-wireless@freebsd.org]; DKIM_TRACE(0.00)[walstatt-de.de:+]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_SPF_NA(0.00)[no SPF record]; TO_DN_ALL(0.00)[]; MIME_TRACE(0.00)[0:+]; FROM_EQ_ENVFROM(0.00)[]; RCVD_COUNT_THREE(0.00)[3]; RCPT_COUNT_ONE(0.00)[1]; ASN(0.00)[asn:25394, ipnet:85.220.128.0/17, country:DE]; FROM_HAS_DN(0.00)[]; ARC_NA(0.00)[]; HAS_ORG_HEADER(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DMARC_NA(0.00)[walstatt-de.de]; PREVIOUSLY_DELIVERED(0.00)[freebsd-wireless@freebsd.org]; RCVD_TLS_ALL(0.00)[] X-Rspamd-Queue-Id: 4SkWpG2PdBz3Q14 X-Spamd-Bar: --- Hello, Access Point is OpenWRT, openwrt-23.05 branch git-23.306.39416-c86c256. Client are either FreeBSD 13-STABLE or 14-STABLE, last tested on a recent 14-STBLE, running on Lenovo T560 hardware, WiFi chipset is recognised as Intel Wireless 8260. iwm(4) is working, but bumpy, see subject and below. iwlwifi(4) on 14-STABLE isn't working as well as 13.2-STABLE - iwlwifi claims to be up and running with the propper fimware loaded, but never got any access to any AP recently. Focussing on iwm(4), when enabling IEEE802.1w (Management Frame Protection) on the OpenWRT Access Point as "required", no matter what is configured on the client side according to the global parameter pmf=0|1|2 and per network setting ieee80211w=0|1|2 [example: OpenWRT REQUIRES PMF, set to "required" for "AP01" /etc/wpa_supplicant.conf: pmf=2 network={ ssid="AP01" auth_alg=OPEN key_mgmt=WPA-PSK WPA-EAP pairwise=CCMP group=CCMP ieee80211w=2 psk=some_weird_number } ] In any case, when one side requires PMF, with FBSD 13/14 no connection can be made successfuly. wpa_cli allways tries to connect, but fails with "failed to configure IGTK to the driver" and connection is rejected : "reason=CONN_FAILED" No matter what "ieee80211w=" is set to, as long as the AP REQUIRES PMF, a connection is rejected, FreeBSD isn't able to connect. Setting the PMF on OpenWRT to "optional" and either pmf=0 (and no ieee80211w setting in network definition) or pmf=1|2 in global section of wpa_supplicant.conf and ieee80211w=0 set in network section, a connection can be made by FreeBSD. How can I investigate on FreeBSD's side whether PMF is enabled and used or is not? I couldn't find any further doc about whether FreeBSD supports IEEE802.11w or not. Thanks in advance, Oliver -- O. Hartmann