rtl8852bu driver fails to log in with WPA3-SAE capable access point
klugja opened this issue · comments
Keeps logging into the router over and over again in Debian 11, kernel 5.10.0-24.
This is Debian 11, 5.10.0-24. dmesg and syslog are attached.
With the same access point and an RT3572 driver in the Linux kernel I get connected to the same router that fails with rtl8852bu:
jklug@jakDebian11:~$ sudo wpa_cli status
Selected interface 'wlx001aef582abb'
bssid=a0:36:bc:e8:f8:c4
freq=5785
ssid=ASUSJOHN_5G
id=0
mode=station
wifi_generation=4
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=SAE
pmf=1
mgmt_group_cipher=BIP
sae_group=19
wpa_state=COMPLETED
ip_address=172.29.107.243
address=00:1a:ef:58:2a:bb
uuid=43a5b7cd-854b-5b20-9727-efdcff08ab3d
USB-AX55-NANO
Bus 004 Device 127: ID 0bda:8153 Realtek Semiconductor Corp. RTL8153 Gigabit Ethernet Adapter
StarTech.com USB300WN2X2D working with WPA3-SAE:
Bus 002 Device 017: ID 148f:3572 Ralink Technology, Corp. RT3572 Wireless Adapter
cfg80211 983040 2 rt2x00lib,mac80211
rfkill 32768 5 cfg80211
And here is the Windows connection using the ASUS USB-AX55-NANO driver downloaded from the ASUS site:
SSID: ASUSJOHN_5G
Protocol: Wi-Fi 6 (802.11ax)
Security type: WPA3-Personal
Network band: 5 GHz
Network channel: 157
Link speed (Receive/Transmit): 1201/1201 (Mbps)SSID: ASUSJOHN_5G
Protocol: Wi-Fi 6 (802.11ax)
Security type: WPA3-Personal
Network band: 5 GHz
Network channel: 157
Link speed (Receive/Transmit): 1201/1201 (Mbps)
Link-local IPv6 address: fe80::8b26:ea00:d36c:6c41%42
IPv4 address: 172.29.107.79
IPv4 DNS servers: 172.29.1.1
Manufacturer: Realtek Semiconductor Corp.
Description: ASUS Wireless USB Nano adapter
Driver version: 5001.15.118.0
Physical address (MAC): A0-36-BC-D3-F1-75
Link-local IPv6 address: fe80::8b26:ea00:d36c:6c41%42
IPv4 address: 172.29.107.79
IPv4 DNS servers: 172.29.1.1
Manufacturer: Realtek Semiconductor Corp.
Description: ASUS Wireless USB Nano adapter
Driver version: 5001.15.118.0
Physical address (MAC): A0-36-BC-D3-F1-75
I sent the question about WPA3-SAE failing to Realtek. My contact replied with the following:
That driver is an official release verified by our QC team, so
I think it should work with WPA3-SAE AP.
Possible causes could be
- OP's distro doesn't integrate WPA3 into network-manager (UI)
- Realtek vendor driver uses non-standard WPA3 interface.
I will confirm this tomorrow or next Week. - improper setting of H2E option in wpa_supplicant.conf
I heard this many times, but not quite understand the detail.
I will check it when I get back to office.
Obviously, #1 is not correct as the RT3572 works.
We will need to wait for #2.
What is the make/model of the AP, and what version of the firmware is is running?
What is the version of wpa_supplicant? My system has version 2.10.
What software are you using to control wireless, and what version is it?
When you run 'ps ax | grep supplicant', you should see something like the following:
"/usr/sbin/wpa_supplicant -c /etc/wpa_supplicant/wpa_supplicant.conf -u -t -f /var/log/wpa_supplicant.log"
Please attach the .conf and .log files. Please review them to obscure any passwords, etc.
AP:
ASUS RT-AXE7800
Current Version : 3.0.0.4.388_22068-gf3adbcd
wpa_supplicant is 2.9 (Maybe the issue?) Currently Debian 10. I will upgrade to 11 and make sure 2.10 is installed.
root@jakDebian11:/run/wpa_supplicant# /usr/sbin/NetworkManager -V
1.30.6
/sbin/wpa_supplicant -u -s -O /run/wpa_supplicant
Only thing in /run/wpa_supplicant is a socket.
NetworkManager Log:
Aug 24 14:18:11 jakDebian11 NetworkManager[741]: <warn> [1692904691.3714] device (wlxa036bcd3f175): Activation: (wifi) association took too long
Aug 24 14:18:11 jakDebian11 NetworkManager[741]: <info> [1692904691.3714] device (wlxa036bcd3f175): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
Aug 24 14:18:11 jakDebian11 NetworkManager[741]: <info> [1692904691.3716] sup-iface[1da6daa55031bdc6,9,wlxa036bcd3f175]: wps: type pbc start...
Aug 24 14:18:11 jakDebian11 NetworkManager[741]: <warn> [1692904691.3723] device (wlxa036bcd3f175): Activation: (wifi) asking for new secrets
Aug 24 14:18:11 jakDebian11 NetworkManager[741]: <info> [1692904691.3785] device (wlxa036bcd3f175): supplicant interface state: disconnected -> scanning
Aug 24 14:18:11 jakDebian11 NetworkManager[741]: <info> [1692904691.3785] device (p2p-dev-wlxa036bcd3f175): supplicant management interface state: disconnected -> scanning
Aug 24 14:18:15 jakDebian11 NetworkManager[741]: <info> [1692904695.0394] device (wlxa036bcd3f175): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed')
Aug 24 14:18:15 jakDebian11 NetworkManager[741]: <info> [1692904695.0399] device (wlxa036bcd3f175): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Aug 24 14:18:15 jakDebian11 NetworkManager[741]: <info> [1692904695.0402] device (wlxa036bcd3f175): Activation: (wifi) connection 'ASUSJOHN_5G 1' has security, and secrets exist. No new secrets needed.
Aug 24 14:18:15 jakDebian11 NetworkManager[741]: <info> [1692904695.0402] Config: added 'ssid' value 'ASUSJOHN_5G'
Aug 24 14:18:15 jakDebian11 NetworkManager[741]: <info> [1692904695.0402] Config: added 'scan_ssid' value '1'
Aug 24 14:18:15 jakDebian11 NetworkManager[741]: <info> [1692904695.0402] Config: added 'bgscan' value 'simple:30:-70:86400'
Aug 24 14:18:15 jakDebian11 NetworkManager[741]: <info> [1692904695.0402] Config: added 'key_mgmt' value 'SAE FT-SAE'
Aug 24 14:18:15 jakDebian11 NetworkManager[741]: <info> [1692904695.0402] Config: added 'auth_alg' value 'OPEN'
Aug 24 14:18:15 jakDebian11 NetworkManager[741]: <info> [1692904695.0402] Config: added 'psk' value '<hidden>'
Aug 24 14:18:15 jakDebian11 NetworkManager[741]: <info> [1692904695.0875] device (wlxa036bcd3f175): supplicant interface state: scanning -> associating
Aug 24 14:18:15 jakDebian11 NetworkManager[741]: <info> [1692904695.0875] device (p2p-dev-wlxa036bcd3f175): supplicant management interface state: scanning -> associating
Aug 24 14:18:15 jakDebian11 NetworkManager[741]: <info> [1692904695.3198] device (wlxa036bcd3f175): supplicant interface state: associating -> disconnected
Aug 24 14:18:15 jakDebian11 NetworkManager[741]: <info> [1692904695.3198] device (p2p-dev-wlxa036bcd3f175): supplicant management interface state: associating -> disconnected
Aug 24 14:18:25 jakDebian11 NetworkManager[741]: <info> [1692904705.3288] device (wlxa036bcd3f175): supplicant interface state: disconnected -> scanning
Aug 24 14:18:25 jakDebian11 NetworkManager[741]: <info> [1692904705.3288] device (p2p-dev-wlxa036bcd3f175): supplicant management interface state: disconnected -> scanning
Aug 24 14:18:28 jakDebian11 NetworkManager[741]: <info> [1692904708.4557] device (wlxa036bcd3f175): supplicant interface state: scanning -> associating
Aug 24 14:18:28 jakDebian11 NetworkManager[741]: <info> [1692904708.4557] device (p2p-dev-wlxa036bcd3f175): supplicant management interface state: scanning -> associating
Aug 24 14:18:28 jakDebian11 NetworkManager[741]: <info> [1692904708.7439] device (wlxa036bcd3f175): supplicant interface state: associating -> disconnected
Aug 24 14:18:28 jakDebian11 NetworkManager[741]: <info> [1692904708.7440] device (p2p-dev-wlxa036bcd3f175): supplicant management interface state: associating -> disconnected
/var/log/syslog
I will update to Debian bookwork and re-test.
syslog.zip
Attached is syslog in the vicinity of the failed attach/login to the ASUS router.
I moved to Debian 12. New kernel 6.1.0-11
wpa_supplicant v2.10
Copyright (c) 2003-2022, Jouni Malinen j@w1.fi and contributors
NetworkManager -V
1.42.4
Didn't help. Still wanting me to log in over and over again. RT3572 works fine still.
rtl8852bu.zip
Attached is syslog and dmesg output.
My contact at Realtek reported the following:
I have tried to connect to RAX120 AP on 5GHz band, and at least ping works.
This is my wpa_supplicant.conf for reference:
ctrl_interface=/var/run/wpa_supplicant
update_config=1
pmf=1
#sae_pwe=1
network={
ssid="RAX120-5G"
key_mgmt=SAE
psk="12345678"
}
The 'sae_pwe' is the H2E thing I mentioned above, and wpa_supplicant debug
log says RAX120 doesn't support it, so I just comment it out.
==================================================================
I have no idea where the supplicant is getting its configuration, but sae_pwe could be the problem. One article I read (https://unix.stackexchange.com/questions/501260/where-does-network-manager-store-settings} has it in /etc/NetworkManager/system-connections/.
OK. That worked. I had to defeat NetworkManager. sae_pwe had to be commented out.
wpa_cli is telling me I used SAE to connect:
key_mgmt=SAE
I am told MCS 11 is WiFi 6:
rx bitrate: 1200.9 MBit/s 80MHz HE-MCS 11 HE-NSS 2 HE-GI 0 HE-DCM 0
tx bitrate: 1200.9 MBit/s 80MHz HE-MCS 11 HE-NSS 2 HE-GI 0 HE-DCM 0
Could you please try "sae_pwe=2". According to the documentation,
SAE mechanism for PWE derivation
0 = hunting-and-pecking loop only (default without password identifier)
1 = hash-to-element only (default with password identifier)
2 = both hunting-and-pecking loop and hash-to-element enabled
Thus "2" should try both methods.
I tried sae_pwe=2 and I got a connection just fine.