Re: Network Manager enabling 802.11r - fast Transition

From: Beniamino Galvani <bgalvani redhat com>
To: Shawn Adams <shawn_adams web de>
Cc: networkmanager-list gnome org
Subject: Re: Network Manager enabling 802.11r - fast Transition
Date: Fri, 28 Oct 2022 10:13:54 +0200

On Mon, Oct 24, 2022 at 12:52:48PM +0200, Shawn Adams via networkmanager-list wrote:

All,

Perhaps I'm missing something, but do not see a UI option to enable 802.11r.

I can edit the /etc/system/NetworkManager/<connection file> and manally set
the key-mgmt:

[wifi-security]
key-mgmt=FT-EAP FT-EAP-SHA384


This is not a valid key-mgmt from NM point of view. When you restart
NM (or after, a "nmcli connection reload") you should see something like:

  failed to load connection: invalid connection: 802-11-wireless-security.key-mgmt: 'ft-eap ft-eap-sha384' is 
not a valid value for the property

in logs and the profile is not loaded. The valid values are those
listed in "man nm-settings".

   key-mgmt
     Key management used for the connection. One of "none" (WEP or no
     password protection), "ieee8021x" (Dynamic WEP), "owe"
     (Opportunistic Wireless Encryption), "wpa-psk" (WPA2 + WPA3
     personal), "sae" (WPA3 personal only), "wpa-eap" (WPA2 + WPA3
     enterprise) or "wpa-eap-suite-b-192" (WPA3 enterprise only).

Then restart NM and this works (yes provided the driver supports, which it
does).

FYI - can set OKC via wpa_cli.

However; when NM is restarted, the UI config tool shows the ESSID connection
profile, but is missing
the certificate selection, i need to reconfigure via the UI.

am I missing a more elegant method of enabling 802.11r ?


Currently there isn't a way to explicitly enable or disable FT. NM
automatically enables FT when wpa_supplicant reports that the wireless
interface supports it. The detection is based on whether the
"Capabilities" D-Bus field of the wireless interface contains
"KeyMgmt=wpa-ft-psk".

If you increase NM logging level to trace and restart it, you should
see what capabilities are reported ('+' means supported):

  <debug> [1666943325.0852] sup-iface[ad2675fb588f7c6b,2,wlan0]: interface supported features: AP? FT+ SAE+ 
BIP+

And when connecting, you can see which configuration is passed to
wpa_supplicant:

  <info>  [1666943444.7227] Config: added 'ssid' value 'test'
  <info>  [1666943444.7227] Config: added 'key_mgmt' value 'WPA-EAP FT-EAP FT-EAP-SHA384 WPA-EAP-SHA256'
  <info>  [1666943444.7227] Config: added 'password' value '<hidden>'
  <info>  [1666943444.7227] Config: added 'eap' value 'PEAP'
  ...

Beniamino

Attachment: signature.asc
Description: PGP signature

References:
- DNS over TLS connection setting providers
  - From: Petr Menšík
- Re: DNS over TLS connection setting providers
  - From: Thomas Haller
- Network Manager enabling 802.11r - fast Transition
  - From: Shawn Adams

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]