search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
17.5k stars 13.68k forks source link

NixOs: Can't connect to a WEP network: failure to add network: invalid message format #177501

Open tobiasBora opened 2 years ago

tobiasBora commented 2 years ago

Describe the bug

I'm visiting regularly someone, and their wifi is configured with WEP (I know, it's not secure). I never had any troubles to connect before, but since my recent upgrade from a4bf4434570 to 1ffba9f2f68, I get an error when I try to connect (while my phone has no issues):

$ journalctl -f
juin 13 09:59:35 bestos xsession[7440]: org.kde.plasma.nm.kded: Unhandled active connection state change:  1
juin 13 09:59:35 bestos xsession[941263]: "L’objet n’existe pas à l’emplacement « /org/freedesktop/NetworkManager/ActiveConnection/11 »"
juin 13 09:59:35 bestos kdeconnectd[1234149]: "L’objet n’existe pas à l’emplacement « /org/freedesktop/NetworkManager/ActiveConnection/20 »"
juin 13 09:59:35 bestos kglobalaccel5[2553441]: "L’objet n’existe pas à l’emplacement « /org/freedesktop/NetworkManager/ActiveConnection/36 »"
juin 13 09:59:35 bestos NetworkManager[2467]: <warn>  [1655107175.5729] sup-iface[992330d66c8b9655,31,wlo1]: assoc[ef72268068c9b073]: failure to add network: invalid message format
juin 13 09:59:35 bestos NetworkManager[2467]: <warn>  [1655107175.5735] device (wlo1): Activation: failed for connection 'FREEBOX_NAME'

(L’objet n’existe pas à l’emplacement means the object does not exist at path)

Steps To Reproduce

Steps to reproduce the behavior:

  1. Connect with the Network Manager applet (KDE plasma) to a WEP network (not sure if it's the same for all WEP networks). See that it won't connect.

Notify maintainers

@NixOS/freedesktop @NixOS/qt-kde @domenkozar @obadz @maxeaubrey

Metadata

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

My system is based on commit 1ffba9f2f68, hardcoded in a shell script.

amaxine commented 2 years ago

@tobiasBora I assume you've not changed your NetworkManager backend and are using wpa_supplicant. As of version 2.10 of wpa_supplicant, WEP support is not enabled by default (see https://github.com/NixOS/nixpkgs/pull/155266). Newer versions of NetworkManager have a better error about not supporting WEP (starting with 1.38), which is present in 22.05.

You could work around this problem by overriding wpa_supplicant locally to build with CONFIG_WEP=y.

tobiasBora commented 2 years ago

Oh, thanks a lot for pointing this! That's a bit strange to remove WEP, is there any reasons for that? In particular, shouldn't NixOs enable this by default? Is it to force people to update their internet Box to the secure WPA? Unless Windows is doing the same, I guess it will only cause issues to linux users.

Also, shall I play with overrideAttrs to set CONFIG_WEP=y, or is there a more modern approach?

amaxine commented 2 years ago

Oh, thanks a lot for pointing this! That's a bit strange to remove WEP, is there any reasons for that? In particular, shouldn't NixOs enable this by default? Is it to force people to update their internet Box to the secure WPA? Unless Windows is doing the same, I guess it will only cause issues to linux users.

I only became aware of this change when you opened this issue and I went looking for the cause. I'm not a maintainer of wpa_supplicant, but WEP has been deprecated and discouraged from use for nearly 2 decades now. It appears that at least Fedora and Debian kept WEP support for now, and I'm not aware of what the situation is with Windows or macOS but a quick search suggests that Windows 11 might be dropping WEP too, soon.

I don't really have strong feelings about this subject either way - I'm not going to push to do anything about it, sorry :slightly_smiling_face: If you feel strongly about this being reenabled by default, I think opening a PR/posting in Matrix or Discourse might be the way to try and get wider input.

Also, shall I play with overrideAttrs to set CONFIG_WEP=y, or is there a more modern approach?

That sounds right. You'll want to add it to extraConfig.

tobiasBora commented 2 years ago

For people interested I can confirm that the following solved my issues:

  nixpkgs.overlays = [
    (self: super: {
      wpa_supplicant = super.wpa_supplicant.overrideAttrs (oldAttrs: rec {
        extraConfig = oldAttrs.extraConfig + ''
      CONFIG_WEP=y
    '';
      });
    })
  ];
Rayzeq commented 1 year ago

My home network is using WEP, which means I can't even install NixOS because it needs an internet connection. I still managed to install it by using my phone's hotspot (using WPA).

After successfully installing NixOS, I applied the suggested fix to connect to my home network. It didn't solved my issue but I now have a different error. When attempting to connect, it loads for some time, and then I get the message IP configuration was unavailable.

I think my issue is related to this one because:

In an attempt to resolve the issue, I manually configured the network settings by specifying the IP address, netmask, and gateway. Although the connection was established successfully, I am still unable to access the internet.

Here are some relevant logs from journalctl (I replaced the BSSID of my router with a random one):

juil. 04 20:16:17 nixos systemd[1]: Starting Name Service Cache Daemon (nsncd)...
juil. 04 20:16:17 nixos nsncd[2663]: Jul 04 20:16:17.252 INFO started, handoff_timeout: 3s, worker_count: 8, path: "/var/run/nscd/socket"
juil. 04 20:16:17 nixos systemd[1]: Started Name Service Cache Daemon (nsncd).
juil. 04 20:16:17 nixos systemd[1]: Reached target Host and Network Name Lookups.
juil. 04 20:16:17 nixos systemd[1]: Reached target User and Group Name Lookups.
juil. 04 20:17:12 nixos wpa_supplicant[910]: wlp2s0: SME: Trying to authenticate with 2c:b4:b2:a3:ab:76 (SSID='freebox_WIEVZP' freq=2412 MHz)
juil. 04 20:17:12 nixos kernel: wlp2s0: authenticate with 2c:b4:b2:a3:ab:76
juil. 04 20:17:12 nixos kernel: wlp2s0: 80 MHz not supported, disabling VHT
juil. 04 20:17:12 nixos wpa_supplicant[910]: nl80211: kernel reports: key not allowed
juil. 04 20:17:12 nixos kernel: wlp2s0: send auth to 2c:b4:b2:a3:ab:76 (try 1/3)
juil. 04 20:17:12 nixos wpa_supplicant[910]: wlp2s0: Trying to associate with 2c:b4:b2:a3:ab:76 (SSID='freebox_WIEVZP' freq=2412 MHz)
juil. 04 20:17:12 nixos kernel: wlp2s0: authenticated
juil. 04 20:17:12 nixos kernel: rtl8188ee 0000:02:00.0 wlp2s0: disabling HT/VHT/HE due to WEP/TKIP use
juil. 04 20:17:12 nixos kernel: wlp2s0: 80 MHz not supported, disabling VHT
juil. 04 20:17:12 nixos kernel: wlp2s0: associate with 2c:b4:b2:a3:ab:76 (try 1/3)
juil. 04 20:17:12 nixos kernel: wlp2s0: RX AssocResp from 2c:b4:b2:a3:ab:76 (capab=0x411 status=0 aid=3)
juil. 04 20:17:12 nixos kernel: wlp2s0: associated
juil. 04 20:17:12 nixos kernel: IPv6: ADDRCONF(NETDEV_CHANGE): wlp2s0: link becomes ready
juil. 04 20:17:12 nixos wpa_supplicant[910]: wlp2s0: Associated with 2c:b4:b2:a3:ab:76
juil. 04 20:17:12 nixos wpa_supplicant[910]: wlp2s0: CTRL-EVENT-CONNECTED - Connection to 2c:b4:b2:a3:ab:76 completed [id=0 id_str=]
juil. 04 20:17:12 nixos wpa_supplicant[910]: bgscan simple: Failed to enable signal strength monitoring
juil. 04 20:17:12 nixos wpa_supplicant[910]: wlp2s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
juil. 04 20:17:12 nixos systemd[1]: Stopped target Host and Network Name Lookups.
juil. 04 20:17:12 nixos systemd[1]: Stopping Host and Network Name Lookups...
juil. 04 20:17:12 nixos systemd[1]: Stopped target User and Group Name Lookups.
juil. 04 20:17:12 nixos systemd[1]: Stopping User and Group Name Lookups...
juil. 04 20:17:12 nixos systemd[1]: Stopping Name Service Cache Daemon (nsncd)...
juil. 04 20:17:12 nixos systemd[1]: nscd.service: Deactivated successfully.
juil. 04 20:17:12 nixos systemd[1]: Stopped Name Service Cache Daemon (nsncd).
juil. 04 20:17:12 nixos systemd[1]: nscd.service: Consumed 39ms CPU time, received 0B IP traffic, sent 5.6K IP traffic.
juil. 04 20:17:12 nixos systemd[1]: Starting Name Service Cache Daemon (nsncd)...
juil. 04 20:17:12 nixos nsncd[2734]: Jul 04 20:17:12.455 INFO started, handoff_timeout: 3s, worker_count: 8, path: "/var/run/nscd/socket"
juil. 04 20:17:12 nixos systemd[1]: Started Name Service Cache Daemon (nsncd).
juil. 04 20:17:12 nixos systemd[1]: Reached target Host and Network Name Lookups.
juil. 04 20:17:12 nixos systemd[1]: Reached target User and Group Name Lookups.
juil. 04 20:17:19 nixos plasmashell[1146]: file:///nix/store/4xazk3b6hhg00aml7w0mb253fznyf95f-plasma-framework-5.106.0-bin/lib/qt-5.15.9/qml/org/kde/plasma/extras/PlaceholderMessage.qml:238:5: QML Heading: Binding loop detected for property "verticalAlignment"
juil. 04 20:17:31 nixos plasmashell[1146]: file:///nix/store/4xazk3b6hhg00aml7w0mb253fznyf95f-plasma-framework-5.106.0-bin/lib/qt-5.15.9/qml/org/kde/plasma/extras/PlaceholderMessage.qml:238:5: QML Heading: Binding loop detected for property "verticalAlignment"
juil. 04 20:17:57 nixos kernel: wlp2s0: deauthenticating from 2c:b4:b2:a3:ab:76 by local choice (Reason: 3=DEAUTH_LEAVING)
juil. 04 20:17:57 nixos wpa_supplicant[910]: wlp2s0: CTRL-EVENT-DISCONNECTED bssid=2c:b4:b2:a3:ab:76 reason=3 locally_generated=1
juil. 04 20:17:57 nixos plasmashell[1146]: Could not find the Plasmoid for Plasma::FrameSvgItem(0x150d3f0) QQmlContext(0x221c070) QUrl("file:///nix/store/vwbf3kwaxkbzf0symrmazfvz9yxjz3ca-plasma-workspace-5.27.6/share/plasma/plasmoids/org.kde.plasma.notifications/contents/ui/global/Globals.qml")
juil. 04 20:17:57 nixos plasmashell[1146]: Could not find the Plasmoid for Plasma::FrameSvgItem(0x150d3f0) QQmlContext(0x221c070) QUrl("file:///nix/store/vwbf3kwaxkbzf0symrmazfvz9yxjz3ca-plasma-workspace-5.27.6/share/plasma/plasmoids/org.kde.plasma.notifications/contents/ui/global/Globals.qml")
juil. 04 20:17:57 nixos plasmashell[1146]: Could not find the Plasmoid for Plasma::FrameSvgItem(0x2bda960) QQmlContext(0x221c070) QUrl("file:///nix/store/vwbf3kwaxkbzf0symrmazfvz9yxjz3ca-plasma-workspace-5.27.6/share/plasma/plasmoids/org.kde.plasma.notifications/contents/ui/global/Globals.qml")
juil. 04 20:17:57 nixos plasmashell[1146]: Could not find the Plasmoid for Plasma::FrameSvgItem(0x2bda960) QQmlContext(0x221c070) QUrl("file:///nix/store/vwbf3kwaxkbzf0symrmazfvz9yxjz3ca-plasma-workspace-5.27.6/share/plasma/plasmoids/org.kde.plasma.notifications/contents/ui/global/Globals.qml")
juil. 04 20:17:58 nixos NetworkManager[836]: <warn>  [1688494678.2058] device (wlp2s0): Activation: failed for connection 'freebox_WIEVZP'
juil. 04 20:17:58 nixos systemd[1]: Stopped target Host and Network Name Lookups.
juil. 04 20:17:58 nixos systemd[1]: Stopping Host and Network Name Lookups...
juil. 04 20:17:58 nixos systemd[1]: Stopped target User and Group Name Lookups.
juil. 04 20:17:58 nixos systemd[1]: Stopping User and Group Name Lookups...
juil. 04 20:17:58 nixos systemd[1]: Stopping Name Service Cache Daemon (nsncd)...
juil. 04 20:17:58 nixos systemd[1]: nscd.service: Deactivated successfully.
juil. 04 20:17:58 nixos systemd[1]: Stopped Name Service Cache Daemon (nsncd).
juil. 04 20:17:58 nixos systemd[1]: Starting Name Service Cache Daemon (nsncd)...
juil. 04 20:17:58 nixos nsncd[2797]: Jul 04 20:17:58.265 INFO started, handoff_timeout: 3s, worker_count: 8, path: "/var/run/nscd/socket"
juil. 04 20:17:58 nixos systemd[1]: Started Name Service Cache Daemon (nsncd).
juil. 04 20:17:58 nixos systemd[1]: Reached target Host and Network Name Lookups.
juil. 04 20:17:58 nixos systemd[1]: Reached target User and Group Name Lookups.
rnhmjoj commented 1 year ago

If your network does not support WPA2, I suggest you just turn authentication off, because WEP provides virtually no additional security. WEP could be cracked in less than a minute back in 2005, so it's probably instanteneous on modern hardware.

Rayzeq commented 1 year ago

The issue is that I can't change the settings, so I guess I'll have to ask the network owner to use a newer encryption system.