search

raspberrypi / linux

Kernel source tree for Raspberry Pi-provided kernel builds. Issues unrelated to the linux kernel should be posted on the community forum at https://forums.raspberrypi.com/
Other
11.02k stars 4.95k forks source link

NetworkManager not properly configuring wifi-sec.key-mgmt wpa-psk #6265

Open papakpmartin opened 2 months ago

papakpmartin commented 2 months ago

Describe the bug

Prior to Bookworm, I enabled the Pi to act as a Wi-Fi Access Point (in part) via:

# /etc/hostapd/hostapd.conf

country_code=US
interface=wlan0
ssid=my-network
hw_mode=g
channel=2
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=my-password
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

This permitted ESP32-based devices to connect easily.

In Bookworm, I'm trying to basically replicate this via:

nmcli con delete my-network-AP
nmcli con add type wifi ifname wlan0 mode ap con-name my-network-AP ssid my-network autoconnect false
nmcli con modify my-network-AP wifi.band bg
nmcli con modify my-network-AP wifi.channel 2
nmcli con modify my-network-AP wifi-sec.key-mgmt wpa-psk
nmcli con modify my-network-AP wifi-sec.psk "my-password"
nmcli con modify my-network-AP ipv4.method shared ipv4.address 192.168.100.1/24
nmcli con modify my-network-AP ipv6.method disabled
nmcli con mod my-network-AP connection.autoconnect yes
nmcli con up my-network-AP

This isn't working. I can connect to my-network from a laptop, but the ESP32-based devices won't.

At least, not unless I downgrade the minimum security that the ESP32 will accept from the default setting...

WIFI_AUTH_WPA2_PSK,         /**< authenticate mode : WPA2_PSK */

...which works fine on pre-Bookworm Pis, to...

WIFI_AUTH_WPA_PSK,          /**< authenticate mode : WPA_PSK */

...in which case it can successfully connect to a Bookworm Pi.

This appears to be exactly what's referred to here, that the access point is being detected as merely WEP and not WEP2. But the documentation for NetworkManager says that wpa-psk should be “WPA2 + WPA3 personal”.

Am I missing something in my attempted transition to Bookworm, or is this a bug in how wifi-sec.key-mgmt wpa-psk is currently working?

Steps to reproduce the behaviour

I think all steps are included in the bug description.

Device (s)

Raspberry Pi 4 Mod. B

System

Raspberry Pi reference 2024-07-04
Generated using pi-gen, https://github.com/RPi-Distro/pi-gen, 48efb5fc5485fafdc9de8ad481eb5c09e1182656, stage4
May 24 2024 15:30:04 
Copyright (c) 2012 Broadcom
version 4942b7633c0ff1af1ee95a51a33b56a9dae47529 (clean) (release) (start)
Linux flowpi 6.6.31+rpt-rpi-v8 #1 SMP PREEMPT Debian 1:6.6.31-1+rpt1 (2024-05-29) aarch64 GNU/Linux

Logs

No response

Additional context

No response

qrp73 commented 3 weeks ago

Here is a short manual on how to configure access point with NetworkManager:

1) use this command to generate new uuid:

uuid=$(openssl rand -hex 16) && echo ${uuid:0:8}-${uuid:8:4}-${uuid:12:4}-${uuid:16:4}-${uuid:20:12}

2) sudo nano /etc/NetworkManager/system-connections/TEST-AP.nmconnection

[connection]
id=TEST-AP
uuid=<fill generated uuid here>
type=wifi
autoconnect=false
interface-name=wlan0

[wifi]
band=bg
channel=1
cloned-mac-address=<fill desired mac address, for example 00:11:22:33:44:55>
mode=ap
ssid=MY-AP

[wifi-security]
key-mgmt=wpa-psk
psk=<fill your password for AP here>

#uncomment for PSK/SHA-256 support
#proto=rsn
pairwise=ccmp
group=ccmp

[ipv4]
address1=192.168.1.1/24
method=shared

[ipv6]
addr-gen-mode=stable-privacy
method=disabled

[proxy]

3) chmod 600 /etc/NetworkManager/system-connections/TEST-AP.nmconnection

4) systemctl restart NetworkManager

5) To start it just run nmcli connection up TEST-AP

If you want automatic startup for your AP, change autoconnect=true

If wlan0 is not managed by NetworkManager, you can change it with sudo nmcli device set wlan0 managed yes.