Re: iwlwifi / rtw88 / rtw89 hw crypto request for test (precon for HT/VHT)

Reply: Kevin Oberman : "Re: iwlwifi / rtw88 / rtw89 hw crypto request for test (precon for HT/VHT)"
In reply to: Kevin Oberman : "Re: iwlwifi / rtw88 / rtw89 hw crypto request for test (precon for HT/VHT)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Bjoern A. Zeeb <bz_at_freebsd.org>
Date: Mon, 03 Mar 2025 11:14:41 UTC

On Sun, 2 Mar 2025, Kevin Oberman wrote:

> On Sun, Mar 2, 2025 at 4:56 PM Bjoern A. Zeeb <bz@freebsd.org> wrote:
>
>> On Sun, 2 Mar 2025, Kevin Oberman wrote:
>>
>> Hi Kevin,
>>
>>> I was excited to see that it looked like 802.11n was on the way! Tried
>>> step one, enabling 802.11 crypto, and had no luck at all. I know my AX211
>>> supports CCMP, but attempting to boot gets:
>>> wlan0: link state changed to UP
>>> iwlwifi0: _lkpi_iv_key_set: CIPHER SUITE 0xfac02 (TKIP) not supported
>>> wlan0: link state changed to DOWN
>>>
>>> Why don't I see any attempt to do CCMP? Am I looking at an issue with the
>>> Arris WiFi provided by my carrier (Frontier)? I can't find any reference
>> to
>>> encryption in the DHCP configuration. Mine is very basic PSK:
>>> network={
>>>  ssid="My BSS"
>>>  psk="My key"
>>>  priority=5
>>> }
>>
>> Do you have access to the AP?  I am not sure from what you say.
>> If you do: do you still need TKIP or can you turn it off?
>>
>> For more see the posting from a few days ago how to configure
>> wpa_supplicant.conf:
>>
>> https://lists.freebsd.org/archives/freebsd-wireless/2025-February/002912.html
>>
>> Let me know if that helps!
>>
>> Lots of joy,
>> Bjoern
>>
>> I had assumed that the default of "CCMP TKIP" was adequate. Maybe it is,
> since the error I get now points elsewhere... at me. (Maybe)

Even if it was, you don't want TKIP anymore.


> With the config updated, it still fails to start the network, but, with no
> option other than CCMP available, the supplicant dies with
> "/etc/rc.d/wpa_supplicant:
> WARNING: failed to start wpa_supplicant".  I see no indication that
> anything special is required to allow the supplicant to use CCMP or
> anything needed in the configuration other than the pairwise/group.

Did it log anything as to why it did not want to start?
I think by default it goes to /var/log/daemon.log


>  I do
> have access to the AP. The box supports 11ac, though I see no reference to
> any crypto protocol in the specifications.

That is sad.  No option for WPA-PSK vs. WPA2-PSK or similar setting
behind which a change of this could hide?


If all strings fail, would you be able to test a patch?

Bjoern

-- 
Bjoern A. Zeeb                                                     r15:7