Package: wpasupplicant Version: 2:2.10-15 Severity: normal Tags: patch upstream
Dear Maintainer, I'm using Freedombox as main router and wireless access point. Freedombox uses NetworkManager to setup wireless AP. NetworkManager sets mixed-security WPA2+WPA3 SAE. ``` WLAN.nmconnection ... [wifi-security] key-mgmt=wpa-psk pairwise=ccmp group=ccmp wps-method=1 pmf=2 proto=rsn ... ``` In this case MFP (management frame protection) is optional and NetworkManager sets it by default using pmf in wpa_supplicant, but it doesn't set ieee80211w to the corresponding value for particular network and default value is set. As a result AP is up, but it doesn't broadcast that MFP is supported (MFP-capable in capabilities field). Some wireless clients (probably Broadcom based) don't report such network in scan results at all in this case, probably considering this network as broken (WPA3 SAE reported, but AP isn't MFP-capable). This problem is fixed upstream already by commit "Override ieee80211w from pmf for AP mode in wpa_supplicant" (5f3cdc06489ff1ec16d75c3ff41f5ac7c2f62c7c) [1] I've built Debian package with that patch and it solves the problem. 1. https://www.w1.fi/cgit/hostap/commit/?id=5f3cdc06489ff1ec16d75c3ff41f5ac7c2f62c7c *** End of the template - remove these template lines *** -- System Information: Debian Release: trixie/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 6.5.0-3-amd64 (SMP w/8 CPU threads; PREEMPT) Kernel taint flags: TAINT_WARN Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages wpasupplicant depends on: ii adduser 3.137 ii libc6 2.37-12 ii libdbus-1-3 1.14.10-3 ii libnl-3-200 3.7.0-0.2+b1 ii libnl-genl-3-200 3.7.0-0.2+b1 ii libnl-route-3-200 3.7.0-0.2+b1 ii libpcsclite1 2.0.0-1 ii libreadline8 8.2-3 ii libssl3 3.0.11-1 wpasupplicant recommends no packages. Versions of packages wpasupplicant suggests: pn libengine-pkcs11-openssl <none> ii wpagui 2:2.10-15 -- no debconf information