Bug 2057352
| Summary: | Hotstop with WPA2+AES (ccmp) not working with ipad as client (ios 15.3.1) | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Toon Verstraelen <toon.verstraelen> |
| Component: | wpa_supplicant | Assignee: | Lubomir Rintel <lkundrak> |
| Status: | CLOSED EOL | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 36 | CC: | bgalvani, blueowl, covex, dcaratti, dcbw, lkundrak, lordmethenor, mangoo, tadej.j |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-05-25 17:40:29 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
More additional info: I did try resetting the network settings on the iPad, and I have also performed a reset to factory settings on the iPad. Neither of these had any effect. I have similar issue with wpa_supplicant, but on Android phone. After upgrade to latest wpa_supplicant, the phone reports some hard to understand message "WPA3 SAE mode, stored" but refuses to connect. For me the solution now is to dnf downgrade wpa_supplicant Downgrade wpa_supplicant-1:2.9-12.fc34.x86_64 @fedora Downgraded wpa_supplicant-1:2.10-2.fc34.x86_64 @@System my hotspot is only setup to use WPA2 Personal, thus this is really weired why the phone suddely started to complain about WPA3. iwlist wlp0s20f0u3 auth wlp0s20f0u3 Authentication capabilities : WPA WPA2 CIPHER-TKIP CIPHER-CCMP I see more such bugs here now related to 2.10 update... Adam: Thanks for the suggestion to try wpa_supplicant-2.9. (I tested with wpa_supplicant-2.9-13.fc35.x86_64 specifically, because this was easily installed.) After downgrading to 2.9, I could no longer reproduce the issue. With 2.9, the CCMP cipher can be used without problems. I'd guess the error message on your android phone may not be very accurate. On my tablet, I had no sensible error message either. I can confirm that an iPad is not able to connect to a system running wpa_supplicant-2.10; it is able to connect when downgraded to wpa_supplicant-2.9. Android devices and Linux laptops have no issues connecting to both 2.9 and 2.10. Also Google Pixel 7 devices are not able to connect to hotspots running wpa_supplicant-2.10. This message is a reminder that Fedora Linux 35 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora Linux 35 on 2022-12-13. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of '35'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, change the 'version' to a later Fedora Linux version. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora Linux 35 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora Linux, you are encouraged to change the 'version' to a later version prior to this bug being closed. Still valid for F36, luckily there is an older build of wpa_supplicant in the copr. I encountered the same issue on my Fedora 37 machine. To get the Hotspot working, I had to disable Protected Management Frames: nmcli connection down Hotspot nmcli connection modify Hotspot 802-11-wireless-security.pmf 1 nmcli connection up Hotspot After running that, the Hotspot started working again. Versions: wpa_supplicant-2.10-5.fc37.x86_64 NetworkManager-1.40.10-1.fc37.x86_64 Here are some upstream issue reports that appear related: - https://bugs.launchpad.net/ubuntu/+source/wpa/+bug/1972790 - https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/issues/841 This message is a reminder that Fedora Linux 36 is nearing its end of life. Fedora will stop maintaining and issuing updates for Fedora Linux 36 on 2023-05-16. It is Fedora's policy to close all bug reports from releases that are no longer maintained. At that time this bug will be closed as EOL if it remains open with a 'version' of '36'. Package Maintainer: If you wish for this bug to remain open because you plan to fix it in a currently maintained version, change the 'version' to a later Fedora Linux version. Note that the version field may be hidden. Click the "Show advanced fields" button if you do not see it. Thank you for reporting this issue and we are sorry that we were not able to fix it before Fedora Linux 36 is end of life. If you would still like to see this bug fixed and are able to reproduce it against a later version of Fedora Linux, you are encouraged to change the 'version' to a later version prior to this bug being closed. Fedora Linux 36 entered end-of-life (EOL) status on 2023-05-16. Fedora Linux 36 is no longer maintained, which means that it will not receive any further security or bug fix updates. As a result we are closing this bug. If you can reproduce this bug against a currently maintained version of Fedora Linux please feel free to reopen this bug against that version. Note that the version field may be hidden. Click the "Show advanced fields" button if you do not see the version field. If you are unable to reopen this bug, please file a new report against an active release. Thank you for reporting this bug and we are sorry it could not be fixed. I am on Fedora 39. This still occurs on my ipad. Please reopen |
Description of problem: When I enable a Wi-Fi hotspot on my Linux laptop (Fedora 35), my ipad cannot connect to it, while my android phone is just doing this without any problems. I was intuitively going to blame the ipad for this (which may still be the right judgement). However, I have just checked whether I could reproduce the same issue with Fedora 34 (booted from a USB live image) and with that setup. On Fedora 34, this issue cannot be reproduced. That said, I cannot easily rule out that this may also be related to an iOS update. There is no simple way to downgrade it back to iOS 14. More technical details can be found below. Version-Release number of selected component (if applicable): wpa_supplicant-2.10-2.fc35.x86_64 NetworkManager-1.32.12-2.fc35.x86_64 How reproducible: Systematic, 100% reproducible. Steps to Reproduce: 1. Activate the hotspot in the Settings application, with a password. 2. Connect to the network from the iPad, using the same passward. Alternatively, one may also define a hotspot through nmcli and activate it as follows ```bash # Define the hotspot nmcli con add type wifi ifname wlan0 con-name HSPLOCAL autoconnect yes ssid HSPLOCAL nmcli con modify HSPLOCAL 802-11-wireless.mode ap 802-11-wireless.band bg ipv4.method shared nmcli con modify HSPLOCAL wifi-sec.key-mgmt wpa-psk nmcli con modify HSPLOCAL wifi-sec.psk "goodpasswordhere" nmcli con modify HSPLOCAL ifname "yourwifidevice" # Enforce WPA2 nmcli con modify HSPLOCAL 802-11-wireless.proto rsn nmcli con modify HSPLOCAL 802-11-wireless-security.proto rsn # Enfore AES encryption nmcli con modify HSPLOCAL 802-11-wireless-security.pairwise ccmp nmcli con modify HSPLOCAL 802-11-wireless-security.group ccmp # Active the hotspot nmcli con up HSPLOCAL ``` Actual results: When trying to connect to the Wi-Fi hotspot from my iPad, I get the following error message: Unable to join the network "{name of the ESSID}". Expected results: The iPad should connect to the hotspot without showing this error message. Additional info: Mind that the steps to reproduce the issue, result in a faulty internal state of wifid on the iPad, making it impossible to connect to any access point. To fix this, turn off the hotspot and reboot the tablet. After that, it will just connect fine to APs that used to work before. I also found the following workaround. When manually setting up the hotspot through nmcli, one may configure it to use TKIP instead of AES/CCMP as follows: ```bash nmcli con modify HSPLOCAL 802-11-wireless-security.pairwise tkip nmcli con modify HSPLOCAL 802-11-wireless-security.group tkip ``` With these settings, the iPad can connect without problems, but the downside of this workaround is obviously the weakened security of the Wi-Fi connection.