Description of problem: Installing the latest version of WPA supplicant left the computer unable to connect to the internet. Version-Release number of selected component (if applicable): wpa_supplicant-2.6-15.fc28.x86_64 How reproducible: 5/5 attempts yielded the same result. Steps to Reproduce: 1.Install version 2.6-15.fc28.x86_64 2.Reboot 3.Login Actual results: After some minutes the connection is refused. The surrounding windows computer reliably looses the connection while attempting to connect. Expected results: Normal automatic connection to WPA2 secured router. Additional info: I came to this conclusion by repeated attempts to connect to the internet, then failing that by downloading an older version (14) on a Windows computer, installing, and rebooting. Everything worked fine after downgrading wpa_supplicant. Booting up with different kernel version from the boot up menu didn't change anything.
(In reply to Justin Hale from comment #0) > Description of problem: > Installing the latest version of WPA supplicant left the computer unable to > connect to the internet. > > Version-Release number of selected component (if applicable): > wpa_supplicant-2.6-15.fc28.x86_64 > > How reproducible: > 5/5 attempts yielded the same result. > > Steps to Reproduce: > 1.Install version 2.6-15.fc28.x86_64 > 2.Reboot > 3.Login > > Actual results: > After some minutes the connection is refused. > The surrounding windows computer reliably looses the connection while > attempting to connect. so apparently the AP is applying countermeasures (or, even worse, crashing) as an effect of seeing the new wpa_supplicant capable of doing MFP. > Expected results: > Normal automatic connection to WPA2 secured router. > > Additional info: > I came to this conclusion by repeated attempts to connect to the internet, > then failing that by downloading an older version (14) on a Windows > computer, installing, and rebooting. Everything worked fine after > downgrading wpa_supplicant. > Booting up with different kernel version from the boot up menu didn't change > anything. thank you for the test. Can you please read the following configuration value? $ nmcli connection show <your wifi connection> | grep pmf and also retry wpa_supplicant-2.6.15 after setting it to 1 ? $ nmcli connection edit <your wifi connection> nmcli> set 802-11-wireless-security.pmf 1 nmcli> save nmcli> activate thank you in advance!
Under version 2.6.14: nmcli connection show TC8715D3C | grep pmf 802-11-wireless-security.pmf: 0 (default) I'll try 2.6.15 in a few minutes.
I did as suggested. Now I have restarted the router, and reinstalled version 14. Editing existing '802-11-wireless' connection: 'TC8715D3C' Type 'help' or '?' for available commands. Type 'describe [<setting>.<prop>]' for detailed property description. You may edit the following settings: connection, 802-11-wireless (wifi), 802-11-wireless-security (wifi-s ec), 802-1x, ipv4, ipv6, tc, proxy nmcli> set 802-11-wireless-security.pmf Allowed values for 'pmf' property: default, disable, optional, required Enter 'pmf' value: 1 nmcli> save Connection 'TC8715D3C' (8da91bfc-da9d-4053-bf9f-18f8b85529b4) successfully updated. nmcli> activate Monitoring connection activation (press any key to continue) \ co Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/9) The wireless connection was connected according to nmcli, but the GUI gave me a question mark where the dot and rays icon should be, and the process was so disruptive that I had to restart the router. I'll try again, but this time I'll disable the wireless connection before I restart.
That fixed it! As long as I follow the instructions and pay careful attention to leave the network connection off until the last step to activate using nmcli, which is right after the step to save, then the internet is restored.
(In reply to Justin Hale from comment #4) > That fixed it! > > As long as I follow the instructions and pay careful attention to leave the > network connection off until the last step to activate using nmcli, which is > right after the step to save, then the internet is restored. (sorry) I forgot to mention this earlier, we need to restart wpa_supplicant.service after we upgrade the rpm, before doing the test: # systemctl restart wpa_suppllicant.service otherwise the test result is unreliable. Can you confirm that upgrading to wpa_supplicant-2.6.15 and setting PMF to 1 works around the 'missing connectiivity' problem in your setup? thanks! -- davide
> (sorry) I forgot to mention this earlier, we need to restart > wpa_supplicant.service after we upgrade the rpm, before doing the test: [root@localhost jhale]# systemctl restart wpa_suppllicant.service Failed to restart wpa_suppllicant.service: Unit wpa_suppllicant.service not found. After upgrading to wpa_supplicant-2.6.15, I disabled WiFi, restarted, then set PMF to 1 - all of this using nmcli. I saved then I turned on WiFi (using the GUI). Finally, I activated using nmcli. That is working now, where previously nothing worked for 2.6.15. How can I make the test more reliable given that the service is not available by that name on my box?
Correction, I disabled WiFi using the GUI.
(In reply to Justin Hale from comment #6) > > (sorry) I forgot to mention this earlier, we need to restart > > wpa_supplicant.service after we upgrade the rpm, before doing the test: > > [root@localhost jhale]# systemctl restart wpa_suppllicant.service > Failed to restart wpa_suppllicant.service: Unit wpa_suppllicant.service not > found. > ouch. I put an extra 'l'. You have this service for sure on Fedora, so try # systemctl restart wpa_supplicant.service > After upgrading to wpa_supplicant-2.6.15, I disabled WiFi, restarted, then > set PMF to 1 - all of this using nmcli. I saved then I turned on WiFi (using > the GUI). Finally, I activated using nmcli. That is working now, where > previously nothing worked for 2.6.15. > > How can I make the test more reliable given that the service is not > available by that name on my box? I would say, if the 2.6-15 rpm is installed on your system, simply restart it two or three times and ensure that the connectivity is up: # systemctl restart wpa_supplicant.service Then, if we are sure that the workaround is functional in your setup, it might be a good info to know what is the access point model (and ideally the firmware version running on the AP). I'm not sure I will be able to reproduce the problem , specially if the bug is in the AP (that's why I suspect at the moment). thank you very much for collaborating! regards, -- davide
Restarting wpa_supplicant.service three times had no effect on connectivity. I'll work on getting the WiFi router model and firmware version later, hopefully today. Thank you for your help.
technicolor model: TC8715D Rating: 120 V AC, 60Hz, 1.2 A FCC ID: RSE-TC8717T There are 2 SSIDs from this one device. I consistently use the 2.4 GHz SSID. The encryption is WPA2-PSK(AES) There is a WPS PIN, which I have never used. The H/W Version is 1.1, which I take to be the firmware. DOCSIS Software Version: 01.EF.04.38.00 Software Image Name: TC8715D-01.EF.04.38.00-180405-S-FF9-D.img Advanced Services: 2.6.30-1.0.11mp1-g24a0ad5-dirty https://www.timewarnercable.com/content/dam/residential/pdfs/support/internet/ModemUserGuides/technicolor-tc8715d-userguide.pdf
(In reply to Justin Hale from comment #10) > technicolor > > model: TC8715D > Rating: 120 V AC, 60Hz, 1.2 A > FCC ID: RSE-TC8717T > > There are 2 SSIDs from this one device. I consistently use the 2.4 GHz SSID. > > The encryption is WPA2-PSK(AES) Looking at the manual, this model does not seem to support configuration of PMF at all; moreover, the GUI does not expose any system log; finally, we have no way to inspect the AP implementation, as sources for the software running on the TC8715D seem to be not available at all. Because of that, I am for closing this bugzilla as INSUFFICIENT_DATA. Disabling PMF functionality for the connection named 'TC8715D' looks a viable workaround. You might try re-enabling it in the future, after a firmware upgrade on the router, in case you want to protect against wifi DEAUTH attacks. thank you for reporting! regards, -- davide
*** Bug 1599036 has been marked as a duplicate of this bug. ***
I ran into this today while at my parent's house, where they have the Technicolor TC8715D wireless router. On my Fedora 28 host, I disabled the PMF functionality as suggested: $ nmcli connection edit <your wifi connection> nmcli> set 802-11-wireless-security.pmf 1 nmcli> save nmcli> activate ...and was able to successfully connect to the AP again. Thanks for the successful workaround!