Results 1 to 10 of 10

Thread: wpa3 not proposed in Networkmanager

  1. #1

    Default wpa3 not proposed in Networkmanager

    Hello
    So i wanted to look at wpa3.
    Added and configured wpa3 to my access point, and zypper dup on tumbleweed to have NetworkManager 1.18.4 (supposedly proposing wpa3)
    My network card is Intel 7260, only certified wap2, but certification dates from before wpa3 was born, and wpa3 "should" be a question of software. So i hoped being in range of wpa3. But when i go to networkmanager, wi-fi security, i do not see wpa3 proposed in the dropdown list. For the fun and to avoid the eternal KDE/Gnome discussion, i also looked in nmtui-edit, and still no wpa3. I am sure it is there somewhere. What did i miss?

    rpm -qa |grep NetworkManager
    NetworkManager-pptp-lang-1.2.8-1.5.noarch
    NetworkManager-openvpn-1.8.10-1.4.x86_64
    NetworkManager-openvpn-lang-1.8.10-1.4.noarch
    libKF5NetworkManagerQt6-5.64.0-1.1.x86_64
    NetworkManager-1.18.4-2.1.x86_64
    NetworkManager-branding-openSUSE-42.1-4.16.noarch
    NetworkManager-openconnect-lang-1.2.6-1.1.noarch
    NetworkManager-openconnect-1.2.6-1.1.x86_64
    NetworkManager-pptp-1.2.8-1.5.x86_64
    NetworkManager-lang-1.18.4-2.1.noarch

  2. #2
    Join Date
    Sep 2012
    Posts
    5,230

    Default Re: wpa3 not proposed in Networkmanager

    Quote Originally Posted by Thnielsen View Post
    NetworkManager 1.18.4 (supposedly proposing wpa3)
    What exactly you mean with "proposing"? NetworkManager supports WPA3 authentication since 1.16 IIRC.
    i also looked in nmtui-edit, and still no wpa3
    WPA3 was added to TUI in 1.21 development version which means it will be available in 1.22. Native NM applet should support it since 1.8.24.

  3. #3

    Default Re: wpa3 not proposed in Networkmanager

    Possibly not possible with your hardware: https://www.intel.com/content/www/us...etworking.html .
    Try to use compatible WiFi adapter.

  4. #4

    Default Re: wpa3 not proposed in Networkmanager

    Thank you for your prompt replies. It is very simple.
    So i am on KDE so my instructions will reflect that, but it should not be important for the issue.
    I click on networkmanager in the system tray, then click on the the settings button in the upper right corner. Then i click on my wifi access point in the list on the left, then select the tab wi-fi Security. Then in the Security drop down box, i see WPA/WPA2; none; LEAP, WEP and some more, but WPA3 is not an option in the list (i need WPA2/WP3 mixed mode to not cut all my older WPA2 devices while i test WPA3).
    Regarding the supported adapters, it "should" not be a problem, since many WPA2 supported adapters will successfully run WPA3 (as i understand it), though not officially supported - and i would be curious to the mechanics on how NetworkManager chooses if i am on a supported adapter or not. I do not see anyone spending neurons on a supported adapters list, but rather lets people choose an option not supported by their adapter, at the risc of it not working.
    In my case i am on iwlwifi and there is no wpa info in the modinfo for that one.
    I took the opportunity to upgrade today but no change in the problem
    Code:
    zypper dup
    and now i have :
    Code:
    rpm -qa |grep NetworkManager
    NetworkManager-openconnect-1.2.6-1.2.x86_64
    libKF5NetworkManagerQt6-5.64.0-1.1.x86_64
    NetworkManager-branding-openSUSE-42.1-4.16.noarch
    NetworkManager-lang-1.18.4-2.2.noarch
    NetworkManager-openvpn-lang-1.8.10-1.5.noarch
    NetworkManager-openvpn-1.8.10-1.5.x86_64
    NetworkManager-pptp-lang-1.2.8-1.6.noarch
    NetworkManager-openconnect-lang-1.2.6-1.2.noarch
    NetworkManager-pptp-1.2.8-1.6.x86_64
    NetworkManager-1.18.4-2.2.x86_64

  5. #5
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,713
    Blog Entries
    1

    Default Re: wpa3 not proposed in Networkmanager

    Regarding the supported adapters, it "should" not be a problem, since many WPA2 supported adapters will successfully run WPA3 (as i understand it),
    I would have thought that the requisite driver support would also be required as well to support the wifi device with using WPA3?
    openSUSE Leap 15.1; KDE Plasma 5

  6. #6
    Join Date
    Jun 2008
    Location
    Auckland, NZ
    Posts
    20,713
    Blog Entries
    1

    Default Re: wpa3 not proposed in Networkmanager

    I also note that you have not mentioned wpa-supplicant, which would also need to support SAE authentication.
    openSUSE Leap 15.1; KDE Plasma 5

  7. #7

    Default Re: wpa3 not proposed in Networkmanager

    Good point about wpa_supplicant
    I have just
    zypper dup'ed today, so i am on a tumbleweed completely updated inclusing the network repo :

    Code:
    zypper lr
    Repository priorities are without effect. All enabled repositories share the same priority.
    
    # | Alias                               | Name                        | Enabled | GPG Check | Refresh
    --+-------------------------------------+-----------------------------+---------+-----------+--------
    1 | http-download.opensuse.org-22123e64 | network                     | Yes     | (r ) Yes  | Yes    
    2 | http-ftp.gwdg.de-189aabdb           | Packman Repository          | Yes     | (r ) Yes  | Yes    
    3 | http-opensuse-guide.org-e0cb3c9f    | libdvdcss repository        | Yes     | (r ) Yes  | Yes    
    4 | repo-non-oss                        | openSUSE-Tumbleweed-Non-Oss | Yes     | (r ) Yes  | Yes    
    5 | repo-oss                            | openSUSE-Tumbleweed-Oss     | Yes     | (r ) Yes  | Yes    
    6 | repo-update                         | openSUSE-Tumbleweed-Update  | Yes     | (r ) Yes  | Yes
    here about wpa_supplicant :
    Code:
     rpm -qi wpa_supplicant
    Name        : wpa_supplicant
    Version     : 2.9
    Release     : 1.1
    Architecture: x86_64
    Install Date: Sun Nov 17 11:13:44 2019
    Group       : Unspecified
    Size        : 4907621
    License     : BSD-3-Clause AND GPL-2.0-or-later
    Signature   : RSA/SHA256, Mon Nov 11 14:45:43 2019, Key ID b88b2fd43dbdc284
    Source RPM  : wpa_supplicant-2.9-1.1.src.rpm
    Build Date  : Mon Nov 11 14:45:15 2019
    Build Host  : lamb11
    Relocations : (not relocatable)
    Packager    : https://bugs.opensuse.org
    Vendor      : openSUSE
    URL         : https://w1.fi/wpa_supplicant
    Summary     : WPA supplicant implementation
    Description :
    I have again tried to delete my access point and reconnect to it as new, but also on wpa3 to be found in the security drop down list.

    And i notice this all up on top in the changelog of wpa_supplicant :
    Code:
    rpm  -q wpa_supplicant-2.9-1.1 --changelog |less
    * Mon Nov 04 2019 Tomáš Chvátal <tchvatal@suse.com>
    - Update to 2.9 release:
      * SAE changes
      - disable use of groups using Brainpool curves
      - improved protection against side channel attacks
        [https://w1.fi/security/2019-6/]
      * EAP-pwd changes
      - disable use of groups using Brainpool curves
      - allow the set of groups to be configured (eap_pwd_groups)
      - improved protection against side channel attacks
        [https://w1.fi/security/2019-6/]
      * fixed FT-EAP initial mobility domain association using PMKSA caching
        (disabled by default for backwards compatibility; can be enabled
        with ft_eap_pmksa_caching=1)
      * fixed a regression in OpenSSL 1.1+ engine loading
      * added validation of RSNE in (Re)Association Response frames
      * fixed DPP bootstrapping URI parser of channel list
      * extended EAP-SIM/AKA fast re-authentication to allow use with FILS
      * extended ca_cert_blob to support PEM format
      * improved robustness of P2P Action frame scheduling
      * added support for EAP-SIM/AKA using anonymous@realm identity
      * fixed Hotspot 2.0 credential selection based on roaming consortium
        to ignore credentials without a specific EAP method
      * added experimental support for EAP-TEAP peer (RFC 7170)
      * added experimental support for EAP-TLS peer with TLS v1.3
      * fixed a regression in WMM parameter configuration for a TDLS peer
      * fixed a regression in operation with drivers that offload 802.1X
        4-way handshake
      * fixed an ECDH operation corner case with OpenSSL
      * SAE changes
      - added support for SAE Password Identifier
      - changed default configuration to enable only groups 19, 20, 21
    ......

  8. #8

    Default Re: wpa3 not proposed in Networkmanager

    2nd update this evening. I tried to create a new Access point allowing only WPA3, and when i see it in the list of access points, when clicking on networkmanager in the systemtray, Just below the access point name, is mentioned the encryption, and for my WPA3 access point it is marked WEP, and if i scan i only see WPA2 as below with no authentication suite (should be PSK or something)

    Code:
    iwlist wlp3s0 scanning |less
    ......
    Channel:36
                        Frequency:5.18 GHz (Channel 36)
                        Quality=59/70  Signal level=-51 dBm  
                        Encryption key:on
                        ESSID:"MyAPWPA3"
                        Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s
                                  36 Mb/s; 48 Mb/s; 54 Mb/s
                        Mode:Master
                        Extra:tsf=00000000002ea0e3
                        Extra: Last beacon: 26436ms ago
                        IE: Unknown: 00084D79415057504133
                        IE: Unknown: 01088C129824B048606C
                        IE: Unknown: 030124
                        IE: Unknown: 070A303020240814640B1400
                        IE: IEEE 802.11i/WPA2 Version 1
                            Group Cipher : CCMP
                            Pairwise Ciphers (1) : CCMP
                            Authentication Suites (1) : unknown (8)
                        IE: Unknown: 0B050000000000
                        IE: Unknown: 3B028000
                        IE: Unknown: 2D1AEF0117FFFF000000000000000000000100000000000000000000
                        IE: Unknown: 3D1624050400000000000000000000000000000000000000
                        IE: Unknown: 7F080400000200000140
                        IE: Unknown: BF0CB0018031FAFF0000FAFF0000
                        IE: Unknown: C005012A00FCFF
                        IE: Unknown: C30402282828
                        IE: Unknown: DD180050F2020101000003A4000027A4000042435E0062322F00
    .....

  9. #9

    Default Re: wpa3 not proposed in Networkmanager

    Do we need NetworkManager 1.20 for this?

    HTML Code:
    https://www.mail-archive.com/ftp-release-list@gnome.org/msg29374.html
    News
    ====

    Overview of changes since NetworkManager-1.20.4
    ===============================================This is a new stable release of NetworkManager. Notable changes include:

    * Fix crash related to Wi-Fi-P2P.
    * Support rd.znet option in initrd generator to support s390.
    * Fix not creating default-wired-connection when a suitable profile exists
    which is not tied to the device by interface-name.
    * tui: support WPA3-Personal (SAE).
    * Fixes for OLPC Mesh Wi-Fi.
    * Various bug fixes. Notably, fix unit test and build issues.

  10. #10

    Default Re: wpa3 not proposed in Networkmanager

    So i dug up a repo with NetworkManager 1.20, and installed with dependencies, and then indeed using nmtui-edit, i now found wpa3 in the security menu, and could configure using wpa3 to connect to my access point - however still could not connect to it using wpa3. I think i need to wait a while for some packages to mature. If anyone mastering the release of the needed packages would like me to test something. Please let me know. For now i will rest my case :-)
    From a philosophic point of view, it is somewhat a shame, there is not a lot more stress to make the wpa3 framework functional, since wpa2 has now proven very fragile:
    (i tried to remove the formatting from the below title to not make it stand out, but did not succeed in reasonable time ;-)
    Breaking WPA2 by forcing nonce reuse


    HTML Code:
    https://www.krackattacks.com/

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •