Gl-inet router says 'Wrong Key' on wifi repeater join

Hi, GL-iNet, The Beryl (v3.211 & v3.212 firmware) says ‘Wrong Key’ when doing Internet Wifi Repeater scan join. This problem happens when the wifi password is long (such as 63 characters long).

Also, has the same problem with wifi passwords of 61 characters long, etc. Short wifi passwords do work. [Note that your tip to set to HT20 everywhere does not fix this.]

The v3.203 firmware works but can not be used here because it lacks functions that are only in the new versions.

Please test and fix your firmware (v3.212 or newer) to do Internet Wifi Repeater scan join to wifi (with long and/or complex wifi passwords). And, also test with spaces in the password. So that join does not fail with ‘wrong key’.

Note that this ‘wrong key’ problem may also exist on the firmware of your other models. Please provide solutions for this.

Please reply soon. Much appreciated. Best regards. Thanks.

2 Likes

Interesting…

the 63 chari limit assumes 7-bit ASCII…

with 8-bit (UTF8 or similar), this adds up to 55 characters roughly…

(everything eventually turns in to hex at the lowest level, but for input strings, if using UTF8, 55 is the limit)

Does your SSID or key has “$” inside?

no. there is no “$” character in ether.

both strings work with all other brands of network devices in use here.

and the wifi password is less than 64 characters in length.

[the wifi password was originally created by copy and paste of a 63 character string from a text editor in UTF8 mode into a GL-iNet web gui. the GL-iNet web gui accepted that password creation without showing any error message that it could be invalid syntax. how to try pasting the password in 7-bit ASCII?]

the GL-iNet scan join works with short passwords but not with long passwords.

questions: what are the industry wifi password syntax limits? what are the GL-iNet wifi password syntax limits? has GL-iNet tested for support of maximum wifi password length and all valid special characters and spaces that are allowed in wifi passwords?

please keep trying to solve this ‘Wrong Key’ error. please advise. thanks

My untutored understanding of the general spec is this. The specification is 256 bit length, which is where 64 hex digits comes from. The 63 character limit is just to distinguish hex from passphrase, because the passphrase is converted into a 64 hex digit string using PBKDF2. The characters just have to be printable characters.

Now, how a user interface handles the input and storing of a password is a different thing. We are all using special characters for security, but you can see that “$”, “”, “<”, “)” can complicate things because of how strings are handled. And length is a big deal security-wise.

My Asus routers don’t admit special characters as being allowed to begin with, although at least some of the special characters work.

212 beta was supposed to fix this “wrong key” error in some cases. In my case, I have one or more special characters that worked with 211 and don’t work with 212, and from the response from @alzhao I fully expect we’ll see a new beta with a more robust solution.

thanks to everyone for your helpful replies. i tried doing Internet Wifi Repeater scan join again with a password that is 61 characters long that is all alphabetic (it is entirely a to z with no special characters). that same ‘Wrong Key’ error happens. long passwords fail. short passwords work. GL-iNet please keep trying to solve this.

The long password problem should be fixed today (Mar 17). Pls try the snapshot GL.iNet download center

This problem should only happen for Beryl and Mango.

Still have a problem with wifi but it can connect to 63 long password with special characters now.

1 Like

yes, you fixed the bug. it works now. excellent. much appreciated. thanks!

you also wrote “Still have a problem with wifi”. Just wondering, what is that other problem?

Some problems that I still cannot confirm. I am not sure if it is the router or my pc. My pc cannot connect sometimes but other guys can.

Hey,
I’ve got the same problem (wrong key) with my GL-MT1300 in repeater-mode.
I can connect it to my mobile hotspot from my phone, but I only get “wrong key” with a FRITZ!Box-router. Both devices have the same WiFi-key (a short one, “BeliebigesPasswort” for the test).
I tried the stable-version, the beta and todays snapshot (3.212
from 2022-03-20), the problem is the same.
Logs after a reset and a “wrong key”-message are attached.
logs.zip (32.9 KB)

i got “wrong key” error in router mode (flint)
there is no actual key, its a captive portal login. (i use xfinitywifi)

I’m not even sure how i got it to start working, i just pulled up the captive portal login page from my history (it usually stays logged in by remembering the MAC address).

It kind of glitched out on the login, but it let me keep surfing around the xfinity website for a while, but it still wasn’t connected to the internet…

then… it just sort of magically started working after almost 20 minutes.

kind of a bizarre problem. its hard to tell what was at fault

Could you show me the wifi config?

cat /etc/config/wireless

Can you let me know the exact model of your Fritzbox?

Also pls send me the wifi ocnfiguration of Fritzbox.

There is a bug that when flashing the image the date of the router is reset to compile date of the FW¹ and trying to connect to WiFi with that too-far-off date/time gives “wrong key”.

Back in openwrt-mt1300-3.212-0301.bin (BETA1, from BETA-page, not snapshot page) the solution was to use SSH(! like PuTTY) and set the correct date and time².
You might want to try that.

This solution does not work for openwrt-mt1300-3.212-0321.bin though.

¹ this bug is in the firmwares at least since openwrt-mt1300-3.211-1227.bin - date of the router is always set to compile date of the FW.
² when pressing [Sync] in WebUI | MORE SETTINGS | Time Zone only the time is synced, but not the date

This seems strange and not sure how this can happen. The router will sync with time server so eventually time and date should be correct.

That’ll be a tough job w/o internet connection :wink:
This thread discusses not being able to connect to the WISP.

Here’s the /etc/config/wireless:

/etc/config/wireless

config wifi-device ‘mt7615e5’
option type ‘mtk’
option channel ‘auto’
option hwmode ‘11ac’
option htmode ‘VHT80’
option band ‘5G’
option txpower ‘20’
option noscan ‘1’
option region ‘10’
option cfg ‘/etc/wireless/mt7615_5g.dat’

config wifi-iface ‘wifi5g’
option device ‘mt7615e5’
option network ‘lan’
option mode ‘ap’
option ssid ‘GL-MT1300-122-5G’
option encryption ‘psk2’
option key ‘goodlife’
option disassoc_low_ack ‘0’
option ifname ‘ra0’
option wds ‘1’

config wifi-device ‘mt7615e2’
option type ‘mtk’
option band ‘2G’
option txpower ‘20’
option noscan ‘1’
option region ‘0’
option cfg ‘/etc/wireless/mt7615_2g.dat’
option hwmode ‘11ng’
option channel ‘11’
option htmode ‘HT20’

config wifi-iface ‘wifi2g’
option device ‘mt7615e2’
option network ‘lan’
option mode ‘ap’
option ssid ‘GL-MT1300-122’
option encryption ‘psk2’
option key ‘goodlife’
option wds ‘1’
option disassoc_low_ack ‘0’
option ifname ‘rax0’

config wifi-iface ‘guest5g’
option device ‘mt7615e5’
option network ‘guest’
option mode ‘ap’
option wds ‘1’
option ssid ‘GL-MT1300-122-Guest-5G’
option encryption ‘psk2’
option key ‘goodlife’
option ifname ‘ra1’
option disabled ‘1’
option guest ‘1’

config wifi-iface ‘guest2g’
option device ‘mt7615e2’
option network ‘guest’
option mode ‘ap’
option wds ‘1’
option ssid ‘GL-MT1300-122-Guest’
option encryption ‘psk2’
option key ‘goodlife’
option ifname ‘rax1’
option disabled ‘1’
option guest ‘1’

config wifi-iface ‘sta’
option network ‘wwan’
option mode ‘sta’
option ifname ‘apclix0’
option ssid ‘WLAN-W-Gast’
option channel ‘11’
option device ‘mt7615e2’
option encryption ‘psk2’
option key ‘BeliebigesPasswort’
option disabled ‘1’

I’m using a FRITZ!Box 7590 (without AX).
Here are the relevant config-parts of the debug-log from the 7590:

Debug-log
wpa_pairwise  CCMP'
0320-111600:CFG:ath1:CMD='SET rsn_pairwise  CCMP'
0320-111600:CFG:ath1:CMD='SET wps_state 2'
0320-111600:CFG:ath1:CMD='SET config_methods push_button '
0320-111600:CFG:ath1:CMD='SET device_type 6-0050F204-1'
0320-111600:CFG:ath1:CMD='SET manufacturer AVM'
0320-111600:CFG:ath1:CMD='SET model_name FBox'
0320-111600:CFG:ath1:CMD='SET model_number 0000'
0320-111600:CFG:ath1:CMD='SET serial_number 0000'
0320-111600:CFG:ath1:CMD='SET device_name FBox'
0320-111600:CFG:ath1:CMD='SET pbc_in_m1 1'
0320-111600:CFG:ath1:CMD='SET wps_rf_bands ag'
0320-111600:CFG:ath1:CMD='SET uuid c19d8665-2945-626a-b777-74427f37cc98'
0320-111600:CFG:guest5:CMD='STATUS'
0320-111600:CFG:guest5:CMD='ENABLE'
0320-111601:CFG:ath1:CMD='STATUS'
0320-111601:CFG:ath1:CMD='ENABLE'
0320-111607:CFG:global,cmd='ADD guest4 /var/run/hostapd atheros'
0320-111607:CFG:guest4:CMD='SET ssid WLAN-W-Gast'
0320-111607:CFG:guest4:CMD='SET wpa_group_rekey ***'
0320-111607:CFG:guest4:CMD='SET bridge guest'
0320-111607:CFG:guest4:CMD='SET eap_server 1'
0320-111607:CFG:guest4:CMD='SET wpa_passphrase ***'
0320-111607:CFG:guest4:CMD='SET wpa_key_mgmt WPA-PSK'
0320-111607:CFG:guest4:CMD='SET ieee80211w 1'
0320-111607:CFG:guest4:CMD='SET group_mgmt_cipher AES-128-CMAC'
0320-111607:CFG:guest4:CMD='SET wpa 2'
0320-111607:CFG:guest4:CMD='SET wpa_pairwise  CCMP'
0320-111607:CFG:guest4:CMD='SET rsn_pairwise  CCMP'
0320-111607:CFG:guest4:CMD='SET wps_state 2'
0320-111607:CFG:guest4:CMD='SET config_methods push_button '
0320-111607:CFG:guest4:CMD='SET device_type 6-0050F204-1'
0320-111607:CFG:guest4:CMD='SET manufacturer AVM'
0320-111607:CFG:guest4:CMD='SET model_name FBox'
0320-111607:CFG:guest4:CMD='SET model_number 0000'
0320-111607:CFG:guest4:CMD='SET serial_number 0000'
0320-111607:CFG:guest4:CMD='SET device_name FBox'
0320-111607:CFG:guest4:CMD='SET pbc_in_m1 1'
0320-111607:CFG:guest4:CMD='SET wps_rf_bands ag'
0320-111607:CFG:guest4:CMD='SET uuid 3f996acc-d778-a30f-c51e-aa30e0e5a14c'
0320-111607:CFG:global,cmd='ADD ath0 /var/run/hostapd atheros'
0320-111607:CFG:ath0:CMD='SET ssid WLAN-W'
0320-111607:CFG:ath0:CMD='SET wpa_group_rekey ***'
0320-111607:CFG:ath0:CMD='SET bridge lan'
0320-111607:CFG:ath0:CMD='SET eap_server 1'
0320-111607:CFG:ath0:CMD='SET wpa_passphrase ***'
0320-111607:CFG:ath0:CMD='SET wpa_key_mgmt WPA-PSK SAE'
0320-111607:CFG:ath0:CMD='SET sae_require_mfp 1'
0320-111607:CFG:ath0:CMD='SET ieee80211w 1'

I’m trying to connect to the WiFi “WLAN-W-Gast”, but the normal “WLAN-W” doesn’t work either.
I’ll check the date when I’m at home again, but shouldn’t I get the same “wrong key”-error from connecting to the mobile hotspot when the date is too far off?

You are correct. Only timezone and time was synced from the browser. But this should not have any relationship with repeater. I tested and it can connect to iphone without reporting wrong key. So the problem must be something else.

¯_(ツ)_/¯
When I flashed openwrt-mt1300-3.211-1227.bin and openwrt-mt1300-3.212-0301.bin all I did was (in this order)

  • flash
  • login, scan for available WISPs, select my WISP, enter password, press [Join], fail with above error msg
  • login via SSH, set correct time and date
  • press the [Join] button again
    → successfully connected

So at least it was a valid workaround for that bug - no matter what (other?) causes it araises from.