Device: GL-BE9300 (Flint3)
Firmware: 4.8.4 (OpenWrt 23.05-SNAPSHOT)
Setting encryption='owe' on a wifi-iface produces an open network with wpa=0 in the generated hostapd config. The network appears to work but has no encryption.
The issue is in /lib/wifi/hostapd.sh. The fix_iface function handles sae, sae-mixed, psk-mixed, and psk2, but has no case for owe. The encryption='owe' value passes through unrecognized and the script falls through to generating an open network config.
Upstream OpenWrt's hostapd.sh handles encryption='owe' as a first-class option. It sets wpa=2, wpa_key_mgmt=OWE, ieee80211w=2, and rsn_pairwise=CCMP automatically. The fork is missing this.
Workaround:
Instead of encryption='owe', use:
uci set wireless..encryption='ccmp'
uci set wireless..owe='1'
uci commit wireless
wifi
This uses the existing owe boolean flag that the script already supports (line 330 / line 980 in hostapd.sh) and correctly generates a hostapd config with wpa=2, wpa_key_mgmt=OWE, and ieee80211w=2.
Proper fix:
Add an owe) case to the fix_iface function in /lib/wifi/hostapd.sh, similar to how sae is handled:
owe)
config_set "$section" encryption "ccmp"
config_set "$section"
owe "1";;
Or sync the encryption handling with upstream OpenWrt which has full native OWE support.