WPA3 experiment

Comments welcome!

I have just flashed a copy of openwrt 19.07 to my GL-USB150 router. I replaced wpad-basic with wpad-openssl and found that I could set the wireless security to wpa3-sae.

I successfully connected my laptop running Windows 10 1909 and got internet access. I am very pleased with this.

I usually run ubuntu on the laptop, but this I couldn’t get it to connect. I suspect the DKMS driver for the rtl8821CE wireless chip because it wouldn’t connect when PMF (protected management frames) was switched on in the router.

The GL-USB150 uses the Ath9k driver for the Qualcomm QCA9331.

Has anyone else tried WPA3 yet?

T

Its looks for me about the follow:

• protectet management frames are supportet by wifi cards start intel 7265 an newer
  Source: https://www.intel.com/content/dam/support/us/en/documents/network-and-i-o/wireless-networking/06-11-2019_Intel-WiFi-Adapter-Information-Guide.pdf
• WPA3 starts to be supportet by intel 9260 or ax200
  Source: https://www.intel.com/content/dam/support/us/en/documents/network-and-i-o/wireless-networking/06-11-2019_Intel-WiFi-Adapter-Information-Guide.pdf
• OpenWrt 19.07.1 - First Service Release - 31 January 2020, fixed problems with one driver (Ath9k?) and fixed security issues
  [OpenWrt Wiki] OpenWrt 19.07.1 - First Service Release - 31 January 2020
• WPA3 supportet on Win 10, and Androide 10, Linux should support since Kernel 5.1 regulary WPA3 supporting wifi cards like Intel AX200 and it can be with bacport driver with kernel 4.19
  Debian -- Details of package firmware-iwlwifi in buster-backports
  Linux* Support for Intel® Wireless Adapters
  en:users:drivers:iwlwifi [Linux Wireless]
• WPA3 supporting HMW and NGW wifi cards are available on ebay from intel an fevi for lower than 20USD
• WPA3 are supportet by p.e. by follow router by pre release firmware:
  FRITZ!Box 7590, 7490** (04 March 2020)
  FRITZ!Box 7530** (06 March 2020)
  FRITZ!Box 6591 Cable** (7 February 2020)
  FRITZ!Box 6590 Cable, 6490 Cable** (21 February 2020)
  FRITZ!Repeater 3000, 2400, 1200, 1750E** (04 March 2020)
  Source: FRITZ! Lab | AVM International
• Intel wifi cards with WPA3 support:
  Intel® Wi-Fi 6 AX201 dont buy, need special sorts of intel cpu
  Intel® Wi-Fi 6 AX200 buy, can used with all cpu
  Intel® Wireless-AC 9560, old
  Intel® Wireless-AC 9462, old
  Intel® Wireless-AC 9461, old
  Intel® Wireless-AC 9260, old
• WiFi6 supporting wifi card vendors:
  Wi-Fi 6 - Wikipedia

• I got a hand of Intel AX200 wifi cards for peoples around me
• addet the new kernel driver by cp iwlwifi-*.ucode /lib/firmware to Linux
• now i have to figure out how to make the kernel driver known the system by „/etc/modprobe.d“ or what ever
• a hand of people around waiting for update of gl router to OpenWrt 19.07.1 - First Service Release - 31 January 2020
• a other hand of people use already WPA3 supporting AVM routers with WPA3 supporting win10 pc`s

A further finding - OWE (Opportunistic Wireless Encryption) didn’t seem to work. I am not sure if this is the router or the client.

@Henry_Bruns I am looking forward to my Nokia phone updating to Android 10 soon (in the next month)

Its time to replace non WPA3 by WPA3 class firmware and if available the non WiFi6 by WiFi6 hardware.

Adding to the list of WPA3 Capable Devices

IOS 13 - any device capable of running IOS 13, can support WPA3
MacOS 10.15 - any Mac with WiFi 5 (802.11ac) supports WPA3, older Macs that support 802.11n do not

Thanks for the information.

I tried repeating this experiment and the results showed me that openwrt does not seem to set up wpa3 without switching off the wireless. When I tried rebooting the USB150 router, to reset the wireless, openwrt reverted to wpa2, so I am afraid the outcome was not what I thought. The same happened with PMF (protected management frames) . I searched the specification of the QCA9331 and there was no mention of PMF or 802.11w (the same thing). So, it does not look as if the USB150 will be able to cope with wpa3.

Blockquote

WPA3 support

The 19.07 release brings initial support for WPA3. However, WPA3 is not enabled by default and requires installing specific packages: to run WPA3 as an access point, hostapd-openssl is needed. For use as a Wi-Fi station, you need either wpa-supplicant-openssl (station support only) or wpad-openssl (AP + station). Due to their large size, these packages are not installed by default, and it is impossible to install them on devices with less than 8MB flash.

It should also be noted that many existing client devices will never support WPA3, and that there are client devices that support WPA2 but cannot connect to an AP configured with WPA2+WPA3 mixed mode. Please only file bugs if you are sure the problem is not client related.

To configure your device as a WPA3 access point, see wpa_modes

Blockquote

Source: [OpenWrt Wiki] OpenWrt 19.07.2 - Service Release - 6 March 2020

It can be its related on this, a I am not a programmer.

I did install wpad-openssl but I think it was due to the hardware not supporting 802.11w (Protected Management Frames). The Openwrt silently returned to wpa2 on reboot, and did not use the new wpa3, leading me astray. I now doubt if this device (USB150) will ever be able to support wpa3.

Here is a link that explains a bit about PMF or MFP or 802.11w for those who may be a bit confused.
(Caution: it is a bit complicated…)

https://gigawave.com/2016/05/10/techtip-802-11w-protected-management-frames/

Most work on OpenWRT 19.07 and later for advanced features is being on the ath79 branch for usb150 and ar150

gl-inet FW is still on ar71xx - moving to ath79 is non-trivial for gl-inet’s software.