5

I upgraded my router's firmware to OpenWrt 21.02 which introduces WPA3 support. In theory, this should work for me, running Ubuntu 20.04, as support for WPA3 was added in 19.10

My experience is awful about that. Devices (tablets, phones, laptops) can't establish connection, except when I switch encryption to WPA2.

WPA3 does not work. My Ubuntu based laptops can see the WPA3 network SSID, but connection is unsuccessful. My Android devices can't even see SSID. I wonder if any of the hardware (network cards) is obsolete.

Does WPA3 support require hardware support, or does it purely depend on software, and could be resolved in future Ubuntu updates?

anx
  • 2,260
  • 2
  • 23
  • 38
Belushi
  • 410
  • 1
  • 6
  • 14
  • This question is unrelated to Ubuntu. WPA3 is software and it works in Ubuntu. It does work with Openwrt 21.02. – Pilot6 Jan 22 '22 at 18:01
  • This suggests that WPA3 is also hardware related: https://www.intel.com/content/www/us/en/support/articles/000054783/wireless.html Many later Intel devices but not, for example my Intel 7260. – chili555 Jan 22 '22 at 21:11
  • @chili555 That list is for Windows 10. I didn't test 7260 on Ubuntu yet, but it is quite easy to do. – Pilot6 Jan 23 '22 at 08:19
  • 1
    Oh, i forgot that I did. I have a laptop with 7260. WPA3 works. WPA3 works with Openwrt on ancient routers. – Pilot6 Jan 23 '22 at 08:21
  • @Pilot6 Are you confirming that WPA3 is *not* hardware related and that it is solely governed by the router? – chili555 Jan 23 '22 at 14:24
  • Well, I didn't dig deep into the issue. But I can confirm that WPA3 works on 15-year-old routers and that Intel 7260 works too. I think hardware encryption acceleration isn't used, but old hardware is supported on Linux. The encryption is done by openssl or wolfssl, that is pure software. – Pilot6 Jan 23 '22 at 14:38

3 Answers3

4

WPA3 support is purely based on software. There is no dedicated hardware required to run either WPA version.

Consider the following announcement, and specifically the quote from Cisco:

Cisco is in full support of Wi-Fi Alliance’s continual focus on security evolution to WPA3. The WPA3 program will bring much needed upgrades to wireless security protecting all levels of customers from consumer to enterprise/government. Cisco is committed to integrating WPA3 features into our Aironet Access Points and Wireless Controllers via a firmware upgrade so that our existing and new customers can take advantage of the capabilities offered by WPA3. - Greg Dorai, Vice President Cisco WLAN, Cisco

This clearly states that WPA3 support for proprietary devices can be added with a firmware upgrade - which is purely software, and not a hardware feature.

But of course, the hardware vendor has to release such a firmware update, before you can connect with WPA3 from your Ubuntu PC (or any other device).

Artur Meinild
  • 21,605
  • 21
  • 56
  • 89
  • Do firmware woes not become hard(ware) problems, after the "vendor has to" ship [has](https://www.intel.com/content/www/us/en/support/articles/000022396/processors.html) [sailed](https://www.intel.com/content/www/us/en/support/articles/000006507/wireless.html)? – anx Dec 12 '22 at 16:38
  • That depends on how you read/define *"depend on hardware"*. I interpret this as if there are specific hardware requirements - which is *not* the case. But it is a prerequisite that the vendor supports their hardware with appropriate software (firmware) for functions like WPA3 to work. But since you put up the bounty, you'll ultimately decide which answer works best for you. – Artur Meinild Dec 12 '22 at 17:01
  • I am trying to confirm my *vague suspicion* that some dedicated hardware specifically *ruins* either WPA version (with little consequence in the distinction between the vendor unable or unwilling to assist), while some hardware continues to work with new crypto without depending on the vendors *commitment*. Cisco has some examples that could be upgraded? Good for them, but not necessarily generalizable. Lets draw the line where it matters for using Ubuntu - can I fix it in Ubuntu, or can Canonical fix it? – anx Dec 12 '22 at 18:19
3

Delete old WPA2 connections in Ubuntu and connect again using your password.

Probably you configured Openwrt a wrong way.

Also there is WPA2/WPA3 option in Openwrt.

I can confirm that WPA3 works on old routers with e.g. AR922X wireless chips and also it does work on really old hardware Ubuntu clients.

The encryption part is done by openssl or wolfssl, so I don't see how hardware may stop it.

Pilot6
  • 88,764
  • 91
  • 205
  • 313
0

Both. Ubuntu does depend on certain properties of the NIC hardware (and their, possibly loadable, firmware), though they do not specifically need to advertise support for WPA3. There are known examples of otherwise compatible older hardware that won't work. Such can be identified by inquiring capabilities from the driver, which will lack MFP support:

sudo find /sys/kernel/debug/ieee80211/ -name hwflags  -exec \
 sh -c "grep -q MFP_CAPABLE '{}' && echo '# OK: {}' || echo '# MISSING SUPPORT: {}'" ';'
# MISSING SUPPORT: /sys/kernel/debug/ieee80211/phy0/hwflags
# OK: /sys/kernel/debug/ieee80211/phy1/hwflags
# OK: /sys/kernel/debug/ieee80211/phy2/hwflags

My working theory is that the entire iwldvm driver is affected, so Intel cards with names like Advanced-N 6205 or 6200AGN can not be used in WPA3 networks, even when running modern Ubuntu version. This may or may not be a physical lack of feature or defect in the NICs. If it is a software issue, it is not one likely to be solvable, as Intel has not provided firmware updates beyond 2010. In any case, they are said to break kernel features that could otherwise make up for their lack in crypto hardware-acceleration.

anx
  • 2,260
  • 2
  • 23
  • 38
  • So this answer is basically states that some hardware vendors dont provide proper firmware updates. This shouldn't be too surprising, but I fail the see how it answers the question... – Artur Meinild Dec 12 '22 at 19:02