WF(200) can be used with Linux in WPA3 in both AP (Access Point) and STA (STAtion) modes using Linux standard commands.
This article provides generic (i.e. not specific to WF(M)200) information on the Linux configuration of a WPA3 AP as well as a WPA3 STA. You can set up 2 boards and connect them together over WPA3 Wi-Fi.
In most cases, WF(M)200 will act either as AP or STA, not with both roles simultaneously. For commissioning purposes, it is possible to enable simultaneous AP+STA. Details on this feature are not provided in this article.
The AP wlan interface is selectable in the hostapd command line, as the '-i' (list of interface names to use) field. It can also be hard-coded in the hostapd_WPA3.conf file.
Typical hostapd command line (in the context of our Raspberry Pi demo, user 'pi' (requiring 'sudo'))
sudo killall hostapd
sudo hostapd -i wlan0 hostapd_WPA3.conf
Configuration file: hostapd_WPA3.conf
wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE
Using interface wlan0 with hwaddr 00:0d:6f:73:91:57 and ssid "WPA3_AP"
wlan0: interface state COUNTRY_UPDATE->ENABLED
wlan0: AP-ENABLED
We recommend not running hostapd in the background when experimenting, to get an immediate display of any message from the application. Run in the background once you have validated your setup (use '-B' for running in background).
hostapd v2.8-devel
User space daemon for IEEE 802.11 AP management,
IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator
Copyright (c) 2002-2019, Jouni Malinen <j@w1.fi> and contributors
Checking if hostapd is running, and what the interface and configuration file are
We recommend not running wpa_supplicant in the background when experimenting, to get an immediate display of any message from the application. Run in the background once you have validated your setup (use '-B' for running in background).
wlan0: SME: Trying to authenticate with 00:0d:6f:73:91:57 (SSID='WPA3_AP' freq=2437 MHz)
wlan0: SME: Trying to authenticate with 00:0d:6f:73:91:57 (SSID='WPA3_AP' freq=2437 MHz)
wlan0: PMKSA-CACHE-ADDED 00:0d:6f:73:91:57 0
wlan0: Trying to associate with 00:0d:6f:73:91:57 (SSID='WPA3_AP' freq=2437 MHz)
wlan0: Associated with 00:0d:6f:73:91:57
wlan0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wlan0: WPA: Key negotiation completed with 00:0d:6f:73:91:57 [PTK=CCMP GTK=CCMP]
wlan0: CTRL-EVENT-CONNECTED - Connection to 00:0d:6f:73:91:57 completed [id=0 id_str=]
STA: Checking wlan0 IP address
ip addr show wlan0
4: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether 00:0d:6f:73:8a:15 brd ff:ff:ff:ff:ff:ff
inet 192.168.45.109/24 brd 192.168.45.255 scope global noprefixroute wlan0
valid_lft forever preferred_lft forever
inet6 fe80::108f:61b8:531f:3a20/64 scope link
valid_lft forever preferred_lft forever
Check that the IP address is within the range allocated via dnsmasq on the AP
WPA3 configuration fields table
The table below lists side-by-side parameters present in hostapd.conf and wpa_supplicant for a setup where a Linux platform is configured as AP while another Linux platform is configured as a STA associated with the AP.
These parameters correspond to the attached configuration files:
hostapd_WPA3_wlan0.conf
wpa_supplicant_WPA3.conf
Legend
User-modifiable fields
WPA3-forced fields
hostapd/wpa_supplicant configuration fields
hostapd_WPA3.conf
wpa_supplicant_WPA3.conf
comments
interface=wlan0
optional in hostapd config. Can be set via command line '-i' field
# The wpa field is a bit field that can be used to enable WPA/WPA2
# bit0 = WPA (IEEE 802.11i/D3.0)
# bit1 = WPA2 (IEEE 802.11i/RSN) (dot11RSNAEnabled)
# We don't use WPA: bit0 = 0
# WPA2 and WPA3 use RSN: bit1 = 1
# this leads to wpa=2 / proto=RSN
wpa_key_mgmt=SAE
key_mgmt=SAE
SAE = 'Simultaneous Authentication of Equals' for WPA3-Personal
rsn_pairwise=CCMP
pairwise=CCMP
# 2 'pairwise' fields are used for WPA or RSN: wpa_pairwise and rsn_pairwise
# we only use RSN, so only set rsn_pairwise
# the value is a space-separated list of accepted encryption algorithms
# CCMP = AES in Counter mode with CBC-MAC (CCMP-128)
WF(M)200 : Linux WPA3 configuration
Linux: Configuring WF(M)200 for WPA3
WF(200) can be used with Linux in WPA3 in both AP (Access Point) and STA (STAtion) modes using Linux standard commands.
This article provides generic (i.e. not specific to WF(M)200) information on the Linux configuration of a WPA3 AP as well as a WPA3 STA. You can set up 2 boards and connect them together over WPA3 Wi-Fi.
Pre-requisites
WPA3 is working as from
Please update to the above minimal versions before using WPA3 with WF(M)200.
AP (Access Point)
The AP uses hostapd, configured via the hostapd_WPA3_wlan0.conf file.
AP: Allocating an IP address to wlan0
sudo dhcpcd --release wlan0 sudo ip addr flush dev wlan0 sudo ip addr add 192.168.45.1/24 dev wlan0
AP: Checking wlan0 IP address
ip addr show wlan0
AP: DHCP/DNS setup using dnsmasq: allocating an IP address range to wlan0 clients
sudo killall dnsmasq sudo dnsmasq --conf-file=/dev/null --interface=wlan0 --bind-interfaces --except-interface=lo --dhcp-range=192.168.45.100,192.168.45.200
AP interface selection
The AP wlan interface is selectable in the hostapd command line, as the '-i' (list of interface names to use) field. It can also be hard-coded in the hostapd_WPA3.conf file.
Typical hostapd command line (in the context of our Raspberry Pi demo, user 'pi' (requiring 'sudo'))
sudo killall hostapd
sudo hostapd -i wlan0 hostapd_WPA3.conf
AP configuration
Refer to the attached hostapd_WPA3.conf file. Refer to https://w1.fi/cgit/hostap/plain/hostapd/hostapd.conf for details of hostapd configuration.
AP Checks (on the AP)
Checking hostapd version (tested with v2.8-devel)
hostapd -v
Checking if hostapd is running, and what the interface and configuration file are
ps -few | grep hostapd
Checking active lines in hostapd configuration (skipping empty lines and comment lines)
cat hostapd_wpa3.conf | grep -v ^$ | grep -v ^#
Checking hostapd status
hostapd_cli status
Checking hostapd configuration
hostapd_cli get_config
External AP checks (from a Linux Wi-Fi STAtion)
wpa_cli scan
wpa_cli scan_results
AP hostapd messages during STA association
STA (STAtion)
The STA uses wpa_supplicant, configured via the wpa_supplicant_WPA3.conf file.
STA interface selection
The STA wlan interface is selected in the wpa_supplicant command line, as the '-i' (= interface name) field
Typical wpa_supplicant command line (in the context of our Raspberry Pi demo, user 'pi')
sudo killall wpa_supplicant sudo wpa_supplicant -i wlan0 -c wpa_supplicant_WPA3.conf
STA configuration
Refer to the attached wpa_supplicant_WPA3.conf file. Refer to https://w1.fi/cgit/hostap/plain/wpa_supplicant/wpa_supplicant.conf for details of wpa_supplicant configuration.
STA Checks (on the STA)
Checking wpa_supplicant version (tested with 2.8-devel)
wpa_supplicant -v
Checking if wpa_supplicant is running, and what the interface and configuration file are
ps -few | grep wpa_supplicant
Checking active lines in wpa_supplicant configuration (skipping empty lines and comment lines)
cat wpa_supplicant_WPA3.conf | grep -v ^$ | grep -v ^#
Checking wpa_supplicant status
wpa_cli status
STA wpa_supplicant messages upon connection
STA: Checking wlan0 IP address
ip addr show wlan0
WPA3 configuration fields table
The table below lists side-by-side parameters present in hostapd.conf and wpa_supplicant for a setup where a Linux platform is configured as AP while another Linux platform is configured as a STA associated with the AP.
These parameters correspond to the attached configuration files:
Legend
# bit0 = WPA (IEEE 802.11i/D3.0)
# bit1 = WPA2 (IEEE 802.11i/RSN) (dot11RSNAEnabled)
# We don't use WPA: bit0 = 0
# WPA2 and WPA3 use RSN: bit1 = 1
# this leads to wpa=2 / proto=RSN
# we only use RSN, so only set rsn_pairwise
# the value is a space-separated list of accepted encryption algorithms
# CCMP = AES in Counter mode with CBC-MAC (CCMP-128)
# PMF required: ieee80211w=2
# WPA3-Personal-only mode: ieee80211w=2 / key_mgmt=SAE
# wpa_passphrase is an ASCII passphrase, converted to PSK (Pre-Shared Key)
Double quotes required in wpa_supplicant.conf