On 10/29/19 11:42 PM, David Bauer wrote: > This enables PMKSA and opportunistic key caching by default for > WPA2/WPA3-Personal, WPA3-Personal and OWE auth types. > Otherwise, Apple devices won't connect to the WPA3 network. > > This should not degrade security, as there's no external authentication > provider. > > Tested with OCEDO Koala and iPhone 7 (iOS 13.1). > > Signed-off-by: David Bauer <m...@david-bauer.net>
Do you know which, PMKSA or OKC, is needed for the iPhone?
I do not understand why the iPhone only works when one of these options
is set, you should probably ask on the hostapd mailing list for help,
this could be also a bug in hostapd.
> ---
> package/network/services/hostapd/files/hostapd.sh | 9 ++++++++-
> 1 file changed, 8 insertions(+), 1 deletion(-)
>
> diff --git a/package/network/services/hostapd/files/hostapd.sh
> b/package/network/services/hostapd/files/hostapd.sh
> index 8da8539e8a..fdbce815df 100644
> --- a/package/network/services/hostapd/files/hostapd.sh
> +++ b/package/network/services/hostapd/files/hostapd.sh
> @@ -540,7 +540,14 @@ hostapd_set_bss_options() {
> append bss_conf "rsn_preauth=1" "$N"
> append bss_conf
> "rsn_preauth_interfaces=$network_bridge" "$N"
> else
> - set_default auth_cache 0
> + case "$auth_type" in
> + sae|psk-sae|owe)
> + set_default auth_cache 1
> + ;;
> + *)
> + set_default auth_cache 0
> + ;;
> + esac
> fi
>
> append bss_conf "okc=$auth_cache" "$N"
>
signature.asc
Description: OpenPGP digital signature
_______________________________________________ openwrt-devel mailing list openwrt-devel@lists.openwrt.org https://lists.openwrt.org/mailman/listinfo/openwrt-devel
