On Mon, Mar 3, 2025 at 3:14 AM Bjoern A. Zeeb <b...@freebsd.org> wrote:
> On Sun, 2 Mar 2025, Kevin Oberman wrote:
>
> > On Sun, Mar 2, 2025 at 4:56 PM Bjoern A. Zeeb <b...@freebsd.org> wrote:
> >
> >> On Sun, 2 Mar 2025, Kevin Oberman wrote:
> >>
> >> Hi Kevin,
> >>
> >>> I was excited to see that it looked like 802.11n was on the way! Tried
> >>> step one, enabling 802.11 crypto, and had no luck at all. I know my
> AX211
> >>> supports CCMP, but attempting to boot gets:
> >>> wlan0: link state changed to UP
> >>> iwlwifi0: _lkpi_iv_key_set: CIPHER SUITE 0xfac02 (TKIP) not supported
> >>> wlan0: link state changed to DOWN
> >>>
> >>> Why don't I see any attempt to do CCMP? Am I looking at an issue with
> the
> >>> Arris WiFi provided by my carrier (Frontier)? I can't find any
> reference
> >> to
> >>> encryption in the DHCP configuration. Mine is very basic PSK:
> >>> network={
> >>> ssid="My BSS"
> >>> psk="My key"
> >>> priority=5
> >>> }
> >>
> >> Do you have access to the AP? I am not sure from what you say.
> >> If you do: do you still need TKIP or can you turn it off?
> >>
> >> For more see the posting from a few days ago how to configure
> >> wpa_supplicant.conf:
> >>
> >>
> https://lists.freebsd.org/archives/freebsd-wireless/2025-February/002912.html
> >>
> >> Let me know if that helps!
> >>
> >> Lots of joy,
> >> Bjoern
> >>
> >> I had assumed that the default of "CCMP TKIP" was adequate. Maybe it is,
> > since the error I get now points elsewhere... at me. (Maybe)
>
> Even if it was, you don't want TKIP anymore.
>
>
> > With the config updated, it still fails to start the network, but, with
> no
> > option other than CCMP available, the supplicant dies with
> > "/etc/rc.d/wpa_supplicant:
> > WARNING: failed to start wpa_supplicant". I see no indication that
> > anything special is required to allow the supplicant to use CCMP or
> > anything needed in the configuration other than the pairwise/group.
>
> Did it log anything as to why it did not want to start?
> I think by default it goes to /var/log/daemon.log
>
>
> > I do
> > have access to the AP. The box supports 11ac, though I see no reference
> to
> > any crypto protocol in the specifications.
>
> That is sad. No option for WPA-PSK vs. WPA2-PSK or similar setting
> behind which a change of this could hide?
>
>
> If all strings fail, would you be able to test a patch?
>
> Bjoern
I have only the choice between WPA-PSK and WPA-Default Password. For 2.4G,
I also can select WEP or Off. I also have a choice between WPA2 and
WPA/WPA2 when WPA is selected. Looks like I'm stuck for hte time being. I
may think about a new router/AP in hte future, but with Verizon buying
Frontier this spring, I'm a bit hesitant to spend $$$ on hardware that may
be obsoleted in a few months. I will be changing to Comsast when I move in
April, as well, with a different router/AP which is mine, not Comcast's. I
am probably about due to update it as it supports 11n, but nothing newer.
Thanks for helping and I'll just have to wait for TKIP support or my move
north to Comcast territory.
--
Kevin Oberman, Part time kid herder and retired Network Engineer
E-mail: rkober...@gmail.com
PGP Fingerprint: D03FB98AFA78E3B78C1694B318AB39EF1B055683
