FYI: wlan1 is the 5Ghz Radio. I switched for testing purposes to wlan0 (2.4Ghz).
Using the 2.4band makes some difference. Now I get a station-dump, but still no "real" connection e.g. I can't ping the other router. This seems driver related and it looks like its not fixed, even it was closed by @nbd. I am using the latest trunk with MT76 driver:
Replacing authsae and wpad for wpad-mesh made a difference. Now I'm connecting encrypted on the 2.4Ghz band (MT7603 to MT7628). On the 5Ghz still no joy (MT7612 to MT7612).
I did read somewhere that authsae was outdated (2014) and I did try wpad-mesh, but in combination with authsae still installed...oops.
I will try ath9k to ath9k later, maybe that still needs the nohwcrypt=1 flag during module loading??
802.11s with encryption on the atk9k (without the need to put any flags like in the past), works.
I didn't notice a significant performance hit on the atk9k chipset, so I'm really happy to have an encrypted mesh now. Thanks for pointing me to wpad-mesh (@nbd)
Since I didn't get the 5Ghz MT7612 to work yet I only have one ath10k device I couldn't test that.
@drbrains -- super exciting that more people are interested in setting up mesh and most importantly got it working.
If you don't have time to create a proper wiki page, can you post sanitized changes made to relevant config files (network, wifi, firewall) here in this thread?
Basically my config is a few posts up. Combine that with replacing Wpad-mini with Wpad-mesh and making sure no other authsae is installed.
I am not sure what ābreaksā if one would replace the full Wpad with Wpad-mesh. I will test later, cause I never tried Wpad (full) without authsae which possibly might have broken the setup in the first place.
All my mesh-points are sort of ādumb-APā, so dhcp disabled and I bridged directly to ālanā as you could see, so no firewall modification or network modifications required. Only exception being my āmainā router to hand out IP via dhcp (standard setup).
I have all my APās or other managed devices inside my lan subnet (Static) for easy use (home setup). So definitely not random otherwise I would never know how to access a single AP.
So itās like you would do if you had wired APās. Only difference replacing the cable with the mesh (simplistic I know)
Replacing full wpad and authsae with only wpad-mesh didnt work. Without authsae i even get my logs spammed with: hostapd: handle_probe_req: send failed
Have you done a full reset or simply uninstalled old and installed the new package?
Iām using some old 4/32 hardware to mix into the mesh. For those I needed to recompile and flash because of memory limitations; on higher end devices I removed and installed without a full reflash.
Both ways worked fine for me. For sure I did Not select the authsae package to rebuild the image, eveything seems to be in the Wpad-mesh package. Iām not home right now, I can do some testing later during the day. Iām assuming if āopkg list-installedā only shows the Wpad-mesh package (and whatever else you need/installed) then its fine. As a side note I did use the āforce-reinstall and āforce-overwrite when replacing the packages on a running system. After that I did a ā/etc/unit.d/network restartā. That might be overkill and just āWifi stopā wait āWifi startā should work.
@stangri, no suggestions at the moment. Initially I thought it wouldnt work since you left out " option encryption 'none' ". You could have missed that copying into your post, so I tried without on my own setup. This showed some other interesting facts.
@nbd: even if I put " encycryption 'authsae' " the generated file for wpa_supplicant (/var/run/wpa_supplicant-wlan1.conf) will not have the encryption set. I could simply connect from an "Open" meshpoint (without any encryption) to my "Closed" meshpoint.
@drbrains -- thanks for your prompt reply. Do you have any other interfaces on the same radio as the mesh interface? Are any other packages besides wpad-mesh required?
No other interfaces on the same radio. Only wpad-mesh installed, but I noticed the authsae is not really happening (so the OOTB wpad-mini should even work, none encrypted). Waiting for a reply from @nbd on how to fix that. Sofar as long as the wifi-driver itself allows 802.11s, I seem to be able to mix different chipsets (Atheros and Mediatek).
I didn't try to Wireshark the unencrypted packages yet. I don't know how easy it is to "sniff" the mesh_id. cause it seems as soon as you have the correct mesh_id, you could just join the mesh and get full access which could be a major security issue.
Switched to a different (more stable) router and 17.01.4. With wpad-mesh installed, the hostapd config file doesn't include the interface of the mesh network. @nbd -- does mesh interface have to be the only interface on the radio?
with /etc/wireless/config set
option encryption 'psk2/aes'
my /var/run/wpa_supplicant-wlan1.conf has "key_mgmt=SAE" set correct but wireless does not work. (ath9k wzr-hp g300nh)
My Phone does not see the network