我已使用此 wpa_supplicant.conf 成功将运行 wpa_supplicant 2.9 的嵌入式 Linux 板连接到 Fritz!Box 路由器:
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
update_config=1
network={
# Connect via WPA2 to a WPA2+WPA3 network
ssid="my_network"
psk="password"
key_mgmt=WPA-PSK
}
此连接在 Fritz!Box 路由器上显示为 WPA2 连接。路由器显示通过 WPA3 连接的其他设备,这正是我试图通过 Linux 板实现的目标。我试过:
network={
# Connect via WPA3 to a WPA2+WPA3 network
ssid="my_network"
psk="password"
key_mgmt=SAE
ieee80211w=1
}
我尝试了一些变化,但没有成功。 wpa_supplicant 是用以下内容构建的: CONFIG_SAE=y
请问大家有什么指点吗?
在摆弄自己设置 WPA2+WPA3 AP 时,我来到了这个设置,它“似乎”有效。
我说“似乎”是因为我可以连接,但必须弄清楚 IP 转发,我现在搞砸了 😉
重要的部分似乎是:
# WPA2-PSK + WPA3-SAE
proto=RSN
key_mgmt=WPA-PSK-SHA256 SAE
ieee80211w=1
请求者配置:
# /etc/wpa_supplicant/<IFNAME>.conf
#
# Enable/Start "wpa_supplicant@<IFNAME>" [no need to add .service]
#
# We set access in the service unit...
ctrl_interface=DIR=/run/wpa_supplicant
# Note: ap_scan=0/2 should not be used with the nl80211 driver interface (the
# current Linux interface). ap_scan=1 is the only option working with nl80211.
# For finding networks using hidden SSID, scan_ssid=1 in the network block can
# be used with nl80211.
ap_scan=1
#passive_scan=1
# Maximum number of peer links (0-255; default: 99)
# Maximum number of mesh peering currently maintained by the STA.
max_peer_links=255
country=XX # Use your 2 chat country code here
# 1-0050F204-1 (Computer / PC)
# 1-0050F204-2 (Computer / Server)
# 5-0050F204-1 (Storage / NAS)
# 6-0050F204-1 (Network Infrastructure / AP)
device_type=1-0050F204-2
#device_type=6-0050F204-1
wps_cred_add_sae=1 # WPA3-Personal transition mode
pmf=1
# Disable P2P functionality
p2p_disabled=1
# SAE mechanism for PWE derivation
# 0 = hunting-and-pecking loop only (default without password identifier)
# 1 = hash-to-element only (default with password identifier)
# 2 = both hunting-and-pecking loop and hash-to-element enabled
# Note: The default value is likely to change from 0 to 2 once the new
# hash-to-element mechanism has received more interoperability testing.
# When using SAE password identifier, the hash-to-element mechanism is used
# regardless of the sae_pwe parameter value.
sae_pwe=2
network={
ssid="xxxx"
psk="xxxx"
#psk=<hex>
# mode: IEEE 802.11 operation mode
# 0 = infrastructure (Managed) mode, i.e., associate with an AP (default)
# 1 = IBSS (ad-hoc, peer-to-peer)
# 2 = AP (access point)
# Note: IBSS can only be used with key_mgmt NONE (plaintext and static WEP) and
# WPA-PSK (with proto=RSN). In addition, key_mgmt=WPA-NONE (fixed group key
# TKIP/CCMP) is available for backwards compatibility, but its use is
# deprecated. WPA-None requires following network block options:
# proto=WPA, key_mgmt=WPA-NONE, pairwise=NONE, group=TKIP (or CCMP, but not
# both), and psk must also be set.
mode=2
#frequency=0
### Channel 1
#frequency=2412
## Channel 13
frequency=2472
### Channel 36
#frequency=5180
## WPA(2?) only
#proto=WPA
#key_mgmt=WPA-PSK
#pairwise=TKIP
#group=TKIP
## WPA3-SAE only
#proto=RSN
#key_mgmt=SAE
#ieee80211w=2
# WPA2-PSK + WPA3-SAE
proto=RSN
key_mgmt=WPA-PSK-SHA256 SAE
ieee80211w=1
## Optional:
#ocv=1
#beacon_prot=1
#disable_ht=0
#disable_ht40=0
#disable_sgi=0
#disable_ldpc=0
#ht40_intolerant=0
#disable_vht=0
# WPS in AP mode
# 0 = WPS enabled and configured (default)
# 1 = WPS disabled
wps_disabled=1
}
这些修改作为
systemd service
模板单元的“插入”文件:
# .../systemd/system/[email protected]/00-alternative.conf
[Service]
ConfigurationDirectory=wpa_supplicant
RuntimeDirectory=wpa_supplicant
RuntimeDirectoryMode=0775
RuntimeDirectoryPreserve=yes
Group=adm
ExecStart=
ExecStart=/sbin/wpa_supplicant -i%I -c%E/wpa_supplicant/%I.conf $options
# .../systemd/system/[email protected]/debug.conf
[Service]
#Environment='options=-d'