Raspberry Pi 4 (LE 10) won't connect to any network with PMF enabled/optional

Ondjiak · August 31, 2021 at 9:20 AM

After my last post I've done some digging and found out why LibreELEC 10 cannot connect to some networks.

The problem here is that Raspberry Pi 4 WiFi HW does not support Protected Managment Frames (802.11w) right now.

But that is not really a problem on other OSes for the RPi4 including older LE 9, where it does not even attempts to use PMF, which means that as long as the WiFi AP is using PMF in optional mode, it will connect just fine.

Now what is causing the problem: LE 10 defaults to PMF being used every time the AP supports it, ignoring that there is no RPi4 HW support for it.

How to reproduce: Try connecting to any PMF optional WiFi using LE 10 on RPi4.

**chewitt** · August 31, 2021 at 9:56 AM Official Post

Please explain in technical detail how you have diagnosed the problem. I'm not disputing PMF might be involved, but we need to discern facts from enthusiastic opinions and hunches before we attempt to engage upstream Engineers.

nihilista · September 15, 2021 at 12:01 PM

I never had problems with connecting RPI4 onboard wifi to mixed mode router (fritz box), even with LE10 it connects fine with wpa2.

But my realtek wifi stick (rtl8812) fails to connect, i think that starts somewhere between LE9 and 10, after that i switched to xbian. I found usb wifi was bit more stable than onboard.

Back to LE10 my hope was that its fixed, but no. Btw, maybe its a driver or router issue....

binarious · September 19, 2021 at 1:10 PM

Thanks Ondjiak! Just ran into this problem after installing LE 10 (LE 10 - Wifi stopped working (RPi 4)). I had to disable PMF on my router (with OpenWRT I even had to do it via ssh, because the GUI option didn't persist) and my LE started connecting again. This seems to be a bug in LE 10 then, because the same network worked with LE 9.

nihilista · September 19, 2021 at 1:37 PM

I did a little research and found possible cause: libreelec uses connman for connections, but older builds of that didn't support wpa3/sae or mixed mode. I think onboard wifi didn't support wpa3, so it automatically uses wpa2 and that works. Seems connman/connmanctl could manage wpa3/mixed now (found that [RFC connman v1 1/1] gsupplicant: Add support for WPA3-Personal - iwd - Ml01.01.Org) maybe that could do the trick. Btw, don't know why onboard wifi connects and other not, as it didn't support WPA3/sae too afaik. Maybe its worth integrate newest connman....

**chewitt** · September 19, 2021 at 5:11 PM Official Post

This image is current LE10 with connman bumped to latest commit, which includes the connman WPA3 change. Please test and report back:

LibreELEC-RPi4.arm-10.0.0.tar

binarious · September 19, 2021 at 7:02 PM

Thanks for the quick response. Unfortunately that didn't really help. UI still says "invalid key" and cli says "Input/output error" when moving MFP into optional mode again.

Update: And I'm now also unable to connect to the Wifi with MFP disabled.

nihilista · September 20, 2021 at 11:03 AM

Tested it, onboard wifi connects fine as before, usb wifi not. But i wasn't able to connect usb wifi under windows, so maybe the stick is dead or problem is between stick and box. Will have to test with another stick, but the only i have is rtl88x2bu which isn't supported for now.

binarious · September 20, 2021 at 1:43 PM

nihilista Chewitt's build connects to an AP with PMF as optional/enabled for you? You were talking about WPA3 which is separate from PMF, isn't it? It actually doesn't work with PMF as optional and WPA2 aswell for me.

nihilista · September 21, 2021 at 7:26 PM

Quote from binarious

nihilista Chewitt's build connects to an AP with PMF as optional/enabled for you? You were talking about WPA3 which is separate from PMF, isn't it? It actually doesn't work with PMF as optional and WPA2 aswell for me.

With onboard wifi connecting never was a problem. But with my usb wifi stick still no connection (Input/output error). But under windows i'm not able to connect, too, so maybe bad device or some router issue. I have another stick, but unfortunately it needs rtl88x2bu driver, so i couldnt test it on libreelec. I hope that driver will made his way in libreelec soon

nihilista · September 22, 2021 at 12:48 PM

Next info: Tested again and found out that connection problems here seems to be router-specific. Changed settings on my fritz-box 7530 from wpa2+3 to wpa2 and back, suddenly all works again. So device is ok, driver is ok and libreelelec works. Connection works with wpa2, router setting is mixed mode. Thats why i normally hate wifi, too much problems with some devices and hard to figure out what's the problem

binarious · September 23, 2021 at 10:37 AM

The issue is about PMF. Are you sure it's enabled? WPA3 or 2 without PMF isn't an issue for me aswell.

nihilista · September 24, 2021 at 10:10 AM

On my FritzBox 7530 PMF setting on/off is only available in wpa2-only mode. With wpa2+wpa3 mixed mode its enabled as default and you can't disable it (activated but greyed out). So maybe router disables pmf automatically if connected device doesn't support it, but thats nothing i could set.

binarious · September 24, 2021 at 12:01 PM

Interesting. It's consistent and reproducible for me. PMF optional/enabled doesn't work with WPA2 or WPA3, but PMF disabled does work with WPA2 or WPA3.

nihilista · September 29, 2021 at 11:35 AM

AFAIK you can't disable pmf with wpa3, its obligate. Only with wpa2 you can set it on or off. So if you set pmf off, you will connect with wpa2 only. Latest driver for rtl8812au should support wpa3 sae, but seems not wo work (SAE WPA3 authentication does not work · Issue #761 · aircrack-ng/rtl8812au · GitHub).

Btw, my rtl8812-based stick now works, connects with wpa2, don't know if router uses pmf or not as it does automatically.