Rune WiFi Only Connects To TKIP, Not AES

[R101]

I have never managed to get Rune's wifi to connect to my router unless network encryption is set to TKIP rather than AES. No other device seems to have any problem.

The network configuration page in Rune's menu shows that it has recognized the SSID and that it requires AES, but it will not connect to it. If I change to TKIP, it connects with no problem.

As the router limits the connection speed for everything else on the network to "g" speeds if it is set to TKIP, I would rather like to sort this out. Is there an easy way to fix it?

[R101]

OK, I have found an answer, although it is not particularly user-friendly.

For anyone else with the same problem, what worked for me was:

SSH to the Pi.

Use

Code: Select all

wpa_passphrase

to generate a 256 bit psk, and then copy it.

Enter

Code: Select all

netctl edit (SSID)

Paste the new psk in place of the old and edit these other values to:

'proto=RSN'
'group=CCMP'
'pairwise=CCMP'

[R101]

After a bit more investigation, it seems generating a 256 bit key is not necessary.

The GUI setup writes values to the configuration file which deliberately restricts the encryption method to TKIP. If the configuration values were left as default, or set to CCMP TKIP, the problem would not arise.

Please can this be put on the list of things to look at?

[hondagx35]

Hi R101,

I have absolutely no problem connecting to my AES secured access point.
My generated profile looks like this:

Code: Select all

Description='wlan0 connection'
Interface=wlan0
Connection=wireless
Security=wpa-configsection
IP=dhcp
WPAConfigSection=(
    'ssid="SpeedportDG6NDH"'
    'psk="***************"'
    'key_mgmt=WPA-PSK'
    'proto=RSN'
    'group=CCMP'
    'pairwise=CCMP'
    'priority=3'
)

wifi-aes.png (28.59 KiB) Viewed 1400 times

Frank

[R101]

Thanks for the response, Frank.

Could this be something to do with my TP-Link router or the fact that my SSID is hidden? My display shows CCMP twice, rather than AES as yours does. I have only been able to connect to AES by editing the netctl file. If I enter both options CCMP TKIP, it seems to connect to either.

WiFi.jpg (13.31 KiB) Viewed 1383 times

[hondagx35]

Hi R101,

Could this be something to do with my TP-Link router or the fact that my SSID is hidden?

I have to try this, but it could be the cause for your issues.

Frank

[dror]

Hi R101 and Frank,

Could be on the same issue - the NaTed hotspot also provides g speeds only, although I'm using a 'n' capable (150mbs) dongle.
In this case it could be a matter of the hostapd configuration:

to /etc/hostapd/hostapd.conf

I added:
ieee80211n=1

changed the default "ht_capab" line to:
ht_capab=[HT40+][SHORT-GI-40]

and changed the "TKIP CCMP" line to "CCMP" only

now all connected clients recognize the network as 'n' type, and I see I get reports for 150mbps speeds.

just note I tried a couple of configurations for the "HT" tokens, untill got the one which worked. Those depend specifically on your dongle (mine uses the rt5370 chipset)

dror

EDIT:
Another importent issue to note, in case of not getting 'N' speeds.
Apparently hostapd (and generally your home wireless router) is limiting the 2.4ghz channels width to 20mhz instead of a desired 40mhz width (which will allow a full N speeds), in cases where it recognizes possible neighboring channels interference.
To check your channel width use

Code: Select all

iw dev

From what I understan in order to solve this one can:
1. Select a channel without any interference from nighboring APs.
or
2. use a modified hostapd built.

further reading
https://www.raspberrypi.org/forums/view ... 78#p517178
http://blog.anthonywong.net/2015/07/19/ ... i-hostapd/
https://www.brunsware.de/blog/gentoo/ho ... check.html

EDIT 2:
Apparently, Arch hostapd distributions are already patched to allow forcing 40mhz channel widths. Lucky us.
so we just need to add

Code: Select all

noscan=1

to hostapd.conf and

Code: Select all

iw dev

should show to desired width:

Code: Select all

type AP
                channel 4 (2427 MHz), width: 40 MHz, center1: 2437 MHz


Dror