Hat jemand eine Idee, warum bei einem mit #hostapd betriebenen #AccessPoint die #WPA Authentifizierung aller Stations scheitert, wenn der hostapd über ein paar bis viele Stunden gelaufen ist und sofort wieder funktioniert, wenn man den hostapd neu startet?

Fing an mit dem Wechsel auf #rtw88_8821au als Treiber für den betroffenen Stick und betrifft auch nur den.
An logs kriege ich auch bloß "WPA: event 3 notification".

Every once in a while, my #WiFi, hosted by a #Linux PC running #hostapd, gets really slow or outright fails. To fix it I have to:

1. stop hostapd,
2. rmmod rtl8821ae (the driver for the #Realtek Wi-Fi chip),
3. insmod,
4. udevadm wait for it to come back, and
5. start hostapd.

I wonder why it keeps failing like that.

I also wonder if I should schedule this to happen every night. Or maybe every hour. 🤷‍♂️

Configuring "full wifi roaming" / FT-SAE / 802.11r / fast BSS transition with #hostapd at home, step 1:

write a fucking #Wireshark dissector to figure out what the fuck is going on

😑

Screenshot attached in case anyone thinks I'm joking or exaggerating. And note it decodes into the goddamn encrypted part, because I had to fucking code that up too.

Current state: I can roam once after connecting, on the 2nd roam the handshake fails ("Event ASSOC_REJECT (12) received") 😭

In other exciting home sysadmin news, I have a problem in the #RPi4 box I use as the router for the local WiFi network: periodically, some clients disassociate, and then can't reconnect. (I don't really know why.) The general solution is to restart #hostapd. But I don't want to do that manually all the time.

I have now set up a service to restart hostapd automatically if it cannot successfully ping one of the other boxes. It runs with a systemd timer. Things seem better now.

Ещё немного о долбанутости #hostapd: я забыл указать SSID (название сети) в конфиге, из-за этого он крашился с ошибкой nl80211: Beacon set failed: -22, и я по меньшей мере полчаса пытался понять, чего ему надо.

И да, я сейчас на альпине с последней версией ядра, встроенный модуль поддержки rtw88 прекрасно работает, даже 5 ГГц завёлся с первой попытки.

#raspberrypi #wifi

#BSI WID-SEC-2025-0355: [NEU] [mittel] #hostapd: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen

Ein entfernter, anonymer Angreifer kann eine Schwachstelle in hostapd ausnutzen, um Sicherheitsvorkehrungen zu umgehen.

https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-0355

#nixos tip bits: #systemd-networkd in combination with #hostapd. If you try to configure the AP interface with networkd then you will find out that after boot it won't be correctly configured (enslaved to bridge for example). The fix is:

systemd.network.networks.<name>.matchConfig.WLANInterfaceType = "ap"