Join Log in
Score:2
avatar Ubuntu

Force Gnome Network Manager to use WPA2

vn flag
bmaupin

I flashed OpenWrt on my wireless router and set it to mixed WPA2/WPA3. All of my wireless devices worked fine except one: an older ThinkPad T430u running Ubuntu 22.04.

It worked before on the exact same router before I flashed it, so on a whim I set the router to WPA2 only, and now the T430u connects again.

Ideally I would like to set the router back to WPA2/WPA3 mixed mode, and tell Ubuntu to use WPA2.

If I open the connection in Network Manager, in the Security tab I see WPA & WPA2 Personal as an option. However, on another machine I selected WPA & WPA2 Personal and if I go to Details under Security it says WPA3 (before I changed the router to WPA2 only).

How can I force Ubuntu to use WPA2?

Here are the logs from when it was failing:

Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.0904] policy: auto-activating connection 'MY_WIFI' (b0a3a436-f4c1-49f0-9acf-9fb49fb07e8f)
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.0921] device (wlp3s0): Activation: starting connection 'MY_WIFI' (b0a3a436-f4c1-49f0-9acf-9fb49fb07e8f)
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.0924] device (wlp3s0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.0941] manager: NetworkManager state is now CONNECTING
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.0949] device (wlp3s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.0957] device (wlp3s0): Activation: (wifi) access point 'MY_WIFI' has security, but secrets are required.
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.0958] device (wlp3s0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.1009] device (wlp3s0): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed')
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.1025] device (wlp3s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.1037] device (wlp3s0): Activation: (wifi) connection 'MY_WIFI' has security, and secrets exist.  No new secrets needed.
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.1039] Config: added 'ssid' value 'MY_WIFI'
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.1039] Config: added 'scan_ssid' value '1'
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.1039] Config: added 'bssid' value '07:78:3B:81:D2:1A'
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.1040] Config: added 'key_mgmt' value 'WPA-PSK WPA-PSK-SHA256'
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.1040] Config: added 'psk' value '<hidden>'
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.2553] device (wlp3s0): supplicant interface state: disconnected -> scanning
Oct 21 13:06:26 hostname NetworkManager[864]: <info>  [1666371986.3667] device (wlp3s0): supplicant interface state: scanning -> disconnected
Oct 21 13:06:26 hostname NetworkManager[864]: <info>  [1666371986.8684] device (wlp3s0): supplicant interface state: disconnected -> scanning
Oct 21 13:06:30 hostname NetworkManager[864]: <info>  [1666371990.8684] device (wlp3s0): supplicant interface state: scanning -> disconnected
Oct 21 13:06:31 hostname NetworkManager[864]: <info>  [1666371991.8745] device (wlp3s0): supplicant interface state: disconnected -> scanning
Oct 21 13:06:35 hostname NetworkManager[864]: <info>  [1666371995.9916] device (wlp3s0): supplicant interface state: scanning -> disconnected
Oct 21 13:06:40 hostname NetworkManager[864]: <info>  [1666372000.9993] device (wlp3s0): supplicant interface state: disconnected -> scanning
Oct 21 13:06:46 hostname NetworkManager[864]: <info>  [1666372006.0066] device (wlp3s0): supplicant interface state: scanning -> disconnected
Oct 21 13:06:47 hostname NetworkManager[864]: <warn>  [1666372007.4528] device (wlp3s0): Activation: (wifi) association took too long, failing activation
Oct 21 13:06:47 hostname NetworkManager[864]: <info>  [1666372007.4529] device (wlp3s0): state change: config -> failed (reason 'ssid-not-found', sys-iface-state: 'managed')
Oct 21 13:06:47 hostname NetworkManager[864]: <info>  [1666372007.4542] manager: NetworkManager state is now DISCONNECTED
Oct 21 13:06:47 hostname NetworkManager[864]: <warn>  [1666372007.4553] device (wlp3s0): Activation: failed for connection 'MY_WIFI'
Oct 21 13:06:47 hostname NetworkManager[864]: <info>  [1666372007.4561] device (wlp3s0): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed')

And here are the logs after I changed the router to use WPA2 only:

Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9722] policy: auto-activating connection 'MY_WIFI' (b0a3a436-f4c1-49f0-9acf-9fb49fb07e8f)
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9820] device (wlp3s0): Activation: starting connection 'MY_WIFI' (b0a3a436-f4c1-49f0-9acf-9fb49fb07e8f)
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9823] device (wlp3s0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9835] manager: NetworkManager state is now CONNECTING
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9850] device (wlp3s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9858] device (wlp3s0): Activation: (wifi) access point 'MY_WIFI' has security, but secrets are required.
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9859] device (wlp3s0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9958] device (wlp3s0): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed')
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9965] device (wlp3s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9972] device (wlp3s0): Activation: (wifi) connection 'MY_WIFI' has security, and secrets exist.  No new secrets needed.
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9973] Config: added 'ssid' value 'MY_WIFI'
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9973] Config: added 'scan_ssid' value '1'
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9973] Config: added 'bssid' value '07:78:3B:81:D2:1A'
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9974] Config: added 'key_mgmt' value 'WPA-PSK WPA-PSK-SHA256'
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9974] Config: added 'psk' value '<hidden>'
Oct 21 13:11:36 hostname NetworkManager[864]: <info>  [1666372296.0439] device (wlp3s0): supplicant interface state: disconnected -> scanning
Oct 21 13:11:40 hostname NetworkManager[864]: <info>  [1666372300.1260] device (wlp3s0): supplicant interface state: scanning -> associating
Oct 21 13:11:40 hostname NetworkManager[864]: <info>  [1666372300.2926] device (wlp3s0): supplicant interface state: associating -> 4way_handshake
Oct 21 13:11:40 hostname NetworkManager[864]: <info>  [1666372300.3023] device (wlp3s0): supplicant interface state: 4way_handshake -> completed
Oct 21 13:11:40 hostname NetworkManager[864]: <info>  [1666372300.3024] device (wlp3s0): Activation: (wifi) Stage 2 of 5 (Device Configure) successful. Connected to wireless network "MY_WIFI"
Oct 21 13:11:40 hostname NetworkManager[864]: <info>  [1666372300.3026] device (wlp3s0): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed')
Oct 21 13:11:40 hostname NetworkManager[864]: <info>  [1666372300.3038] dhcp4 (wlp3s0): activation: beginning transaction (timeout in 45 seconds)
Oct 21 13:11:42 hostname NetworkManager[864]: <info>  [1666372302.1066] dhcp6 (wlp3s0): activation: beginning transaction (timeout in 45 seconds)
Oct 21 13:11:42 hostname NetworkManager[864]: <info>  [1666372302.1120] dhcp6 (wlp3s0): state changed new lease, address=eefa:be00:31bd:6796:8f67:f3c8:1b05:170d
Oct 21 13:11:43 hostname NetworkManager[864]: <info>  [1666372303.4636] device (wlp3s0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'managed')
Oct 21 13:11:43 hostname NetworkManager[864]: <info>  [1666372303.4707] device (wlp3s0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'managed')
Oct 21 13:11:43 hostname NetworkManager[864]: <info>  [1666372303.4711] device (wlp3s0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'managed')
Oct 21 13:11:43 hostname NetworkManager[864]: <info>  [1666372303.4716] manager: NetworkManager state is now CONNECTED_LOCAL
Oct 21 13:11:43 hostname NetworkManager[864]: <info>  [1666372303.4727] device (wlp3s0): Activation: successful, device activated.
Oct 21 13:11:43 hostname NetworkManager[864]: <info>  [1666372303.8405] dhcp4 (wlp3s0): state changed new lease, address=192.168.0.166
Oct 21 13:11:43 hostname NetworkManager[864]: <info>  [1666372303.8417] manager: NetworkManager state is now CONNECTED_SITE
Oct 21 13:11:43 hostname NetworkManager[864]: <info>  [1666372303.8420] policy: set 'MY_WIFI' (wlp3s0) as default for IPv4 routing and DNS
Oct 21 13:11:46 hostname NetworkManager[864]: <info>  [1666372306.1178] manager: NetworkManager state is now CONNECTED_GLOBAL

Edit: I did some more digging, and there doesn't appear to be a way to force WPA2. The WPA & WPA2 Personal security setting is apparently misnamed and is actually for WPA2 + WPA3 personal:

$ nmcli conn edit wifi
nmcli> describe wifi-sec.key-mgmt

=== [key-mgmt] ===
[NM property description]
Key management used for the connection. One of "none" (WEP or no password protection), "ieee8021x" (Dynamic WEP), "owe" (Opportunistic Wireless Encryption), "wpa-psk" (WPA2 + WPA3 personal), "sae" (WPA3 personal only), "wpa-eap" (WPA2 + WPA3 enterprise) or "wpa-eap-suite-b-192" (WPA3 enterprise only). This property must be set for any Wi-Fi connection that uses security.

After that, I found a couple bugs which seem to describe what I'm seeing:

I noticed I was running wpasupplicant 2.10-6 and upgraded to 2.10-9, but it didn't fix the issue.

I also upgraded networkmanager to 1.40 and that didn't fix the issue.

I was able to further narrow down the problem to 802.11w; by default, the WPA2/WPA3 mixed mode setting in OpenWrt sets it to Optional, with a warning that some devices don't fully support 802.11w.

According to this: Checking 802.11w (MFP/PMF) Support (on Linux), my device (which uses a BCM43228 chipset) seems to report that it supports 802.11w:

$ iw phy phy0 info | grep 00-0f-ac:6
        * CMAC (00-0f-ac:6)

So either it's incorrectly reporting 802.11w support or there's another problem.

The only workarounds I've found are either to set the router to WPA2 only, or WPA2/WPA3 mixed mode with 802.11w disabled.

420
0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.