WPA3 : AP-STA between 2 RPIs

Step 1: STA : Stop ongoing wireless activities

Step 1: AP : Stop ongoing wireless activities

Warning

Internet is cut-off after this !

Warning

Internet is cut-off after this !

$ service wpad stop

$ service network stop

$ service odhcpd stop

$ killall wpa_supplicant

$ killall wpa_cli

$ killall hostapd

$ killall hostapd_cli

$ killall dhclient

$ killall udhcpc

$ ifconfig wlan0 down

$ ifconfig wlan0 up
$ service wpad stop

$ service network stop

$ service odhcpd stop

$ killall wpa_supplicant

$ killall wpa_cli

$ killall hostapd

$ killall hostapd_cli

$ killall dhclient

$ killall udhcpc

$ ifconfig wlan0 down

$ ifconfig wlan0 up

Step 2: STA : Wireless interface status before connection

Step 2: AP : Wireless interface status before connection

Note

wlan0 is the name of wireless interface on this RPI

Note

wlan0 is the name of wireless interface on this RPI

$ iwconfig wlan0
wlan0     IEEE 802.11  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:on
$ iwconfig wlan0
wlan0     IEEE 802.11  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=20 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:on

Step 3: STA : ifconfig interface status before connection

Step 3: AP : ifconfig interface status before connection

$ ifconfig wlan0
wlan0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 02:00:00:00:00:00  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
$ ifconfig wlan0
wlan0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 02:00:00:00:00:00  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Step 4: STA : Bring down and Bring up wlan0 interface

Step 4: AP : Bring down and Bring up wlan0 interface

$ ifconfig wlan0 down

$ ifconfig wlan0 up
$ ifconfig wlan0 down

$ ifconfig wlan0 up

Step 5: STA : Create run_supplicant.conf

Step 5: AP : Create run_hostapd.conf

Note

ssid in /tmp/run_supplicant.conf should match ssid in /tmp/run_hostapd.conf

Note

ssid in /tmp/run_hostapd.conf should be used by clients while connecting to AP

$ vim /tmp/run_supplicant.conf

ctrl_interface=/tmp/wpa_supplicant

network={
	ssid="test_wpa3_sae"
	proto=WPA2
	key_mgmt=SAE
	psk="12345678"
}
$ vim /tmp/run_hostapd.conf

ctrl_interface=/tmp/hostapd
interface=wlan0
driver=nl80211
ssid=test_wpa3_sae
hw_mode=a
channel=36
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=2
wpa_passphrase=12345678
wpa_key_mgmt=SAE
rsn_pairwise=CCMP
group_cipher=CCMP

Step 6: STA : Run wpa_supplicant

Step 6: AP : Run hostapd

Note

CTRL-EVENT-CONNECTED indicates successful connection to AP

Note

AP-STA-CONNECTED indicates successful connection of STA

$ /usr/sbin/wpa_supplicant -Dnl80211 -i wlan0 -c /tmp/run_supplicant.conf &

Successfully initialized wpa_supplicant
wlan0: SME: Trying to authenticate with 02:00:00:00:00:00 (SSID='test_wpa3_sae' freq=2437 MHz)
wlan0: SME: Trying to authenticate with 02:00:00:00:00:00 (SSID='test_wpa3_sae' freq=2437 MHz)
wlan0: PMKSA-CACHE-ADDED 02:00:00:00:00:00 0
wlan0: Trying to associate with 02:00:00:00:00:00 (SSID='test_wpa3_sae' freq=2437 MHz)
wlan0: Associated with 02:00:00:00:00:00
wlan0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wlan0: WPA: Key negotiation completed with 02:00:00:00:00:00 [PTK=CCMP GTK=CCMP]
wlan0: CTRL-EVENT-CONNECTED - Connection to 02:00:00:00:00:00 completed [id=0 id_str=]
$ /usr/sbin/hostapd /tmp/run_hostapd.conf &

Using interface wlan0 with hwaddr 02:00:00:00:00:00 and ssid "test_wpa3_sae"
wlan0: interface state UNINITIALIZED->ENABLED
wlan0: AP-ENABLED

Step 7: STA : Check ps status and confirm wpa3_supplicant process is running

Step 7: AP : Check ps status and confirm hostapd process is running

$ ps | grep -i wpa
 3852 root      4372 S    /usr/sbin/wpa_supplicant -Dnl80211 -i wlan0 -c /tmp/run_supplicant
$ ps | grep -i hostapd
 2144 root      4380 S    /usr/sbin/hostapd /tmp/run_hostapd.conf

Step 8: STA : Check connection status using wpa_cli

Step 8: AP : Check connection status using hostapd_cli

Note

wpa_state=COMPLETED indicates successful connection. Check output of status

Note

aid=1 is assigned to connected station. Check output of all_sta

$ /usr/sbin/wpa_cli -i wlan0 -p /tmp/wpa_supplicant
> status
bssid=02:00:00:00:00:00
freq=2437
ssid=test_wpa3_sae
id=0
mode=station
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=SAE
sae_group=19
wpa_state=COMPLETED
address=02:00:00:00:01:00
uuid=572cf82f-c957-5653-9b16-b5cfb298abf1

$ /usr/sbin/wpa_cli -i wlan0 -p /tmp/wpa_supplicant
> status
wpa_state=DISCONNECTED
address=02:00:00:00:01:00
uuid=572cf82f-c957-5653-9b16-b5cfb298abf1
> scan
OK
<3>CTRL-EVENT-SCAN-STARTED
<3>CTRL-EVENT-SCAN-RESULTS
<3>CTRL-EVENT-NETWORK-NOT-FOUND
>
> scan_results
bssid / frequency / signal level / flags / ssid
02:00:00:00:00:00	2437	-30	[WPA2-SAE-CCMP][ESS]	test_wpa3_sae
>
>
> add_network
0
> set_network 0 ssid "test_wpa3_sae"
OK
>
> set_network 0 key_mgmt SAE
OK
>
<3>CTRL-EVENT-SCAN-STARTED
<3>CTRL-EVENT-SCAN-RESULTS
>
>
> set_network 0 psk "12345678"
OK
> enable_network 0
OK
<3>CTRL-EVENT-SCAN-STARTED
<3>CTRL-EVENT-SCAN-RESULTS
<3>SME: Trying to authenticate with 02:00:00:00:00:00 (SSID='test_wpa3_sae' freq=2437 MHz)
<3>SME: Trying to authenticate with 02:00:00:00:00:00 (SSID='test_wpa3_sae' freq=2437 MHz)
<3>PMKSA-CACHE-ADDED 02:00:00:00:00:00 0
<3>Trying to associate with 02:00:00:00:00:00 (SSID='test_wpa3_sae' freq=2437 MHz)
<3>Associated with 02:00:00:00:00:00
<3>CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
<3>WPA: Key negotiation completed with 02:00:00:00:00:00 [PTK=CCMP GTK=CCMP]
<3>CTRL-EVENT-CONNECTED - Connection to 02:00:00:00:00:00 completed [id=0 id_str=]
<3>CTRL-EVENT-SCAN-STARTED
>
>
>
<3>CTRL-EVENT-SCAN-RESULTS
>
>
> status
> bssid=02:00:00:00:00:00
freq=2437
ssid=test_wpa3_sae
id=0
mode=station
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=SAE
sae_group=19
wpa_state=COMPLETED
address=02:00:00:00:01:00
uuid=572cf82f-c957-5653-9b16-b5cfb298abf1
$ /usr/sbin/hostapd_cli -i wlan0 -p /tmp/hostapd
hostapd_cli v2.9
Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi> and contributors

This software may be distributed under the terms of the BSD license.
See README for more details.

Interactive mode

Step 9: STA : Wireless interface status after connection

Step 9: AP : Wireless interface status after connection

Note

ESSID field in iwconfig should show ssid of AccessPoint

Note

Mode field in iwconfig should show master

$ iwconfig 
wlan0     IEEE 802.11  ESSID:"test_wpa3_sae"  
          Mode:Managed  Frequency:2.437 GHz  Access Point: 02:00:00:00:00:00   
          Bit Rate:54 Mb/s   Tx-Power=20 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:on
          Link Quality=70/70  Signal level=-30 dBm  
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

$ iw dev
phy#2
	Interface wlan0
		ifindex 6
		wdev 0x200000001
		addr 02:00:00:00:01:00
		ssid test_wpa3_sae
		type managed
		channel 6 (2437 MHz), width: 20 MHz (no HT), center1: 2437 MHz
$ iwconfig 
wlan0     IEEE 802.11  Mode:Master  Tx-Power=20 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:on

$ iw dev
phy#1
	Interface wlan0
		ifindex 5
		wdev 0x100000001
		addr 02:00:00:00:00:00
		ssid test_wpa3_sae
		type AP
		channel 6 (2437 MHz), width: 20 MHz (no HT), center1: 2437 MHz
		txpower 20.00 dBm

Step 10: STA : Assign Static IP address

Step 10: AP : Assign Static IP address

Note

Station and AP should be in same IP subnet. Assign 192.168.3.10 to Station

Note

Station and AP should be in same IP subnet. Assign 192.168.3.1 to AP

Attention

Use static IP assignment if DHCP server is not supported by AP

Attention

Use static IP assignment if DHCP server is not supported by AP

$ ifconfig wlan0 192.168.3.10 up

$ ifconfig wlan0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.3.10  netmask 255.255.255.0  broadcast 192.168.3.255
        ether 02:00:00:00:01:00  txqueuelen 1000  (Ethernet)
        RX packets 73  bytes 13119 (13.1 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 65  bytes 13111 (13.1 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
$ ifconfig wlan0 192.168.3.1 up

$ ifconfig wlan0
wlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.3.1  netmask 255.255.255.0  broadcast 192.168.3.255
        ether 02:00:00:00:00:00  txqueuelen 1000  (Ethernet)
        RX packets 61  bytes 11085 (11.0 KB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 130  bytes 25688 (25.6 KB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Step 11: STA : Assign DHCP IP address

Step 11: AP : Assign DHCP IP address

Attention

This initiates DORA. Make sure DHCP server is running in AP !

Attention

odhcpd and dnsmasq needs to be installed to setup DHCP server

Note

udhcpc is DHCP client

Note

See below ! Add configuration in /etc/dhcp/dhcpd.conf

Note

udhcpc -i wlan0 gets IP address from DHCP server

Note

See below ! Add configuration in /etc/default/odhcpd and dnsmasq

# Release any existing IP address

$ ifconfig wlan0 0.0.0.0 up

# Run DHCP client on wlan0. This initiates DORA

$ udhcpc -i wlan0

# Check if wlan0 got IP address

$ ifconfig wlan0


Step 12: STA : Ping AP

Step 12: AP : Ping STA

Note

192.168.3.1 is IP address of Access Point

Note

192.168.3.10 is IP address of Station

$ ping 192.168.3.1
PING 192.168.3.1 (192.168.3.1) 56(84) bytes of data.
64 bytes from 192.168.3.1: icmp_seq=1 ttl=64 time=0.121 ms
64 bytes from 192.168.3.1: icmp_seq=2 ttl=64 time=0.091 ms
64 bytes from 192.168.3.1: icmp_seq=3 ttl=64 time=0.090 ms
64 bytes from 192.168.3.1: icmp_seq=4 ttl=64 time=0.097 ms
64 bytes from 192.168.3.1: icmp_seq=5 ttl=64 time=0.243 ms
$ ping 192.168.3.10
PING 192.168.3.10 (192.168.3.10) 56(84) bytes of data.
64 bytes from 192.168.3.10: icmp_seq=1 ttl=64 time=0.092 ms
64 bytes from 192.168.3.10: icmp_seq=2 ttl=64 time=0.036 ms
64 bytes from 192.168.3.10: icmp_seq=3 ttl=64 time=0.094 ms
64 bytes from 192.168.3.10: icmp_seq=4 ttl=64 time=0.105 ms
64 bytes from 192.168.3.10: icmp_seq=5 ttl=64 time=0.094 ms

Step 13: STA : Run TCP server for TCP DL test

Step 13: AP : Run TCP Client for TCP DL test

$ iperf -s -i 1
$ iperf -c 192.168.3.10 -i 1 -t 30

Step 14: STA : Run TCP client for TCP UL test

Step 14: AP : Run TCP Server for TCP UL test

$ iperf -c 192.168.3.1 -i 1 -t 30
$ iperf -s -i 1

Step 15: STA : Run UDP server for UDP DL test

Step 15: AP : Run UDP Client for UDP DL test

$ iperf -s -u -i 1 
$ iperf -c 192.168.3.10 -u -b 1000M -i 1 -t 30

Step 16: STA : Run UDP client for UDP UL test

Step 16: AP : Run UDP Server for UDP UL test

$ iperf -c 192.168.3.1 -u -b 1000M -i 1 -t 30
$ iperf -s -u -i 1