如何在 Ubuntu 20.10 中使用 WPA3 和受保护的管理框架?

tag-icon tag-icon security iwlwifi wpa3
如何在 Ubuntu 20.10 中使用 WPA3 和受保护的管理框架?

我在运行 Ubuntu 20.10 的 Dell Latitude-7480 笔记本中安装了 Intel AX-210。我想使用 Wi-Fi 6E、WPA3 和受保护的管理框架(6 GHz 下都需要)进行连接。
驱动程序是 iwlfifi /lib/firmware/iwlwifi-ty-a0-gf-a0-59.ucode

Ubuntu 看到了 SSID,但无法连接。它多次显示“激活网络连接失败”的弹出消息。

我正在看关于20.04 版的 WPA3

接受的答案提供了以下步骤:

nmcli conn show
NAME                                UUID                                  TYPE      DEVICE 
mywifi                              xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx  wifi      wlp1s0 
...other connections here...

然后,我们使用 nmcli 交互式编辑器修复正在使用的 key-mgmt,如下所示:

nmcli conn edit mywifi

我的系统显示如下:

$ nmcli conn show
NAME                UUID                                  TYPE      DEVICE    
WiFi-6E-Test 2      b84117dd-fa12-4dba-b273-61f5fe3c9af1  wifi      wlp2s0    
Wired connection 1  0f8fd576-7856-3fc4-b8fe-7e524e3fe47d  ethernet  enp0s31f6 
WiFi-6E-Test        4019de60-86ee-48e1-bb3c-43dfef87f79e  wifi      --        
WiFi-6E-Test 1      bd490295-3372-4c4b-b906-7aa9c14e2490  wifi      --

系统尝试连接时,第一行“WiFi-6E-Tes​​t 2”为红色。有线连接为绿色,其他 Wi-Fi 连接为白色。实际 SSID 为 Wi-Fi-6E-Tes​​t。我不确定为什么要添加 1 和 2,但可能是尝试过不同的安全类型(无、OWE 和 WPA3)。

我尝试了这个过程,但似乎密钥管理已经是 sae 了:

$ nmcli conn edit "WiFi-6E-Test 2" 

===| nmcli interactive connection editor |===

Editing existing '802-11-wireless' connection: 'WiFi-6E-Test 2'

Type 'help' or '?' for available commands.
Type 'print' to show all the connection properties.
Type 'describe [<setting>.<prop>]' for detailed property description.

You may edit the following settings: connection, 802-11-wireless (wifi), 802-11-wireless-security (wifi-sec), 802-1x, ethtool, match, ipv4, ipv6, tc, proxy
nmcli> print wifi-sec.key-mgmt
802-11-wireless-security.key-mgmt: sae
nmcli> describe wifi-sec.key-mgmt

=== [key-mgmt] ===
[NM property description]
Key management used for the connection.  One of "none" (WEP), "ieee8021x" (Dynamic WEP), "wpa-psk" (infrastructure WPA-PSK), "sae" (SAE), "owe" (Opportunistic Wireless Encryption) or "wpa-eap" (WPA-Enterprise).  This property must be set for any Wi-Fi connection that uses security.

nmcli> set wifi-sec.key-mgmt sae
nmcli> verify
Verify connection: OK
nmcli> save persistent
Connection 'WiFi-6E-Test 2' (b84117dd-fa12-4dba-b273-61f5fe3c9af1) successfully updated.
nmcli>

到目前为止,这还没有奏效。是否需要其他设置来启用对受保护管理框架的支持?

我还尝试将 AP 更改为机会无线加密而不是 WPA3。我重复了 nmcli 步骤,但使用了 owe 而不是 sae。这也不起作用。使用 OWE 不会出现重复的消息“激活网络连接失败”。它只是默默地失败了。

在这两种情况下,SSID 在“选择网络”对话框中可见,但它永远不会关联。

以下是使用 WPA3 连接 AP 失败时执行 sudo tail -f /var/log/syslog 的结果:

Mar 14 17:26:31 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760791.0592] device (wlp2s0): Activation: starting connection 'six-e-test' (4b4e0bc9-436c-4194-8901-46c9247d0fa4)
Mar 14 17:26:31 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760791.0593] audit: op="connection-add-activate" uuid="4b4e0bc9-436c-4194-8901-46c9247d0fa4" name="six-e-test" pid=1096 uid=1000 result="success"
Mar 14 17:26:31 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760791.0617] device (wlp2s0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
Mar 14 17:26:31 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760791.0622] device (wlp2s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Mar 14 17:26:31 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760791.0628] device (wlp2s0): Activation: (wifi) access point 'six-e-test' has security, but secrets are required.
Mar 14 17:26:31 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760791.0630] device (wlp2s0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
Mar 14 17:26:40 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760800.1146] device (wlp2s0): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed')
Mar 14 17:26:40 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760800.1150] device (wlp2s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Mar 14 17:26:40 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760800.1153] device (wlp2s0): Activation: (wifi) connection 'six-e-test' has security, and secrets exist.  No new secrets needed.
Mar 14 17:26:40 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760800.1153] Config: added 'ssid' value 'six-e-test'
Mar 14 17:26:40 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760800.1153] Config: added 'scan_ssid' value '1'
Mar 14 17:26:40 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760800.1153] Config: added 'bgscan' value 'simple:30:-70:86400'
Mar 14 17:26:40 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760800.1154] Config: added 'key_mgmt' value 'SAE FT-SAE'
Mar 14 17:26:40 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760800.1154] Config: added 'auth_alg' value 'OPEN'
Mar 14 17:26:40 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760800.1154] Config: added 'psk' value '<hidden>'
Mar 14 17:26:40 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760800.1286] device (wlp2s0): supplicant interface state: disconnected -> scanning
Mar 14 17:26:40 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760800.1287] device (p2p-dev-wlp2s0): supplicant management interface state: disconnected -> scanning
Mar 14 17:26:49 ****-Latitude-7480 systemd-resolved[503]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
Mar 14 17:26:50 ****-Latitude-7480 systemd-resolved[503]: message repeated 3 times: [ Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.]
Mar 14 17:27:04 ****-Latitude-7480 NetworkManager[542]: <warn>  [1615760824.8831] device (wlp2s0): Activation: (wifi) association took too long, failing activation
Mar 14 17:27:04 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760824.8833] device (wlp2s0): state change: config -> failed (reason 'ssid-not-found', sys-iface-state: 'managed')
Mar 14 17:27:04 ****-Latitude-7480 NetworkManager[542]: <warn>  [1615760824.8875] device (wlp2s0): Activation: failed for connection 'six-e-test'
Mar 14 17:27:04 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760824.8880] device (wlp2s0): supplicant interface state: scanning -> disconnected
Mar 14 17:27:04 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760824.8880] device (p2p-dev-wlp2s0): supplicant management interface state: scanning -> disconnected
Mar 14 17:27:04 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760824.8884] device (wlp2s0): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed')
Mar 14 17:27:04 ****-Latitude-7480 wpa_supplicant[584]: wlp2s0: Reject scan trigger since one is already pending
Mar 14 17:27:05 ****-Latitude-7480 wpa_supplicant[584]: wlp2s0: Reject scan trigger since one is already pending
Mar 14 17:27:05 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760825.9012] policy: auto-activating connection 'six-e-test' (4b4e0bc9-436c-4194-8901-46c9247d0fa4)
Mar 14 17:27:05 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760825.9030] device (wlp2s0): Activation: starting connection 'six-e-test' (4b4e0bc9-436c-4194-8901-46c9247d0fa4)
Mar 14 17:27:05 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760825.9035] device (wlp2s0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
Mar 14 17:27:05 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760825.9055] device (wlp2s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Mar 14 17:27:05 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760825.9062] device (wlp2s0): Activation: (wifi) access point 'six-e-test' has security, but secrets are required.
Mar 14 17:27:05 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760825.9062] device (wlp2s0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
Mar 14 17:27:05 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760825.9086] device (wlp2s0): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed')
Mar 14 17:27:05 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760825.9091] device (wlp2s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Mar 14 17:27:05 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760825.9094] device (wlp2s0): Activation: (wifi) connection 'six-e-test' has security, and secrets exist.  No new secrets needed.
Mar 14 17:27:05 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760825.9094] Config: added 'ssid' value 'six-e-test'
Mar 14 17:27:05 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760825.9094] Config: added 'scan_ssid' value '1'
Mar 14 17:27:05 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760825.9095] Config: added 'bgscan' value 'simple:30:-70:86400'
Mar 14 17:27:05 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760825.9095] Config: added 'key_mgmt' value 'SAE FT-SAE'
Mar 14 17:27:05 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760825.9095] Config: added 'auth_alg' value 'OPEN'
Mar 14 17:27:05 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760825.9095] Config: added 'psk' value '<hidden>'
Mar 14 17:27:05 ****-Latitude-7480 wpa_supplicant[584]: wlp2s0: Reject scan trigger since one is already pending
Mar 14 17:27:05 ****-Latitude-7480 wpa_supplicant[584]: wlp2s0: Failed to initiate AP scan
Mar 14 17:27:06 ****-Latitude-7480 wpa_supplicant[584]: wlp2s0: Reject scan trigger since one is already pending
Mar 14 17:27:06 ****-Latitude-7480 wpa_supplicant[584]: wlp2s0: Failed to initiate AP scan
Mar 14 17:27:07 ****-Latitude-7480 wpa_supplicant[584]: wlp2s0: Reject scan trigger since one is already pending
Mar 14 17:27:07 ****-Latitude-7480 wpa_supplicant[584]: wlp2s0: Failed to initiate AP scan
Mar 14 17:27:08 ****-Latitude-7480 wpa_supplicant[584]: wlp2s0: Reject scan trigger since one is already pending
Mar 14 17:27:08 ****-Latitude-7480 wpa_supplicant[584]: wlp2s0: Failed to initiate AP scan
Mar 14 17:27:09 ****-Latitude-7480 wpa_supplicant[584]: wlp2s0: Reject scan trigger since one is already pending
Mar 14 17:27:09 ****-Latitude-7480 wpa_supplicant[584]: wlp2s0: Failed to initiate AP scan
Mar 14 17:27:10 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760830.9318] device (wlp2s0): supplicant interface state: disconnected -> scanning
Mar 14 17:27:10 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760830.9319] device (p2p-dev-wlp2s0): supplicant management interface state: disconnected -> scanning
Mar 14 17:27:15 ****-Latitude-7480 systemd-resolved[503]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
Mar 14 17:27:15 ****-Latitude-7480 systemd-resolved[503]: message repeated 3 times: [ Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.]
Mar 14 17:27:30 ****-Latitude-7480 NetworkManager[542]: <warn>  [1615760850.8830] device (wlp2s0): Activation: (wifi) association took too long, failing activation
Mar 14 17:27:30 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760850.8831] device (wlp2s0): state change: config -> failed (reason 'ssid-not-found', sys-iface-state: 'managed')
Mar 14 17:27:30 ****-Latitude-7480 NetworkManager[542]: <warn>  [1615760850.8870] device (wlp2s0): Activation: failed for connection 'six-e-test'
Mar 14 17:27:30 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760850.8873] device (wlp2s0): supplicant interface state: scanning -> disconnected
Mar 14 17:27:30 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760850.8873] device (p2p-dev-wlp2s0): supplicant management interface state: scanning -> disconnected
Mar 14 17:27:30 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760850.8881] device (wlp2s0): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed')
Mar 14 17:27:40 ****-Latitude-7480 systemd-resolved[503]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
Mar 14 17:27:41 ****-Latitude-7480 systemd-resolved[503]: message repeated 3 times: [ Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.]
Mar 14 17:28:02 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760882.6225] policy: auto-activating connection 'six-e-test' (4b4e0bc9-436c-4194-8901-46c9247d0fa4)
Mar 14 17:28:02 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760882.6229] device (wlp2s0): Activation: starting connection 'six-e-test' (4b4e0bc9-436c-4194-8901-46c9247d0fa4)
Mar 14 17:28:02 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760882.6230] device (wlp2s0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
Mar 14 17:28:02 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760882.6234] device (wlp2s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Mar 14 17:28:02 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760882.6237] device (wlp2s0): Activation: (wifi) access point 'six-e-test' has security, but secrets are required.
Mar 14 17:28:02 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760882.6237] device (wlp2s0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
Mar 14 17:28:02 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760882.6271] device (wlp2s0): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed')
Mar 14 17:28:02 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760882.6275] device (wlp2s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Mar 14 17:28:02 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760882.6277] device (wlp2s0): Activation: (wifi) connection 'six-e-test' has security, and secrets exist.  No new secrets needed.
Mar 14 17:28:02 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760882.6278] Config: added 'ssid' value 'six-e-test'
Mar 14 17:28:02 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760882.6278] Config: added 'scan_ssid' value '1'
Mar 14 17:28:02 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760882.6278] Config: added 'bgscan' value 'simple:30:-70:86400'
Mar 14 17:28:02 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760882.6278] Config: added 'key_mgmt' value 'SAE FT-SAE'
Mar 14 17:28:02 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760882.6278] Config: added 'auth_alg' value 'OPEN'
Mar 14 17:28:02 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760882.6278] Config: added 'psk' value '<hidden>'
Mar 14 17:28:02 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760882.6394] device (wlp2s0): supplicant interface state: disconnected -> scanning
Mar 14 17:28:02 ****-Latitude-7480 NetworkManager[542]: <info>  [1615760882.6394] device (p2p-dev-wlp2s0): supplicant management interface state: disconnected -> scanning
Mar 14 17:28:12 ****-Latitude-7480 systemd-resolved[503]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
^C

这是 AP 更改为增强开放(机会性无线加密)时的系统日志。

****@****-Latitude-7480:~$ sudo tail -f /var/log/syslog
Mar 14 17:50:58 ****-Latitude-7480 NetworkManager[542]: <info>  [1615762258.5147] audit: op="connection-add-activate" pid=4029 uid=1000 result="fail" reason="Failed to determine AP security information"
Mar 14 17:50:58 ****-Latitude-7480 gnome-control-c[4029]: Failed to add and activate connection '0': Failed to determine AP security information
Mar 14 17:50:59 ****-Latitude-7480 NetworkManager[542]: <info>  [1615762259.7447] audit: op="connection-add-activate" pid=4029 uid=1000 result="fail" reason="Failed to determine AP security information"
Mar 14 17:50:59 ****-Latitude-7480 gnome-control-c[4029]: Failed to add and activate connection '0': Failed to determine AP security information
Mar 14 17:51:01 ****-Latitude-7480 NetworkManager[542]: <info>  [1615762261.3282] audit: op="connection-add-activate" pid=4029 uid=1000 result="fail" reason="Failed to determine AP security information"
Mar 14 17:51:01 ****-Latitude-7480 gnome-control-c[4029]: Failed to add and activate connection '0': Failed to determine AP security information
Mar 14 17:51:02 ****-Latitude-7480 NetworkManager[542]: <info>  [1615762262.6328] audit: op="connection-add-activate" pid=4029 uid=1000 result="fail" reason="Failed to determine AP security information"
Mar 14 17:51:02 ****-Latitude-7480 gnome-control-c[4029]: Failed to add and activate connection '0': Failed to determine AP security information
Mar 14 17:51:04 ****-Latitude-7480 systemd-resolved[503]: Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.
Mar 14 17:51:05 ****-Latitude-7480 systemd-resolved[503]: message repeated 3 times: [ Server returned error NXDOMAIN, mitigating potential DNS violation DVE-2018-0001, retrying transaction with reduced feature level UDP.]
Mar 14 17:51:12 ****-Latitude-7480 wpa_supplicant[584]: wlp2s0: Reject scan trigger since one is already pending
Mar 14 17:52:32 ****-Latitude-7480 wpa_supplicant[584]: message repeated 3 times: [ wlp2s0: Reject scan trigger since one is already pending]

相关内容