强制 Gnome 网络管理器使用 WPA2

强制 Gnome 网络管理器使用 WPA2

我在无线路由器上刷入了 OpenWrt,并将其设置为混合 WPA2/WPA3。除了一台运行 Ubuntu 22.04 的旧款 ThinkPad T430u 外,我的所有无线设备都运行正常。

在我刷新它之前,它曾经在完全相同的路由器上运行过,因此我一时兴起将路由器设置为仅 WPA2,现在 T430u 再次连接了。

理想情况下,我希望将路由器设置回 WPA2/WPA3 混合模式,并告诉 Ubuntu 使用 WPA2。

如果我在网络管理器中打开连接,则在安全标签我看到WPA 和 WPA2 个人版作为一个选项。然而在另一台机器上我选择了WPA 和 WPA2 个人版如果我去细节在下面安全它说WPA3(在我将路由器改为仅 WPA2 之前)。

我如何强制 Ubuntu 使用 WPA2?

以下是发生故障时的日志:

Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.0904] policy: auto-activating connection 'MY_WIFI' (b0a3a436-f4c1-49f0-9acf-9fb49fb07e8f)
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.0921] device (wlp3s0): Activation: starting connection 'MY_WIFI' (b0a3a436-f4c1-49f0-9acf-9fb49fb07e8f)
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.0924] device (wlp3s0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.0941] manager: NetworkManager state is now CONNECTING
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.0949] device (wlp3s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.0957] device (wlp3s0): Activation: (wifi) access point 'MY_WIFI' has security, but secrets are required.
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.0958] device (wlp3s0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.1009] device (wlp3s0): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed')
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.1025] device (wlp3s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.1037] device (wlp3s0): Activation: (wifi) connection 'MY_WIFI' has security, and secrets exist.  No new secrets needed.
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.1039] Config: added 'ssid' value 'MY_WIFI'
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.1039] Config: added 'scan_ssid' value '1'
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.1039] Config: added 'bssid' value '07:78:3B:81:D2:1A'
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.1040] Config: added 'key_mgmt' value 'WPA-PSK WPA-PSK-SHA256'
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.1040] Config: added 'psk' value '<hidden>'
Oct 21 13:06:22 hostname NetworkManager[864]: <info>  [1666371982.2553] device (wlp3s0): supplicant interface state: disconnected -> scanning
Oct 21 13:06:26 hostname NetworkManager[864]: <info>  [1666371986.3667] device (wlp3s0): supplicant interface state: scanning -> disconnected
Oct 21 13:06:26 hostname NetworkManager[864]: <info>  [1666371986.8684] device (wlp3s0): supplicant interface state: disconnected -> scanning
Oct 21 13:06:30 hostname NetworkManager[864]: <info>  [1666371990.8684] device (wlp3s0): supplicant interface state: scanning -> disconnected
Oct 21 13:06:31 hostname NetworkManager[864]: <info>  [1666371991.8745] device (wlp3s0): supplicant interface state: disconnected -> scanning
Oct 21 13:06:35 hostname NetworkManager[864]: <info>  [1666371995.9916] device (wlp3s0): supplicant interface state: scanning -> disconnected
Oct 21 13:06:40 hostname NetworkManager[864]: <info>  [1666372000.9993] device (wlp3s0): supplicant interface state: disconnected -> scanning
Oct 21 13:06:46 hostname NetworkManager[864]: <info>  [1666372006.0066] device (wlp3s0): supplicant interface state: scanning -> disconnected
Oct 21 13:06:47 hostname NetworkManager[864]: <warn>  [1666372007.4528] device (wlp3s0): Activation: (wifi) association took too long, failing activation
Oct 21 13:06:47 hostname NetworkManager[864]: <info>  [1666372007.4529] device (wlp3s0): state change: config -> failed (reason 'ssid-not-found', sys-iface-state: 'managed')
Oct 21 13:06:47 hostname NetworkManager[864]: <info>  [1666372007.4542] manager: NetworkManager state is now DISCONNECTED
Oct 21 13:06:47 hostname NetworkManager[864]: <warn>  [1666372007.4553] device (wlp3s0): Activation: failed for connection 'MY_WIFI'
Oct 21 13:06:47 hostname NetworkManager[864]: <info>  [1666372007.4561] device (wlp3s0): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed')

以下是我将路由器改为仅使用 WPA2 后的日志:

Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9722] policy: auto-activating connection 'MY_WIFI' (b0a3a436-f4c1-49f0-9acf-9fb49fb07e8f)
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9820] device (wlp3s0): Activation: starting connection 'MY_WIFI' (b0a3a436-f4c1-49f0-9acf-9fb49fb07e8f)
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9823] device (wlp3s0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9835] manager: NetworkManager state is now CONNECTING
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9850] device (wlp3s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9858] device (wlp3s0): Activation: (wifi) access point 'MY_WIFI' has security, but secrets are required.
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9859] device (wlp3s0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9958] device (wlp3s0): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed')
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9965] device (wlp3s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9972] device (wlp3s0): Activation: (wifi) connection 'MY_WIFI' has security, and secrets exist.  No new secrets needed.
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9973] Config: added 'ssid' value 'MY_WIFI'
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9973] Config: added 'scan_ssid' value '1'
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9973] Config: added 'bssid' value '07:78:3B:81:D2:1A'
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9974] Config: added 'key_mgmt' value 'WPA-PSK WPA-PSK-SHA256'
Oct 21 13:11:33 hostname NetworkManager[864]: <info>  [1666372293.9974] Config: added 'psk' value '<hidden>'
Oct 21 13:11:36 hostname NetworkManager[864]: <info>  [1666372296.0439] device (wlp3s0): supplicant interface state: disconnected -> scanning
Oct 21 13:11:40 hostname NetworkManager[864]: <info>  [1666372300.1260] device (wlp3s0): supplicant interface state: scanning -> associating
Oct 21 13:11:40 hostname NetworkManager[864]: <info>  [1666372300.2926] device (wlp3s0): supplicant interface state: associating -> 4way_handshake
Oct 21 13:11:40 hostname NetworkManager[864]: <info>  [1666372300.3023] device (wlp3s0): supplicant interface state: 4way_handshake -> completed
Oct 21 13:11:40 hostname NetworkManager[864]: <info>  [1666372300.3024] device (wlp3s0): Activation: (wifi) Stage 2 of 5 (Device Configure) successful. Connected to wireless network "MY_WIFI"
Oct 21 13:11:40 hostname NetworkManager[864]: <info>  [1666372300.3026] device (wlp3s0): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed')
Oct 21 13:11:40 hostname NetworkManager[864]: <info>  [1666372300.3038] dhcp4 (wlp3s0): activation: beginning transaction (timeout in 45 seconds)
Oct 21 13:11:42 hostname NetworkManager[864]: <info>  [1666372302.1066] dhcp6 (wlp3s0): activation: beginning transaction (timeout in 45 seconds)
Oct 21 13:11:42 hostname NetworkManager[864]: <info>  [1666372302.1120] dhcp6 (wlp3s0): state changed new lease, address=eefa:be00:31bd:6796:8f67:f3c8:1b05:170d
Oct 21 13:11:43 hostname NetworkManager[864]: <info>  [1666372303.4636] device (wlp3s0): state change: ip-config -> ip-check (reason 'none', sys-iface-state: 'managed')
Oct 21 13:11:43 hostname NetworkManager[864]: <info>  [1666372303.4707] device (wlp3s0): state change: ip-check -> secondaries (reason 'none', sys-iface-state: 'managed')
Oct 21 13:11:43 hostname NetworkManager[864]: <info>  [1666372303.4711] device (wlp3s0): state change: secondaries -> activated (reason 'none', sys-iface-state: 'managed')
Oct 21 13:11:43 hostname NetworkManager[864]: <info>  [1666372303.4716] manager: NetworkManager state is now CONNECTED_LOCAL
Oct 21 13:11:43 hostname NetworkManager[864]: <info>  [1666372303.4727] device (wlp3s0): Activation: successful, device activated.
Oct 21 13:11:43 hostname NetworkManager[864]: <info>  [1666372303.8405] dhcp4 (wlp3s0): state changed new lease, address=192.168.0.166
Oct 21 13:11:43 hostname NetworkManager[864]: <info>  [1666372303.8417] manager: NetworkManager state is now CONNECTED_SITE
Oct 21 13:11:43 hostname NetworkManager[864]: <info>  [1666372303.8420] policy: set 'MY_WIFI' (wlp3s0) as default for IPv4 routing and DNS
Oct 21 13:11:46 hostname NetworkManager[864]: <info>  [1666372306.1178] manager: NetworkManager state is now CONNECTED_GLOBAL

编辑:我做了一些进一步的研究,似乎没有办法强制使用 WPA2。WPA 和 WPA2 个人版安全设置显然名称错误,实际上适用于 WPA2 + WPA3 个人:

$ nmcli conn edit wifi
nmcli> describe wifi-sec.key-mgmt

=== [key-mgmt] ===
[NM property description]
Key management used for the connection. One of "none" (WEP or no password protection), "ieee8021x" (Dynamic WEP), "owe" (Opportunistic Wireless Encryption), "wpa-psk" (WPA2 + WPA3 personal), "sae" (WPA3 personal only), "wpa-eap" (WPA2 + WPA3 enterprise) or "wpa-eap-suite-b-192" (WPA3 enterprise only). This property must be set for any Wi-Fi connection that uses security.

此后,我发现了几个错误,它们似乎描述了我所看到的内容:

我注意到我正在运行 wpasupplicant 2.10-6 并升级到 2.10-9,但它并没有解决问题。

我还将网络管理器升级到 1.40,但问题仍未得到解决。

我能够进一步将问题缩小到 802.11w;默认情况下,OpenWrt 中的 WPA2/WPA3 混合模式设置将其设置为选修的,并警告某些设备不完全支持 802.11w。

根据这个:检查 802.11w (MFP/PMF) 支持(在 Linux 上),我的设备(使用 BCM43228 芯片组)似乎报告它支持 802.11w:

$ iw phy phy0 info | grep 00-0f-ac:6
        * CMAC (00-0f-ac:6)

因此,要么是错误地报告了 802.11w 支持,要么是存在其他问题。

我发现的唯一解决方法是将路由器设置为仅 WPA2,或者禁用 802.11w 的 WPA2/WPA3 混合模式。

相关内容