WiFi suddenly stopped working [solved]

[grknight]

Eselect news is important when existing installations need to be adjusted. However, documentation should not be discounted. People have been unnecessarily putting the tkip bomb in new configurations for 13 years following its depreciation. Why? Because the documentation told them to do that. I count myself among them. I cloned the recipe in the wiki in 2016, seven years after the tkip flag was deprecated.

FWIW, the wpa_supplicant man page echos the wiki for this setting as the default.

The real fix for everyone who is able to is to enter their router/AP's config and use AES instead of TKIP. This has been available for devices in the last decade or so for the most part.

[yayo]

I agree with anyone else who is asking for a news post in such case.

[bluenuht]

TLDR; Had the same issue, came to same +tkip fix conclusion

<vent>
I have 500 lines of notes trying to diagnose this.
6 kernel rebuilds
a custom wifi driver hand built
various hand built from tarball wpa_supplicants
not to mention the trip hazard while WiFi was down, when I had to use a 10ft Ethernet cable
I cannot count the hours spent on this.
</vent>

i will lodge a bug with upstream directly

[Jeff132312342q4323]

TLDR; Had the same issue, came to same +tkip fix conclusion

Thank you this USE flag fixed it for me, I was updating my entire system and was not aware that this USE flag was needed.

But for some reason without the USE flag, I was still able to connect to my personal hotspot, I guess that is a bit strange as I was not able to connect to my home wifi but my personal hotspot.

But anyways that is now fixed and I have updated entire system, and also upgraded to 5.17.0-gentoo-x86_64 kernel

[AstroFloyd]

TKIP appears to be needed for my five-year old modem/ap, so a news message would have been appreciated.

[Hu]

But for some reason without the USE flag, I was still able to connect to my personal hotspot, I guess that is a bit strange as I was not able to connect to my home wifi but my personal hotspot.

Your hotspot probably offers a newer and more secure protocol that succeeded TKIP.

TKIP appears to be needed for my five-year old modem/ap, so a news message would have been appreciated.

Is the AP unable to negotiate better at all, or is it merely configured to offer only TKIP currently? In the latter case, a configuration change of the AP would enable it to use a better protocol. Also, for the benefit of future readers, it would be helpful to mention the make and model of the bad AP, so that other readers can know they are likewise impacted.

[AstroFloyd]

Is the AP unable to negotiate better at all, or is it merely configured to offer only TKIP currently? In the latter case, a configuration change of the AP would enable it to use a better protocol. Also, for the benefit of future readers, it would be helpful to mention the make and model of the bad AP, so that other readers can know they are likewise impacted.

Fair enough.

However, I'm no expert in this matter. The device calls itself MediaAccess TG789bvn and lists Security Mode: WPA-PSK, WPA-PSK Encryption: TKIP&AES, WPA-PSK Version: WPA&WPA2. The term AES does not occur in the wpa_supplicant.conf man page, so I'm guessing its not an alternative to TKIP.

In the AP, I can only change the security mode, which is currently "WPA-PSK + WPA2-PSK" but can be changed to "Disabled", "WEP 64 bit", "WEP 128 bit", "WPA-PSK", "WPA2-PSK", "WPA", "WPA2" or "WPA + WPA2". Again, nowhere I can (de)select TKIP or an alternative.

In my wpa_supplicant.conf, all entries have lines like "pairwise=CCMP TKIP" and "group=CCMP TKIP", so I checked the man page but there is no example line that does not contain TKIP, so I'm not surprised that many people use it by default.

[mscili]

Thanks for this thread... I had the same problem (suddenly only fewer wireless access points available in NetworkManager, my mobile phone's hotspot working, my home router not appearing anymore). My home router was set to "WPA/WPA2 Personal" security, which only works with the tkip use flag activated in wpa_supplicant. If I change the router setting to only "WPA2 Personal", then TKIP is not needed anymore (and it works without the use flag on wpa_supplicant). It looks like the switch from TKIP to CCMP happens in an "hidden way" somewhere, hence the confusion.

I'll keep the tkip use flag activated even if I'm not using TKIP at home now - it may be easily needed to use my laptop away from home...

[SlashRhumSlashNeisson]

Hi,

i've just change my wpa_supplicant.conf like this:

Code: Select all

ssid="xxxxxxxxxxxxx"
psk=yyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyyy
scan_ssid=1
proto=RSN
key_mgmt=WPA-PSK
group=CCMP
pairwise=CCMP
priority=5

wpa_supplicant use flag:

Code: Select all

[I] net-wireless/wpa_supplicant
     Available versions:  2.10-r1 **9999*l {ap broadcom-sta +crda dbus eap-sim eapol-test fasteap +fils +hs2-0 macsec +mbo +mesh p2p privsep ps3 qt5 readline selinux smartcard tdls tkip uncommon-eap-types wep wimax wps}
     Installed versions:  2.10-r1(11:03:38 27/03/2022)(crda dbus fils hs2-0 mbo mesh qt5 readline -ap -broadcom-sta -eap-sim -eapol-test -fasteap -macsec -p2p -privsep -ps3 -selinux -smartcard -tdls -tkip -uncommon-eap-types -wep -wimax -wps)
     Homepage:            https://w1.fi/wpa_supplicant/
     Description:         IEEE 802.1X/WPA supplicant for secure wireless transfers

My router/AP's config use AES instead of TKIP.

[destroyedlolo]

According to Wikipedia, in 2009, IEEE resolved to deprecate TKIP. In 2012, a standard revision formally deprecated it.

The problem is there are lot of old routers around that CAN'T be udated : as example, my Internet Provided gave me a router (FreeBox V5) build in ... 2005 and it will charge me if I want a newer model (or the newer has less capabilities).

So I second the fact such changes have to be advertised

[MidnightCheese]

Removing the pairwise and grouptkip lines from the config helped me get back online as well. Thanks for solving this.

[dimpase]

A possible workaround is to build wpa_supplicant with the tkip USE flag. The default was tkip enabled until 2.10-r1 where the default was changed to disabled.

Thank you very much. So much old routers around

I got bitten by this just yesterday (and, possibly, earlier - my eduroam stopped working with wpa_supplicant v2.10 too)
Filed viewtopic-t-1147741.html

[Hu]

Filed viewtopic-t-1147741.html

That appears to be a URL to this thread. Did you mean wpa_supplicant version 2.10 needs USE="tkip"? If so, I doubt from the content of its comment #0 that it will go anywhere. TKIP has been deprecated for more than 10 years, and was disabled by default for good reason. I notice that the maintainers already have a compromise, in this warning in the postinst:

Code: Select all

	if ! use tkip; then
		ewarn "WARNING: You are building with TKIP support disabled, which is recommended since"
		ewarn "this protocol is deprecated and insecure.  If you still need to connect to"
		ewarn "TKIP-enabled networks, you may turn this flag back on.  With this flag off,"
		ewarn "TKIP-enabled networks, including mixed mode TKIP/AES-CCMP will not even show up"
		ewarn "as available.  If your network is missing you may wish to USE=tkip"
	fi

A better solution for many networks might be to change wpa_supplicant so that mixed mode TKIP/AES-CCMP networks are offered and used in a non-TKIP mode.