WPA3 via Unifi APs

chpalmer

The previous firmware supported it, 5.53.1 was just putting them all on the same version again for the different gens of their AP.

4.3.28.11361 ?? Reason I ask is because non of my devices connected with WPA3 until I upgraded to the later firmware.

johnpoz

What AP are you using?

As you could see I was using old 5.43.24 firmware and was getting wpa3 personal on my iphone.. When connected to ssid set for personal wpa2/3 But that was on pro, lite and lr models - not flex or nano. A enterprise ssid was still showing wpa2-enterprise

They had released a .27 and a .28, but for the pro,lite and lr line, etc. When they jumped to 5.53 - they are all listed on the same firmware version.

edit: I upvoted your post over on the unifi forums as well - its just moronic that what a client is connected at be it wpa2 or 3 is not on the controller.. Installing the profile is a pita, and its only good for like 30 days even. stupid why that needs a specific profile to be given to the user.. Great info there should just be default.. Actual signal strength, specific bssid connected to, etc.

edit: So with the latest firmware 5.53.1.12737, looks like showing that connected with wpa3-enterprise

I had bumped my sons on his flexHD to wpa2/3 personal.. But he had a problem with one of his roku sticks. I will have to try moving back to wpa3, see if I can even just turn off wpa2.. But I doubt some of his stuff, tv and rokus support 3, so will prob have to leave it in transition mode.

meejack970

This post is deleted!

slu

@johnpoz said in WPA3 via Unifi APs:

I changed the cipher_list from default to HIGH, and then even just called out AES256-SHA256 by editing freeradius.inc - since couldn't find a way to edit that in the freerad gui..

Is this necessary?
Look like there is no option in the FreeRADIUS GUI...

johnpoz

No - That was me troubleshooting, that turned out to be an issue with no users on my part..

cipherlist is currently back to default

		cipher_list = "DEFAULT"

bcruze

interesting thread.

i have a Flexhd, nano, and AC LR at my residence.

i have enabled WPA 3 on one SSID and this is what it shows on my 2019 Macbook pro 2019; using system information > network > WIFI

Channel: 48,-1
Country Code: US
Network Type: Infrastructure
Security: WPA2/WPA3 Personal
Signal / Noise: -42 dBm / -91 dBm
Transmit Rate: 400
MCS Index: 9

since i don't have Apple devloper access i have no idea if it actually connected at WPA3
i have i XS, 12 and Ipad mini 5 and all stay connected but no idea on wpa2 or 3

johnpoz

@bcruze said in WPA3 via Unifi APs:

i don't have Apple devloper access i have no idea if it actually connected at WPA3

I have to assume you have an apple ID - if you have a mac ;)

So you just have accept the developers agreement to get access.

Turn off the wpa2 access in the ssid, then you would know for sure it connected with wpa3 ;)

bcruze

@johnpoz
ah i never looked into dev mode. i assumed it was invite only

confirmed those newer devices DO actually connect at wpa3 on the SSID i posted

johnpoz

I really don't get why that info is just not part of the basic info given to you when you look at your wifi.. That you have to jump through hoops and install some "profile" to be able to get that info is just nuts if you ask me.

And it expires very quickly too.. So have to pretty much install it every time you want to look at the info - even if only a few weeks later.

The other day was I was looking to see some info - and the wifi profile for ios wasn't even listed.. Was like wtf - did they stop publishing it? But then day or so later checked again and it was listed again..

I think I mentioned it elsewhere - but other little odd thing I have run into.. Is I was using QR codes to allow my guests to connect. And those don't seem to work if your in wpa3 only mode.. But if you allow for wpa2 on the same ssid, then the qr codes work, and it does show they connected via wpa3.

leolk

Hi,

May I ask you what parameters had you changed in freeradius.inc? I’ve changed cipher list but it does not work. Clients seem to receive no packet at all.However, WPA2 works very well. Thank you very much.

Running EAP-TLS & SHA512 cert with Aruba AP(