[Bug 2029876] Re: NetPlan Does Not Support WPA3 Enterprise

Lukas Märdian 2029876 at bugs.launchpad.net
Mon Sep 4 14:15:45 UTC 2023 

** Also affects: netplan.io (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: netplan.io (Ubuntu)
       Status: New => Fix Released

** Changed in: netplan.io (Ubuntu)
       Status: Fix Released => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to netplan.io in Ubuntu.
Matching subscriptions: foundations-bugs
https://bugs.launchpad.net/bugs/2029876

Title:
  NetPlan Does Not Support WPA3 Enterprise

Status in netplan:
  Fix Committed
Status in netplan.io package in Ubuntu:
  Confirmed

Bug description:
  Hi,

  NetPlan does not appear to support WPA3 Enterprise (WiFi 6e)
  connections.

  #netplan configuration
  network:
    version: 2
    wifis:
      renderer: networkd
      wlan0:
        access-points:
          my-6e-network:
            auth:
              key-management: eap
              method: tls
              identity: "my-6e-client"
              ca-certificate: /etc/ssl/certs/ca-certificates.crt
              client-certificate: /etc/ssl/certs/my_cert.crt
              client-key: /etc/ssl/private/my_key.key
        dhcp4: yes

  
  If I look at the generated WPA Supplicant file, I have the following:

  # Generated /run/netplan/wpa-wlan0.conf 
  ctrl_interface=/run/wpa_supplicant

  network={
    ssid="my-6e-network"
    key_mgmt=WPA-EAP
    eap=TLS
    identity="my-6e-client"
    ca_cert="/etc/ssl/certs/ca-certificates.crt"
    client_cert="/etc/ssl/certs/my_cert.crt"
    private_key="/etc/ssl/private/my_key.key"
  }

  However, for WPA3 Enterprise (WiFi 6E) I need the following wpa supplicant config to be created:
  ctrl_interface=/run/wpa_supplicant

  # Required /run/netplan/wpa-wlan0.conf 
  network={
    ssid="my-6e-network"
    key_mgmt=WPA-EAP WPA-EAP-SHA256
    eap=TLS
    ieee80211w=1
    identity="my-6e-client"
    ca_cert="/etc/ssl/certs/ca-certificates.crt"
    client_cert="/etc/ssl/certs/my_cert.crt"
    private_key="/etc/ssl/private/my_key.key"
  }

  
  Per https://bugs.launchpad.net/netplan/+bug/2023238, it looks like "key-management: sae" should work but this requires a "password" and in this scenario for WPA3 enterprise, we're using cert based authentication. We also do not ave the ability to set ieee80211w=1

To manage notifications about this bug go to:
https://bugs.launchpad.net/netplan/+bug/2029876/+subscriptions

More information about the foundations-bugs mailing list