[Bug 2029876] Re: NetPlan Does Not Support WPA3 Enterprise

Launchpad Bug Tracker 2029876 at bugs.launchpad.net
Wed Jan 24 16:27:09 UTC 2024 

This bug was fixed in the package netplan.io - 0.107.1-3

---------------
netplan.io (0.107.1-3) unstable; urgency=medium

  * d/t/prep-testbed.sh: Improve autopkgtest reliability
  * d/p/python-limited-stable-api.patch: Build Python module against stable API
    (LP: #2050881)
  * d/patches: Cleanup DEP-3 headers

 -- Lukas Märdian <slyon at debian.org>  Tue, 23 Jan 2024 11:13:19 +0100

** Changed in: netplan.io (Ubuntu)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to netplan.io in Ubuntu.
Matching subscriptions: foundations-bugs
https://bugs.launchpad.net/bugs/2029876

Title:
  NetPlan Does Not Support WPA3 Enterprise

Status in netplan:
  Fix Committed
Status in netplan.io package in Ubuntu:
  Fix Released

Bug description:
  Hi,

  NetPlan does not appear to support WPA3 Enterprise (WiFi 6e)
  connections.

  #netplan configuration
  network:
    version: 2
    wifis:
      renderer: networkd
      wlan0:
        access-points:
          my-6e-network:
            auth:
              key-management: eap
              method: tls
              identity: "my-6e-client"
              ca-certificate: /etc/ssl/certs/ca-certificates.crt
              client-certificate: /etc/ssl/certs/my_cert.crt
              client-key: /etc/ssl/private/my_key.key
        dhcp4: yes

  
  If I look at the generated WPA Supplicant file, I have the following:

  # Generated /run/netplan/wpa-wlan0.conf 
  ctrl_interface=/run/wpa_supplicant

  network={
    ssid="my-6e-network"
    key_mgmt=WPA-EAP
    eap=TLS
    identity="my-6e-client"
    ca_cert="/etc/ssl/certs/ca-certificates.crt"
    client_cert="/etc/ssl/certs/my_cert.crt"
    private_key="/etc/ssl/private/my_key.key"
  }

  However, for WPA3 Enterprise (WiFi 6E) I need the following wpa supplicant config to be created:
  ctrl_interface=/run/wpa_supplicant

  # Required /run/netplan/wpa-wlan0.conf 
  network={
    ssid="my-6e-network"
    key_mgmt=WPA-EAP WPA-EAP-SHA256
    eap=TLS
    ieee80211w=1
    identity="my-6e-client"
    ca_cert="/etc/ssl/certs/ca-certificates.crt"
    client_cert="/etc/ssl/certs/my_cert.crt"
    private_key="/etc/ssl/private/my_key.key"
  }

  
  Per https://bugs.launchpad.net/netplan/+bug/2023238, it looks like "key-management: sae" should work but this requires a "password" and in this scenario for WPA3 enterprise, we're using cert based authentication. We also do not ave the ability to set ieee80211w=1

To manage notifications about this bug go to:
https://bugs.launchpad.net/netplan/+bug/2029876/+subscriptions

More information about the foundations-bugs mailing list