-
-
Notifications
You must be signed in to change notification settings - Fork 14.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
nixos/hostapd: Disable insecure TKIP, enable 802.11n/ac, usability #91188
Conversation
Leaving this blank leads to a confusing error about systemd unit dependencies.
It's possible that setting wpa=2 disables TKIP anyway, but on my machine I could not get 802.11n to work without setting rsn_pairwise=CCMP. N.B. rsn_pairwise takes its default from wpa_pairwise.
WFM. This is also compatible with (mixed and pure) WPA3-PSK setups.
On the condition that this is a backwards compatible change, which is apparently what you tested already. |
To clarify, I tested that with n/ac enabled, a g-only client was able to access the network as one would expect. I realise now that there's also the question of whether @aanderse well, in this case If we find there is backwards-incompatibility: If we find there is not: |
Yep, that is the corner case I'm most worried about here. I currently imagine it checks for the capability and dies. I'd be happy to be proven wrong though.
Indeed, thats an important undertaking for getting real hostapd usage under way. It was already started here: #49171 |
@gloaming if you feel confident that you write a See #73872 for a nice example of deprecating. At this point @filalex77 might consider making a simple PR removing the To directly answer your question, though, the above mentioned RFC is currently the main discussion point around introducing |
I can test this on an older device that has no 802.11ac. EDIT: Never mind, the driver doesn't support AP mode at all. |
@lbonn in that case I'll call in our RFC42 expert @infinisil to take a look at the format and see if he has any advice. Maybe I steered you in the wrong direction... 😟 |
what an awful format… this can still be structured, e.g. by defining a |
I marked this as stale due to inactivity. → More info |
Given how stale #49171 is, I think this should be merged anyway to make the default configuration for hostapd on NixOS not so unusably bad. I agree that a change based on structured configuration (something like #49171) would be best, but it should not be a requirement to improve the existing non-structured configuration. (There are already many other services which have non-structured configuration and we don't block config improvements for them) |
I agree with both @lheckemann on how it should be implemented as |
Please don't merge merge commits in the future. |
Motivation for this change
N.B. rsn_pairwise takes its default from wpa_pairwise.
In summary, it's now much easier to set up a fast and secure AP. Note that
iwlwifi
's 5Ghz support on Intel radio chips is mostly nonexistent.Things done
Tested against nixos-unstable 9480bae; 802.11n works at 80Mbit as expected.
sandbox
innix.conf
on non-NixOS linux)nix-shell -p nixpkgs-review --run "nixpkgs-review wip"
./result/bin/
)nix path-info -S
before and after)