Netplan

NetPlan Does Not Support WPA3 Enterprise

Bug #2029876 reported by Kamran Siddiqi on 2023-08-03

This bug affects 2 people

	Status	Importance	Assigned to
Netplan	Fix Released	High	Unassigned
netplan.io (Ubuntu)	Fix Released	Undecided	Unassigned
Mantic	Incomplete	Undecided	Unassigned

Bug Description

Hi,

NetPlan does not appear to support WPA3 Enterprise (WiFi 6e) connections.

#netplan configuration
network:
  version: 2
  wifis:
    renderer: networkd
    wlan0:
      access-points:
        my-6e-network:
          auth:
            key-management: eap
            method: tls
            identity: "my-6e-client"
            ca-certificate: /etc/ssl/certs/ca-certificates.crt
            client-certificate: /etc/ssl/certs/my_cert.crt
            client-key: /etc/ssl/private/my_key.key
      dhcp4: yes

If I look at the generated WPA Supplicant file, I have the following:

# Generated /run/netplan/wpa-wlan0.conf
ctrl_interface=/run/wpa_supplicant

network={
  ssid="my-6e-network"
  key_mgmt=WPA-EAP
  eap=TLS
  identity="my-6e-client"
  ca_cert="/etc/ssl/certs/ca-certificates.crt"
  client_cert="/etc/ssl/certs/my_cert.crt"
  private_key="/etc/ssl/private/my_key.key"
}

However, for WPA3 Enterprise (WiFi 6E) I need the following wpa supplicant config to be created:
ctrl_interface=/run/wpa_supplicant

# Required /run/netplan/wpa-wlan0.conf
network={
  ssid="my-6e-network"
  key_mgmt=WPA-EAP WPA-EAP-SHA256
  eap=TLS
  ieee80211w=1
  identity="my-6e-client"
  ca_cert="/etc/ssl/certs/ca-certificates.crt"
  client_cert="/etc/ssl/certs/my_cert.crt"
  private_key="/etc/ssl/private/my_key.key"
}

Per https://bugs.launchpad.net/netplan/+bug/2023238, it looks like "key-management: sae" should work but this requires a "password" and in this scenario for WPA3 enterprise, we're using cert based authentication. We also do not ave the ability to set ieee80211w=1

Lukas Märdian (slyon) on 2023-08-07

Changed in netplan:
status:	New → Triaged
importance:	Undecided → High
tags:	added: foundations-todo

Revision history for this message

Lukas Märdian (slyon) wrote on 2023-08-23:

https://github.com/canonical/netplan/pull/402

Changed in netplan:
status:	Triaged → In Progress

Danilo Egea Gondolfo (danilogondolfo) on 2023-08-24

tags:	removed: foundations-todo
Changed in netplan:
status:	In Progress → Fix Committed

Lukas Märdian (slyon) on 2023-09-04

Changed in netplan:
status:	Fix Committed → Fix Released
status:	Fix Released → Fix Committed
Changed in netplan.io (Ubuntu):
status:	New → Fix Released
status:	Fix Released → Confirmed

Revision history for this message

Launchpad Janitor (janitor) wrote on 2024-01-24:

This bug was fixed in the package netplan.io - 0.107.1-3

---------------
netplan.io (0.107.1-3) unstable; urgency=medium

  * d/t/prep-testbed.sh: Improve autopkgtest reliability
  * d/p/python-limited-stable-api.patch: Build Python module against stable API
    (LP: #2050881)
  * d/patches: Cleanup DEP-3 headers

-- Lukas Märdian <email address hidden> Tue, 23 Jan 2024 11:13:19 +0100

Changed in netplan.io (Ubuntu):
status:	Confirmed → Fix Released

Revision history for this message

Lukas Märdian (slyon) wrote on 2024-01-29:

Released as of 0.107.1

Changed in netplan:
status:	Fix Committed → Fix Released

Revision history for this message

Łukasz Zemczak (sil2100) wrote on 2024-04-29:

Can we get proper SRU information on this bug? Thank you!

Changed in netplan.io (Ubuntu Mantic):
status:	New → Incomplete

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.