Wireless improvements

- Make WPA3 enterprise work - Create mix configuration for WPA2/WPA3 networks (WPA3 preferred) - Improve automatic security selection
2026-05-15 00:30:16 -05:00 · 2025-04-15 04:48:01 +02:00
parent 18edd99deb
commit c2139bce2d
1 changed files with 28 additions and 20 deletions
@@ -138,30 +138,37 @@ ipaddr_down(){
 # WPA3                    OK
 # WPA2 Enterprise         OK
 # WPA2/WPA3 Enterprise    OK
-# WPA3 Enterprise         dynamic IP NOK, static IP OK
+# WPA3 Enterprise         OK

 wpa_configuration(){
+  rm -f $WPA
+  [[ -z $2 ]] && FILE=$WPA || FILE=$WPA.s
+  if [[ ! -e $FILE ]]; then
+    echo "bgscan=\"\"" >$FILE
+    echo "country=${CC,,}" >>$FILE
+  fi
  PSK=$(wpa_passphrase "$SSID" "$PASSWORD" 2>/dev/null | grep -Pom1 '^\s+psk=\K.+')
  [[ -z $PSK ]] && PSK="\"$PASSWORD\""
-  [[ -z $2 ]] && echo "bgscan=\"\"" >$WPA || echo >$WPA
-  [[ -z $2 && -n $CC ]] && echo "country=${CC,,}" >>$WPA
+  [[ -z $2 && $1 == "SAE" ]] && echo "sae_pwe=1" >>$WPA
  echo "network={" >>$WPA
  echo "ssid=\"$SSID\"" >>$WPA
  echo "scan_ssid=1" >>$WPA
+  [[ $1 == "open" ]] && echo "key_mgmt=NONE" >>$WPA
  [[ $1 == "PSK" ]] && echo "key_mgmt=WPA-PSK" >>$WPA
  [[ $1 == "SAE" ]] && echo "key_mgmt=SAE" >>$WPA
  [[ $1 =~ "IEEE" && $1 != "IEEE 802.1X/SHA-256" ]] && echo "key_mgmt=WPA-EAP" >>$WPA
  [[ $1 == "IEEE 802.1X/SHA-256" ]] && echo "key_mgmt=WPA-EAP-SHA256" >>$WPA
  [[ $1 =~ "IEEE 802.1X" ]] && echo "eap=PEAP" >>$WPA
-  [[ $1 != "SAE" && ! $1 =~ "IEEE" ]] && echo "psk=$PSK" >>$WPA
+  [[ $1 == "PSK" ]] && echo "psk=$PSK" >>$WPA
  [[ $1 =~ "IEEE" ]] && echo "identity=\"$USERNAME\"" >>$WPA
-  [[ $1 =~ "IEEE" && $1 != "IEEE 802.1X/SHA-256" ]] && echo "password=\"$PASSWORD\"" >>$WPA
-  [[ $1 == "SAE" || $1 == "IEEE 802.1X/SHA-256" ]] && echo "sae_password=\"$PASSWORD\"" >>$WPA
+  [[ $1 =~ "IEEE" ]] && echo "password=\"$PASSWORD\"" >>$WPA
+  [[ $1 == "SAE" ]] && echo "sae_password=\"$PASSWORD\"" >>$WPA
+  [[ $1 == "IEEE 802.1X" ]] && echo "ieee80211w=1" >>$WPA
  [[ $1 == "SAE" || $1 == "IEEE 802.1X/SHA-256" ]] && echo "ieee80211w=2" >>$WPA
  [[ $1 =~ "IEEE" ]] && echo "phase2=\"auth=MSCHAPV2\"" >>$WPA
  [[ -n $2 ]] && echo "priority=$2" >>$WPA
  echo "}" >>$WPA
-  [[ -n $2 ]] && cat $WPA >>$WPA.tmp
+  [[ -n $2 ]] && cat $WPA >>$WPA.s
 }

 wifi_running(){
@@ -253,27 +260,28 @@ wifi_join(){
  REGION=$(grep -Pom1 '^REGION="\K[^"]+' $CFG)
  REGION_XX=$(grep -Pom1 '^REGION_XX="\K[^"]+' $CFG)
  [[ $REGION == '00' ]] && CC=$REGION_XX || CC=$REGION
-  if [[ ${SECURITY^^} == AUTO ]]; then
-    # auto generate config
+  if [[ $SECURITY == "auto" ]]; then
    log "wpa_configuration AUTO"
-    echo "bgscan=\"\"" >$WPA.tmp
-    [[ -n $CC ]] && echo "country=${CC,,}" >>$WPA.tmp
    wpa_configuration "IEEE 802.1X/SHA-256" 25
    wpa_configuration "IEEE 802.1X" 18
    wpa_configuration "SAE" 15
    wpa_configuration "PSK" 12
-    mv $WPA.tmp $WPA
-    [[ -n $(pgrep wpa_supplicant) ]] && pkill wpa_supplicant
-    run wpa_supplicant -B -i $PORT -c $WPA
-  elif [[ -z $SECURITY || ${SECURITY^^} == "OPEN" ]]; then
-    # open network
-    run iw dev $PORT connect "$SSID" auth open
+    mv $WPA.s $WPA
+  elif [[ $SECURITY == "IEEE 802.1X IEEE 802.1X/SHA-256" ]]; then
+    log "wpa_configuration WPA2/WPA3 Enterprise"
+    wpa_configuration "IEEE 802.1X/SHA-256" 25
+    wpa_configuration "IEEE 802.1X" 18
+    mv $WPA.s $WPA
+  elif [[ $SECURITY == "PSK SAE" ]]; then
+    log "wpa_configuration WPA2/WPA3 Personal"
+    wpa_configuration "SAE" 15
+    wpa_configuration "PSK" 12
+    mv $WPA.s $WPA
  else
-    # WPA encryption
    run wpa_configuration "$SECURITY"
-    [[ -n $(pgrep wpa_supplicant) ]] && pkill wpa_supplicant
-    run wpa_supplicant -B -i $PORT -c $WPA
  fi
+  [[ -n $(pgrep wpa_supplicant) ]] && pkill wpa_supplicant
+  run wpa_supplicant -B -i $PORT -c $WPA
  # IPv4 address assignment
  IP=ipv4
  DHCP=$DHCP4