# Wifi randomly quits but still shows as connected (NetMngr)

## jroth

I'm using NetworkManager ontop of systemd to manage my WiFi connection on a Dell XPS 13 model 9370. It was working pretty well for like a year, but recently I'm having a problem on my home wifi network - about once an hour, the wifi connection just... completely locks up. I can't send packets anywhere or ping anything; I can't even reach the router interface on 192.168.0.1. The only way to get it working again is to restart the NetworkManager service.

The weird thing is that when I'm having this problem, NetworkManager and the rest of the system still seem to think they're connected - "ip a" shows the same output when it's locked up as when it's working normally, and at the time that the problem starts there's no

associated messages in dmesg or journalctl, except for maybe this one:

```

Mar 09 22:03:26 hekate wpa_supplicant[2712]: wlp2s0: WPA: Group rekeying completed with c8:54:4b:09:c6:69 [GTK=TKIP]

```

that "group rekeying" message shows up from time to time in journalctl, and it

seems to often appear slightly before the WiFi quits, but correlation is not

causation.

Even stranger, I've only had this problem when connected to my home router (a

Zyxel C3000Z), and my laptop is the only device in the house that has this

problem. I even have a Gentoo desktop which is also using NetworkManager and

systemd and it never has this problem.

Anyone have any sense of what's going on here or how I could better diagnose

it?

----------

## Juippisi

Few things come to mind, 

1: Are you using 'iwd'? I noticed similar behaviour with iwd in systemd and when I switched it off, my net hasn't disconnected.

2: Maybe https://gitweb.gentoo.org/repo/gentoo.git/commit/net-misc/networkmanager?id=2587f0225c6aaa23fcef6a09f4e92c3b2fda3769 these changes broke it for you and you want to back out from them.

Sorry, no further clues. You might also want to try latest networkmanager-1.22.10 that needs unmasking.

----------

## jroth

 *Juippisi wrote:*   

> Few things come to mind, 
> 
> 1: Are you using 'iwd'? I noticed similar behaviour with iwd in systemd and when I switched it off, my net hasn't disconnected.
> 
> 2: Maybe https://gitweb.gentoo.org/repo/gentoo.git/commit/net-misc/networkmanager?id=2587f0225c6aaa23fcef6a09f4e92c3b2fda3769 these changes broke it for you and you want to back out from them.
> ...

 https://unix.stackexchange.com/questions/312280/split-string-by-delimiter-and-get-n-th-element

1. Nope, iwd isn't installed

2. That patch does seem to be from about the time (early this year) that the problem first occurred

I'll start emerging the the 1.22.10 version and see if that helps.

----------

## jroth

 *jroth wrote:*   

> 
> 
> I'll start emerging the the 1.22.10 version and see if that helps.

 

Upon emerging networkmanager 1.22.10 and rebooting, my wifi didn't work at all. Is there something I have to rebuild/reconfigure to get this version to run?

----------

## Juippisi

 *jroth wrote:*   

> 
> 
> Upon emerging networkmanager 1.22.10 and rebooting, my wifi didn't work at all. Is there something I have to rebuild/reconfigure to get this version to run?
> 
> 

 

It should work out of the box, it's not much different from the stable version... may I ask what USE flags you have enabled?

Here's what you can do to get the latest working version: 

Make a local overlay, https://wiki.gentoo.org/wiki/Handbook:AMD64/Portage/CustomTree#Defining_a_custom_repository

```

cd path/to/your/local/repo

mkdir net-misc

cp -r /var/db/repos/gentoo/net-mics/networkmanager net-misc

cd net-misc/networkmanager

wget https://gitweb.gentoo.org/repo/gentoo.git/plain/net-misc/networkmanager/networkmanager-1.18.4-r1.ebuild?id=cc4abb64572ec522fa4904b9092e65cc3e3bd7c1 -O networkmanager-1.18.4-r5

```

Remove the unmask for 1.22 and try updating networkmanager. Your -r5 will be older than the current -r3 in tree.

Although I'd like to find a reason why 1.22 doesnt work at all ;)

----------

## jroth

 *Juippisi wrote:*   

> 
> 
> It should work out of the box, it's not much different from the stable version... may I ask what USE flags you have enabled?
> 
> Although I'd like to find a reason why 1.22 doesnt work at all 

 

I've got:

```
jacob@hekate ~ $ equery uses net-misc/networkmanager

[ Legend : U - final flag setting for installation]

[        : I - package is installed with flag     ]

[ Colors : set, unset                             ]

 * Found these USE flags for net-misc/networkmanager-1.18.4-r3:

 U I

 + + abi_x86_32         : 32-bit (x86) libraries

 - - audit              : Enable support for Linux audit subsystem using sys-process/audit

 + + bluetooth          : Enable Bluetooth Support

 - - connection-sharing : Use net-dns/dnsmasq and net-firewall/iptables for connection sharing

 + + dhclient           : Use dhclient from net-misc/dhcp for getting ip

 - - dhcpcd             : Use net-misc/dhcpcd for getting ip

 - - gnutls             : Prefer net-libs/gnutls as SSL/TLS provider (ineffective with USE=-ssl)

 + + introspection      : Add support for GObject based introspection

 - - iwd                : Use net-wireless/iwd instead of net-wireless/wpa_supplicant for wifi support

                          by default

 - - json               : Enable JSON validation via dev-libs/jansson in libnm.

 + + modemmanager       : Enable support for mobile broadband devices using net-misc/modemmanager

 + + ncurses            : Add ncurses support (console display library)

 + + nss                : Use dev-libs/nss for cryptography

 - - ofono              : Use net-misc/ofono for telephony support.

 - - ovs                : Enable OpenVSwitch support

 - - policykit          : Enable PolicyKit authentication support

 + + ppp                : Enable support for mobile broadband and PPPoE connections using

                          net-dialup/ppp

 - - resolvconf         : Use net-dns/openresolv for managing DNS information in /etc/resolv.conf.

                          Generally, a symlink to /run/NetworkManager/resolv.conf is simpler. On

                          systems running systemd-resolved, disable this flag and create a symlink to

                          /run/systemd/resolve/stub-resolv.conf.

 + + systemd            : Enable use of systemd-specific libraries and features like socket activation

                          or session tracking

 - - teamd              : Enable Teamd control support

 - - test               : Enable dependencies and/or preparations necessary to run tests (usually

                          controlled by FEATURES=test but can be toggled independently)

 - - vala               : Enable bindings for dev-lang/vala

 + + wext               : Enable support for the deprecated Wext (Wireless Extensions) API; needed for

                          some older drivers (e.g. ipw2200, ndiswrapper)

 + + wifi               : Enable support for wifi and 802.1x security

jacob@hekate ~ $ 
```

----------

## deagol

About the original problem:

This is very likely caused by PTK rekeying. Quite some cards (seems to be >50%) have some problems with replacing the unicast key in a running association. This is (with at least hostapd) by default the case when you use WPA-EAP. In that case any traffic at the time the connection is rekeyed is dangerous. (When there are no packets at all in a few ms window it works but even light traffic can trigger the bug.) When you wait a full hour it should start working again, but the ways below are a much better way to confirm you have that issue.

When your wifi card is using mac80211 and a kernel >=4.20 you will get a warning in the log when it (used to) freeze:

```

Rekeying PTK for STA XX:XX:XX:XX:XX:XX but driver can't safely do that.

```

Alternatively you can also enable debugging in wpa_supplicant and check if you get a log message like that when it freezes:

(You must see that line at the initial connect. If not something is wrong with your debug settings.)

```

WPA: Key negotiation completed with XX:XX:XX:XX:XX:XX [PTK=XXXX GTK=XXXX]

```

Depending what exactly is the problem for you a kernel >= 4.20 can even solve the issue. You have a very good chance when you are using ath9k on the system you update the kernel on.

Once you confirm you have a PTK rekey problem there are multiple options.

1) Stop rekeying PTK key. (In hostapd it can be disabled. Commercial Routers may be a bit more tricky.)

2) Try to get rekeying working (Can be hard without replacing HW, the problem can be the Router, the Client or even both)

2) Or a very recent workaround: Use wpa_supplicant from git and enable wpa_deny_ptk0_rekey (May need a compile time change)

----------

## jroth

 *deagol wrote:*   

> 
> 
> Alternatively you can also enable debugging in wpa_supplicant and check if you get a log message like that when it freezes:
> 
> (You must see that line at the initial connect. If not something is wrong with your debug settings.)
> ...

 

I've managed to put my wpa_supplicant into debug mode and I see:

```
wpa_supplicant[8795]: wlp2s0: WPA: Key negotiation completed with c8:54:4b:09:c6:69 [PTK=CCMP GTK=TKIP]
```

I'll see if any of those rekeying messages show up.

 *Quote:*   

> 
> 
> Depending what exactly is the problem for you a kernel >= 4.20 can even solve the issue. You have a very good chance when you are using ath9k on the system you update the kernel on.
> 
> 

 

This system is using ath10k, does that have the same issue?

----------

## deagol

 *jroth wrote:*   

> 
> 
> This system is using ath10k, does that have the same issue?

 To my best knowledge ath10k is doing everything perfectly fine. It's doing everything critical in HW and bypass the problematic parts in mac80211.

It's also not a simple bug, more a oversight that there is a special case and not handling it. This results in card/driver internals playing a mayor role how it plays out. (The oversight is not limited to Linux drivers, a sizeable fraction of driver authors missed it.)

When we can link it to PTK rekeys - and your problem description is dead on how that would look like - it must be your AP.

The only potential derivation is that you claim that only restarting the NetworkManager helps. In my cases manual reconnects are also working. (Basically anything what forces wpa_supplicat to replace the PTK  must help.)

Even when other clients are working fine with the AP it's still possible and even likely - depending what the other STAs are and which cards they have. Especially windows clients and at least some android devices have additional bugs which are accidentally mitigating the issue for most cards I tested. They are doing things from a standard point of view even worse, causing a much more obvious error and trigger a reconnect (But I only have a comprehensive understandig for mac80211 cards using ath9k, ath10k and iwlwifi.)

You can btw. trigger the PTK issue(s) quite reliable when you have network load at the time. Downloads/uploads or flood pings is sufficient to trigger it for me every time. Generally rule is: The closer you are to the AP (and the higher the connection rate) the better the chances to trigger the issue. Not using A-MPDU drastically reduces the chances but it also depends on the card/driver with the bug. ath9k simply is the worst-case scenario and affected by all isuses. iwlwifi had more "luck" and sides step most of them when not using A-MPDU. Ath10k is the winner so far which side steps all...

----------

## jroth

 *deagol wrote:*   

> 
> 
> When we can link it to PTK rekeys - and your problem description is dead on how that would look like - it must be your AP. 

 

so, if all the evidence comes back the way you think it will, I will have to somehow fix my router? It's a Zyxel C3000Z, provided by my ISP.

----------

## deagol

 *jroth wrote:*   

> so, if all the evidence comes back the way you think it will, I will have to somehow fix my router? It's a Zyxel C3000Z, provided by my ISP.

 

Wenn you have an accesible setting to disable PTK rekey on the router that`s the obvious way to go.

Missing that you probably will have to use the new feature in wpa_supplicant to work around the problems in your client, at least when you need a fix now. But I really would test that first... After all there are other ways to get similar synthoms, they just seem less likely.

----------

## jroth

For further diagnosis, now that I've started running wpa_supplicant with debugging turned on, I can see this message from right before the problems start:

```
Mar 31 20:21:22 hekate wpa_supplicant[2607]: l2_packet_receive: src=c8:54:4b:09:c6:68 len=147

Mar 31 20:21:22 hekate wpa_supplicant[2607]: wlp2s0: RX EAPOL from c8:54:4b:09:c6:68

Mar 31 20:21:22 hekate wpa_supplicant[2607]: RX EAPOL - hexdump(len=147): 02 03 00 8f 02 13 82 00 00 00 00 00 00 00 00 00 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >

Mar 31 20:21:22 hekate wpa_supplicant[2607]: wlp2s0: IEEE 802.1X RX: version=2 type=3 length=143

Mar 31 20:21:22 hekate wpa_supplicant[2607]: WPA: RX EAPOL-Key - hexdump(len=147): 02 03 00 8f 02 13 82 00 00 00 00 00 00 00 00 00 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 >

Mar 31 20:21:22 hekate wpa_supplicant[2607]: wlp2s0:   EAPOL-Key type=2

Mar 31 20:21:22 hekate wpa_supplicant[2607]: wlp2s0:   key_info 0x1382 (ver=2 keyidx=0 rsvd=0 Group Ack MIC Secure Encr)

Mar 31 20:21:22 hekate wpa_supplicant[2607]: wlp2s0:   key_length=0 key_data_length=48

Mar 31 20:21:22 hekate wpa_supplicant[2607]:   replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 07

Mar 31 20:21:22 hekate wpa_supplicant[2607]:   key_nonce - hexdump(len=32): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Mar 31 20:21:22 hekate wpa_supplicant[2607]:   key_iv - hexdump(len=16): ab bd 52 3d 33 24 5f 15 46 86 ab 78 49 36 b9 89

Mar 31 20:21:22 hekate wpa_supplicant[2607]:   key_rsc - hexdump(len=8): 00 00 00 00 00 00 00 00

Mar 31 20:21:22 hekate wpa_supplicant[2607]:   key_id (reserved) - hexdump(len=8): 00 00 00 00 00 00 00 00

Mar 31 20:21:22 hekate wpa_supplicant[2607]:   key_mic - hexdump(len=16): ac d9 3d ce 32 2e 03 b7 a2 b1 f4 fe 67 43 7d a6

Mar 31 20:21:22 hekate wpa_supplicant[2607]: WPA: EAPOL-Key MIC using HMAC-SHA1

Mar 31 20:21:22 hekate wpa_supplicant[2607]: RSN: encrypted key data - hexdump(len=48): a0 ba 3b c9 49 b7 24 f1 3a 1e d7 71 d4 cd 3e f4 c0 88 89 d0 1f dd f7 ee 6f ac fe 9d 10 0f 9a 48 09 39 03 bf f0 cb 3e dc 05 9>

Mar 31 20:21:22 hekate wpa_supplicant[2607]: WPA: Decrypt Key Data using AES-UNWRAP (KEK length 16)

Mar 31 20:21:22 hekate wpa_supplicant[2607]: WPA: decrypted EAPOL-Key key data - hexdump(len=40): [REMOVED]

Mar 31 20:21:22 hekate wpa_supplicant[2607]: wlp2s0: WPA: RX message 1 of Group Key Handshake from c8:54:4b:09:c6:68 (ver=2)

Mar 31 20:21:22 hekate wpa_supplicant[2607]: RSN: msg 1/2 key data - hexdump(len=40): [REMOVED]

Mar 31 20:21:22 hekate wpa_supplicant[2607]: WPA: GTK in EAPOL-Key - hexdump(len=40): [REMOVED]

Mar 31 20:21:22 hekate wpa_supplicant[2607]: RSN: received GTK in group key handshake - hexdump(len=34): [REMOVED]

Mar 31 20:21:22 hekate wpa_supplicant[2607]: wlp2s0: State: COMPLETED -> GROUP_HANDSHAKE

Mar 31 20:21:22 hekate wpa_supplicant[2607]: WPA: Group Key - hexdump(len=32): [REMOVED]

Mar 31 20:21:22 hekate wpa_supplicant[2607]: wlp2s0: WPA: Installing GTK to the driver (keyidx=1 tx=0 len=32)

Mar 31 20:21:22 hekate wpa_supplicant[2607]: WPA: RSC - hexdump(len=6): 00 00 00 00 00 00

Mar 31 20:21:22 hekate wpa_supplicant[2607]: wpa_driver_nl80211_set_key: ifindex=3 (wlp2s0) alg=2 addr=0x559350829369 key_idx=1 set_tx=0 seq_len=6 key_len=32

Mar 31 20:21:22 hekate wpa_supplicant[2607]: nl80211: KEY_DATA - hexdump(len=32): [REMOVED]

Mar 31 20:21:22 hekate wpa_supplicant[2607]: nl80211: KEY_SEQ - hexdump(len=6): 00 00 00 00 00 00

Mar 31 20:21:22 hekate wpa_supplicant[2607]:    broadcast key

Mar 31 20:21:22 hekate wpa_supplicant[2607]: wlp2s0: WPA: Sending EAPOL-Key 2/2

Mar 31 20:21:22 hekate wpa_supplicant[2607]: WPA: Send EAPOL-Key frame to c8:54:4b:09:c6:68 ver=2 mic_len=16 key_mgmt=0x2

Mar 31 20:21:22 hekate wpa_supplicant[2607]: WPA: EAPOL-Key MIC using HMAC-SHA1

Mar 31 20:21:22 hekate wpa_supplicant[2607]: WPA: KCK - hexdump(len=16): [REMOVED]

Mar 31 20:21:22 hekate wpa_supplicant[2607]: WPA: Derived Key MIC - hexdump(len=16): 01 25 89 7b bb 1d e7 ee ce 7b 72 3e 1d a3 b7 bb

Mar 31 20:21:22 hekate wpa_supplicant[2607]: WPA: TX EAPOL-Key - hexdump(len=99): 01 03 00 5f 02 03 02 00 00 00 00 00 00 00 00 00 07 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0>

Mar 31 20:21:22 hekate wpa_supplicant[2607]: wlp2s0: WPA: Group rekeying completed with c8:54:4b:09:c6:68 [GTK=TKIP]

Mar 31 20:21:22 hekate wpa_supplicant[2607]: wlp2s0: Cancelling authentication timeout

Mar 31 20:21:22 hekate wpa_supplicant[2607]: wlp2s0: State: GROUP_HANDSHAKE -> COMPLETED

Mar 31 20:21:22 hekate wpa_supplicant[2607]: dbus: flush_object_timeout_handler: Timeout - sending changed properties of object /fi/w1/wpa_supplicant1/Interfaces/4

Mar 31 20:28:09 hekate kernel: snd_hda_intel 0000:00:1f.3: Unstable LPIB (352800 >= 176400); disabling LPIB delay counting

Mar 31 20:37:17 hekate kernel: CPU4: Core temp
```

is this the rekeying we're looking for?

 *Quote:*   

> 
> 
> The only potential derivation is that you claim that only restarting the NetworkManager helps. In my cases manual reconnects are also working. (Basically anything what forces wpa_supplicat to replace the PTK must help.) 

 

Also, I did encounter recently some cases where manual reconnecting gets it working again.

----------

## deagol

The log is only showing a GTK rekey, not a PTK one. If you do not have other log messages prior to the ones shown here it must be something else. 

PTK rekey should happen prior to the GTK and produce even more lines than shown here.

But I do not See how anything related to the GTK can cause the symtoms... GTK is only used to encrypt broadcast frames from the AP, so even ARP is using PTK in all common cases. (Broadcast from the STA uses the PTK and the AP is using unicast to answer it.)

Assuming you did not cut oft lines showing also a PTK rekey we must start looking elsewhere...

----------

## jroth

 *deagol wrote:*   

> The log is only showing a GTK rekey, not a PTK one. If you do not have other log messages prior to the ones shown here it must be something else. 

 

So this is all the wpa_supplicant messages for an hour before I noticed the problem:

```
Apr 09 13:39:37 hekate wpa_supplicant[2719]: l2_packet_receive: src=c8:54:4b:09:c6:69 len=179

Apr 09 13:39:37 hekate wpa_supplicant[2719]: wlp2s0: RX EAPOL from c8:54:4b:09:c6:69

Apr 09 13:39:37 hekate wpa_supplicant[2719]: RX EAPOL - hexdump(len=179): 02 03 00 af 02 13 82 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 68 c1 c6 29 6c f2 2f 35 11 d8 f6 f0 f3 0d ed 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 dc ae 5e c5 30 0d b6 63 9d 46 56 60 9d 97 23 5c 00 50 7f 79 46 77 40 70 b6 09 70 ee e7 7b 7b bf 54 f2 f0 1a 09 12 7a fa 70 93 51 6d b2 99 4c 79 ef 00 83 54 3d 49 ca 0b 7e 53 71 ba 0f ca e0 14 6e 1d c4 e8 20 b6 73 f7 28 7d 17 3f 4c 89 41 57 6b c0 83 2a 71 87 8c 0b 0f 64 bd 90 52 44 4f 61 05 c8

Apr 09 13:39:37 hekate wpa_supplicant[2719]: wlp2s0: IEEE 802.1X RX: version=2 type=3 length=175

Apr 09 13:39:37 hekate wpa_supplicant[2719]: WPA: RX EAPOL-Key - hexdump(len=179): 02 03 00 af 02 13 82 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 68 c1 c6 29 6c f2 2f 35 11 d8 f6 f0 f3 0d ed 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 dc ae 5e c5 30 0d b6 63 9d 46 56 60 9d 97 23 5c 00 50 7f 79 46 77 40 70 b6 09 70 ee e7 7b 7b bf 54 f2 f0 1a 09 12 7a fa 70 93 51 6d b2 99 4c 79 ef 00 83 54 3d 49 ca 0b 7e 53 71 ba 0f ca e0 14 6e 1d c4 e8 20 b6 73 f7 28 7d 17 3f 4c 89 41 57 6b c0 83 2a 71 87 8c 0b 0f 64 bd 90 52 44 4f 61 05 c8

Apr 09 13:39:37 hekate wpa_supplicant[2719]: wlp2s0:   EAPOL-Key type=2

Apr 09 13:39:37 hekate wpa_supplicant[2719]: wlp2s0:   key_info 0x1382 (ver=2 keyidx=0 rsvd=0 Group Ack MIC Secure Encr)

Apr 09 13:39:37 hekate wpa_supplicant[2719]: wlp2s0:   key_length=0 key_data_length=80

Apr 09 13:39:37 hekate wpa_supplicant[2719]:   replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 04

Apr 09 13:39:37 hekate wpa_supplicant[2719]:   key_nonce - hexdump(len=32): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Apr 09 13:39:37 hekate wpa_supplicant[2719]:   key_iv - hexdump(len=16): 88 68 c1 c6 29 6c f2 2f 35 11 d8 f6 f0 f3 0d ed

Apr 09 13:39:37 hekate wpa_supplicant[2719]:   key_rsc - hexdump(len=8): 00 00 00 00 00 00 00 00

Apr 09 13:39:37 hekate wpa_supplicant[2719]:   key_id (reserved) - hexdump(len=8): 00 00 00 00 00 00 00 00

Apr 09 13:39:37 hekate wpa_supplicant[2719]:   key_mic - hexdump(len=16): dc ae 5e c5 30 0d b6 63 9d 46 56 60 9d 97 23 5c

Apr 09 13:39:37 hekate wpa_supplicant[2719]: WPA: EAPOL-Key MIC using HMAC-SHA1

Apr 09 13:39:37 hekate wpa_supplicant[2719]: RSN: encrypted key data - hexdump(len=80): 7f 79 46 77 40 70 b6 09 70 ee e7 7b 7b bf 54 f2 f0 1a 09 12 7a fa 70 93 51 6d b2 99 4c 79 ef 00 83 54 3d 49 ca 0b 7e 53 71 ba 0f ca e0 14 6e 1d c4 e8 20 b6 73 f7 28 7d 17 3f 4c 89 41 57 6b c0 83 2a 71 87 8c 0b 0f 64 bd 90 52 44 4f 61 05 c8

Apr 09 13:39:37 hekate wpa_supplicant[2719]: WPA: Decrypt Key Data using AES-UNWRAP (KEK length 16)

Apr 09 13:39:37 hekate wpa_supplicant[2719]: WPA: decrypted EAPOL-Key key data - hexdump(len=72): [REMOVED]

Apr 09 13:39:37 hekate wpa_supplicant[2719]: wlp2s0: WPA: RX message 1 of Group Key Handshake from c8:54:4b:09:c6:69 (ver=2)

Apr 09 13:39:37 hekate wpa_supplicant[2719]: RSN: msg 1/2 key data - hexdump(len=72): [REMOVED]

Apr 09 13:39:37 hekate wpa_supplicant[2719]: WPA: GTK in EAPOL-Key - hexdump(len=40): [REMOVED]

Apr 09 13:39:37 hekate wpa_supplicant[2719]: WPA: IGTK in EAPOL-Key - hexdump(len=30): [REMOVED]

Apr 09 13:39:37 hekate wpa_supplicant[2719]: RSN: received GTK in group key handshake - hexdump(len=34): [REMOVED]

Apr 09 13:39:37 hekate wpa_supplicant[2719]: wlp2s0: WPA: Not reinstalling already in-use IGTK to the driver (keyidx=5)

Apr 09 13:39:37 hekate wpa_supplicant[2719]: wlp2s0: State: COMPLETED -> GROUP_HANDSHAKE

Apr 09 13:39:37 hekate wpa_supplicant[2719]: WPA: Group Key - hexdump(len=32): [REMOVED]

Apr 09 13:39:37 hekate wpa_supplicant[2719]: wlp2s0: WPA: Installing GTK to the driver (keyidx=1 tx=0 len=32)

Apr 09 13:39:37 hekate wpa_supplicant[2719]: WPA: RSC - hexdump(len=6): 00 00 00 00 00 00

Apr 09 13:39:37 hekate wpa_supplicant[2719]: wpa_driver_nl80211_set_key: ifindex=3 (wlp2s0) alg=2 addr=0x55b3f81ed369 key_idx=1 set_tx=0 seq_len=6 key_len=32

Apr 09 13:39:37 hekate wpa_supplicant[2719]: nl80211: KEY_DATA - hexdump(len=32): [REMOVED]

Apr 09 13:39:37 hekate wpa_supplicant[2719]: nl80211: KEY_SEQ - hexdump(len=6): 00 00 00 00 00 00

Apr 09 13:39:37 hekate wpa_supplicant[2719]:    broadcast key

Apr 09 13:39:37 hekate wpa_supplicant[2719]: wlp2s0: WPA: Sending EAPOL-Key 2/2

Apr 09 13:39:37 hekate wpa_supplicant[2719]: WPA: Send EAPOL-Key frame to c8:54:4b:09:c6:69 ver=2 mic_len=16 key_mgmt=0x2

Apr 09 13:39:37 hekate wpa_supplicant[2719]: WPA: EAPOL-Key MIC using HMAC-SHA1

Apr 09 13:39:37 hekate wpa_supplicant[2719]: WPA: KCK - hexdump(len=16): [REMOVED]

Apr 09 13:39:37 hekate wpa_supplicant[2719]: WPA: Derived Key MIC - hexdump(len=16): c6 6b 4f a2 ad e3 55 2e 78 28 f9 6c 9f 45 41 d6

Apr 09 13:39:37 hekate wpa_supplicant[2719]: WPA: TX EAPOL-Key - hexdump(len=99): 01 03 00 5f 02 03 02 00 00 00 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c6 6b 4f a2 ad e3 55 2e 78 28 f9 6c 9f 45 41 d6 00 00

Apr 09 13:39:37 hekate wpa_supplicant[2719]: wlp2s0: WPA: Group rekeying completed with c8:54:4b:09:c6:69 [GTK=TKIP]

Apr 09 13:39:37 hekate wpa_supplicant[2719]: wlp2s0: Cancelling authentication timeout

Apr 09 13:39:37 hekate wpa_supplicant[2719]: wlp2s0: State: GROUP_HANDSHAKE -> COMPLETED

Apr 09 13:39:37 hekate wpa_supplicant[2719]: dbus: flush_object_timeout_handler: Timeout - sending changed properties of object /fi/w1/wpa_supplicant1/Interfaces/23

Apr 09 14:09:33 hekate wpa_supplicant[2719]: l2_packet_receive: src=c8:54:4b:09:c6:69 len=179

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0: RX EAPOL from c8:54:4b:09:c6:69

Apr 09 14:09:33 hekate wpa_supplicant[2719]: RX EAPOL - hexdump(len=179): 02 03 00 af 02 13 82 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 68 c1 c6 29 6c f2 2f 35 11 d8 f6 f0 f3 0d ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 aa 9c b9 86 a6 3b 8e dc 68 cd 24 ea f0 3a f1 80 00 50 5b 70 35 91 74 eb 9d c5 b4 0f d7 fd c8 0e c1 17 b1 35 e9 e7 ba 6c 9b d7 32 81 ac 7d 48 39 42 a8 b8 ce 74 13 0b 7a 10 26 79 2a 26 d8 75 2e 2a e8 c4 a1 36 ec cb 96 62 15 68 3b 74 47 84 d8 c4 22 24 31 12 5e 46 ed 9c 4e ef 69 27 b6 62 1e fb f0

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0: IEEE 802.1X RX: version=2 type=3 length=175

Apr 09 14:09:33 hekate wpa_supplicant[2719]: WPA: RX EAPOL-Key - hexdump(len=179): 02 03 00 af 02 13 82 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 68 c1 c6 29 6c f2 2f 35 11 d8 f6 f0 f3 0d ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 aa 9c b9 86 a6 3b 8e dc 68 cd 24 ea f0 3a f1 80 00 50 5b 70 35 91 74 eb 9d c5 b4 0f d7 fd c8 0e c1 17 b1 35 e9 e7 ba 6c 9b d7 32 81 ac 7d 48 39 42 a8 b8 ce 74 13 0b 7a 10 26 79 2a 26 d8 75 2e 2a e8 c4 a1 36 ec cb 96 62 15 68 3b 74 47 84 d8 c4 22 24 31 12 5e 46 ed 9c 4e ef 69 27 b6 62 1e fb f0

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0:   EAPOL-Key type=2

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0:   key_info 0x1382 (ver=2 keyidx=0 rsvd=0 Group Ack MIC Secure Encr)

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0:   key_length=0 key_data_length=80

Apr 09 14:09:33 hekate wpa_supplicant[2719]:   replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 05

Apr 09 14:09:33 hekate wpa_supplicant[2719]:   key_nonce - hexdump(len=32): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Apr 09 14:09:33 hekate wpa_supplicant[2719]:   key_iv - hexdump(len=16): 88 68 c1 c6 29 6c f2 2f 35 11 d8 f6 f0 f3 0d ee

Apr 09 14:09:33 hekate wpa_supplicant[2719]:   key_rsc - hexdump(len=8): 00 00 00 00 00 00 00 00

Apr 09 14:09:33 hekate wpa_supplicant[2719]:   key_id (reserved) - hexdump(len=8): 00 00 00 00 00 00 00 00

Apr 09 14:09:33 hekate wpa_supplicant[2719]:   key_mic - hexdump(len=16): aa 9c b9 86 a6 3b 8e dc 68 cd 24 ea f0 3a f1 80

Apr 09 14:09:33 hekate wpa_supplicant[2719]: WPA: EAPOL-Key MIC using HMAC-SHA1

Apr 09 14:09:33 hekate wpa_supplicant[2719]: RSN: encrypted key data - hexdump(len=80): 5b 70 35 91 74 eb 9d c5 b4 0f d7 fd c8 0e c1 17 b1 35 e9 e7 ba 6c 9b d7 32 81 ac 7d 48 39 42 a8 b8 ce 74 13 0b 7a 10 26 79 2a 26 d8 75 2e 2a e8 c4 a1 36 ec cb 96 62 15 68 3b 74 47 84 d8 c4 22 24 31 12 5e 46 ed 9c 4e ef 69 27 b6 62 1e fb f0

Apr 09 14:09:33 hekate wpa_supplicant[2719]: WPA: Decrypt Key Data using AES-UNWRAP (KEK length 16)

Apr 09 14:09:33 hekate wpa_supplicant[2719]: WPA: decrypted EAPOL-Key key data - hexdump(len=72): [REMOVED]

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0: WPA: RX message 1 of Group Key Handshake from c8:54:4b:09:c6:69 (ver=2)

Apr 09 14:09:33 hekate wpa_supplicant[2719]: RSN: msg 1/2 key data - hexdump(len=72): [REMOVED]

Apr 09 14:09:33 hekate wpa_supplicant[2719]: WPA: GTK in EAPOL-Key - hexdump(len=40): [REMOVED]

Apr 09 14:09:33 hekate wpa_supplicant[2719]: WPA: IGTK in EAPOL-Key - hexdump(len=30): [REMOVED]

Apr 09 14:09:33 hekate wpa_supplicant[2719]: RSN: received GTK in group key handshake - hexdump(len=34): [REMOVED]

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0: WPA: Not reinstalling already in-use IGTK to the driver (keyidx=5)

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0: State: COMPLETED -> GROUP_HANDSHAKE

Apr 09 14:09:33 hekate wpa_supplicant[2719]: WPA: Group Key - hexdump(len=32): [REMOVED]

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0: WPA: Installing GTK to the driver (keyidx=2 tx=0 len=32)

Apr 09 14:09:33 hekate wpa_supplicant[2719]: WPA: RSC - hexdump(len=6): 00 00 00 00 00 00

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wpa_driver_nl80211_set_key: ifindex=3 (wlp2s0) alg=2 addr=0x55b3f81ed369 key_idx=2 set_tx=0 seq_len=6 key_len=32

Apr 09 14:09:33 hekate wpa_supplicant[2719]: nl80211: KEY_DATA - hexdump(len=32): [REMOVED]

Apr 09 14:09:33 hekate wpa_supplicant[2719]: nl80211: KEY_SEQ - hexdump(len=6): 00 00 00 00 00 00

Apr 09 14:09:33 hekate wpa_supplicant[2719]:    broadcast key

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0: WPA: Sending EAPOL-Key 2/2

Apr 09 14:09:33 hekate wpa_supplicant[2719]: WPA: Send EAPOL-Key frame to c8:54:4b:09:c6:69 ver=2 mic_len=16 key_mgmt=0x2

Apr 09 14:09:33 hekate wpa_supplicant[2719]: WPA: EAPOL-Key MIC using HMAC-SHA1

Apr 09 14:09:33 hekate wpa_supplicant[2719]: WPA: KCK - hexdump(len=16): [REMOVED]

Apr 09 14:09:33 hekate wpa_supplicant[2719]: WPA: Derived Key MIC - hexdump(len=16): 4a 81 12 53 9c 54 b2 64 76 04 2b 1c 3a 0b d8 65

Apr 09 14:09:33 hekate wpa_supplicant[2719]: WPA: TX EAPOL-Key - hexdump(len=99): 01 03 00 5f 02 03 02 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4a 81 12 53 9c 54 b2 64 76 04 2b 1c 3a 0b d8 65 00 00

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0: WPA: Group rekeying completed with c8:54:4b:09:c6:69 [GTK=TKIP]

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0: Cancelling authentication timeout

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0: State: GROUP_HANDSHAKE -> COMPLETED

Apr 09 14:09:33 hekate wpa_supplicant[2719]: l2_packet_receive: src=c8:54:4b:09:c6:69 len=179

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0: RX EAPOL from c8:54:4b:09:c6:69

Apr 09 14:09:33 hekate wpa_supplicant[2719]: RX EAPOL - hexdump(len=179): 02 03 00 af 02 13 82 00 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 68 c1 c6 29 6c f2 2f 35 11 d8 f6 f0 f3 0d ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6e 67 29 7b 74 b2 33 32 f3 8c 7c 9d 49 8d b6 49 00 50 5b 70 35 91 74 eb 9d c5 b4 0f d7 fd c8 0e c1 17 b1 35 e9 e7 ba 6c 9b d7 32 81 ac 7d 48 39 42 a8 b8 ce 74 13 0b 7a 10 26 79 2a 26 d8 75 2e 2a e8 c4 a1 36 ec cb 96 62 15 68 3b 74 47 84 d8 c4 22 24 31 12 5e 46 ed 9c 4e ef 69 27 b6 62 1e fb f0

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0: IEEE 802.1X RX: version=2 type=3 length=175

Apr 09 14:09:33 hekate wpa_supplicant[2719]: WPA: RX EAPOL-Key - hexdump(len=179): 02 03 00 af 02 13 82 00 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 88 68 c1 c6 29 6c f2 2f 35 11 d8 f6 f0 f3 0d ee 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 6e 67 29 7b 74 b2 33 32 f3 8c 7c 9d 49 8d b6 49 00 50 5b 70 35 91 74 eb 9d c5 b4 0f d7 fd c8 0e c1 17 b1 35 e9 e7 ba 6c 9b d7 32 81 ac 7d 48 39 42 a8 b8 ce 74 13 0b 7a 10 26 79 2a 26 d8 75 2e 2a e8 c4 a1 36 ec cb 96 62 15 68 3b 74 47 84 d8 c4 22 24 31 12 5e 46 ed 9c 4e ef 69 27 b6 62 1e fb f0

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0:   EAPOL-Key type=2

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0:   key_info 0x1382 (ver=2 keyidx=0 rsvd=0 Group Ack MIC Secure Encr)

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0:   key_length=0 key_data_length=80

Apr 09 14:09:33 hekate wpa_supplicant[2719]:   replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 06

Apr 09 14:09:33 hekate wpa_supplicant[2719]:   key_nonce - hexdump(len=32): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Apr 09 14:09:33 hekate wpa_supplicant[2719]:   key_iv - hexdump(len=16): 88 68 c1 c6 29 6c f2 2f 35 11 d8 f6 f0 f3 0d ee

Apr 09 14:09:33 hekate wpa_supplicant[2719]:   key_rsc - hexdump(len=8): 00 00 00 00 00 00 00 00

Apr 09 14:09:33 hekate wpa_supplicant[2719]:   key_id (reserved) - hexdump(len=8): 00 00 00 00 00 00 00 00

Apr 09 14:09:33 hekate wpa_supplicant[2719]:   key_mic - hexdump(len=16): 6e 67 29 7b 74 b2 33 32 f3 8c 7c 9d 49 8d b6 49

Apr 09 14:09:33 hekate wpa_supplicant[2719]: WPA: EAPOL-Key MIC using HMAC-SHA1

Apr 09 14:09:33 hekate wpa_supplicant[2719]: RSN: encrypted key data - hexdump(len=80): 5b 70 35 91 74 eb 9d c5 b4 0f d7 fd c8 0e c1 17 b1 35 e9 e7 ba 6c 9b d7 32 81 ac 7d 48 39 42 a8 b8 ce 74 13 0b 7a 10 26 79 2a 26 d8 75 2e 2a e8 c4 a1 36 ec cb 96 62 15 68 3b 74 47 84 d8 c4 22 24 31 12 5e 46 ed 9c 4e ef 69 27 b6 62 1e fb f0

Apr 09 14:09:33 hekate wpa_supplicant[2719]: WPA: Decrypt Key Data using AES-UNWRAP (KEK length 16)

Apr 09 14:09:33 hekate wpa_supplicant[2719]: WPA: decrypted EAPOL-Key key data - hexdump(len=72): [REMOVED]

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0: WPA: RX message 1 of Group Key Handshake from c8:54:4b:09:c6:69 (ver=2)

Apr 09 14:09:33 hekate wpa_supplicant[2719]: RSN: msg 1/2 key data - hexdump(len=72): [REMOVED]

Apr 09 14:09:33 hekate wpa_supplicant[2719]: WPA: GTK in EAPOL-Key - hexdump(len=40): [REMOVED]

Apr 09 14:09:33 hekate wpa_supplicant[2719]: WPA: IGTK in EAPOL-Key - hexdump(len=30): [REMOVED]

Apr 09 14:09:33 hekate wpa_supplicant[2719]: RSN: received GTK in group key handshake - hexdump(len=34): [REMOVED]

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0: WPA: Not reinstalling already in-use IGTK to the driver (keyidx=5)

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0: State: COMPLETED -> GROUP_HANDSHAKE

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0: WPA: Not reinstalling already in-use GTK to the driver (keyidx=2 tx=0 len=32)

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0: WPA: Sending EAPOL-Key 2/2

Apr 09 14:09:33 hekate wpa_supplicant[2719]: WPA: Send EAPOL-Key frame to c8:54:4b:09:c6:69 ver=2 mic_len=16 key_mgmt=0x2

Apr 09 14:09:33 hekate wpa_supplicant[2719]: WPA: EAPOL-Key MIC using HMAC-SHA1

Apr 09 14:09:33 hekate wpa_supplicant[2719]: WPA: KCK - hexdump(len=16): [REMOVED]

Apr 09 14:09:33 hekate wpa_supplicant[2719]: WPA: Derived Key MIC - hexdump(len=16): e4 27 19 ba c1 5b 8b 58 7a 86 97 7f 13 07 2e 8b

Apr 09 14:09:33 hekate wpa_supplicant[2719]: WPA: TX EAPOL-Key - hexdump(len=99): 01 03 00 5f 02 03 02 00 00 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e4 27 19 ba c1 5b 8b 58 7a 86 97 7f 13 07 2e 8b 00 00

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0: WPA: Group rekeying completed with c8:54:4b:09:c6:69 [GTK=TKIP]

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0: Cancelling authentication timeout

Apr 09 14:09:33 hekate wpa_supplicant[2719]: wlp2s0: State: GROUP_HANDSHAKE -> COMPLETED

Apr 09 14:09:33 hekate wpa_supplicant[2719]: dbus: flush_object_timeout_handler: Timeout - sending changed properties of object /fi/w1/wpa_supplicant1/Interfaces/23

```

Maybe I'm reading this wrong but I don't see any evidence of PTK rekeying?

----------

## deagol

Correct, the PTK is not rekeyed and we have to start looking elsewhere...

Generally I see no good reason why you should get connection problems based on the log but something is strange:

The GTK is rekeyed at Apr 09 13:39:37 and Apr 09 14:09:33: But for the problematic second rekey we have two GTK rekeys in the log in a row and we are asked to install the same key twice.

Without debug logs from the AP (which is probably impossible) or an OTA capture of the problematic session (hard) we have to fallback to guessing and testing...

Some suggestions:

1) The AP seems to rekey the GTK all 30min but immediately starts the GTK handshake again to install the same key again. There is no sane reason for that and it looks like the AP is simply "confused".

Try disabling the GTK rekey on the AP or change the group rekey interval to 10h or something even higher. If this helps (probably) the AP has some strange GTK rekey issue.

2) You are using PMF (Protected Management Frames). Try disabling it, maybe GTK rekey is only broken in combination wit PMF.

3) Try avoiding A-MPDU. The few other issues I've seen the symptoms you have were caused by one or the other bug around it. (This can have cause a potential drastic performance hit.)

For my iwlwifi card I used the 11n_disable option of iwlwifi in the past but I see no equivalent for ath10k. Guess you can try setting the AP to support only 802.11g (54 MBIT) when that can be configured or it looks like setting "disable_ht=1" for wpa_supplicant should also prevent usage of it. (I've not tried any of that.)

4) Try if you have the same issue with other cards. Most USB wlan cards won't support e.g. A-MPDU and will therefore not see problems when the issue is e.g. on the AP but linked to A-MPDU...

Good cards for that kind of test should be all all cards using iwlmvm (newer Intel ones) and ath9k for that. (Older iwldvm cards are also ok when you have set 11n_disable=8 to enable TX A-MPDU.)

----------

## jroth

 *deagol wrote:*   

> Guess you can try setting the AP to support only 802.11g (54 MBIT) when that can be configured

 

The router controls do give me that option for the SSID so I've switched to 802.11g only. Fingers crossed.

----------

## jroth

 *jroth wrote:*   

>  *deagol wrote:*   Guess you can try setting the AP to support only 802.11g (54 MBIT) when that can be configured 
> 
> The router controls do give me that option for the SSID so I've switched to 802.11g only. Fingers crossed.

 

So it looks like I'm no longer having the double GTK rekeying but I'm still having the problem where the connection locks up. I sadly don't see the option on my router settings for changing the rekey interval or for disabling PMF.

----------

## deagol

 *jroth wrote:*   

>  sadly don't see the option on my router settings for changing the rekey interval or for disabling PMF.

 

You should also be able to disable PMF on the client bei setting "pmf" and/or "ieee80211w" accordingly. (If the router has no setting for PMF I assume it must be optionally and not required.)

Here how to do it through NetworkManager:

```
$ nmcli connection 

NAME                  UUID                                  TYPE      DEVICE  

Mywlan1               bf9d16ba-cd86-433b-8394-c456afb3d75d  wifi      wlp2s0  

<cut>

$ nmcli connection show Mywlan1 | grep pmf

802-11-wireless-security.pmf:           0 (default)

$ nmcli connection modify Mywlan1 802-11-wireless-security.pmf disable

$ nmcli connection show Mywlan1 | grep pmf

802-11-wireless-security.pmf:           1 (disable)

```

But I'm starting to fear we need an OTA capture (and maybe even the matching WLAN password) to figure out what's going wrong.

----------

## jroth

 *deagol wrote:*   

>  *jroth wrote:*    sadly don't see the option on my router settings for changing the rekey interval or for disabling PMF. 
> 
> You should also be able to disable PMF on the client bei setting "pmf" and/or "ieee80211w" accordingly. (If the router has no setting for PMF I assume it must be optionally and not required.)
> 
> Here how to do it through NetworkManager:
> ...

 

Ok, I've disabled PMF. I'll see if that works.

(I also tried switching to 802.11(b) only, but that didn't help)

obligatory

----------

## jroth

 *jroth wrote:*   

> 
> 
> Ok, I've disabled PMF. I'll see if that works.
> 
> (I also tried switching to 802.11(b) only, but that didn't help)
> ...

 

No dice, it's still happening, and it turns out the double GTK rekeying is still happening as well. The timing lines up for them to be related.

----------

