The encrypted mesh interfaces need a wpa_supplicant which supports SAE.
This can be for example wpad-openssl or wpad-mesh-openssl. Otherwise
wpa_supplicant fails with on startup:
Line 7: invalid key_mgmt 'SAE'
Line 7: no key_mgmt values configured.
Line 7: failed to parse key_mgmt 'SAE'.
Line 8: too large mode (value=5 max_value=4)
Line 8: failed to parse mode '5'.
Line 9: unknown network field 'mesh_fwding'.
Line 18: failed to parse network block.
The correct package for this was already listed in the dependencies for
ucentral-ap and ucentral-ap-light. But this package conflicted with the
default package wpad and was therefore only build as optional package. The
wpad package must therefore be deselected before selecting
wpad(-mesh)-openssl.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
The switch in the IPQ807x/IPQ60xx devices will automatically learn the mac
addresses behind a port. But it will not unlearn this entry when some mac
switches from the ethernet port to the CPU port. This will for example
happens when a device roams from on AP to another AP. At least when both
are APs are bridging the wifi traffic directly or indirectly (mesh) to the
same ethernet broadcast domain.
As result, the roaming device can no longer receive any ethernet packets
which the AP is expected to receive on the ethernet port. This state will
be kept for a couple of minutes until the entry in the FDB is dropped
automatically. But it is still possible for the wifi device to send data
via the ethernet during this whole time.
One solution is to just disable learning on all ports. The other option
would be to enable the qca bridge-mgr which takes care of gathering the
events from the bridge and forwards it to the qca-ssdk (to manipulate the
state of the switch). The latter option was chosen to follow the approach
which QCA is also using in their QSDK.
Signed-off-by: Sven Eckelmann <sven@narfation.org>
* add freeradius wrapper package for gateway images
* pass version and hash in the firmware field
* update ucode to latest HEAD
Signed-off-by: John Crispin <john@phrozen.org>
* fix poco build on MIPS
* add certificate generation for the gateway package
I make vlan filtering work on mt7621
* add ucentral-gateway profile
* add ubnt_edgerouter-x profiles
Signed-off-by: John Crispin <john@phrozen.org>
* fix build dependency of ucentral-wifi
* update ucentral-schema, the radio channel was not getting applied
Signed-off-by: John Crispin <john@phrozen.org>
* rename eap6x0 to exxx7
* update schema
* update client
* update gateway
* update usteer
* implement all missing ucentral commands
* patch the led script to allow turning of all leds
Signed-off-by: John Crispin <john@phrozen.org>
* fix dhcpsnoop on ipq807x
* update ucentralgw
* add eap620/660 support
* add cigwf610d
* do not deploy a default ratelimit config
* add eap225 support
Signed-off-by: John Crispin <john@phrozen.org>
* add support for more commands
* add firstcontact support
* add pstore based crashlog support
* fix github workflow
* improve captive portal/guest support
Signed-off-by: John Crispin <john@phrozen.org>
* Gateway and client are now talking jsonrpc on the wire.
* update the datamodel to the latest version.
* add github workflow
* add zero touch on-boarding
Signed-off-by: John Crispin <john@phrozen.org>
