Get the top HN stories in your inbox every day.
geerlingguy
jauntywundrkind
I'm curious how well AP mode works for usb cards these days. After a bunch of years with Openwrt (mostly on a bunch of netgear wgt634u's), I was pretty gung ho about trying to switch off router hardware and to more generic-computer + wifi for wireless infrastrcuture. Ideally if I could via usb cards, as those were so easy to add to even small systems like the early rpis or cheap chromeboxes.
But after buying one or two of every Alfa usb cards out there with all the different chipsets, I found each chipset would have some horrible blocker. Some examples, iirc (it's been a while): Realtek-based AWUS036H would work some then die & throw a bunch of kernel messages. Atheros-based AWUS036NHA was working great, but was limited to ~8 clients.
I keep hoping someday the RPI can make an actual respectable decent AP, without needing to go for a pcie carrier board (and frankly, it seems like there's not good availability for AP grade PCIe cards either... everything seems to be rebadged Compex cards, usually at astronomical prices). I keep hoping wireless can be more DIYable in general.
The Morrownr/usb-wifi repo has been such a godsend. There's just been no stable repository of knowledge for so long. But I haven't dared wade back in, & figure out how I'm going to be disappointed this time around.
spacecadet
I usually just velcro a Mikrotik HAP AC^2, its about the same footprint and like $25-40 on ebay.
tamimio
Pretty much yeah, RPi have their own use (like any SBC) and I like them to power a drone or UGV, but to use it as an AP/Router is kinda silly and overpriced, and it’s buggy too.
spacecadet
Nah, I was saying I dont use the onboard wifi on the Pi, it sucks. I use RJ45 to a Mikrotik Hap, then configure the hap as an AP using WPA3 etc.
undefined
DannyBee
We have a patch for the driver in asahi Linux that I bet fixes this.
The codepath the driver uses to set the password does not work on newer firmware, and hector fixed it to use the new way.
If that fails I have a patch that lets it use an external supplicant for WPA3 when it it truly unsupported by the chip (which is rare)
The driver is unfortunately not kept up to date - this stuff should have been added (along with other things) years ago.
Edit: Actually looks like hector just sent it in response to this blog post. Should show up in the kernel archives soon if you want to try it
smith7018
Asahi Linux is one of the most exciting Linux projects in years. That team is world class and helping all of us while also prying open Apple's walled garden.
DannyBee
In this case, we aren't the only ones to fix this.
Infineon fixed it in their driver patches as well, at least a year ago. They just don't upstream them (though they are in github)
In some ways this actually sucks more - because everyone is spending time rediscovering the same issues and fixing them.
Also, Rachel is i think wrong on one thing - i believe this chipset was used as far back as RPI3B+
(or so various sources seem to say)
Which is even worse.
bastard_op
This is going to be a more common problem with 6ghz radios and Wifi 6E/7 requiring WPA3, and no transition mode permissible per spec. I recently ran into this with a customer running Cisco Meraki AP's that it was either disable 6ghz to keep legacy devices working with wpa2-psk, which was a lot of random things including laptops with old nics, Ring doorbells, various old mobiles, etc, or replace them with not crappy/old wifi devices. We had to push all the crap like that to the guest network vs. an enterprise ssid we actually wanted to use the 6ghz with for performance.
Sadly the biggest volume of Internet of Shite devices are going to be quickly every Windoze 10 system out there that Microsoft refuses to support WPA3 despite drivers, stating only Win11 would get it. Another reason for them to push people their new Telemetry spyware with improved even less privacy.
Oddly I purchased a Zyxel Wifi 6E AP with 6ghz, and it does let me operate in WPA3 and/or WPA3-Transition while letting things connect to 6ghz or 2.4/5ghz, which Cisco/Meraki simply does not allow, and from my understanding correct per spec. I just have to wonder if those wacky Asian semi's are purposely ignoring that spec or simply blissfully ignorant of the fact it's not exactly adhering to rules.
Either way I was annoyed with Cisco by it and recommended next time they spend less and get non-Cisco kit that were more flexible, recommending Zyxel for a literal 10th of retail cost of the same Cisco AP.
hiatus
> Sadly the biggest volume of Internet of Shite devices are going to be quickly every Windoze 10 system out there that Microsoft refuses to support WPA3 despite drivers, stating only Win11 would get it.
Windows 10 seems to support WPA3.
https://support.microsoft.com/en-us/windows/faster-and-more-...
bastard_op
Ah, my bad, it does not support 6ghz directly, though it does support wpa3. I just remembered it was some shenanigans they simply refused to support 6ghz one way or another. https://answers.microsoft.com/en-us/windows/forum/all/window...
There's no technical reason that windoze 10 should NOT support it far as I know, they're simply using it as a reason to push people to 11. I can and have added a 6ghz usb nic to a 10 dollar and 10+ year old netgear router and have it work, there's no reason windoze 10 can not other than Microsoft says no.
delfinom
Microsoft isn't in charge of this though. It's the wifi card vendors.
I wouldn't be surprised if this is Intel shenanigans because they have always segmented their OS driver support dating back to Windows 7. Anything from laptop gpu drivers not getting updates after 2 years to chipsets suddenly failing the compatibility mode flags on newer windows that has never changed since older windows. Intel just literally doesn't care. They shovel their crap out.
ExoticPearTree
> Oddly I purchased a Zyxel Wifi 6E AP with 6ghz, and it does let me operate in WPA3 and/or WPA3-Transition while letting things connect to 6ghz or 2.4/5ghz, which Cisco/Meraki simply does not allow, and from my understanding correct per spec.
If you do WiFi 6E you have to do WAP3 (SAE) and there is no backward compatibility to WPA2. You can do transition mode but only in 2.4/5Ghz bands, not 6Ghz band.
epcoa
> literal 10th of retail cost of the same Cisco AP.
It’s a 10th of the cost for probably 10000th of the R&D budget alone. Zyxel devices, especially the firmware are a total joke. It’s consumer grade garbage sold with quasicommercial marketing. And you use this equipment in a security sensitive environment at your own peril.
creshal
As opposed to Cisco, who have a proven security record of shipping multiple backdoors in every product.
opan
The Raspberry Pi using Broadcom chips has always made it hard to take seriously. How are competing boards with RockChip SoCs doing on this front?
WiFi support is kind of a mess of nasty blobs across the board unless you go back to Wireless AC or N, though. I have been wanting an AC option that works with linux-libre on Guix System. I once bought a RealTek USB WLAN adapter after seeing what looked like a firmware repo with a free software license, but apparently it wasn't the actual source, just a binary, so still needed reverse-engineering work. I just chucked it in a drawer for now and only use ethernet on the laptop I'd intended it for.
It would be cool to see a group effort to find the most common WiFi chips used in devices and work on REing them. Liberate as many devices at once as possible.
DannyBee
Good news! Basically all rockchip RK3588 are using a broadcom wifi chip that is built in.
Better news! Rockchip, by default, ships broadcom's bcmdhd driver, with a few hacks for linux, instead of making brcmfmac work.
See here: https://gitlab.com/rk3588_linux/rk/kernel/-/tree/develop-6.1...
This is a great driver, which, if you insmod it and rmmod it, will 90% crash your kernel.
But, if you don't look at it too wrong, it will mostly work.
To be fair: DHD is mostly used on Android, and there Google/Broadcom have spent a lot of time making it work well.
charcircuit
Wifi cannot be legally liberated in the US due to FCC regulations.
sillywalk
I thought the FCC clarified that about 'open' firmware ?
https://www.eff.org/deeplinks/2016/08/fcc-settlement-require...
charcircuit
Reread that article. Only part of the firmware can be liberated. The part that actually controls the radio is locked down.
veqq
Could you explain more?
charcircuit
The FCC doesn't want people modifying their routers such that they use more power than they are allowed to. This results in end users being unable to modify the firmware that controls the radios.
gjsman-1000
I’m not sold on this being an issue. Maybe by the Pi 6 or Pi 7 it will matter.
>90% of people don’t use WPA3. And a huge part of those that do (including myself) have networks with automatic WPA2 fallback even though that neutralizes most benefits.
Maybe in 5 years it will be different. In my opinion though, it won’t matter until the day that one ISP somewhere ships a WPA3-exclusive router, which isn’t happening soon.
mixermachine
I have to enable the fallback specifically because of such devices that do not implement WPA3. I would much more prefer to only use WPA3.
My mother however does not care (as an example). At the same time she and most other not so tech savy people aren't using a Raspberry PI.
I think the demand is there.
lazide
Or ever? Most folks have at least some equipment they’ll be livid to not be able to use.
lmm
It'll happen eventually, just like 2G phone coverage getting turned off.
lazide
So in another decade or two?
Though the difference here is that was common infrastructure managed by large companies.
No reason a home router won’t stick around a lot longer. A non trivial number of people still have land lines with rotary phones!
tengwar2
I'm seeing 3G being turned off, not 2G. How common is 2G going, globally?
undefined
Namidairo
Reminds me of the WRT3200ACM, which Linksys sold/advertised as "open-source".
It's impossible to get compliant WPA3 working on said device because the final firmware blob for the radio has a broken PMF (802.11w) implementation.
The entire Marvell wifi/bluetooth portfolio was later sold off to NXP, whom presumably aren't helping either as the issue remains.
Most of the other vendors seem at least willing to engage, from what I can see skimming through linux-firmware.git
p1mrx
Looks like you're referring to https://github.com/kaloz/mwlwifi/issues/389
ThrowawayR2
That raises the question: which Raspberry Pi OS-compatible USB wi-fi adapters do happen to support WPA3?
gjsman-1000
If anyone from Nintendo, Prusa, Bambu Lab, PlayStation, or Roku is reading this… WPA3 would be greatly appreciated.
rekoil
Prusa i3 MK4s networking is so bad, it struggles to get up to 1Mbit with the currently implemented security protocols. I just use Ethernet with mine, it's just as bad performance-wise but at least it doesn't communicate wirelessly using insecure protocols.
gjsman-1000
Well then you won’t like WPA3’s Dragonblood attack…
loxias
What's WPA3 for? I don't think WPA2 was cracked...
More useful would be knowing what combination of kit (linux router/AP as well as device) gets me robust high speed.
est31
WPA3 provides among other things perfect forward secrecy. If your WPA2 password becomes available to a passive attacker that has listened in for the entire communication including the handshake, they will now be able to decrypt. Or in other words, any person who gets your wifi password can (passively) listen on traffic in your network. WPA3 requires attacks to be active with a proper man in the middle (less easy to do that in a wireless setting and also only applies to the future).
loxias
Ah, PFS. PFS is good :) Thanks for your response.
(I was feigning a bit of ignorance, I'm a bit of a minor crypto nerd.)
OK, cool, so WPA3 has PFS.
But so does wireguard.
When I opine "what's really the _point_ of WPA3? (and wpa2!) I'm mentally comparing it to _no_ encryption at layer 1 (aka open network), but with performant (and arguably more secure) encryption at layer 3.
caskstrength
Not all people are (self proclaimed) "crypto nerds" who have Wireguard-based VPN running on all their wireless devices at all times. I would venture a guess that absolute majority of people don't.
est31
WPA3 is definitely not as secure as wireguard, but it's a pretty good improvement compared to WPA2. 99% of people just use the defaults of their WiFi deployment, and then have stuff like network printers or NAS on there, with varying levels of encryption. Thankfully due to https being so widespread, most of the traffic to the public net is encrypted now. But even now you can find out which websites someone visited by looking at DNS and also the ip addresses of the packet headers.
ce4
It also averts wifi deauth attacks (disconnecting the client up to a point of making the wifi unusable).
not_your_vase
Personally I would be happy with any kind of stable wireless support, even the most unsecure or obsolete one. My Pi3 and Pi4 both can't maintain stable wifi connection for more than a week. After that they simply become unresponsive on the network - I got to unload and reload the driver to make them communicate through the network. I solved this on one of them by simply connecting though ethernet, but the other one is still a constant pain.
I have given up using built-in Bluetooth and Wifi at the same time years ago, when they were interfering with each other. Nevertheless, I wonder if that is still the case.
hellweaver666
I have six Raspberry Pi's (from the Pi Zero W all the way to the Pi 4) plus several other wifi microcontrollers (ESP8266, ESP32, Pico W etc) doing things around my home and they all happily sit on my wireless network without an issue. Is it possible that your home is subject to some kind of interference that they are struggling to cope with?
I used to work support for an ISP and we would always get customers calling up complaining that our wifi router was shit, but it almost always turned out to be some weird unshielded device causing electrical interference (I remember we would always get a glut of these calls around December when people plugged their cheap Christmas tree lights in!).
not_your_vase
I have many other devices also on the same network: 2 iPads 24/7, Mac Mini 24/7, 2 Linux laptops running at least 16h/day, smartphones, PS3, PS4, etc etc... in a small apartment. I'm a city dweller, wifi routers trying to scream over each other, there are like 50 networks visible where I sit. But: if there is some interference, I would expect at least some other devices to expose the same behavior, at least occasionally. But exclusively only the Rpis are doing this - after 4-10 days of uptime, they just give up on the wireless network, without any error message or any other clue.
Nevertheless, I have done countless hours of troubleshooting and investigations, and not looking for more anymore. RPis are great for many things, and pretty crappy for many other things. I found their wireless capabilities to be on the crappier side.
ClumsyPilot
How do you find out which device is the cause?
Our family home has a strangely cursed wifi, after changing 4 routers it seems to have stabilised, but I still dont know why
GTP
> I got to unload and reload the driver to make them communicate through the network
Here are my unrequested 2 cents: if this solves the issue, have a systemd (or cron) timer do that for you. Sure it's duck tape, but it would make it way less painful than having to do it manually each week.
ahepp
Have you turned off power saving?
jandrese
The hostapd support is also buggy and has actually been getting worse over the years.
e12e
I've been trying to figure out if there are any hw out there that allows good wifi6/hostap support under Linux, to run an access point - the nearest I've come is this[1] list. But I'm still unsure if it is feasible to build an access point on top of an Intel/AMD minipc with contemporary hw?
I'd be happy to run on arm or riscv if I can get high throughput and can expect Linux kernel support for a decade or so.
patrakov
Yes, see https://github.com/morrownr/USB-WiFi/ for an overview. Despite being hosted on GitHub and having an issue tracker, it is a documentation-only project, not software.
e12e
Thank you. Usb3 devices supporting AP mode looks interesting.
nebster
Have you had a look at AsiaRF[1]? If you are building an access point you are probably looking for more specific cards. You do miss out on things like hardware offloading if you go down that route afaik though but it may not matter due to the extra processing power you tend to get.
I don't know much about it but things like DBDC/MIMO are probably wanted. Other people may be able to comment more about this though.
I just went down the route of using a Banana Pi R3 with OpenWRT in the end though[2]. The R4 does exist now with Wifi 7 though[3].
[1] https://asiarf.com/product-category/wi-fi/wi-fi-module/wi-fi... [2] https://wiki.banana-pi.org/Banana_Pi_BPI-R3 [3] https://wiki.banana-pi.org/Banana_Pi_BPI-R4
e12e
Thank you. I hadn't looked at the banana pi - looks interesting.
FredFS456
I would imagine that anything supported by openwrt and has good feedback from the community would be solid.
e12e
I've found it tricky to find updated hw with openwrt support - and tricky to find devices that is easy to buy the correct hw version of.
If you don't want wifi6 or 5ghz support, it's easier.
ajsnigrutin
Try intel ax201, it works great for me and it's still relatively cheap.... works great on x86_64, not sure about risc/arm.
(not affiliated, don't work for intel, have a bunch of other cards, most were a pain).
zokier
iwlwifi devices do not have 5GHz AP mode :(
shadowgovt
I can't help but wonder if thermal load is an issue.
I just recently got a raspi 5 and the wifi chip is flaky. I can't help but wonder if they're fighting the edge of the board's thermal load and a chip supporting WPA3 would be too much.
seba_dos1
Nope. It's just a matter of poorly maintained brcmfmac driver in mainline Linux. It gets barely any attention from companies that produce the hardware it supports.
All it takes to fix it is for Broadcom to get serious about their software support.
Get the top HN stories in your inbox every day.
Just a note that if you're _serious_ about WiFi on the Raspberry Pi... you should use an external WiFi adapter—either PCIe or USB. (Mentioned in the article, but in general, the WiFi chips built into SBCs of all varieties... aren't great.)
With the Compute Module 4, I've successfully tested a variety of adapters [1], from WiFi 6E to older mini PCIe and M.2 cards. There's even a board made for the purpose of multi-WiFi testing, the Seaberry [2].
The Raspberry Pi 5 works with all the PCIe WiFi chips I've tested (haven't had time to summarize testing on pipci database site yet), including a mt7921u-based WiFi 6E USB adapter (haven't written that up, but check out [3]).
[1] https://pipci.jeffgeerling.com/#network-cards-nics-and-wifi-...
[2] https://pipci.jeffgeerling.com/boards_cm/seaberry.html
[3] https://github.com/morrownr/USB-WiFi/issues/137#issuecomment...