I would like to connect one Raspberry PI to a Wifi network using DPP (Wifi Easy Connect) by another Raspberry PI that is already connected to this network.
Both PIs are version 5 with Linux raspberrypi 6.6.20+rpt-rpi-2712 #1 SMP PREEMPT Debian 1:6.6.20-1+rpt1 (2024-03-07) aarch64 GNU/Linux obtained from uname -a.
What have I done so far?
Network configuration
I thought a good way to start would be to use the DPP commands of wpa_cli Therefore I would like to start the wpa_supplicant with a configuration file that can be updated using the DPP commands.
To achieve did the following three things:
- Disable
NetworkManager
sudo systemctl stop NetworkManager
sudo systemctl disable NetworkManager
- Create a drop-in file
sudo mkdir -p /etc/systemd/system/wpa_supplicant@wlan0.service.d/
echo '[Service]
ExecStart=
ExecStart=/usr/sbin/wpa_supplicant -dd -s -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant-wlan0.conf' | sudo tee /etc/systemd/system/wpa_supplicant@wlan0.service.d/override.conf
- Restart interface specific
wpa_supplicantservice
sudo systemctl daemon-reload
sudo systemctl stop wpa_supplicant
sudo systemctl disable wpa_supplicant
sudo systemctl mask wpa_supplicant
sudo systemctl enable wpa_supplicant@wlan0
sudo systemctl start wpa_supplicant@wlan0
After this the ps aux | grep wpa shows that wpa_supplicant is started with the interface specific configuration.
root 2152 0.0 0.2 17360 10752 ? Ss 16:16 0:00 /usr/sbin/wpa_supplicant -dd -s -i wlan0 -c /etc/wpa_supplicant/wpa_supplicant-wlan0.conf
wpa_supplicant-wlan0.confof theEnrollee:
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=DE
pmf=2
dpp_config_processing=2
wpa_supplicant-wlan0.confof theConfigurator:
ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
update_config=1
country=DE
network={
ssid="MY_NETWORK_AT_HOME"
psk="MY_PASSWORD"
key_mgmt=WPA-PSK
}
With sudo dhclient wlan0, I am able to receive an IP address withing the configured network.
Executing DPP commands
Both wpa_supplicant.conf are used by the respective wpa_supplicant process.
DPP related commands are executed inside wpa_cli (Interactive mode) for the correct interface wlan0 on both PIs.
On the Enrollee:
dpp_bootstrap_gen type=qrcode mac=2ccf67158817 chan=81/1
where the mac address is obtained from the interface wlan0 using ifconfig and the channel is the first channel of 2412 MHz in a 2.4 GHz Wifi.
It returns a bootstrap_id (1 in my case).
dpp_bootstrap_get_uri 1
with 1 being the bootstrap_id. It returns the dpp_uri (DPP:C:81/1;M:2ccf67158817;V:2;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgACH/bVKOIqu6MdvjapELv4z/wiR72RLKVLzznKbEymx3c=;; in my case).
dpp_listen 2412
On the Configurator:
dpp_configurator add
which returns the id (1 in my case) of the configurator.
dpp_configurator_get_key 1
which returns the key (30770201010420738b13e343a23e64883ee43bf5d27b3f4abe6134882bc07f085b03b2cc2a58aea00a06082a8648ce3d030107a144034200049d303d3d39734a7b274284c70b2f9d08e8e23df1013a12a9185c43e6c9f68d74b99d9d9a69efcecd848b6577c142279fa9aa09a7eca30bd8067be97bc32ffd11> in my case) of the configurator.
dpp_qr_code DPP:C:81/1;M:2ccf67158817;V:2;K:MDkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDIgACH/bVKOIqu6MdvjapELv4z/wiR72RLKVLzznKbEymx3c=;;
returns the bootstrap_id again (1 in my case which is the same as it was encoded on Enrollee side).
dpp_auth_init peer=1 conf=sta-dpp configurator=1 ssid=<HEXDUMP_OF_SSID>
where peer is the bootstrap_id of the Enrollee and configurator is the id of the Configurator. Since want to provision a Wifi client and not an AP the conf parameter needs to be set to sta-dpp.
Result
I get the following console output of this command on the Configurator side:
<3>DPP-TX dst=2c:cf:67:15:88:17 freq=2412 type=0
<3>DPP-TX-STATUS dst=2c:cf:67:15:88:17 freq=2412 result=no-ACK
<3>DPP-TX dst=2c:cf:67:15:88:17 freq=2412 type=0
<3>DPP-TX-STATUS dst=2c:cf:67:15:88:17 freq=2412 result=no-ACK
<3>DPP-TX dst=2c:cf:67:15:88:17 freq=2412 type=0
<3>DPP-TX-STATUS dst=2c:cf:67:15:88:17 freq=2412 result=no-ACK
<3>DPP-TX dst=2c:cf:67:15:88:17 freq=2412 type=0
<3>DPP-TX-STATUS dst=2c:cf:67:15:88:17 freq=2412 result=no-ACK
<3>DPP-TX dst=2c:cf:67:15:88:17 freq=2412 type=0
<3>DPP-TX-STATUS dst=2c:cf:67:15:88:17 freq=2412 result=no-ACK
<3>DPP-AUTH-INIT-FAILED
The Enrollee side does not show anything in the terminal and the system logs obtained with journalctl -r -g DPP show that there is nothing happening when listening to the channel.
Jun 03 12:46:57 raspberrypi wpa_supplicant[716]: wlan0: Control interface command 'DPP_BOOTSTRAP_GEN type=qrcode mac=2ccf67158817 chan=81/1'
Jun 03 12:46:57 raspberrypi wpa_supplicant[716]: DPP: Generating a keypair
Jun 03 12:46:57 raspberrypi wpa_supplicant[716]: DPP: Compressed public key (DER) - hexdump(len=59): 30 39 30 13 06 07 2a 86 48 ce 3d 02 01 06 08 2a 86 48 ce 3d 03 01 07 03 22 00 03 ae 19 35 da e3 2f cf 0f 4d 85 d4 46 c4 f6 d4 be 4d d8 12 a2 f1 31 f7 c3 49 72 fa 81 f1 b3 92 05
Jun 03 12:46:57 raspberrypi wpa_supplicant[716]: DPP: Public key hash - hexdump(len=32): d7 e7 e5 41 8b 5b 9e 09 02 20 b9 3f cb 6d 0f bb f4 b0 03 eb 84 0b 1c ab 32 1d 7e fb 70 5a da 36
Jun 03 12:46:57 raspberrypi wpa_supplicant[716]: DPP: Public key hash (chirp) - hexdump(len=32): 30 40 cf 36 6d 12 cb 51 a5 99 fa e2 24 fb 1d b4 51 2f be 7b 64 9b b8 2d 2c 61 f0 59 c9 48 a0 ef
Jun 03 12:46:57 raspberrypi wpa_supplicant[716]: DPP: URI channel-list: opclass=81 channel=1 ==> freq=2412
Jun 03 12:46:57 raspberrypi wpa_supplicant[716]: DPP: URI mac: 2c:cf:67:15:88:17
Jun 03 12:47:05 raspberrypi wpa_supplicant[716]: wlan0: Control interface command 'DPP_BOOTSTRAP_GET_URI 1'
Jun 03 12:49:40 raspberrypi wpa_supplicant[716]: wlan0: Control interface command 'DPP_LISTEN 2412'
Jun 03 12:49:40 raspberrypi wpa_supplicant[716]: DPP: Remain-on-channel started for listen on 2412 MHz for 5000 ms
It looks like the dpp_auth_init command does not reach the Enrollee.
What is wrong here? Is there a better way to use DPP on a PI?
