Community discussions

MikroTik App
 
starikot
just joined
Topic Author
Posts: 2
Joined: Fri Jan 12, 2018 12:34 am

WPA3 on existing Mikrotik routers/APs

Fri Jan 12, 2018 12:41 am

So, a few days ago, Wi-Fi Alliance announced WPA3 and I recently bought my first Mikrotik router, so I am wondering if we'll get a firmware update which will provide WPA3 functionality.

Best of regards,
starikot
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26351
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: WPA3 on existing Mikrotik routers/APs  [SOLVED]

Fri Jan 12, 2018 9:03 am

Widely adopted features eventually do get integrated, if market demands it. We will see how it goes. Your new device has free upgrades for life.
 
starikot
just joined
Topic Author
Posts: 2
Joined: Fri Jan 12, 2018 12:34 am

Re: WPA3 on existing Mikrotik routers/APs

Fri Jan 12, 2018 10:46 am

Widely adopted features eventually do get integrated, if market demands it. We will see how it goes. Your new device has free upgrades for life.
Thanks a lot, I hope it gets integrated as I want to play around with this protocol. :mrgreen:
 
User avatar
Joni
Member Candidate
Member Candidate
Posts: 156
Joined: Fri Mar 20, 2015 2:46 pm
Contact:

Re: WPA3 on existing Mikrotik routers/APs

Tue Jun 26, 2018 12:15 pm

 
lesnikov
just joined
Posts: 17
Joined: Tue Jul 15, 2014 9:33 pm
Location: Slovenia

Re: WPA3 on existing Mikrotik routers/APs

Wed Jun 27, 2018 2:17 am

from article
optional Wi-Fi feature called Easy Connect

another WPS fiasco? :D
 
squeeze
Member Candidate
Member Candidate
Posts: 145
Joined: Thu Mar 22, 2018 7:53 pm

Re: WPA3 on existing Mikrotik routers/APs

Wed Jun 27, 2018 3:03 am

https://www.mathyvanhoef.com/2018/06/wp ... unity.html

Well, that's disappointing. WPA3 Certification consists of a grand total of one change to existing handshake called Simultaneous Authentication of Equals (SAE) instead of what most people anticipated as a wholesale dramatic improvement in WiFi security.

How hard would it be to add the SAE handshake to existing RouterOS WiFi devices?

I'm guessing that the "Wi-Fi CERTIFIED Enhanced Open" program (Opportunistic Wireless Encryption - OWE) for hotspots will also be in massive demand.
 
R1CH
Forum Guru
Forum Guru
Posts: 1101
Joined: Sun Oct 01, 2006 11:44 pm

Re: WPA3 on existing Mikrotik routers/APs

Wed Jun 27, 2018 2:46 pm

The SAE handshake doesn't look like a huge innovation, was hoping for something more in line with modern TLS, but I guess that's what happens when you have for-profit industry alliances vs open standards bodies.

The big question is how long will it take Mikrotik to implement WPA3? We have no 802.11ac spectral scan, no 5 GHz TX power, no Wave2 support, no 802.11w support.. there are lots of other wireless protocol improvements that have been missing for a long time.
 
squeeze
Member Candidate
Member Candidate
Posts: 145
Joined: Thu Mar 22, 2018 7:53 pm

Re: WPA3 on existing Mikrotik routers/APs

Wed Jun 27, 2018 3:42 pm

The big question is how long will it take Mikrotik to implement WPA3? We have no 802.11ac spectral scan, no 5 GHz TX power, no Wave2 support, no 802.11w support.. there are lots of other wireless protocol improvements that have been missing for a long time.

I must be missing something: there's dual band spectral scan with The Dude, I can change 5GHz "Tx Power" with "manual tx-power", and there is support for Management Protection though it is proprietary.

Wave2 is more of a feature than a requirement.

You make a good point about 802.11w support though. Isn't that required even to be certified for WPA2 now or do they just require any PMF implementation? Are clients required to use it too or just APs?
 
R1CH
Forum Guru
Forum Guru
Posts: 1101
Joined: Sun Oct 01, 2006 11:44 pm

Re: WPA3 on existing Mikrotik routers/APs

Wed Jun 27, 2018 7:50 pm

Hmm I just looked it up, 802.11w is actually required for 802.11ac certification, so Mikrotik is technically shipping uncertified implementations :D. Hopefully they don't ignore it for WPA3 too.

Regarding my other points - with spectral scan I meant an actual RF scan of the frequency, not a simple probe request to see neighboring APs. This is possible on 2.4 GHz but not 5 GHz and is an often requested feature (see viewtopic.php?t=89696). 5 GHz TX power can be configured, but the current power used is not shown anywhere - these numbers are adjusted by the radio depending on country, antenna gain etc, but it simply appears empty for 5 GHz radios (https://i.imgur.com/Jt3wu00.png).
 
squeeze
Member Candidate
Member Candidate
Posts: 145
Joined: Thu Mar 22, 2018 7:53 pm

Re: WPA3 on existing Mikrotik routers/APs

Wed Jun 27, 2018 11:34 pm

Looks like very good news from upstream and others regarding WPA3, from customer perspective: https://www.snbforums.com/threads/bette ... ort.47434/

Quoting:
The WPA3 Certification announced yesterday revealed that only one of the four mechanisms described when WPA3 was first announced earlier this year is included in the Certification.

The mandatory Simultaneous Authentication of Equals (SAE) method replaces WPA2's four-way session key generating "handshake" that was vulnerable to the KRACK attack and offers protection against dictionary attacks in general. Since it occurs only during the AP-STA authentication process, SAE doesn't significantly increase processor load.

The upshot is that this watered-down definition of WPA3 should be able to be added to devices that currently support WPA2. So rip-and-replacing all your current Wi-Fi gear to get improved security should not be necessary.

The "will they/won't they" (upgrade existing stuff) question now boils down to how vendors view the priority of supporting existing products vs. pumping out new stuff. So I asked Qualcomm, Linksys and NETGEAR for their official word on plans to support WPA3 on existing Wi-Fi products. The question posed to each was "Could you please comment on your plans to support WPA3 in existing products?".

Since Qualcomm is at the top (or bottom) of the Wi-Fi food chain, let's start with them.
...
Qualcomm said:
"Qualcomm expects to incorporate WPA3 security features into chipsets in summer 2018 for mobile devices beginning with the Qualcomm® Snapdragon™ 845 Mobile Platform and on all Wi-Fi networking infrastructure products. We are supporting WPA3 on new SW releases (per timeline indicated above). Any vendor who ports the latest SW release for any AP product we supply, will support WPA3. This would include IPQ40xx family."

This felt a little wiggly, so I asked for confirmation whether WPA3 will eventually be supported "in all Wi-Fi devices in Qualcomm's current catalog and going forward, both AP and STA (client) devices". The response:

Qualcomm said:
"Any network infrastructure product (based on AR,QCA,IPQ chip/set) that ships, starting this summer, will support WPA3. Any mobile device SD845 or higher, supports WPA3."
...
Linksys said:
”Linksys plans to support next generation WPA3 security. This functionality is highly dependent on the Wi-Fi chipset provider, thus support will be on a case-by-case basis. If legacy products are supported, Linksys will deploy automatic firmware updates to all enabled products. In many cases, WPA3 support will be offered in newer chipset and products. More details will be released at time of availability.”
....
NETEAR said:
"We (NETGEAR) are working with our partners integrating latest security protocol WPA3 in our home networking products. We will inform media and customers when this update is available. Based on our investigations, we deem that it’s highly likely that the majority of products should be able to make use of the feature by updating firmware on existing product.

WPA3 has two components – Personal and Enterprise. Our statements are only in context of Personal WPA3. Enterprise version is supposed to add 192-bit encryption and may impact hardware."

I belatedly reached out to ASUS and will update this post with their response when I receive it.
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19251
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: WPA3 on existing Mikrotik routers/APs

Wed Sep 12, 2018 1:08 am

Widely adopted features eventually do get integrated, if market demands it. We will see how it goes. Your new device has free upgrades for life.
I would think that Security demands it, to a certain degree.
If SAE removes vulnerabilities in WPA2, then it should be a no-brainer.
I would be rather sad if the new Cap ACs recently purchased were not capable of hosting the new standard.
 
muetzekoeln
Member Candidate
Member Candidate
Posts: 167
Joined: Fri Jun 29, 2018 2:34 pm

Re: WPA3 and EAP-PWD on existing Mikrotik routers/APs

Fri Apr 12, 2019 12:53 pm

+1 for WPA3
and EAP-PWD (RFC5931) for WPA2 would be very useful also.

Of course both with the latest patches against dragonblood attack.

OpenWRT has both, implemented in software!
 
User avatar
Kamaz
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Sun Apr 30, 2017 9:35 am

Re: WPA3 on existing Mikrotik routers/APs

Thu Oct 31, 2019 9:45 am

+1 for WPA3
 
clementchang
just joined
Posts: 2
Joined: Wed Nov 20, 2019 10:49 am

Re: WPA3 on existing Mikrotik routers/APs

Mon Apr 06, 2020 12:50 pm

How about WPA3 on Mikrotik routers in 2020 ?

Best regards,
 
NoahDarby
just joined
Posts: 3
Joined: Sun May 17, 2020 8:16 pm

Re: WPA3 on existing Mikrotik routers/APs

Tue Aug 04, 2020 5:14 am

How about WPA3 on Mikrotik routers in 2020 ?

Best regards,
I too wondering about this myself. I recently bought the MikroTik cAP ac Dual-band 802.11ac Wireless Access Point (RBcAPGi-5acD2nD-US) so I can play around with it. Current firmware only supports WPA/WPA2 Personal and Enterprise. I know WPA3 ever evolving but would be nice to know if Mikrotik going to support it anytime soon. Even as beta I'd love to see it.
 
User avatar
Kamaz
Frequent Visitor
Frequent Visitor
Posts: 62
Joined: Sun Apr 30, 2017 9:35 am

Re: WPA3 on existing Mikrotik routers/APs

Tue Sep 29, 2020 1:49 am

+1 for WPA3
 
santyx32
Member Candidate
Member Candidate
Posts: 215
Joined: Fri Oct 25, 2019 2:17 am

Re: WPA3 on existing Mikrotik routers/APs

Tue Sep 29, 2020 3:27 am

+1 WPA3 Personal (not sure about Enterprise) can be implemented through software, no performance impact.

PD: I use it on OpenWrt
 
TimurA
Member Candidate
Member Candidate
Posts: 199
Joined: Sat Dec 15, 2018 6:13 am
Location: Tashkent
Contact:

Re: WPA3 on existing Mikrotik routers/APs

Tue Sep 29, 2020 7:31 am

2020, and Mikrotik still doesn't have WPA3.
 
Yekver
just joined
Posts: 18
Joined: Fri Jan 31, 2014 9:47 pm

Re: WPA3 on existing Mikrotik routers/APs

Sat Jan 02, 2021 9:28 pm

Does Mikrotik has any roadmap to implement WPA3 in 2021?
 
LSan83
Frequent Visitor
Frequent Visitor
Posts: 66
Joined: Fri Aug 10, 2018 11:35 am
Location: Italy

Re: WPA3 on existing Mikrotik routers/APs

Sat Jan 02, 2021 9:56 pm

Does Mikrotik has any roadmap to implement WPA3 in 2021?
They already do it. Wpa3 is on wave2 optional driver for ros 7.1beta3.
 
User avatar
NetVicious
Member Candidate
Member Candidate
Posts: 128
Joined: Fri Nov 13, 2009 3:30 pm
Location: Spain

Re: WPA3 on existing Mikrotik routers/APs

Sun Jan 03, 2021 8:59 pm

7.1? Where it's 7.0 ? ;-)
 
cenizass
just joined
Posts: 6
Joined: Mon Dec 14, 2020 7:01 pm

Re: WPA3 on existing Mikrotik routers/APs

Mon Jan 04, 2021 3:29 am

Hi. I wonder, the wave2 driver is installed by default in 7.1.beta3 or do I have to activate it in some way?
I just read that it says "cli only" and I don't see wpa3 options

Cheers
fernando
 
mducharme
Trainer
Trainer
Posts: 1777
Joined: Tue Jul 19, 2016 6:45 pm
Location: Vancouver, BC, Canada

Re: WPA3 on existing Mikrotik routers/APs

Mon Jan 04, 2021 3:47 am

Hi. I wonder, the wave2 driver is installed by default in 7.1.beta3 or do I have to activate it in some way?
I just read that it says "cli only" and I don't see wpa3 options
It is an optional package.. you have to download the all packages.zip file and you'll find it in there.
 
User avatar
erkexzcx
Member Candidate
Member Candidate
Posts: 263
Joined: Mon Oct 07, 2019 11:42 pm

Re: WPA3 on existing Mikrotik routers/APs

Mon Jan 04, 2021 11:49 am

Talking about WPA3 security: https://arstechnica.com/information-tec ... passwords/
As long as clients are in transitional mode, they will connect to the WPA2-only access point. As soon as that happens, attackers have the four-way handshake.
 
Chiara
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Thu Jul 23, 2015 3:47 pm

Re: WPA3 on existing Mikrotik routers/APs

Mon Dec 13, 2021 3:54 pm

I've just downloaded the package but cannot find it:
all_packages-mipsbe-7.1/
├── calea-7.1-mipsbe.npk
├── gps-7.1-mipsbe.npk
├── iot-7.1-mipsbe.npk
├── lte-7.1-mipsbe.npk
├── tr069-client-7.1-mipsbe.npk
└── user-manager-7.1-mipsbe.npk

Any guide to enable this feature ?
Thanks, BR
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11534
Joined: Thu Mar 03, 2016 10:23 pm

Re: WPA3 on existing Mikrotik routers/APs

Mon Dec 13, 2021 3:59 pm

wave2 hardware is only available on ARM architecture. Hence no wave2 driver package for mipsbe.
 
Chiara
Frequent Visitor
Frequent Visitor
Posts: 72
Joined: Thu Jul 23, 2015 3:47 pm

Re: WPA3 on existing Mikrotik routers/APs

Mon Dec 13, 2021 4:09 pm

I'll try it on the Audience.
Thank you for fast reply,
BR
 
R1CH
Forum Guru
Forum Guru
Posts: 1101
Joined: Sun Oct 01, 2006 11:44 pm

Re: WPA3 on existing Mikrotik routers/APs

Mon Dec 13, 2021 5:15 pm

OpenWRT also works great on older devices if you don't need RouterOS, I have a hAP AC2 and wAP ACs running OpenWRT which gives modern wireless drivers and WPA3, 802.11r, etc.

Who is online

Users browsing this forum: Bing [Bot], GoogleOther [Bot], rcarreira88 and 54 guests