Getting 802.11r Fast Transition working with WPA(2)-Enterprise is quite painful. There is information on the forums, but things have changed quite a bit during the last few years. These are notes mostly for my own benefit.
Tricky bits as of OpenWRT 23.05 (in Luci "WLAN roaming" tab of wireless network settings):
- NAS Id should be set to something unique, like the name of the AP.
- Mobility domain defaults to a sane value. Leave it empty.
- Reassociation deadline's default of 1000 is bad. Apparently Cisco uses 20000 here, setting that appears to be helpful.
- FT Protocol "Over the air" is the good setting.
If you're using WPA2-PSK, check "Generate PMK locally" and you're done. Save&apply and it should just work.
Otherwise continuing for WPA2-Enterprise and probably WPA3 (untested) with "locally" unchecked:
- R1 Key holder default is fine (= BSSID), leave it empty.
- PMK R1 Push must be unchecked (the default).
- R0 Key holder list should have only
ff:ff:ff:ff:ff:ff,*,<random 128-bit or 256-bit hex key>. Many tutorials tell you to insert your APs manually here, but using only the wildcard avoids a world of pain. The R0 Key holders will auto-discover each other through broadcasts (with OpenWRT every AP will be an R0 key holder, probably unlike most enterprise gear). Obviously same key on every AP. - R1 key holder list should have only
00:00:00:00:00:00,00:00:00:00:00:00,<random key as above>. Same deal as with R0KH.
At this point even Android should finally be happy and you should see AP-STA-CONNECTED ... auth_alg=ft in OpenWRT logs.