My Intel AX201/Ubuntu 20.04 was getting hit hard by the PTK0 rekey issue:
traffic would slow down to dialup speeds after the first rekey. Fixing this and having the fix work with NetworkManager
requires recompiling wpa_supplicant with a patch. Steps:
- Get current Ubuntu/Debian source:
apt-get source wpasupplicant - Get latest version:
git clone git://w1.fi/hostap.git - Install packaged version config:
cp wpa-2.9/debian/config/wpasupplicant/linux hostap/wpa_supplicant/.config - Save below patch to
supplicant.patchand apply:patch -p1 < supplicant.patch - Rebuild supplicant:
cd hostap/wpa_supplicant && make - Move original binary aside (as root):
mv /sbin/wpa_supplicant /sbin/wpa_supplicant.orig - Copy new binary and restart (as root):
cp wpa_supplicant /sbin && systemctl restart wpa_supplicant - Prevent automatic updates that would wipe the custom version (as root):
apt-mark hold wpasupplicant(remember to manually check for updates occasionally)
Patch to force alternate rekey method for all networks (since NetworkManager can't set this per-network):
diff --git a/wpa_supplicant/config.c b/wpa_supplicant/config.c
index 0b4a66ad7..482d25dc9 100644
--- a/wpa_supplicant/config.c
+++ b/wpa_supplicant/config.c
@@ -3033,7 +3033,9 @@ void wpa_config_set_network_defaults(struct wpa_ssid *ssid)
ssid->pairwise_cipher = DEFAULT_PAIRWISE;
ssid->group_cipher = DEFAULT_GROUP;
ssid->key_mgmt = DEFAULT_KEY_MGMT;
- ssid->wpa_deny_ptk0_rekey = PTK0_REKEY_ALLOW_ALWAYS;
+ // Change default to deal with Intel rekey fail
+ //ssid->wpa_deny_ptk0_rekey = PTK0_REKEY_ALLOW_ALWAYS;
+ ssid->wpa_deny_ptk0_rekey = PTK0_REKEY_ALLOW_NEVER;
ssid->bg_scan_period = DEFAULT_BG_SCAN_PERIOD;
ssid->ht = 1;
#ifdef IEEE8021X_EAPOL