How to use WPA3 with Ubuntu 20.04

20.04 network-manager wpa3

Having recently upgraded my Wifi router's firmware to one that supports WPA3, I tried to adjust the corresponding WiFi connection settings on my laptop running 20.04.1 by selecting "WPA3 Personal" on the 'Security' tab (the 'Details' tab shows that WPA3 support is advertised by the router as expected).

Despite deleting and re-creating the connection profile and multiple reboots, my laptop always connects over WPA2 (as reported by the router's UI). A telltale sign is that the drop-down setting on the 'Security' tab flips back to "WPA & WPA2 Personal".

My laptop's hardware supports WPA3; the router had to be setup in mixed mode (WPA2+WPA3) due to some legacy devices that don't yet support WPA3. My iPhone and other iOS devices immediately took advantage of WPA3 after the firmware upgrade.

Other WPA3 questions relate to 18.04; the version of network-manager (1.22.10) shipped with 20.04 ought to support WPA3 out of the box.


The cleanest way I found to fix this issue is to use nmcli.

Begin by identifying your existing wifi connection (we'll assume it's called mywifi):

nmcli conn show
NAME                                UUID                                  TYPE      DEVICE 
mywifi                              xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx  wifi      wlp1s0 
...other connections here...

We then use the nmcli interactive editor to fix the key-mgmt in use as follows:

nmcli conn edit xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx
===| nmcli interactive connection editor |===
Editing existing '802-11-wireless' connection: 'mywifi'

nmcli> print wifi-sec.key-mgmt
802-11-wireless-security.key-mgmt: wpa-psk

nmcli> describe wifi-sec.key-mgmt

=== [key-mgmt] ===
[NM property description]
Key management used for the connection.  One of "none" (WEP), "ieee8021x" (Dynamic WEP), "wpa-psk" (infrastructure WPA-PSK), "sae" (SAE) or "wpa-eap" (WPA-Enterprise).  This property must be set for any Wi-Fi connection that uses security.

nmcli> set wifi-sec.key-mgmt sae

nmcli> verify
Verify connection: OK

nmcli> save persistent
Connection 'mywifi' (xxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxx) successfully updated.

A reboot is likely required after this.

Background info:

"The WPA3 standard replaces the Pre-Shared Key exchange with Simultaneous Authentication of Equals" (SAE) per Wikipedia.

A quicker way to achieve the above is through direct manipulation of the connection file as follows:

sudo sed -i -e '/key-mgmt=/s,wpa-psk,sae,' /etc/NetworkManager/system-connections/mywifi.nmconnection

This is possibly a bug in NetworkManager's UI? If multiple users confirm, I'll raise a defect report.

Related

Connecting to 5 Ghz WiFi, whereas on 2.4 Ghz works just fine
Unable to set my screen resolution higher
how to disable the trackstick in dell?
How to set default font family for entire Android app
android on Text Change Listener
When is it appropriate to use UDP instead of TCP? [closed]
What is Shelving in TFS?
How can I remove an element from a list?
How to write LaTeX in IPython Notebook?
How do I concatenate two arrays in C#?
Keep only date part when using pandas.to_datetime
How to escape indicator characters (i.e. : or - ) in YAML