Support for WPA3?

I recently found out the raspberry pi still doesn’t support WPA3-Personal natively and the kernel needs compiled to support it.

Does the Vero 4k/4k+ support WPA3? As in just WPA3 (SAE instead of PSK) rather than WPA3 with WPA2 fallback.

I am not near mine to test.


It looks like newer versions of ConnMan support this:

Currently we ship version 1.4.0, but we can look at updating it in the near future.


1 Like

Thank you for the fast response Sam! I hope this can be included soon.

In the mean time I can connect my Vero on a guest network with WPA2 fallback support, but ideally I would love to include it back into my secured main network.

If you want to do some testing I can make that available for you, but we may also need newer versions of WPA Supplicant as well.


Sure, whenever you have a test branch ready I can do some testing for you.


I’ve updated ConnMan to 1.41. See:

I’d appreciate it if you could test this and provide feedback before we potentially release this as an update to other users. To test this update:

  1. Login via the command line
  2. Run the following command to add the staging repository:
    echo 'deb bullseye-devel main' | sudo tee /etc/apt/sources.list.d/osmc-devel.list
  3. Run the following commands to update: sudo apt-get update && sudo apt-get dist-upgrade && reboot
  4. Your system should have have received the update.

Please see if the issue is resolved.

I also recommend you remove /etc/apt/sources.list.d/osmc-devel.list after updating.

This will deactivate the staging repository. You can do so with the following command:
sudo rm /etc/apt/sources.list.d/osmc-devel.list.

Please note that we will automatically disable this update channel after 14 days on your device in case you forget to do so to ensure that your system reverts to the stable update channel.


Thank Sam,

If I use sudo rm /etc/apt/sources.list.d/osmc-devel.list reboot and apt upgrade, will this return OSMC to the stable branch with connman to the previous version?

I tried testing this evening with no luck. Before upgrading I managed to connect to my guest network which is using WPA3/WPA2, but after updating I had problems connecting to any network.

I can hopefully try again over the weekend. Please remind me how to enable logs and access them without an internet connection (via ssh).


I’d suggest attaching an Ethernet cable temporarily to make things eaier.


Thanks Sam, testing might have to wait until next weekend until I dig up a spare Ethernet cable.

I’m still having issues connecting to the WPA3/2 network on the Vero, but I remember wifi was always a bit hit or miss even with other routers and setups.

Can you advise in which logs I can find wifi debugging info? I imagine it will be mainly connman?

sudo iwconfig

that will provide some wifi info like signal strength etc

I’d try to connect via the command line using connmanctl.
This should give verbose output including reasons why a connection may not be established



Please excuse the delay in testing.

So I haven’t had any luck connecting to my main network (WPA3) or my guest network (WPA2/WPA3) using connmanctl 1.41-0 on my Vero 4k. However I have no issues connecting to the hotspot on my android phone (WPA2). The Vero is still the only device having issues connecting.

I’ve been using dmseg for debugging as I’m not sure how to enable debugging on connmanctl itself. I do the following;

$ connmanctl
connmanctl > scan wifi
connmanctl > agent on
connmanctl > services
    My SSID Name wifi_numbers_numbers_managed_psk
connmanctl > connect wifi_numbers_numbers_managed_psk
Agent RequestInput wifi_numbers_numbers_managed_psk
Passphrase? myalphanumericpassphrase
Agent ReportError wifi_numbers_numbers_managed_psk
Agent request cancelled by ConnMan
Error /net/connman/service/wifi_numbers_numbers_managed_psk: Input/output error

And in dmesg is see the following;

[ 3664.056203] wl_run_escan: LEGACY_SCAN sync ID: 73, bssidx: 0
[ 3668.427813] Connecting with xx.xx.xx.xx.xx.xx ssid "My SSID Name", len (20) channel=2

[ 3668.429749] dhd_dbg_start_pkt_monitor, 1724
[ 3668.555129] wl_iw_event: Link UP with xx.xx.xx.xx.xx.xx
[ 3668.555188] wl_bss_connect_done succeeded with xx.xx.xx.xx.xx.xx 
[ 3668.576559] CFG80211-ERROR) wl_cfg80211_add_key : WLC_SET_KEY error (-8)
[ 3668.577524] CFG80211-ERROR) wl_cfg80211_disconnect : Reason 1
[ 3668.577575] dhd_dbg_stop_pkt_monitor, 1963
[ 3668.580155] wl_iw_event: Link Down with xx.xx.xx.xx.xx.xx, reason=2
[ 3668.580431] CFG80211-ERROR) wl_is_linkdown : Link down Reason : WLC_E_LINK
[ 3668.580754] link down if wlan0 may call cfg80211_disconnected. event : 16, reason=2 from xx.xx.xx.xx.xx.xx
[ 3668.580849] dhd_dbg_stop_pkt_monitor, 1963
[ 3668.583581] CFG80211-ERROR) wl_is_linkdown : Link down Reason : WLC_E_DEAUTH
[ 3668.650191] CFG80211-ERROR) wl_cfg80211_del_key : WLC_SET_KEY error (-8)
[ 3668.651599] CFG80211-ERROR) wl_cfg80211_del_key : WLC_SET_KEY error (-8)
[ 3668.658133] CFG80211-ERROR) wl_cfg80211_del_key : WLC_SET_KEY error (-8)
[ 3668.659757] CFG80211-ERROR) wl_cfg80211_del_key : WLC_SET_KEY error (-8)
[ 3668.779990] CFG80211-ERROR) wl_is_linkdown : Link down Reason : WLC_E_DEAUTH
[ 3668.980995] CFG80211-ERROR) wl_is_linkdown : Link down Reason : WLC_E_DEAUTH
[ 3669.382955] CFG80211-ERROR) wl_is_linkdown : Link down Reason : WLC_E_DEAUTH

And iwconfig, although obviously not connected

wlan0     IEEE 802.11  ESSID:""  
          Mode:Master  Frequency:2.412 GHz  Access Point: Not-Associated   
          Bit Rate:96 Mb/s   Tx-Power:32 dBm   
          Retry min limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
          Link Quality=5/5  Signal level=-2 dBm  Noise level=0 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

In the logs of my router I have this when the connection fails

Feb 23 20:50:20 wlceventd: wlceventd_proc_event(505): wl0.2: Auth xx.xx.xx.xx.xx.xx, status: Successful (0)
Feb 23 20:50:20 hostapd: wl0.2: STA xx.xx.xx.xx.xx.xx IEEE 802.11: associated
Feb 23 20:50:20 wlceventd: wlceventd_proc_event(534): wl0.2: Assoc xx.xx.xx.xx.xx.xx, status: Successful (0)
Feb 23 20:50:20 kernel: CFG80211-ERROR) wl_cfg80211_change_station : WLC_SCB_AUTHORIZE sta_flags_mask not set 
Feb 23 20:50:20 hostapd: wl0.2: STA xx.xx.xx.xx.xx.xx RADIUS: starting accounting session 28794BED8421390A
Feb 23 20:50:20 hostapd: wl0.2: STA xx.xx.xx.xx.xx.xx WPA: pairwise key handshake completed (RSN)
Feb 23 20:50:21 kernel: wl0: random key value: 1C81CCA5B516180A729E032D4C8A993A3EB85AA12B9504E40C4D664D1C18E0A2
Feb 23 20:50:21 wlceventd: wlceventd_proc_event(469): wl0.2: Deauth_ind xx.xx.xx.xx.xx.xx, status: 0, reason: Station requesting (re)association is not authenticated with responding station (9)
Feb 23 20:50:21 wlceventd: wlceventd_proc_event(486): wl0.2: Disassoc xx.xx.xx.xx.xx.xx, status: 0, reason: Disassociated because sending station is leaving (or has left) BSS (8)
Feb 23 20:50:21 hostapd: wl0.2: STA xx.xx.xx.xx.xx.xx IEEE 802.11: disassociated

I’m not sure if these logs are sufficient, so let me know how I can enable debugging, or find more logs.

What’s the make and model of the router?

I might be able to test with a TP-Link router here.

Its an ASUS RT-AX92U running asuswrt-merlin 388.1, although this issue persisted on the stock firmware too.

And just to clarify my configuration; I have two separate guest networks, one for 2.4Ghz and one for 5Ghz with both configured for WPA2/WPA3, as well as my separate main network using WPA3 and Tri-band ‘smart connect’.

The above logs are when trying to connect to the 2.4Ghz network, although all three connections fail.

WPA2 should definitely work. Is it possible to temporarily disable WPA3 for a few minutes and see if this improves the behaviour?

Should it do so – I can investigate further with some WPA3 testing here.

Many thanks


Just wanted to say that WPA2/WPA3 is working flawlessly for me now that I updated to the June release. A big thank you to the team. You can close this thread as solved.

1 Like

I have reverted the commit in newer versions of ConnMan that enable WPA3 support for now, as this seems to be causing issues.

I’ll monitor it and reimplement in the near future when it is ready

Ahh ok, I guess I am connecting via WPA2 then. I look forward to WPA3 support, but even having the WPA2 fallback working is good enough for now.

1 Like