If ifconfig_wlan0 includes NOAUTO and if open networks are within range, then ifconfig wlan0 up results in association with an open network; one that is not specified in /etc/wpa_supplicant.conf ### Environments First observed with FreeBSD 14.0-CURRENT. Reproducible at another computer with 13.0-RELEASE-p3, with /etc/wpa_supplicant.conf comprising the lines below (psk not disclosed): ---- ctrl_interface=/var/run/wpa_supplicant eapol_version=2 ap_scan=1 fast_reauth=1 network={ ssid="piano" scan_ssid=0 psk="…" priority=5 } # network={ # priority=0 # key_mgmt=NONE # } ---- /etc/rc.conf comprises: ---- hostname="mowa219-gjp4-ev631-freebsd-13" keymap="uk.kbd" wlans_iwn0="wlan0" ifconfig_wlan0="WPA DHCP NOAUTO" ifconfig_wlan0_ipv6="inet6 accept_rtadv" create_args_wlan0="country GB regdomain ETSI" ifconfig_re0="DHCP" ntpdate_enable="YES" ntpd_enable="YES" dumpdev="AUTO" savecore_enable="YES" sddm_enable="NO" dbus_enable="NO" kld_list="i915kms"
> … association with an open network; > one that is not specified in /etc/wpa_supplicant.conf For example (ether ID not disclosed): wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 ether ⋯:⋯:⋯:⋯:⋯:⋯ inet 10.28.1.6 netmask 0xfffffff0 broadcast 10.28.1.15 groups: wlan ssid BTWi-fi channel 1 (2412 MHz 11g ht/20) bssid 5e:b1:3e:31:03:c3 regdomain ETSI country GB authmode OPEN privacy OFF txpower 30 bmiss 10 scanvalid 60 protmode CTS ampdulimit 64k ampdudensity 4 -amsdutx amsdurx shortgi -stbc -ldpc -uapsd wme parent interface: iwn0 media: IEEE 802.11 Wireless Ethernet MCS mode 11ng status: associated nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Created attachment 226193 [details] BTWi-fi (authmode OPEN privacy OFF) and other networks, viewed with WiFi Networks Manager (In reply to Graham Perrin from comment #1) > … > ssid BTWi-fi channel 1 (2412 MHz 11g ht/20) bssid 5e:b1:3e:31:03:c3 > regdomain ETSI country GB authmode OPEN privacy OFF txpower 30 > … Screenshot of WiFi Networks Manager (net-mgmt/wifimgr), to show the unwanted connection in context. The application was started after connection was made.
Can wlandebug(8) help? /usr/sbin/wlandebug <https://www.freebsd.org/cgi/man.cgi?query=wlandebug&sektion=8&manpath=FreeBSD+14.0-current>
Same problem here on 13.1-RELEASE. Not only the computer connects to a random unprotected network when available, but it also won't connect to the requested (protected) network, while everything works as expected without NOAUTO. It looks like wpa_supplicant isn't called when starting the interface manually, although the option WPA is set for ifconfig_wlan0 in /etc/rc.conf. See https://forums.freebsd.org/threads/setting-up-wlan-ready-to-connect-without-connecting-at-boot.86120/
I wonder whether installing security/wpa_supplicant can work around this bug. <https://www.freshports.org/security/wpa_supplicant/> Now installed, although I might not find time to test in the near future. bsduck, would you like to try? TIA
I also noticed the additional entry of an open network connection wpa_supplicant after installing FreeBSD 14-RC2 today, specifically after I connected to my own WPA protected network. I wasn’t expecting to see an additional entry in the network config to connect to an open network (regardless if it has a lower priority). The machine should not connect to open networks by default.
Created attachment 247184 [details] Associated with an unknown, open, non-private network following 'ifconfig wlan0 up' (In reply to Graham Perrin from comment #0) > wlans_iwn0="wlan0" Reproducible with iwm(4) on FreeBSD 15.0-CURRENT. Associated with ssid "EE WiFi", I have no idea whose router this is.
(In reply to Jonathan Vasquez from comment #6) > … after installing … I wasn’t expecting … config to connect to an > open network … should not connect to open networks by default. base 2118f3873fdc9d9a08978465a3173b755f0d5e61 (2011-02-18) was the import of bsdinstall. GitHub URLs provide focused views. Current permalink: <https://github.com/freebsd/freebsd-src/blob/5a5c2279813012882e59aa7bb51d50c5baba3b1e/usr.sbin/bsdinstall/scripts/wlanconfig#L347-L353> # Connect to any open networks policy cat >> "$BSDINSTALL_TMPETC/wpa_supplicant.conf" <<EOF network={ priority=0 key_mgmt=NONE } EOF Installing (by default) a policy that allows connection to open networks with no privacy does seem inconsistent with the more modern wish to promote FreeBSD as 'Secure by Design': <https://freebsdfoundation.org/freebsd-project/what-is-freebsd/#advgb-col-b7076404-fff9-411c-91f5-d6b0d928c81f> | <https://web.archive.org/web/20240703051329/https://freebsdfoundation.org/freebsd-project/what-is-freebsd/> > FreeBSD is renowned for security … ---- Unfortunately, I can't recall whether the unwanted policy was in my wpa_supplicant.conf when I made comment #7. Certainly, it's not there now. It took more than three years for me to join the dots, to realise what's wrong. Now if I understand correctly: - NOAUTO works as expected, in the originally given context - the essence of the bug – unwanted (unexpected) Wi-Fi connections to open networks – is bsdinstall – maybe with the code originating somewhere in archaic sysinstall. Presumably during an era when security and privacy were not foremost in developers' minds. If this is (now) definitely a security bug, then, I guess it should be: - normal priority - cc secteam@ HTH
^Triage: clear unneeded flags. Nothing has yet been committed to be merged.