On Fri, Nov 28, 2025 at 09:29:06AM +0100, Remi Locherer wrote:
> Yes it connects whrn I disable PMF for the SSID.
> --> openbsd-arista_pmf-disabled_r-optional.pcap

Thanks, that is good to know.  Nothing seems wrong in this case.
 
> > Are there any obvious AP settings for enabling the AKM "PSK"?
> > Could you try disabling fast-transition roaming (11k / 11r) in AP settings?
> > Perhaps this will switch "FT using PSK" to regular "PSK"?
> 
> No success when I disable 11r but keep 11w required. Also not with the
> patch below applied on top of the PMF patches.
> --> openbsd-arista_pmf-required_r-disabled.pcap

Now this AP is only advertising PSK 256, no PSK anymore.

And the AP doesn't even announce its management frame group cipher.
Not sure yet what to make of that. Maybe BIP is the implied default?

I'll put this on my todo list, But I won't treat this is a blocking problem
for PMF patches to start going in. This is an interop issue of the nature
to be expected when we start using a feature with code first written by
damien@ in 2009. It is remarkable how well it works across many APs already,
given that Damien probably never got to point of actually testing this code
with a driver. If he had any driver-side PMF code, it was never committed.