Ap-sta-possible-psk-mismatch

Today Turris Omnia TOS 5.3.5. Turris omnia I registered in the time 15: 02 - 16:11 h. six time error on guest wifi 2.4Ghz. ? I tried to look for what it was and I didn’t find any specific solution. Apparently it’s a coincidence

Feb 10 15:51:36 Turris_JB hostapd: guest_turris_1: STA 1c:39:47:7c:7a:e1 IEEE 802.11: authenticated
Feb 10 15:51:36 Turris_JB hostapd: guest_turris_1: STA 1c:39:47:7c:7a:e1 IEEE 802.11: associated (aid 1)
Feb 10 15:51:36 Turris_JB hostapd: guest_turris_1: AP-STA-POSSIBLE-PSK-MISMATCH 1c:39:47:7c:7a:e1
Feb 10 15:51:37 Turris_JB hostapd: guest_turris_1: AP-STA-POSSIBLE-PSK-MISMATCH 1c:39:47:7c:7a:e1
Feb 10 15:51:38 Turris_JB hostapd: guest_turris_1: AP-STA-POSSIBLE-PSK-MISMATCH 1c:39:47:7c:7a:e1
Feb 10 15:51:39 Turris_JB hostapd: guest_turris_1: AP-STA-POSSIBLE-PSK-MISMATCH 1c:39:47:7c:7a:e1
Feb 10 15:51:45 Turris_JB hostapd: guest_turris_1: STA 1c:39:47:7c:7a:e1 IEEE 802.11: deauthenticated due to local deauth request

In my case, I was wondering why Foris/reForis are showing all dhcp leases correctly, while Luci shown all dynamic leases as expired. So i’ve checked “dhcp.lease” and “dhcp.lease.dynamic” files and make some changes (removed all expired ones from “dhcp.lease” files). After that I’ve checked logs and seen this “AP-STA-POSSIBLE-PSK-MISMATCH” messages (maybe those were present before my changes in lease files, i do not know). I’ve notice that 2,4G AP(regular) is having same mac address as 2,4G AP(guest).

So i’ve looked around OpenWRT/Turris and other forums for solution. Many users suggested to use
wpa_group_rekey=86400 together with disassoc_low_ack=0 and wpa_strict_rekey=1 eventually in combo with skip_inactivity_poll and max_inactivity.

I’ve tried to use suggested options. Nothing helped.
At the end 2,4G regular AP is having wpa_group_rekey=86400 together with disassoc_low_ack=0 , while guest AP is having wpa_group_rekey=86400 together with disassoc_low_ack=1.

I had to rollback to previous snapshot (as in my case any changes in wireless uci config cause no wifi is working due not associated/not active device.)

After reboot to previous snapshot, all lease files were fine, each AP has own mac address and suprisingly no more errors about PSK-mismatch. Instead of those i have now correct disassociate/associate messages each 6 minutes.

In fact i did not change any configuration (resp. i am using same setup as before). So i am little bit confused, what actually solved this issue. , I think that it has to be related to lease files somehow … )

What i also notice, that while having PSK-mismatch messages, all dhcp clients overview shown just IP. After rollback all were shown with IP and MAC (as defined in “hostnames” in luci).

Aside of that 5G AP now uses DFS and changes dynamically frequencies/channels on-fly (before that i had just one channel picked during radio init and it stays like that until wireless restart or router reboot).

Just to be clear, I’ll remind you of something that has been dragging on for years. Any change in LAN reForis (DHCP max leases, Lease time) will break (delete) the Statics Leases table in Luci.

Yeah, should we consider deleting Static Leases in Luci after touching LAN in Reforis as feature or bug, to be fixed?

I would say you ventilated it once or twice on the forum - I will send an email to support

I strictly allow clients on Statics Leases to WLAN, their number is exactly equal to DHCP max leases (reForis).

Because I know this “property”, I have several spare positions in this list with a non-existent MAC address. This is so that with a new client added to the WLAN, I do not have to change the number of DHCP max leases in the reForis settings Network settings - LAN - DHCP max leases and thus delete the mentioned list

Issue added to GitHub

This topic was automatically closed after 60 days. New replies are no longer allowed.