Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 836423

Summary: net-wireless/wpa_supplicant-2.10 no longer connects to my wifi - wpa_parse_wpa_ie_rsn: invalid group cipher 0x8 (000fac02)
Product: Gentoo Linux Reporter: igel <mathiaswe>
Component: Current packagesAssignee: Rick Farina (Zero_Chaos) <zerochaos>
Status: UNCONFIRMED ---    
Severity: normal CC: c4pp4, floppym, pacho
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description igel 2022-03-30 12:54:36 UTC
I recently upgraded my wpa_supplicant from 2.9 to 2.10 and my laptop stopped connecting to my WPA2-PSK wifi at home. Switching back to 2.9 fixed the issue for me, but that ebuild is no longer in the official portage tree.

Reproducible: Always

Steps to Reproduce:
1. install net-wireless/wpa_supplicant-2.10
2. reboot
Actual Results:  
does not connect to wifi

Expected Results:  
connects to wifi

the log file for 2.10 claims:
wpa_parse_wpa_ie_rsn: invalid group cipher 0x8 (000fac02)
wpa_parse_wpa_ie_rsn: invalid group cipher 0x8 (000fac02)
wifi:    skip RSN IE - parse failed

while the 2.9 logfile correctly states
wifi:    selected based on RSN IE

so something is up with the WPA2 parse. Since I changed nothing else in the system, I conclude that it's a problem with wpa_supplicant-2.10. I submitted a bug-report upstream to their mailing list, but my issue with Gentoo right now is that the ebuild for 2.9 is no longer in the tree so others having this problem are going to be in a pickle.
Comment 1 Mike Gilbert gentoo-dev 2022-03-31 01:46:36 UTC
Try enabling the "tkip" USE flag. Alternatively, enable CCMP (AES) on your home wifi.
Comment 2 Marcus 2022-03-31 05:02:54 UTC
I was also just bitten by this. I'm not using tkip on my access points, they're all using AES.

wpa_parse_wpa_ie_rsn: invalid group cipher 0x8 (000fac02)
wpa_parse_wpa_ie_rsn: invalid group cipher 0x8 (000fac02)

There's a forum thread about it currently as well.

https://forums.gentoo.org/viewtopic-t-869609-start-0.html

I've also downgraded and masked anything higher than 2.9-r8.
Comment 3 Marcus 2022-03-31 05:17:46 UTC
https://forums.gentoo.org/viewtopic-t-1147832.html

Apologies, link to forum thread before was unrelated this is the correct link.
Comment 4 igel 2022-03-31 09:39:05 UTC
upstream also suggested to configure the AP to not use TKIP no more since something called the Wi-Fi alliance deemed TKIP unsafe.

I'm not sure if the wpa_supplicant ebuild already warns about this issue -- when upgrading @world, I often have trouble keeping up with the information printed by any of the installed ebuilds...
Comment 5 igel 2022-04-18 16:14:51 UTC
yeah, so after reading the forum posts and conversing with upstream, I just enabled the tkip useflag and 2.10 does what it's supposed to now. I guess this can be closed, but someone please make sure that users are aware of the issue when upgrading from 2.9.
Comment 6 Pacho Ramos gentoo-dev 2022-04-18 16:48:22 UTC
I agree that a warning should be emitted as it is not nice to see that you cannot connect to the network after updating

I also suffered this when needed to connect to the lab wifi and I couldn't :/