I'm trying to configure hostapd to dynamically set up a MACSEC channel after authentication.
From the sample hostapd.conf file, there is an entire section that talks about MACSEC configuration items, which says
##### MACsec ##################################################################
# macsec_policy: IEEE 802.1X/MACsec options
# This determines how sessions are secured with MACsec (only for MACsec
# drivers).
# 0: MACsec not in use (default)
# 1: MACsec enabled - Should secure, accept key server's advice to
# determine whether to use a secure session or not.
...
...
but for whatever reason when I try to set any of these parameters in /etc/hostapd/hostapd.conf, like macsec_policy=1, hostapd fails to start with an error.
The macsec kernel module is loaded:
root@machine:~# lsmod | grep macsec
macsec 49152 0
I'm using the latest hostapd (v2.10), how do I do configure MACSEC?
I've searched a ton online and seem some similar post insinuating that they were able to do it, like this one which even has excerpts from his config file.
What I don't understand though is that this post is a year old, and I'm using the latest hostapd, but it doesn't recognize some of those parameters when I try, for example:
eapol_version=3 gives:
Line 17: invalid EAPOL version (3): '3'.
1 errors found in configuration file '/etc/hostapd/hostapd.conf'
macsec_policy=1 gives:
Line 26: unknown configuration item 'macsec_policy'
1 errors found in configuration file '/etc/hostapd/hostapd.conf'
driver=macsec_linux gives:
Line 86: invalid/unknown driver 'macsec'
1 errors found in configuration file '/etc/hostapd/hostapd.conf'
I can't figure out why it doesn't recognize these options when there are other posts over a year old that seemed to do it just fine, hostapd has been at v2.10 since 2019 so this shouldn't be a version thing, right? What am I missing?
I have been working on this matter, and I think people are simply compiling different versions of Hostapd/WPA_Supplicant. Since the codebase is so extensive, there are many parameters you can add or remove to compile your own version of these tools.