'association took too long' 'ssid-not-found' When Connecting To Hidden Wifi Network

I recently replaced the hard drive in my laptop, so I performed a fresh install of Fedora 32. Yet, I encountered an issue when trying to connect my laptop to my hidden wireless network.

My wireless network is hidden and filters on MAC addresses. I do not think the access point’s MAC filtering is the problem, as:

  • I can disable the MAC filtering and the connection still fails; and
  • I can disable hiding the network while keeping MAC filtering enabled, and the laptop successfully connects.

When I attempt to connect to my hidden network, it hangs for ~25 seconds in the scanning phase and then fails activation. The below is from the output of “journalctl -lf”:

NetworkManager[1429]: <info>  [1594854004.0972] device (wlp58s0): supplicant interface state: disconnected -> scanning
NetworkManager[1429]: <info>  [1594854004.0973] device (p2p-dev-wlp58s0): supplicant management interface state: disconnected -> scanning

NetworkManager[1429]: <warn>  [1594854029.3235] device (wlp58s0): Activation: (wifi) association took too long, failing activation
NetworkManager[1429]: <info>  [1594854029.3236] device (wlp58s0): state change: config -> failed (reason 'ssid-not-found', sys-iface-state: 'managed')

If I disable hiding the network, I instead see it continuing on, successfully:

NetworkManager[1429]: <info>  [1594852848.2508] device (wlp58s0): supplicant interface state: disconnected -> scanning
NetworkManager[1429]: <info>  [1594852848.2509] device (p2p-dev-wlp58s0): supplicant management interface state: disconnected -> scanning

wpa_supplicant[1542]: wlp58s0: SME: Trying to authenticate with 00:00:00:00:00:01 (SSID='MyNetwork' freq=2442 MHz)
kernel: wlp58s0: authenticate with 00:00:00:00:00:01

My NetworkManager configuration shows that I have configured this connection to know about the network being hidden (see the 17th line in the below output).

$ nmcli connection show MyNetwork | grep 802-11-wireless
connection.type:                        802-11-wireless
802-11-wireless.ssid:                   MyNetwork
802-11-wireless.mode:                   infrastructure
802-11-wireless.band:                   --
802-11-wireless.channel:                0
802-11-wireless.bssid:                  --
802-11-wireless.rate:                   0
802-11-wireless.tx-power:               0
802-11-wireless.mac-address:            00:00:00:00:00:02
802-11-wireless.cloned-mac-address:     permanent
802-11-wireless.generate-mac-address-mask:--
802-11-wireless.mac-address-blacklist:  --
802-11-wireless.mac-address-randomization:default
802-11-wireless.mtu:                    auto
802-11-wireless.seen-bssids:            00:00:00:00:00:01
802-11-wireless.hidden:                 yes
802-11-wireless.powersave:              0 (default)
802-11-wireless.wake-on-wlan:           0x1 (default)
802-11-wireless-security.key-mgmt:      wpa-psk
802-11-wireless-security.wep-tx-keyidx: 0
802-11-wireless-security.auth-alg:      --
802-11-wireless-security.proto:         --
802-11-wireless-security.pairwise:      --
802-11-wireless-security.group:         --
802-11-wireless-security.pmf:           0 (default)
802-11-wireless-security.leap-username: --
802-11-wireless-security.wep-key0:      <hidden>
802-11-wireless-security.wep-key1:      <hidden>
802-11-wireless-security.wep-key2:      <hidden>
802-11-wireless-security.wep-key3:      <hidden>
802-11-wireless-security.wep-key-flags: 0 (none)
802-11-wireless-security.wep-key-type:  unknown
802-11-wireless-security.psk:           <hidden>
802-11-wireless-security.psk-flags:     0 (none)
802-11-wireless-security.leap-password: <hidden>
802-11-wireless-security.leap-password-flags:0 (none)
802-11-wireless-security.wps-method:    0x0 (default)
802-11-wireless-security.fils:          0 (default)

Does anybody have a suggestion on how to troubleshoot this, please? My web and mailing list searches have not turned up anything helpful. Thanks!

(And yes, I’ve seen statements about how hiding SSIDs is just “security through obscurity” because it is so easy for an attacker to find it. I see this situation as more as “defense in depth” where, admittedly, the first layer of hiding the network is just not too deep. But that doesn’t make it totally useless.)

Configuring wifi.hidden is probably necessary, so that NetworkManager actively scans for the network. Apparently, then the experience with hidden networks is still bad. I’d suggest to enable wpa_supplicant debug logging and try to understand why it fails. Of course, this shouldn’t happen, and there is a bug to be fixed somewhere.

Hiding a network is like filtering ICMP messages. Sure, you can do that, but don’t be surprised if your experience suffers. Wi-Fi networks broadcast their availability for a reason.

Also, setting wifi.hidden makes NetworkManager included your SSID MyNetwork in every scan request. That means, your machine’s scan requests can be easily identified wherever you are. That means, the access point actively contributes to make it’s client trackable. Granted, you also set cloned-mac-address=permanent, so this isn’t a concern for you. I don’t think it’s “defense in depth”, if the layer provides that little defense. But OK, you already said you think it’s not useless.

Good luck!!

1 Like