D-Link Forums

D-Link Wireless Routers for Home and Small Business => DIR-2660 => Topic started by: Chocofenix on August 14, 2020, 05:34:56 PM

Title: WPA options
Post by: Chocofenix on August 14, 2020, 05:34:56 PM
I updated my old iPhone to iOS 14, I have just noticed that it's flagging my network as not secure as it uses TKIP. In the router settings there's basically security on or off, without the option of saying WPA2A-AES (I wouldnt unrealistically expect WPA3)

I think this needs addressing prior to iOS14's release or D Link will get some angry customers with their somewhat expensive router being labelled not secure with no way of securing it.

I should probably also question that surely WPA1/TKIP shouldn't even be an option on the 5GHz network (where using separate names)?

Are there any beta firmwares available that perhaps give this option?


Thanks
Title: Re: WPA options
Post by: FurryNutz on August 14, 2020, 08:18:27 PM
Did this happen on iOS 13? iOS 14 is beta currently so there maybe issues with iOS beta vs D-Link FW.
What model iPhone are you using?

What FW version are you using on the DIR router?
Title: Re: WPA options
Post by: Chocofenix on August 15, 2020, 12:56:36 AM
Hey, thanks for the reply :)

It's not an error on the iPhone as such, it's a warning that the network is using TKIP authentication which is considered not secure, it's an iPhone SE so basically a 6s.

Apple have been getting increasingly stricter with security and certificates over the last couple of years - mobile device enrolment stuff requires full chain certificates as of iOS13 so I'm not overly surprised they're flagging TKIP.

The firmware is 1.11, and I tried a factory reset last night to see if it's something I did but no go


Many thanks
Title: Re: WPA options
Post by: FurryNutz on August 15, 2020, 07:39:46 AM
Please post a screenshot of this error.
Adding Screenshots In A Post (http://forums.dlink.com/index.php?topic=58120.0)

I just checked my 2660 with my iphone 6sP, iOS 13.6 Not seeing any errors with mine though I don't have iOS 14 loaded. It had been running the iOS13 beta stream up to a few months ago. Not sure if my 6sP is 14 compatible. I believe the phone is connected at WPA2 mode because the connection rate between the phone and DIR router is over 400Mpbs. I believe I would not see this if the mode was WPA.

Do you have any other wifi devices to compare or test with?
Title: Re: WPA options
Post by: Chocofenix on August 17, 2020, 04:46:22 AM
I cant attach at the moment as I'm at work and the phone with beta on is at home. but will upload later, however, this is more about the fact I want to br able to disable TKIP, and select the options for encryption and turn off compatibility modes. This cannot seem to be done with this router.

Its speeds are fine, I believe what it is doing is identifying that the network can be connected to via insecure methods. Which I wish to disable.


Many thanks
Title: Re: WPA options
Post by: FurryNutz on August 17, 2020, 08:21:01 AM
I would make contact with D-Link support and let them review this. I presume there maybe some possible bug in FW and or in iOS that maybe causing this. Something D-Link and Apple will need to review. Since your using a Beta iOS. Please reference this forum thread as well.

Selecting of different WPA options was removed years ago, 2013 era. Security modes have been mostly automatic since then.

Good Luck.
Title: Re: WPA options
Post by: Bildos on September 27, 2020, 12:49:25 PM
iPhone 7 - the same issue with iOS 14.0.1

 
Title: Re: WPA options
Post by: Bildos on September 27, 2020, 12:53:45 PM
I already spoke with support. Iím in shock: we canít control any encryption settings. Everything is out of our control - automatically.

Itís very disappointing as I canít disable weak encryption methods 🤢
Title: Re: WPA options
Post by: FurryNutz on September 27, 2020, 08:46:43 PM
Been like this since 2013 when the DIR-880L first came out with the new UI.  ::)

Over all I presume APPLE will need to work with wifi router mfrs to ensure there new iOS versions work for users with routers that automatically handle security modes.  :-\  If APPLE is making changes, then its up to them to ensure there products work right.
Title: Re: WPA options
Post by: GreenBay42 on September 28, 2020, 05:23:07 PM
Issue has been sent to the engineers. Seems like it auto-negotiated using TKIP before AES. I really wish they kept the options in like their older routers. Simplicity causes issues imo.
Title: Re: WPA options
Post by: GreenBay42 on September 28, 2020, 05:30:41 PM
Actually just got word this got fixed in iOS 14.2 beta.

EDIT: Maybe not...waiting for test results from a reliable source
Title: Re: WPA options
Post by: FurryNutz on September 28, 2020, 05:52:31 PM
 :o
Title: Re: WPA options
Post by: Bildos on October 01, 2020, 02:15:37 PM
Old and few times cheaper d-link router do not have such issue.

Would be good to enable advanced operations for users to let us decide about encryption settings in our routers
Title: Re: WPA options
Post by: Bildos on October 05, 2020, 05:43:07 AM
Whatís the latest update from support?!?
Title: Re: WPA options
Post by: Bildos on October 13, 2020, 02:25:50 AM
Whatís the latest update?

Title: Re: WPA options
Post by: Bildos on October 15, 2020, 03:00:23 AM
(https://i.ibb.co/Ry7HMqt/2660.png)

As we can see network 1 and 2 have following features are available:

* WPA
* TKIP

Correct should be:
* Disable WPA
* Disable TKIP

Exactly the same as it is configured for network no. 3 on screenshot.

I reported this security issue to security@dlink.com - The "investigating" this.
Title: Re: WPA options
Post by: FurryNutz on October 15, 2020, 12:53:49 PM
What wifi analyzer app are you using?

(https://i.ibb.co/Ry7HMqt/2660.png)

As we can see network 1 and 2 have following features are available:

* WPA
* TKIP

Correct should be:
* Disable WPA
* Disable TKIP

Exactly the same as it is configured for network no. 3 on screenshot.

I reported this security issue to security@dlink.com - The "investigating" this.
Title: Re: WPA options
Post by: Bildos on October 15, 2020, 01:01:31 PM
Acrylic WiFI Pro
Title: Re: WPA options
Post by: FurryNutz on October 15, 2020, 01:58:17 PM
Well I connected my Android PAD to my 2660 and it reports using WPA2-PSK however WiFi Man doesn't report which actual mode it's using AES or TPIK, however connecting to a different router I have running reports the same thing and it's set to WPA2 and AES only and the app reports the same WPA2-PSK so for my pad, it's using AES.
(https://i.postimg.cc/qvRnJzrj/Screenshot-20201015-140619.png) (https://postimg.cc/8j2swkj6)
(https://i.postimg.cc/dVxCLwtv/Screenshot-20201015-140559.png) (https://postimg.cc/DS10NVXY)

Title: Re: WPA options
Post by: Bildos on October 15, 2020, 02:01:56 PM
Whatís the name of this app ?
Title: Re: WPA options
Post by: GreenBay42 on October 15, 2020, 02:54:05 PM
D-Link has stated that new gen routers, access points and range extenders will connect using WPA2 (AES) by default when the mixed security (WPA/WPA2) is enabled. The iOS 14 message will be displayed if it detects that the router/ap/extender has mixed security enabled but will still connect using WPA2 AES.

Some devices will get firmware upgrades to allow you to select WPA2 Only (and WPA3 only if the chipset supports it) in the future. No list or time table available.
Title: Re: WPA options
Post by: FurryNutz on October 15, 2020, 04:43:38 PM
WifI Man by Ubquity

Whatís the name of this app ?
Title: Re: WPA options
Post by: Bildos on October 16, 2020, 01:23:48 AM
Unfortunately the same app for iOS do not show any details about wifi security protocols used...
Title: Re: WPA options
Post by: Bildos on October 16, 2020, 01:26:40 AM
D-Link has stated that new gen routers, access points and range extenders will connect using WPA2 (AES) by default when the mixed security (WPA/WPA2) is enabled. The iOS 14 message will be displayed if it detects that the router/ap/extender has mixed security enabled but will still connect using WPA2 AES.

Some devices will get firmware upgrades to allow you to select WPA2 Only (and WPA3 only if the chipset supports it) in the future. No list or time table available.

To be honest I'm very disappointed with DIR-2660 device. Security settings used in this device seems to be lower compare to DIR-825 device.

I can't find any reasonable explanation for such situation... :(