Problems when changing the wifi-direct password

Question

I would like to create a Wifi-Direct access point where the board needs to act as the GO. I am using the following configuration file for wpa_supplicant (wpa_supplicant.conf):

ctrl_interface=/var/run/wpa_supplicant
update_config=0
device_name=DIRECT-MYDEV
p2p_go_ht40=1
country=IT

network={
        ssid="DIRECT-MY"
        psk="12345678"
        proto=RSN
        key_mgmt=WPA-PSK
        pairwise=CCMP
        auth_alg=OPEN
        mode=3
        disabled=2
}

I'm starting the service with the following commands in a init.d file:

wpa_cli -iwlan0 p2p_group_add persistent=0
wpa_cli -ip2p-wlan0-0 wps_pin any 87654321

As you can see, I'm using the PIN authentication method. Since I would like that multiple devices can connect to the network using always the same PIN (the option "any" is one-shot, it works only the first time), I created a cron job which repeats each minute the second command above (I know that using always the same pin is not safe, but for now it's ok to me). In this way any device can connect to the Wifi-Direct after entering the correct PIN code (87654321); the following times, the devices can access the network without specifying any PIN code, since it seems they store some sort of PSK-key in their memory (correct me if I'm wrong).

Problems start when I try to modify the network password in the wpa_supplicant.conf file: after the change, the devices that were previously authenticated cannot connect anymore to the Wifi-Direct. The wpa_cli shows the following error:

AP-STA-POSSIBLE-PSK-MISMATCH

Since the network password changed, I would have expected that each device had to insert the PIN again, but it's not happening: the devices send the request but no response is received.

Do you know why? Is there a way to solve this problem?

UPDATE with info from comments:
On my smartphone I have two options to connect to the board: 1) using the "traditional" WLAN with the name DIRECT-MY with 12345678 password; 2) using the WiFi-Direct menu and selecting DIRECT-MYDEV, which needs the 87654321 PIN. If I change at run time the password stored in the network block and reboot the system, I can still connect to DIRECT-MY using the new password, but I can't connect anymore to the DIRECT-MYDEV, as mentioned in the post. Connecting directly to DIRECT-MYDEV is useful since the smartphone can maintain access to the internet using the traditional WiFi.

I have decided to use only the persistent group owner mode, but I can see that from the WiFi-Direct list of my smartphone there is still the DIRECT-MYDEV device to which I can try to connect. Is it normal? Is there a way to remove it from that particular list?

Answer 1

I do not understand what you are trying. As far as I understand you want to have a persistent group owner (GO) to which different devices can connect with the same password. This is already given with your configuration in /etc/wpa_supplicant/wpa_supplicant.conf. That looks good.

On WiFi-Direct the pin entry method is mandatory and default. There is no need to specify it. Just start the GO, but use the p2p control interface p2p-dev-wlan0 instead of wlan0. You will find the control interfaces as defined in wpa_supplicant.conf at

rpi ~$ ls /var/run/wpa_supplicant/
p2p-dev-wlan0   wlan0

rpi ~$ wpa_cli -ip2p-dev-wlan0 p2p_group_add persistent=0

If you want to know what interface the GO has created then check with:

rpi ~$ ip -br addr | grep p2p   # for example
p2p-wlan0-4      UP             169.254.73.227/16 fe80::d8a9:bcc:a0d9:96da/64

or just start wpa_cli to manage the current interface interactive

rpi ~$ wpa_cli
wpa_cli v2.8-devel
Copyright (c) 2004-2019, Jouni Malinen <j@w1.fi> and contributors

This software may be distributed under the terms of the BSD license.
See README for more details.


Selected interface 'p2p-wlan0-4'

Interactive mode

>

But there is nothing more to do. On your different devices you will find a "WLAN" with name DIRECT-MY. Just connect to it with password 12345678, or what password do you set in wpa_supplicant.conf. I haven't seen any problems changing the password.

UPDATE in respect to your updated question:
WiFi-Direct is made to dynamically connect two or more mobile devices in groups. Each group is managed by a group owner. Any device connected to a group can become a group owner. This is negotiated between all connected devices. Because this is quite a complex process, or you wish to have one group owner to provide static resources, you are able to set it persistent. Then the negotiation is skipped but it is still a group owner managing the WiFi-Direct group and not a "traditional" WLAN access point, as you mentioned. It only behaves similar and is the reason why it is shown like an access point on devices. To distinguish it, it is strongly recommended to prefix its name with DIRECT-.

Now you are mixing up a persistent group owner set with:

rpi ~$ wpa_cli -iwlan0 p2p_group_add persistent=0

and a dynamically negotiated group owner with:

rpi ~$ wpa_cli -ip2p-wlan0-0 wps_pin any 87654321

This is not a useful combination with unknown behavior. You should decide what group owner do you want, a persistent one as shown in this answer, or a dynamically negotiated as you can look at Wi-Fi Direct with a DHCP server on the Group Owner.

WiFi-Direct uses WPS (Wi-Fi Protected Setup) for authorization. In /etc/wpa_supplicant/wpa_supplicant.conf you have defined:

device_name=DIRECT-MYDEV

This is a WPS setting to have a friendly name when WPS scanned the network for available devices that it can offer to connect dynamically. When you open the WiFi-Direct list on you smartphone, it authomatically starts scanning the network for devices and find DIRECT-MYDEV. It doesn't help to not set the friendly device_name in wpa_supplicant.conf. Then your smartphone will present a MAC address of the RasPi. If you don't want that the RasPi can be discovered you have to disable it. Do it just before starting the persistent group owner:

rpi ~$ wpa_cli -ip2p-dev-wlan0 p2p_set discoverability 0
rpi ~$ wpa_cli -ip2p-dev-wlan0 p2p_group_add persistent=0