@@ -1582,17 +1582,82 @@ retry_command() {
15821582 return 1
15831583}
15841584
1585- # Connect using nmcli with retries (returns 0 on success)
1585+ # Connect to Wi-Fi using nmcli, with fallback when key-mgmt is required
15861586wifi_connect_nmcli () {
15871587 iface=" $1 "
15881588 ssid=" $2 "
15891589 pass=" $3 "
1590- if command -v nmcli > /dev/null 2>&1 ; then
1591- log_info " Trying to connect using nmcli..."
1592- retry_command " nmcli dev wifi connect \" $ssid \" password \" $pass \" ifname \" $iface \" 2>&1 | tee nmcli.log"
1593- return $?
1590+
1591+ if ! command -v nmcli > /dev/null 2>&1 ; then
1592+ return 1
15941593 fi
1595- return 1
1594+
1595+ log_info " Trying to connect using nmcli..."
1596+ mkdir -p " ${LOG_DIR:- .} " 2> /dev/null || true
1597+ nm_log=" ${LOG_DIR:- .} /nmcli_${iface} _$( printf ' %s' " $ssid " | tr ' /' ' __' ) "
1598+
1599+ # First try the simple connect path (what you already had)
1600+ if [ -n " $pass " ; then
1601+ retry_command " nmcli dev wifi connect \" $ssid \" password \" $pass \" ifname \" $iface \" 2>&1 | tee \" $nm_log \" "
1602+ else
1603+ retry_command " nmcli dev wifi connect \" $ssid \" ifname \" $iface \" 2>&1 | tee \" $nm_log \" "
1604+ fi
1605+ rc=$?
1606+ [ $rc -eq 0 ] && return 0
1607+
1608+ # Look for the specific error and fall back to creating a connection profile
1609+ if grep -qi ' 802-11-wireless-security\.key-mgmt.*missing' " $nm_log " ; then
1610+ log_warn " nmcli connect complained about missing key-mgmt; creating an explicit connection profile..."
1611+
1612+ nmcli -t -f WIFI nm status > /dev/null 2>&1 || nmcli r wifi on > /dev/null 2>&1 || true
1613+ nmcli dev set " $iface " > /dev/null 2>&1 || true
1614+ nmcli dev disconnect " $iface " > /dev/null 2>&1 || true
1615+ nmcli dev wifi rescan > /dev/null 2>&1 || true
1616+
1617+ con_name=" $ssid "
1618+ # If a connection with the same name exists, drop it to avoid conflicts
1619+ if nmcli -t -f NAME con show 2> /dev/null | grep -Fxq " $con_name " ; then
1620+ nmcli con delete " $con_name " > /dev/null 2>&1 || true
1621+ fi
1622+
1623+ if [ -n " $pass " ; then
1624+ # Try WPA2 PSK first (most common)
1625+ if nmcli con add type wifi ifname " $iface " " $con_name " " $ssid "
1626+ wifi-sec.key-mgmt wpa-psk wifi-sec.psk " $pass " >> " $nm_log " 2>&1 ; then
1627+ if nmcli con up " $con_name " " $iface " >> " $nm_log " 2>&1 ; then
1628+ log_pass " Connected to $ssid via explicit profile (wpa-psk)."
1629+ return 0
1630+ fi
1631+ fi
1632+
1633+ # If that failed, try WPA3-Personal (SAE), some APs require it
1634+ log_warn " Profile up failed; trying WPA3 (sae) profile..."
1635+ nmcli con delete " $con_name " > /dev/null 2>&1 || true
1636+ if nmcli con add type wifi ifname " $iface " " $con_name " " $ssid "
1637+ wifi-sec.key-mgmt sae wifi-sec.psk " $pass " >> " $nm_log " 2>&1 ; then
1638+ if nmcli con up " $con_name " " $iface " >> " $nm_log " 2>&1 ; then
1639+ log_pass " Connected to $ssid via explicit profile (sae)."
1640+ return 0
1641+ fi
1642+ fi
1643+ else
1644+ # Open network (no passphrase)
1645+ if nmcli con add type wifi ifname " $iface " " $con_name " " $ssid "
1646+ wifi-sec.key-mgmt none >> " $nm_log " 2>&1 ; then
1647+ if nmcli con up " $con_name " " $iface " >> " $nm_log " 2>&1 ; then
1648+ log_pass " Connected to open network $ssid ."
1649+ return 0
1650+ fi
1651+ fi
1652+ fi
1653+
1654+ log_fail " Failed to connect to $ssid even after explicit key-mgmt profile. See $nm_log "
1655+ return 1
1656+ fi
1657+
1658+ # Different error — just bubble up the original failure
1659+ log_fail " nmcli failed to connect to $ssid . See $nm_log "
1660+ return $rc
15961661}
15971662
15981663# Connect using wpa_supplicant+udhcpc with retries (returns 0 on success)
0 commit comments