RE450 is broadcasting TKIP instead of AES. Roaming issues
My main router (Netgear R7000P) is set to use only WPA2-PSK (AES), both on 2,4 GHz and 5 GHz. However, I'm experiencing roaming and disconnection issues when my devices do a handover to the RE 450 extended network. It seems that it is happening because RE 450 is also broadcasting the lower security protocol and encryption WPA-PSK (TKIP). Sometimes, my device shows me that the signal strength is good but there is no internet connection. My iPhone Xr (running iOS14) says "weak security", right next to the wifi network name.
I was wondering if the TP-Link engineers could provide a new firmware that could allow the customer to set the wireless security for the extended network only to WPA2_PSK (AES), or at least give the chance to choose what security protocol and encryption the RE 450 extended network should use.
Could you help me? Thanks. AlexCouto
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi all,
it seems that finally we have new official firmware release (thanks TP-Link support!).
For RE450v3 here is the link:
https://www.tp-link.com/en/support/download/re450/v3/#Firmware
I tested it and it solves the issue for TKIP.
In order to be sure to get rid of TKIP, just take care to re-scan and re-associate with your main wifi source and you've done.
Hope it helps.
- Copy Link
- Report Inappropriate Content
@SJB993 I've updated the firmware, but I'm not seeing any additional security settings. Where did you find them? In the app or website? And how did you navigate to them?
- Copy Link
- Report Inappropriate Content
Hi, the new firmware would strictly follow the encryption method of the main router.
So you might just need to set up the main router to be AES only and after re-configure the RE450 via web UI, It would us AES only as well.
Thank you!
- Copy Link
- Report Inappropriate Content
When selecting market Sweden this firmware version does not show up.(https://www.tp-link.com/se/support/download/re450/v3/#Firmware)
Is the firmware different for different markets or can I use the one in the link?
- Copy Link
- Report Inappropriate Content
@TP-Link I have a RE450 V2 with the newest Firmware and the main network is set to WPA2(PSK,AES) only and my device is still broadcasting TKIP, so this problem is still not fixed as of 2021. How many more years do you need to fix this? 10? 15 maybe? maybe you should consider firing all your developers if they don't fix such serious vulnerabilities.
- Copy Link
- Report Inappropriate Content
@AlexCouto Some of my devices, like my iPhones, will not connect to my new TP-Link AC1750 Wi-Fi Range Extender (RE450 v3.0). It gives the message "WPA/WPA2 (TKIP) is not considered secure". For your info, I have upgraded to firmware version 1.0.2 Build 20201203 Rel. 80349(6583). The RE450 is extending a TP-Link TL-WR941HP | 450Mbps High Power Wireless N Router using firmware 2.0.2 Build 20191125 Rel. 54756. On this router, I have already set the encryption to "AES" and did a clean setup of the extender. Please explain how to fix it. Thanks.
- Copy Link
- Report Inappropriate Content
The order in which things are done matters... and the problem is bad for Apple users because Apple devices share wifi connection information across devices. Phone reported weak connection, the other devices just refused to connect or stay connected. I had this problem on a v2. You know what I finally noticed? My PCs had no problems and it connected via AES, it was all Apple devices which stopped working (Apple TV, iPads, iPhones) because all Apple devices suddenly thought both my router and my extender's connections were TKIP (the router is actually forced AES only and my Asus router refuses TKIP connections). So, all networks killed for all Apple devices meanwhile PC's were perfectly fine on either network lol. I had been trying to do this on my iPhone with the "Tether" app (my first mistake because the app is what seems to set my extender into a mixed mode: WPA2 AES + TKIP and causes the problems on all Apple devices). If I use it even once to change a setting it goes back into this mode and all Apple devices stop working at once, or slow to an absolute unusable crawl. So first thing, delete the app and NEVER reinstall it, it is outdated, problematic garbage. Also, I had to forget ALL router and extender-related wifi settings whatsoever on ALL Apple devices and unplug the extender, then reboot all devices (modem, router, extender) and get back on my Asus Router's WPA2 AES-only network as proper AES and not TKIP. So I forgot all router and extender connections on all Apple devices. At this time it was iOS 14.4.
I then did a factory reset of the extender, then hooked the extender up to my (pc) laptop via an Ethernet cable. I downloaded the RIGHT firmware for my V2 (the version is marked on a sticker on the back), which was the latest V2 firmware so as not to mess up the extender. I was careful not to power off or disconnect either device during the firmware update so as not to mess up the extender. When it was done I used the WEB interface only! At this point on V2 I still didn’t get any options for AES in the web interface, UNTIL I changed the MODE away from being an extender. I then got the AES settings... so I set it up this way via web interface, then switched the mode back to extender mode. Connecting devices at this point had the same problem, so don't bother (and if you did "forget this network" on any device you did that on and ALL Apple devices that "helpfully" SHARE these wirelessly across the network). Instead, THROUGH the web interface I then REBOOTED the extender and freshly reconnected and re-inputted passwords on Apple devices. It was only AFTER this reboot that connecting with an Apple device would no longer report weak signal and all devices could connect again via AES and play nice along with my PCs without problems. If I use the stupid "Tether" app EVEN ONCE after this to change a setting, it will again break the network and cause weak security warnings on iOS devices or just kill their connectivity, so don't do that. Leave the app in the bin where it belongs.
Also, again, this is for V2 users, though I suspect the problem may be similar for other users. I tried absolutely everything, it wasn't until I got it in this magical order that everything went back to normal and started working again! The company needs to fix their app or remove it from the store and fix the firmware to allow disabling of TKIP (frankly it is deplorable it doesn't allow this yet), or change the packaging and help docs to stop suggesting that users set it up using the terrible app...plus prod users to forget the network if they have problems and force a extender reboot after settings change, for cripes sakes! Lol 😂
- Copy Link
- Report Inappropriate Content
Thanks for pointing out the TKIP issue with the app! I have uninstalled it and now I am just using the web interface of my RE450 v2.
I found that all I need to do is click on the Quick Setup tab, choose the same networks again and at the end hit Save. It automatically reboots and afterwards when I scan my network only AES is enabled! Hurray!
Security does not seem to be a priority for TP-Link. This is the second security issue I've found. To me this is surprising given the year is 2021 and most manufacturers have moved on past this stuff long ago. I might just return these devices to Amazon.
- Copy Link
- Report Inappropriate Content
@Trasient, you're welcome. Im glad that worked for you, I did that several times and it still had the same result for me. I had to go nuclear I guess. Works great for me nowwhen I don't bother with the app. A shame they don't fix the app.
- Copy Link
- Report Inappropriate Content
Hi, that is great for RE450 users!
I have the RE455, which seems to have the very same issue.
Any chance there will be a firmware issue correcting this as well?
Thanks,
MB
- Copy Link
- Report Inappropriate Content
Information
Helpful: 7
Views: 17927
Replies: 52