A few weeks ago I studied the behaviour of NetworkManager with hidden WPA networks. Having found that NetworkManager 0.7.2 could not connect to my WPA network until I configured my router to broadcast the network name (SSID), I then configured my router to stop broadcasting the network name, i.e. I made the WPA network a hidden network again. I found that NetworkManager could then connect to the hidden WPA network.quan2m wrote:Something that lingers that may bite you in certain work environments is the "Hidden ESSID" problem. Using updated SL 5.1K (updated via forklift DVD) neither WICD or NetworkManager are able to connect to WEP/LEAP or WPA1/2 PSK when the ESSID is hidden.
For the WPA1/2PSK (my home network) I was able to get them to connect by unhiding the ESSID and joining, and then hiding the network again. The WEP/LEAP network is no worky as I cannot unhide it. I have tried using iwconfig to set the ESSID pre-emptively but that didn't work either. It appears to error out after the authentication is complete so there may be another setting that I am not aware of (I'm not very savvy on the Linux wireless front.
If I understand correctly from the following exchange of posts with a NetworkManager developer, it seems this functionality is not a bug in NetworkManager; it is intentional: Cannot connect to wpa/wpa2 network with hidden SSID.
See also the following openSUSE thread about the same functionality: Cannot connect to a hidden SSID and the following SLED thread: Hidden Access Point: Cannot connect to wireless.Dan Williams wrote:The supplicant isn't able to probe-scan to find your AP because it doesn't have the information yet to be able to do so. Once you've successfully connected, NM will cache the AP's BSSID and recognize that AP from the scan list and try to reconnect automatically. But the first time has to be manual, because otherwise there's no way to find the AP since it's trying to hide.
Hiding isn't actually a useful method of increasing security, since the AP's beacon and BSSID are always available in probe responses; so anyone can actually get the SSID irregardless of whether the AP is broadcasting that information in its beacon.
Finally, it seems that the functionality is the same in Windows Vista -- see the thread: Vista - Can't connect to router with hidden ssid.
So it looks like it is by design. I'm not sure I understand a post in each of the two above-mentioned SUSE threads, but it looks like there may be a parameter that you can set in one of the networking configuration files that lets you override this functionality and allow a PC -- if one knows the network name and password -- to connect to a hidden network that has never broadcast its network name. But I'm not sure yet: I need to do some more googling/reading.