Re: WPA regression

To: current-users%netbsd.org@localhost
Subject: Re: WPA regression
From: christos%astron.com@localhost (Christos Zoulas)
Date: Tue, 5 Feb 2008 20:07:58 +0000 (UTC)

In article <20080205200146.GA25222%moray.salmi.ch@localhost>,
Jukka Salmi  <j+nbsd%2008.salmi.ch@localhost> wrote:
>Jared D. McNeill --> current-users (2008-01-31 16:42:48 -0500):
>> Some more information -- I'm on the road and my laptop was nuking a  
>> nearby WRT54G v6 every few minutes. I changed the configuration on the  
>> AP from TKIP to AES and it's working like a champ now.
>
>Hmm, when using CCMP (AES) instead of TKIP with hostapd, I can't get
>wpa_supplicant to work at all. It seems to loop forever trying to
>authenticate without success:
>
>$ wpa_cli
>wpa_cli v0.6.2
>[...]
>Selected interface 'ath0'
>
>Interactive mode
>
>> status
>20:13:42.974: wpa_state=SCANNING
>
>> 20:13:47.014: Trying to associate with 00:0b:6b:20:38:50 (SSID='BS110'
>freq=2412 MHz)
>20:13:47.014: Associated with 00:0b:6b:20:38:50
>20:13:52.066: CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
>20:13:57.117: Authentication with 00:00:00:00:00:00 timed out.
>20:14:06.210: Trying to associate with 00:0b:6b:20:38:50 (SSID='BS110'
>freq=2412 MHz)
>20:14:06.210: Associated with 00:0b:6b:20:38:50
>20:14:11.262: CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
>20:14:16.314: Authentication with 00:00:00:00:00:00 timed out.
>[...]
>
>However, after switching back to TKIP again, it seems that I found a
>way to work around the GTK rekeying timeout problem I originally
>reported: if I start wpa_cli(8) in interactive mode (default) after
>wpa_supplicant has been started, GTK rekeying does _not_ timeout (and
>thus the network stays up). Neither do I understand why this causes
>rekeying to succeed, nor can I proove that it always works - but without
>a running wpa_cli, 50 out of 50 monitored rekeyings failed, and with
>a running wpa_cli, all so far ~40 rekeyings succeeded...
>
>Any hints about how I should try to debug this?

I assume that you have the latest net80211 code...

1. wpa_cli seems to want to restart wpa_supplicant in certain cases. This
   should not happen; i.e. wpa_supplicant should always respond.
2. run wpa_supplicant with debugging on and see the packet trace interaction.
3. google for the same issue [yes, there is a lot of noice to signal]

christos

References:
- Re: WPA regression (was: CVS commit: src/dist/wpa)
  - From: Brett Lymn
- Re: WPA regression
  - From: Jared D. McNeill
- Re: WPA regression
  - From: Jukka Salmi

Prev by Date: Re: WPA regression
Next by Date: Re: WPA regression
Previous by Thread: Re: WPA regression
Next by Thread: Re: WPA regression
Indexes:

Home | Main Index | Thread Index | Old Index