Problem with run driver and wpa
-
I have a bunch of small fw appliances, with only usb ports available, that I would love to turn into access points but I am having a problem. I am using 2 different usb adapters that exhibit the same problem. One is based on the ra3070 and one is based on the ra2770/2720. Whenever I set up wpa the client stop working. I can set up the ap with no authentication and everything works fine, but once I set up wpa they no longer get ip addresses or actually connect. I built a test machine that pcie slots and used an ath based card and it worked fine, but once I used the same test machine with the ralinks it stopped working. Any ideas?
pfsense 2.0 release
system log
hostapd: run0_wlan0: STA 98:4b:4a:7e:14:87 RADIUS: starting accounting session 4E860B07-00000004 Sep 30 18:35:52 hostapd: run0_wlan0: STA <mac redacted=""> WPA: pairwise key handshake completed (RSN) Sep 30 18:36:38 hostapd: run0_wlan0: STA <mac redacted=""> IEEE 802.11: deauthenticated due to local deauth request Sep 30 18:36:38 hostapd: run0_wlan0: STA <mac redacted=""> IEEE 802.11: deassociated Sep 30 18:36:52 hostapd: run0_wlan0: STA <mac redacted=""> IEEE 802.11: associated</mac></mac></mac></mac>
-
I have a run device on a pfSense box that works fine with WPA2, PSK (Pre Shared Key) and AES. How is your configuration different? (The log extract you posted suggests you might be using RADIUS authentication.)
-
no radius, that I configed anyway. pretty vanilla setup, just installed the nanobsd 4g image and configured the devices. Are you using the nanobsd version? Like I said if I switch the ralinks for the atheros card I can get it to work fine. Perhaps I will try an install from the livedisk to see if it is a problem with the nanobsd mage.
-
I'm not using radius either and a check in the logs revealed a similar mention of RADIUS from hostapd:
clog /var/log/system.log | grep hostapd
Oct 1 15:58:57 pfsense2 hostapd: run0_wlan0: STA <mac addr="">IEEE 802.11: associated
Oct 1 15:58:57 pfsense2 hostapd: run0_wlan0: STA <mac addr="">RADIUS: starting accounting session 4E86AB2D-00000000
Oct 1 15:58:57 pfsense2 hostapd: run0_wlan0: STA <mac addr="">WPA: pairwise key handshake completed (RSN)</mac></mac></mac>I'm not using nanobsd.
Can you try WPA2, PSK and AES (not TKIP)?
-
OK sorry for the delay, I had to go out of town for a few days.
I just tried those specific settings and I get the same exact symptoms as posted above. I will try livecd install tonight.
EDIT
I tried using the livecd installer with the smp kernel and I still get the same errors. So it appears that the issue lies elsewhere. I have tried on 3 different computer platforms and 2 different ralink usb dongles. is there anything else I can do to help diagnose this? -
I can only recall one problem I have had with an encrypted wireless link at home: my pfSense was originally set to WPA2, PSK and (TKIP or AES) and worked fine. After a Linux upgrade my netbook stopped associating. When I removed TKIP as an option on pfSense the netbook correctly associated again.
Are you in a noisy radio environment? (Maybe using a different channel will help.)
Do the wireless parameters exactly match on AP and client?
What is the output of the pfSense shell command ifconfig run0_wlan0
-
Here ya go.
[2.0-RELEASE][root@pfsense.localdomain]/root(2): ifconfig run0_wlan0 run0_wlan0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500 ether <redacted> inet6 <redacted>%run0_wlan0 prefixlen 64 scopeid 0xb inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255 nd6 options=3 <performnud,accept_rtadv>media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap> status: running ssid BeerCan channel 11 (2462 MHz 11g) bssid <redacted> country US authmode WPA2/802.11i privacy MIXED deftxkey 2 AES-CCM 2:128-bit txpower 0 scanvalid 60 protmode OFF -apbridge dtimperiod 1 -dfs</redacted></hostap></performnud,accept_rtadv></redacted></redacted></up,broadcast,running,simplex,multicast>
-
Here are my settings:```
ifconfig run0_wlan0
run0_wlan0: flags=108843 <up,broadcast,running,simplex,multicast,ipfw_filter>metric 0 mtu 1500
ether <cut>inet6 <cut>%run0_wlan0 prefixlen 64 scopeid 0x9
inet 192.168.51.173 netmask 0xffffff00 broadcast 192.168.51.255
nd6 options=3 <performnud,accept_rtadv>media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
ssid Lothlorien channel 6 (2437 MHz 11g) bssid <cut>regdomain ROW country AU indoor authmode WPA2/802.11i privacy MIXED
deftxkey 2 AES-CCM 2:128-bit AES-CCM 3:128-bit txpower 30 scanvalid 60
protmode OFF dtimperiod 1 -dfs
#</cut></hostap></performnud,accept_rtadv></cut></cut></up,broadcast,running,simplex,multicast,ipfw_filter>Concerning differences that MIGHT be significant: You have AES-CCM 2: whereas I have AES-CCM 2: and AES-CCM 3: That MIGHT be because I have chosen a rather lengthy pass phrase. You have txpower 0 whereas I have txpower 30\. I don't know what the numbers mean. "0" might mean zero or it might mean default. The FreeBSD ifconfig man page says of this parameter > txpower power > Set the power used to transmit frames. The power argument is > specified in .5 dBm units. Out of range values are truncated. > Typically only a few discreet power settings are available and > the driver will use the setting closest to the specified value. > Not all adapters support changing the transmit power. You should probably increase the Tx power on the pfSense interface page, _save_ and _apply_ then check the change really happened by looking with ifconfig. Does the change make a significant difference? You have -apbridge and I don't. This means you have disabled bridging between WLAN clients on that interface. I wouldn't expect it should matter whether the bridging is enabled or not but at least for data collection, please enable the bridging (pfSense parameter _Allow intra-BSS communication_) and check if that makes a significant difference.
-
Well I can't really explain it but this just simply started working. After running for some time my client suddenly obtained an ip address and started working. Wish I knew what I did.
thanks for your help wallabybob
-
Well I can't really explain it but this just simply started working. After running for some time my client suddenly obtained an ip address and started working.
I hate those "spontaneously started working" circumstances. They leave me with a suspicion that they will just spontaneously stop working at some time.
Wish I knew what I did.
It might not be something you did. Just for the record, have any of the parameters displayed by ifconfig run0_wlan0 changed?
thanks for your help wallabybob
You are welcome. Thanks for reporting back.