Cant seem to get wifi auth to function right

wallabybob

Good news about the signal strength.

I have a WiFi card with Atheros chipset and three different Windows Vista laptops, a Windows 7 desktop, an Android phone and three or four different Linux systems have no apparent difficulty associating with it and connecting to various internet sites.

@poplap120:

EDIT: Ok so i did some testing and i wont connect to it still even with out auth on.

Do you have DHCP enabled on the pfSense WiFi interface? (The default configuration for many devices is to request IP address, gateway, DNS etc from a DHCP server.) Does the pfSense DHCP log at Status -> System Logs, click on DHCP tab report any requests?

Does the pfSense page Status -> Wireless report an associated system? Does the reported MAC address match the MAC address of your WiFi device?

What are you trying to connect to and how (ping?, web page? ssh? etc)? What is reported on the connect attempt (no route to host? timeout? etc)? If your pfSense WiFi interface isn't labelled LAN then you will need associated firewall rules to allow access through that interface to the Internet.

@poplap120:

I will try it without encryption but im not going to use that for normal use.

Lets try to get it working without encryption, then turn on encryption. Please check behaviour of all your WiFi devices with  encryption disabled. Some months ago I had WiFi on a couple of Windows Vista laptops all of a sudden stop working due to a change in DHCP behaviour in Windows. I seemed to need to do a registry patch to get WiFi working again. I suspect a Windows update changed something.

poplap120

Thanks
DHCP is running on interface wifi with the same settings as LAN but a different IP range. I have also setup rules already, how every i dont have Internet yet still waiting to get access.

My laptop (win7 pro) can connect both with encryption an without ( it wasn't doing it before for) but it has issues where it wont want to load all the parts of the WebGUI. My friends Iphone just wont connect, it just says unable to connect. My android phone and tablet just loop connecting, then they flash and then try to reconnect, some times they will say they are getting an IP nut it fails, with out security it just loops for couple of minutes, but then stop and with security it will say the auth failed. Both are ICS.

When devices are connecting the Wireless Status Page sees them but only says one is connected (the Laptop), and all the MACs match.

wallabybob

@poplap120:

My laptop (win7 pro) can connect both with encryption an without ( it wasn't doing it before for) but it has issues where it wont want to load all the parts of the WebGUI.

Which browser? There are known issues with InternetExplorer but apparently not with GoogleChrome, Opera or Firefox. I don't use IE and have not had that sort of trouble with any of the other browsers.

@poplap120:

My friends Iphone just wont connect, it just says unable to connect. My android phone and tablet just loop connecting, then they flash and then try to reconnect, some times they will say they are getting an IP nut it fails, with out security it just loops for couple of minutes, but then stop and with security it will say the auth failed. Both are ICS.

My Android 2.x phone has no apparent trouble connecting through my encrypted WiFi AP. I haven't tried any other version of Android. The same phone has similar trouble to what you described connecting through the unencrypted free WiFi service on the local commuter railway. I have not investigated.

What encryption parameters are you using? My AP is set for WPA=Enable WPA
  WPA Pre Shared Key specified
WPA Mode = WPA2
WPA Key Management Mode = Pre Shared Key
Authentication = Shared Key Authentication
WPA Pairwise = AES
Key Rotation = 60
Master Key Regeneration = 3600

I used to have WPA Pairwise = Both
When I upgraded my netbook from Ubuntu ?? to 10.04 it would no longer connect UNTIL I changed WPA Pairwise to AES.

poplap120

I see IE as the devil spawn  :P and there for dot use, im a firefox man through and through.

I dont have any 2.x android devices (i flashed my phone to CM 9) so i cant tell if its that but iOS has a problem with it to so its probably not a limited android.

My Settings are the same as your and i have tried setting it to both for WPA and for the encryption, but it didnt do anything.

Thanks

wallabybob

Have you checked pfSense DHCP logs to see if DHCP requests have been received?

poplap120

I will check when i get time today. But i did take a quick look yesterday night and my computer had a lease but the other devices where showing up (android) but were not getting a lease, thats what it looked like.

wallabybob

I just turned on WiFi on my Android phone to run a WiFi analyser app to debug a WiFi problem. I noticed behaviour similar to what you reported. The phone reported Acquiring IP address a number of times then the WiFi Analyser would report Authenticating for a considerable number of seconds at a time.

Here are the last few lines of the DHCP log, captured at 7:35.

Aug 29 07:14:37 pfsense dhcpd: DHCPDISCOVER from 5c:4c:a9:fd:2d:dd via bridge0
Aug 29 07:14:37 pfsense dhcpd: DHCPOFFER on 192.168.211.243 to 5c:4c:a9:fd:2d:dd via bridge0
Aug 29 07:14:37 pfsense dhcpd: DHCPREQUEST for 192.168.211.243 (192.168.211.173) from 5c:4c:a9:fd:2d:dd via bridge0
Aug 29 07:14:37 pfsense dhcpd: DHCPACK on 192.168.211.243 to 5c:4c:a9:fd:2d:dd via bridge0
Aug 29 07:14:41 pfsense dhcpd: DHCPDISCOVER from 5c:4c:a9:fd:2d:dd via bridge0
Aug 29 07:14:41 pfsense dhcpd: DHCPOFFER on 192.168.211.243 to 5c:4c:a9:fd:2d:dd via bridge0
Aug 29 07:14:41 pfsense dhcpd: DHCPREQUEST for 192.168.211.243 (192.168.211.173) from 5c:4c:a9:fd:2d:dd via bridge0
Aug 29 07:14:41 pfsense dhcpd: DHCPACK on 192.168.211.243 to 5c:4c:a9:fd:2d:dd via bridge0
Aug 29 07:14:50 pfsense dhcpd: DHCPDISCOVER from 5c:4c:a9:fd:2d:dd via bridge0
Aug 29 07:14:50 pfsense dhcpd: DHCPOFFER on 192.168.211.243 to 5c:4c:a9:fd:2d:dd via bridge0
Aug 29 07:14:50 pfsense dhcpd: DHCPREQUEST for 192.168.211.243 (192.168.211.173) from 5c:4c:a9:fd:2d:dd via bridge0
Aug 29 07:14:50 pfsense dhcpd: DHCPACK on 192.168.211.243 to 5c:4c:a9:fd:2d:dd via bridge0
Aug 29 07:14:52 pfsense dhcpd: DHCPREQUEST for 192.168.211.243 from 5c:4c:a9:fd:2d:dd via bridge0
Aug 29 07:14:52 pfsense dhcpd: DHCPACK on 192.168.211.243 to 5c:4c:a9:fd:2d:dd via bridge0
Aug 29 07:15:00 pfsense dhcpd: DHCPDISCOVER from 5c:4c:a9:fd:2d:dd via bridge0
Aug 29 07:15:00 pfsense dhcpd: DHCPOFFER on 192.168.211.243 to 5c:4c:a9:fd:2d:dd via bridge0
Aug 29 07:15:00 pfsense dhcpd: DHCPREQUEST for 192.168.211.243 (192.168.211.173) from 5c:4c:a9:fd:2d:dd via bridge0
Aug 29 07:15:00 pfsense dhcpd: DHCPACK on 192.168.211.243 to 5c:4c:a9:fd:2d:dd via bridge0

For some reason the phone made a number of attempts (DHCPDISCOVER), apparently ignoring the responses to the first few requests.

I then exited the WiFi Analyser app and opened Settings -> Wireless & network settings and the WiFi panel reported Obtaining IP Address from … for a while the screen blanked, I reactivated the screen, unlocked and the WiFi panel reported Connected to …. then some seconds later reported Obtaining IP Address from … for a while but there was no sign in the pfSense DHCP log of any further DHCPDISCOVER requests from the phone. I exited Settings then opened a browser and at first it reported the home page not available then a few seconds later the home page loaded.

I don't know what the phone is reporting when it says Obtaining IP address from … because there is no evidence in the AP's DHCP log of any further DHCP requests from the phone.

poplap120

I have noticed some odd behavior now on my phone, when connecting it now show the signal as basically dropping when it says its getting an IP but the wifi analyzer on my tablet is showing no change (even with the refresh rate at its fastest). Its almost as if it is disconnecting after it links. This is very odd. Im contiplating buying a cheap router and flashing with Open-WRT or DD-WRT just so i can use it as an AP.

Still wonder why this happens at all.

Thanks

wallabybob

I installed a PCI WiFi card with Ralink chipset in a Windows XP SP3 system and Windows reports for a long period that it is connected and acquiring network address.

pfSense Status -> Wireless reports that the Windows machine is associated. Status -> System Logs, Wireless tab reports

Aug 31 11:01:39 hostapd: run0_wlan0: STA c8:3a:35:c7:63:55 WPA: sending 1/4 msg of 4-Way Handshake
Aug 31 11:01:39 hostapd: run0_wlan0: STA c8:3a:35:c7:63:55 WPA: received EAPOL-Key frame (2/4 Pairwise)
Aug 31 11:01:39 hostapd: run0_wlan0: STA c8:3a:35:c7:63:55 WPA: invalid MIC in msg 2/4 of 4-Way Handshake
Aug 31 11:01:40 hostapd: run0_wlan0: STA c8:3a:35:c7:63:55 WPA: EAPOL-Key timeout
Aug 31 11:01:40 hostapd: run0_wlan0: STA c8:3a:35:c7:63:55 IEEE 802.1X: unauthorizing port
Aug 31 11:01:40 hostapd: run0_wlan0: STA c8:3a:35:c7:63:55 IEEE 802.11: deauthenticated due to local deauth request
Aug 31 11:01:40 hostapd: run0_wlan0: STA c8:3a:35:c7:63:55 IEEE 802.11: deassociated
Aug 31 11:01:42 hostapd: run0_wlan0: STA c8:3a:35:c7:63:55 IEEE 802.11: associated
Aug 31 11:01:42 hostapd: run0_wlan0: STA c8:3a:35:c7:63:55 WPA: event 1 notification
Aug 31 11:01:42 hostapd: run0_wlan0: STA c8:3a:35:c7:63:55 WPA: start authentication
Aug 31 11:01:42 hostapd: run0_wlan0: STA c8:3a:35:c7:63:55 IEEE 802.1X: unauthorizing port
Aug 31 11:01:42 hostapd: run0_wlan0: STA c8:3a:35:c7:63:55 WPA: sending 1/4 msg of 4-Way Handshake
Aug 31 11:01:42 hostapd: run0_wlan0: STA c8:3a:35:c7:63:55 WPA: received EAPOL-Key frame (2/4 Pairwise)
Aug 31 11:01:42 hostapd: run0_wlan0: STA c8:3a:35:c7:63:55 WPA: invalid MIC in msg 2/4 of 4-Way Handshake
Aug 31 11:01:42 hostapd: run0_wlan0: STA c8:3a:35:c7:63:55 WPA: EAPOL-Key timeout
Aug 31 11:01:42 hostapd: run0_wlan0: STA c8:3a:35:c7:63:55 WPA: sending 1/4 msg of 4-Way Handshake
Aug 31 11:01:42 hostapd: run0_wlan0: STA c8:3a:35:c7:63:55 WPA: received EAPOL-Key frame (2/4 Pairwise)
Aug 31 11:01:42 hostapd: run0_wlan0: STA c8:3a:35:c7:63:55 WPA: invalid MIC in msg 2/4 of 4-Way Handshake
Aug 31 11:01:43 hostapd: run0_wlan0: STA c8:3a:35:c7:63:55 WPA: EAPOL-Key timeout
Aug 31 11:01:43 hostapd: run0_wlan0: STA c8:3a:35:c7:63:55 WPA: sending 1/4 msg of 4-Way Handshake
Aug 31 11:01:43 hostapd: run0_wlan0: STA c8:3a:35:c7:63:55 WPA: received EAPOL-Key frame (2/4 Pairwise)
Aug 31 11:01:43 hostapd: run0_wlan0: STA c8:3a:35:c7:63:55 WPA: invalid MIC in msg 2/4 of 4-Way Handshake
Aug 31 11:01:44 hostapd: run0_wlan0: STA c8:3a:35:c7:63:55 WPA: EAPOL-Key timeout
Aug 31 11:01:44 hostapd: run0_wlan0: STA c8:3a:35:c7:63:55 WPA: sending 1/4 msg of 4-Way Handshake

I don't know what invalid MIC in msg 2/4 of 4-Way Handshake means. Lets see what Google turns up.

The CD that came with the card didn't have any drivers so I had to download drivers. What I installed clearly recognised the card but maybe it has a bug.

I'll try a USB WiFi adapter in the same box and see what happens.

Edit: The USB adapter also frequently reports "Acquiring network address" but the Wireless is a bit different:

Aug 31 12:14:24 hostapd: run0_wlan0: STA 00:1b:11:b5:c1:c8 IEEE 802.11: associated
Aug 31 12:14:24 hostapd: run0_wlan0: STA 00:1b:11:b5:c1:c8 WPA: event 1 notification
Aug 31 12:14:24 hostapd: run0_wlan0: STA 00:1b:11:b5:c1:c8 WPA: start authentication
Aug 31 12:14:24 hostapd: run0_wlan0: STA 00:1b:11:b5:c1:c8 IEEE 802.1X: unauthorizing port
Aug 31 12:14:24 hostapd: run0_wlan0: STA 00:1b:11:b5:c1:c8 WPA: sending 1/4 msg of 4-Way Handshake
Aug 31 12:14:24 hostapd: run0_wlan0: STA 00:1b:11:b5:c1:c8 WPA: EAPOL-Key timeout
Aug 31 12:14:24 hostapd: run0_wlan0: STA 00:1b:11:b5:c1:c8 WPA: sending 1/4 msg of 4-Way Handshake
Aug 31 12:14:25 hostapd: run0_wlan0: STA 00:1b:11:b5:c1:c8 WPA: EAPOL-Key timeout
Aug 31 12:14:25 hostapd: run0_wlan0: STA 00:1b:11:b5:c1:c8 WPA: sending 1/4 msg of 4-Way Handshake
Aug 31 12:14:26 hostapd: run0_wlan0: STA 00:1b:11:b5:c1:c8 WPA: EAPOL-Key timeout
Aug 31 12:14:26 hostapd: run0_wlan0: STA 00:1b:11:b5:c1:c8 WPA: sending 1/4 msg of 4-Way Handshake
Aug 31 12:14:27 hostapd: run0_wlan0: STA 00:1b:11:b5:c1:c8 WPA: EAPOL-Key timeout
Aug 31 12:14:27 hostapd: run0_wlan0: STA 00:1b:11:b5:c1:c8 IEEE 802.1X: unauthorizing port
Aug 31 12:14:27 hostapd: run0_wlan0: STA 00:1b:11:b5:c1:c8 IEEE 802.11: deauthenticated due to local deauth request
Aug 31 12:14:27 hostapd: run0_wlan0: STA 00:1b:11:b5:c1:c8 IEEE 802.11: deassociated

poplap120

From my understanding of reading about the handshake process the first two packets deal with encryption, and the last two are acknowledgment of the packets. This handshake is for encrypting the session keys so that they are harder to get. If my understanding is right the second key is from the client, so it seems that the client is messing up on the MIC (MAC) which is used for sending encrypted messages and checking their integrity. In WPA2 this is where the user auth is. My guess is that something is messing with the computations to generate it or PF is miss interpreting it. I need to look at my system logs to see if this is what is happening to me or if it is of different matter.

EDIT:
Ok it looks like im having no problem with auth but it wont stay connected. My sys logs on wireless show:

Aug 30 22:01:20 hostapd: ath0_wlan1: STA 08:11:96:a9:70:48 WPA: event 4 notification
Aug 30 22:01:20 hostapd: ath0_wlan1: STA 08:11:96:a9:70:48 WPA: sending 1/4 msg of 4-Way Handshake
Aug 30 22:01:20 hostapd: ath0_wlan1: STA 08:11:96:a9:70:48 WPA: received EAPOL-Key frame (2/4 Pairwise)
Aug 30 22:01:20 hostapd: ath0_wlan1: STA 08:11:96:a9:70:48 WPA: sending 3/4 msg of 4-Way Handshake
Aug 30 22:01:20 hostapd: ath0_wlan1: STA 08:11:96:a9:70:48 WPA: received EAPOL-Key frame (4/4 Pairwise)
Aug 30 22:01:20 hostapd: ath0_wlan1: STA 08:11:96:a9:70:48 IEEE 802.1X: authorizing port
Aug 30 22:01:20 hostapd: ath0_wlan1: STA 08:11:96:a9:70:48 RADIUS: starting accounting session 503BF4DF-0001D0D9
Aug 30 22:01:20 hostapd: ath0_wlan1: STA 08:11:96:a9:70:48 WPA: pairwise key handshake completed (RSN)
Aug 30 22:01:20 hostapd: ath0_wlan1: STA 08:11:96:a9:70:48 IEEE 802.11: associated
Aug 30 22:01:20 hostapd: ath0_wlan1: STA 08:11:96:a9:70:48 WPA: event 1 notification
Aug 30 22:01:20 hostapd: ath0_wlan1: STA 08:11:96:a9:70:48 WPA: event 4 notification
Aug 30 22:01:20 hostapd: ath0_wlan1: STA 08:11:96:a9:70:48 WPA: sending 1/4 msg of 4-Way Handshake
Aug 30 22:01:20 hostapd: ath0_wlan1: STA 08:11:96:a9:70:48 WPA: received EAPOL-Key frame (2/4 Pairwise)
Aug 30 22:01:20 hostapd: ath0_wlan1: STA 08:11:96:a9:70:48 WPA: sending 3/4 msg of 4-Way Handshake
Aug 30 22:01:20 hostapd: ath0_wlan1: STA 08:11:96:a9:70:48 WPA: received EAPOL-Key frame (4/4 Pairwise)
Aug 30 22:01:20 hostapd: ath0_wlan1: STA 08:11:96:a9:70:48 IEEE 802.1X: authorizing port
Aug 30 22:01:20 hostapd: ath0_wlan1: STA 08:11:96:a9:70:48 RADIUS: starting accounting session 503BF4DF-0001D0DA
Aug 30 22:01:20 hostapd: ath0_wlan1: STA 08:11:96:a9:70:48 WPA: pairwise key handshake completed (RSN)
Aug 30 22:01:20 hostapd: ath0_wlan1: STA 08:11:96:a9:70:48 IEEE 802.11: associated
Aug 30 22:01:20 hostapd: ath0_wlan1: STA 08:11:96:a9:70:48 WPA: event 1 notification
Aug 30 22:01:20 hostapd: ath0_wlan1: STA 08:11:96:a9:70:48 WPA: event 4 notification

Which to me suggest a signal loss as i mentioned earlier the client seems to drop the signal strength from good to poor but other clients running wifi analyzer show no drop. how ever it is still reporting an auth error.

poplap120

Well i figured out why i was having problems, i over looked what APs the school used and there are cisco, which have a feature that that is meant for security, it sands out a de auth frame packet to any wireless client that is connecting to a router not part of its system so thats why my clients would not connect, it would see it and go "i dont like that" DEAUTHED. that is why it was dropping the signal.

Now im pissed, i get the crappiest signal in my room only computers can get anything over a bar and thats iffy at best. i use Ethernet anyway but my phone and tablet are not going to be much use.

If only there was a way around this…I wonder if moving to the 5ghz range would get by it but i dont think my phone supports it...