Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Help on starting atheros wifi

    Scheduled Pinned Locked Moved 2.1 Snapshot Feedback and Problems - RETIRED
    13 Posts 3 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MrRocco
      last edited by

      Hi all,

      First post here, and trying to do it right. I've tried searching around the forum but I've come up short.

      I am running:
      FreeBSD pfSense.localdomain 8.3-RELEASE-p5 FreeBSD 8.3-RELEASE-p5 #0: Sun Dec 30 03:24:03 EST 2012    root@snapshots-8_3-amd64.builders.pfsense.org:/usr/obj./usr/pfSensesrc/src/sys/pfSense_SMP.8  amd64

      On an Intel DQ77 board, Core i3, 4GB ram.

      In my loader.conf file is:

      if_ath_load="YES"
      if_ath_pci_load="YES"
      
      
      [2.1-BETA1][admin@pfSense.localdomain]/boot(25): dmesg -a | grep -i ath
      ath0: <atheros 9280="">mem 0xf7d00000-0xf7d0ffff irq 18 at device 0.0 on pci2
      ath0: [ITHREAD]
      ath0: AR9280 mac 128.2 RF5133 phy 13.0</atheros> 
      
      [2.1-BETA1][admin@pfSense.localdomain]/boot(24): pciconf -lv
      ath0@pci0:2:0:0:        class=0x028000 card=0x0200168c chip=0x002a168c rev=0x01 hdr=0x00
          class      = network
      
      
      [2.1-BETA1][admin@pfSense.localdomain]/root(2): ifconfig ath0
      ath0: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 2290
              ether 00:22:5f:6d:5e:38
              media: IEEE 802.11 Wireless Ethernet autoselect (autoselect)
              status: no carrier</broadcast,simplex,multicast> 
      

      From here I do not see the ath0 in the Interfaces:Wireless configuration page and I can't seem to get anything further to come up. I somewhat know my way around Linux but pfSense is the first time I've played with FreeBSD. I would appreciate any pointers.

      Thanks!

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by

        In Interfaces -> (assign) click the "+" button at the lower right of the page to add the interface to the pool of interfaces available to pfSense. You should then see it as an OPTx interface and be able to configure it from the appropriate Interfaces -> OPTx page (x in 1, 2, 3 …)

        1 Reply Last reply Reply Quote 0
        • M
          MrRocco
          last edited by

          Thanks wallabybob!

          I actually figured out what I was doing shortly after my post. I just expected the interface to show up and missed the painfully obvious step of adding it.

          I have been testing various settings today and dialed back to a pretty basic 802.11g AP mode. (BTW, this is a test build not my primary router thankfully). The WLAN [ath0] is in bridged mode with em1 which is sitting on my LAN at a fixed IP. DHCP is off and everything else is stock.

          I cannot keep a consistent connection to this AP. There might be more logging that I can capture. This is from the diag_logs_wireless page:

          Jan 3 18:54:01	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 IEEE 802.11: associated
          Jan 3 18:54:01	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: event 1 notification
          Jan 3 18:54:01	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: event 4 notification
          Jan 3 18:54:01	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: sending 1/4 msg of 4-Way Handshake
          Jan 3 18:54:01	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: received EAPOL-Key frame (2/4 Pairwise)
          Jan 3 18:54:01	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: sending 3/4 msg of 4-Way Handshake
          Jan 3 18:54:01	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: received EAPOL-Key frame (4/4 Pairwise)
          Jan 3 18:54:01	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 IEEE 802.1X: authorizing port
          Jan 3 18:54:01	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 RADIUS: starting accounting session 50E5D0CC-00000002
          Jan 3 18:54:01	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: pairwise key handshake completed (RSN)
          Jan 3 18:54:16	hostapd: ath0_wlan0: WPA rekeying GTK
          Jan 3 18:54:16	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: sending 1/2 msg of Group Key Handshake
          Jan 3 18:54:16	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: EAPOL-Key timeout
          Jan 3 18:54:16	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: sending 1/2 msg of Group Key Handshake
          Jan 3 18:54:16	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: received EAPOL-Key frame (2/2 Group)
          Jan 3 18:54:16	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: group key handshake completed (RSN)
          Jan 3 18:54:16	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: received EAPOL-Key 2/2 Group with unexpected replay counter
          

          That is a partial snip of the log.

          Why is trying to authenticate RADIUS? (I don't have that configured)

          I have the antennas explicitly assigned to snd #1/rcv #2 to avoid diversity issues, although the atheros 8290 supports it.

          Other things I can try to bring stability?

          Thanks!

          1 Reply Last reply Reply Quote 0
          • M
            MrRocco
            last edited by

            Update:

            Cleared the log completely.

            Started up my iPhone as a client and it connect successfully. Within a few seconds the join got lost. I refreshed the log and saw the "rekeying GTK" message and the ones after it but the phone was disconnected.

            hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 IEEE 802.11: associated
            Jan 3 21:10:00	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: event 1 notification
            Jan 3 21:10:00	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: start authentication
            Jan 3 21:10:00	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 IEEE 802.1X: unauthorizing port
            Jan 3 21:10:00	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: sending 1/4 msg of 4-Way Handshake
            Jan 3 21:10:00	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: received EAPOL-Key frame (2/4 Pairwise)
            Jan 3 21:10:00	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: sending 3/4 msg of 4-Way Handshake
            Jan 3 21:10:00	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: received EAPOL-Key frame (4/4 Pairwise)
            Jan 3 21:10:00	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 IEEE 802.1X: authorizing port
            Jan 3 21:10:00	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 RADIUS: starting accounting session 50E5D0CC-00000006
            Jan 3 21:10:00	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: pairwise key handshake completed (RSN)
            Jan 3 21:10:16	hostapd: ath0_wlan0: WPA rekeying GTK
            Jan 3 21:10:16	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: sending 1/2 msg of Group Key Handshake
            Jan 3 21:10:16	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: received EAPOL-Key frame (2/2 Group)
            Jan 3 21:10:16	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: group key handshake completed (RSN)
            

            Is there something funky going on during the rekey?

            Thanks!

            1 Reply Last reply Reply Quote 0
            • W
              wallabybob
              last edited by

              Are your clients attempting to get an IP address by DHCP?

              Have you had this working with encryption disabled?

              1 Reply Last reply Reply Quote 0
              • M
                MrRocco
                last edited by

                Are your clients attempting to get an IP address by DHCP?

                Yes, but not from this pfSense router. My primary router (running 2.0.1 on different HW with no WIFI) is also the DHCP server.

                Have you had this working with encryption disabled?

                I haven't tried it with no encryption. Since I don't have the traffic separated I didn't want an open AP on my LAN. I guess I could set up a rule on my primary to treat this as "guest" network and have WAN only access then turn of WPA2.

                UPDATE

                Since the previous posting, the rekeying has been working successfully. I will add a few more clients and keep testing with adding/deleting and see how stable it is.

                I still remain curious about the RADIUS auth/deauth messages in the log. Can't figure out why that would be happening…

                Thanks!

                1 Reply Last reply Reply Quote 0
                • W
                  wallabybob
                  last edited by

                  @MrRocco:

                  I still remain curious about the RADIUS auth/deauth messages in the log. Can't figure out why that would be happening…

                  I don't use radius accounting but my wireless log reports:

                  RADIUS: starting accounting session 50E3AB31-00000017

                  1 Reply Last reply Reply Quote 0
                  • M
                    MrRocco
                    last edited by

                    Unfortunately I still see the wifi connection drop, or the client fail to re-connect for periods of time. Somewhere in the 30s-90s range then the connection is re-established. Not as reliable as I had hoped it would be.

                    1 Reply Last reply Reply Quote 0
                    • M
                      MrRocco
                      last edited by

                      Unfortunately this is still a problem. I am surprised as to the unreliability of Wifi in pfSense at this point.

                      Here is a log dump after clearing and it started the rekeying event:

                      Jan 8 23:04:27	hostapd: ath0_wlan0: WPA rekeying GTK
                      Jan 8 23:04:27	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: sending 1/2 msg of Group Key Handshake
                      Jan 8 23:04:27	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: received EAPOL-Key frame (2/2 Group)
                      Jan 8 23:04:27	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: group key handshake completed (RSN)
                      Jan 8 23:05:06	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 IEEE 802.11: associated
                      Jan 8 23:05:06	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: event 1 notification
                      Jan 8 23:05:06	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: event 4 notification
                      Jan 8 23:05:06	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: sending 1/4 msg of 4-Way Handshake
                      Jan 8 23:05:06	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: received EAPOL-Key frame (2/4 Pairwise)
                      Jan 8 23:05:06	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: sending 3/4 msg of 4-Way Handshake
                      Jan 8 23:05:06	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: received EAPOL-Key frame (4/4 Pairwise)
                      Jan 8 23:05:06	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 IEEE 802.1X: authorizing port
                      Jan 8 23:05:06	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 RADIUS: starting accounting session 50EC8297-00000006
                      Jan 8 23:05:06	hostapd: ath0_wlan0: STA 5c:59:48:23:00:71 WPA: pairwise key handshake completed (RSN)
                      

                      The iPhone client cannot pair with the pfSense node.

                      Is the Atheros support that bad? Is it my settings? I'm looking for any other helpful hints. Meanwhile I will try some other things. I will try an Internet access only "guest" network and turn off all of the security and see if pairing improves.

                      Any pointers are helpful as I would prefer to remove my other WAPs.

                      Thanks!

                      1 Reply Last reply Reply Quote 0
                      • W
                        wallabybob
                        last edited by

                        @MrRocco:

                        I am surprised as to the unreliability of Wifi in pfSense at this point.

                        Please take care not to come to a hasty conclusion based on insufficient data.

                        I have two pfsense WiFi APs at home, one based on a PCI card with Atheros chipset, one based on USB stick with Ralink chipset. My Android phone associates with both APs for hours at a time but won't associate for more than a few seconds with the free WiFi in the local commuter rail. A number of different Windows systems in the house have no trouble associating with either AP for extended periods.

                        Do you have other devices that associate with the pfSense AP for long periods?

                        1 Reply Last reply Reply Quote 0
                        • M
                          MrRocco
                          last edited by

                          Sorry, not trying to be hasty. I've been testing before I posted that but I am happy to continue testing all sorts of things to get to the bottom of it.

                          Most of my wireless clients are things like iOS devices or printers. Everything else is wired or a production system. I will dig up an older Intel based Macbook and try many cycles of sleeping and unsleeping it on the system.

                          For now I did as posted and created an open wifi guest subnet with no security at all. I want to see if I have any headaches with that for a few hours.

                          Thanks.

                          1 Reply Last reply Reply Quote 0
                          • ?
                            A Former User
                            last edited by

                            also which version IOS you running on the iPhones?

                            seems 6.0 has issues with WiFi… 6.1 seemed to fix issues we see in house here
                            (in the Lab)

                            We dont allow personal phones to connect to the corp network but we tend to Test
                            lots of stuff in the Lab that never sees the light of day outside the lab.

                            1 Reply Last reply Reply Quote 0
                            • M
                              MrRocco
                              last edited by

                              also which version IOS you running on the iPhones?

                              I am still running 5.1.1 but will soon be upgrading to 6.0.1

                              UPDATE

                              I have had good success with the completely open wifi and multiple clients. Now I will layer in WPA in a measured approach and see how it goes.

                              Thanks

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.