"WPA: EAPOL-Key timeout" for certain devices

MaxPF

Same thing here! My logs are full of those messages.

hase

I switched from AES to TKIP and the deassociations seem to have stopped.  I'm still getting "EAPOL-Key timeout" occasionally but it rarely causes a lost connection.  I'd still like to understand why of all my devices, only the Mac and Android don't play nicely with pfSense's implementation of AES.  OR if there's something else happening.

MaxPF

For me it's all Android devices. I'll try TKIP.

MaxPF

hase, is your wifi interface bridged to any other interface?

hase

Yes it is.  To another physical interface.  You think that's messing with the wireless crypto?

MaxPF

Mine is also bridged to my LAN.

hase

I keep testing various other settings.  The only thing that appears to work is disabling WPA.  I've not tested with WEP.

Hardware:

ath0@pci0:0:12:0:	class=0x020000 card=0x1012185f chip=0x0013168c rev=0x01 hdr=0x00

MaxPF

I keep seeing the same errors so I increased the re-key interval just to minimize the frequency.
However I noticed that every time there is a WPA re-keying, the first attempt gets the "EAPOL-Key timeout", but the second one succeeds:

2013-01-30 9:14 AM,Debug,192.168.1.1,run0_wlan0: WPA rekeying GTK
2013-01-30 9:14 AM,Debug,192.168.1.1,run0_wlan0: STA yy:yy:yy:yy:yy:yy WPA: sending 1/2 msg of Group Key Handshake
2013-01-30 9:14 AM,Debug,192.168.1.1,run0_wlan0: STA yy:yy:yy:yy:yy:yy WPA: EAPOL-Key timeout
2013-01-30 9:14 AM,Debug,192.168.1.1,run0_wlan0: STA yy:yy:yy:yy:yy:yy WPA: sending 1/2 msg of Group Key Handshake
2013-01-30 9:14 AM,Debug,192.168.1.1,run0_wlan0: STA yy:yy:yy:yy:yy:yy WPA: EAPOL-Key timeout
2013-01-30 9:14 AM,Debug,192.168.1.1,run0_wlan0: STA yy:yy:yy:yy:yy:yy WPA: sending 1/2 msg of Group Key Handshake
2013-01-30 9:14 AM,Debug,192.168.1.1,run0_wlan0: STA yy:yy:yy:yy:yy:yy WPA: EAPOL-Key timeout
2013-01-30 9:14 AM,Debug,192.168.1.1,run0_wlan0: STA yy:yy:yy:yy:yy:yy WPA: sending 1/2 msg of Group Key Handshake
2013-01-30 9:14 AM,Debug,192.168.1.1,run0_wlan0: STA yy:yy:yy:yy:yy:yy WPA: EAPOL-Key timeout
2013-01-30 9:14 AM,Debug,192.168.1.1,run0_wlan0: STA yy:yy:yy:yy:yy:yy IEEE 802.1X: unauthorizing port
2013-01-30 9:14 AM,Info,192.168.1.1,run0_wlan0: STA yy:yy:yy:yy:yy:yy IEEE 802.11: deauthenticated due to local deauth request
2013-01-30 9:14 AM,Info,192.168.1.1,run0_wlan0: STA yy:yy:yy:yy:yy:yy IEEE 802.11: deassociated
2013-01-30 9:14 AM,Info,192.168.1.1,run0_wlan0: STA yy:yy:yy:yy:yy:yy IEEE 802.11: associated
2013-01-30 9:14 AM,Debug,192.168.1.1,run0_wlan0: STA yy:yy:yy:yy:yy:yy WPA: event 1 notification
2013-01-30 9:14 AM,Debug,192.168.1.1,run0_wlan0: STA yy:yy:yy:yy:yy:yy WPA: start authentication
2013-01-30 9:14 AM,Debug,192.168.1.1,run0_wlan0: STA yy:yy:yy:yy:yy:yy IEEE 802.1X: unauthorizing port
2013-01-30 9:14 AM,Debug,192.168.1.1,run0_wlan0: STA yy:yy:yy:yy:yy:yy WPA: sending 1/4 msg of 4-Way Handshake
2013-01-30 9:14 AM,Debug,192.168.1.1,run0_wlan0: STA yy:yy:yy:yy:yy:yy WPA: received EAPOL-Key frame (2/4 Pairwise)
2013-01-30 9:14 AM,Debug,192.168.1.1,run0_wlan0: STA yy:yy:yy:yy:yy:yy WPA: sending 3/4 msg of 4-Way Handshake
2013-01-30 9:14 AM,Debug,192.168.1.1,run0_wlan0: STA yy:yy:yy:yy:yy:yy WPA: received EAPOL-Key frame (4/4 Pairwise)
2013-01-30 9:14 AM,Debug,192.168.1.1,run0_wlan0: STA yy:yy:yy:yy:yy:yy IEEE 802.1X: authorizing port
2013-01-30 9:14 AM,Info,192.168.1.1,run0_wlan0: STA yy:yy:yy:yy:yy:yy RADIUS: starting accounting session 510907A5-00000014
2013-01-30 9:14 AM,Info,192.168.1.1,run0_wlan0: STA yy:yy:yy:yy:yy:yy WPA: pairwise key handshake completed (RSN)

The other thing is the reference to 802.1X and RADIUS which I don't use and have never configured in the WLAN interface settings.

UPDATE:
An iPhone 4 is also behaving the same way, with EAPOL-Key timeout errors at the first re-key attempt

hase

I live in an apartment with dozens of competing wifi APs.  When I moved the AP to another room, it appears to work better.  I brought in and tested another AP and the 2.4ghz range was just as useless.  The 5ghz worked perfectly.  I've not done much more troubleshooting, but my current theory is too much competition on the frequency.  If anyone has any recommendations or tests they'd like me to look at, I'll still be happy to help.

???

wallabybob

Download the WiFi Analyzer Android app to your phone, start it and switch to channel view. You might find a channel or channel range much less busy than the others.

There are WiFi chipsets supported by pfSense that can operate as APs in 5GHz and both 5GHz and 2.4GHz

hase

I've been messing with that for days now.  There are no open areas, switching to a less used channel helps temporarily but they're all fighting for limited space.

I've got a few things that can't support 5ghz so I "fixed it" with a wired AP in the other room.  When I plugged in the second AP in the office with the pfSense box, it had the same problem.  When I plug it into a drop in the same room as the Roku, 15-20 feet away, it works perfectly.

I don't do wireless professionally but am a network engineer.  Constant retransmissions and timeouts on one frequency, plus a huge number of competing APs and who knows what else, but not another makes me pretty sure this is an interference issue.