Invalid MIC in msg 2/4 of 4-way handshake



  • This is a cross-post of https://serverfault.com/questions/869591

    I'm using a modern pfSense:

    FreeBSD 10.3-RELEASE-p19 FreeBSD #1 76a12c4e6(RELENG_2_3_4): Fri Jul 14 15:02:35 CDT 2017
    

    with this wireless chip:

    ral0: <ralink technology="" rt3090=""> at device 0.0 on pci3
    ral0: MAC/BBP RT3090 (rev 0x3213), RF RT3020 (MIMO 1T1R)</ralink>
    

    The wireless interface is configured to use:

    • 802.11g (b disabled) channel 10
    • WPA2 PSK
    • Pure AES
    • Group key rotation = 60
    • Group master key rotation = 3600

    Clients rarely associate successfully. Usually they fail at the auth stage, and the pfSense wireless log shows this repeated until the number of retries hits its limit:

    ral0_wlan0: STA [mac] WPA: sending 1/4 msg of 4-Way Handshake
    ral0_wlan0: STA [mac] WPA: received EAPOL-Key frame (2/4 Pairwise)
    ral0_wlan0: STA [mac] WPA: invalid MIC in msg 2/4 of 4-Way Handshake
    ral0_wlan0: STA [mac] WPA: EAPOL-Key timeout
    

    This happens regardless of distance to the router. Signal strength is good. Wifi Analyser on my phone shows -52dBm and "green" strength, and the graph shows that the channel neighbourhood is relatively clear. There are no other APs on channel 10, and a couple of weak (-90) ones on channel 11.

    Could it be a bad chip? Or bad kernel module?