Invalid MIC in msg 2/4 of 4-way handshake
This is a cross-post of https://serverfault.com/questions/869591
I'm using a modern pfSense:
FreeBSD 10.3-RELEASE-p19 FreeBSD #1 76a12c4e6(RELENG_2_3_4): Fri Jul 14 15:02:35 CDT 2017
with this wireless chip:
ral0: <ralink technology="" rt3090=""> at device 0.0 on pci3 ral0: MAC/BBP RT3090 (rev 0x3213), RF RT3020 (MIMO 1T1R)</ralink>
The wireless interface is configured to use:
- 802.11g (b disabled) channel 10
- WPA2 PSK
- Pure AES
- Group key rotation = 60
- Group master key rotation = 3600
Clients rarely associate successfully. Usually they fail at the auth stage, and the pfSense wireless log shows this repeated until the number of retries hits its limit:
ral0_wlan0: STA [mac] WPA: sending 1/4 msg of 4-Way Handshake ral0_wlan0: STA [mac] WPA: received EAPOL-Key frame (2/4 Pairwise) ral0_wlan0: STA [mac] WPA: invalid MIC in msg 2/4 of 4-Way Handshake ral0_wlan0: STA [mac] WPA: EAPOL-Key timeout
This happens regardless of distance to the router. Signal strength is good. Wifi Analyser on my phone shows -52dBm and "green" strength, and the graph shows that the channel neighbourhood is relatively clear. There are no other APs on channel 10, and a couple of weak (-90) ones on channel 11.
Could it be a bad chip? Or bad kernel module?