4. Invalid MIC in msg 2/4 of 4-way handshake

Invalid MIC in msg 2/4 of 4-way handshake

  • R

    This is a cross-post of https://serverfault.com/questions/869591

    I'm using a modern pfSense:

    FreeBSD 10.3-RELEASE-p19 FreeBSD #1 76a12c4e6(RELENG_2_3_4): Fri Jul 14 15:02:35 CDT 2017

    with this wireless chip:

    ral0: <ralink technology="" rt3090=""> at device 0.0 on pci3
ral0: MAC/BBP RT3090 (rev 0x3213), RF RT3020 (MIMO 1T1R)</ralink>

    The wireless interface is configured to use:

    • 802.11g (b disabled) channel 10
    • WPA2 PSK
    • Pure AES
    • Group key rotation = 60
    • Group master key rotation = 3600

    Clients rarely associate successfully. Usually they fail at the auth stage, and the pfSense wireless log shows this repeated until the number of retries hits its limit:

    ral0_wlan0: STA [mac] WPA: sending 1/4 msg of 4-Way Handshake
ral0_wlan0: STA [mac] WPA: received EAPOL-Key frame (2/4 Pairwise)
ral0_wlan0: STA [mac] WPA: invalid MIC in msg 2/4 of 4-Way Handshake
ral0_wlan0: STA [mac] WPA: EAPOL-Key timeout

    This happens regardless of distance to the router. Signal strength is good. Wifi Analyser on my phone shows -52dBm and "green" strength, and the graph shows that the channel neighbourhood is relatively clear. There are no other APs on channel 10, and a couple of weak (-90) ones on channel 11.

    Could it be a bad chip? Or bad kernel module?

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2019 Rubicon Communications, LLC | Privacy Policy