[2.3.5] Not able to connect via WPA2 - Handshake 1/4 EAPOL-Key timeout



  • Hi,

    I recently updated from a 2.2.X to a 2.3.5-RELEASE-p2
    The same WIFI config worked before now in 2.3.5, I'm unable to connect to the AP via WIFI and WPA2.

    On the client side it says the password is incorrect.
    On the AP side, in the wireless logs, I get "WPA: EAPOL-Key timeout"
    The DHCP server is enabled on the interface and there are no logs.
    I also noticed i'm able to connect when disabling security. WPA also does not work
    I have 3 WLAN interfaces defined on the same physical ath0 network port. Only the one on the physical network port works. The other 2 seems to experience the same behavior

    Do you have an idea how to debug this?

    Seems to me the AP sends the EAPOL-Key ANounce to the client but the EAPOL-Key SNounce is not received soon enough.
    So the EAPOL-Key ANounce might be lost
    I don't see any packets on the client side (maybe I'm not using wireshark correctly)

    2.3.5-RELEASE-p2 (i386)
    built on Thu May 10 15:03:18 CDT 2018
    FreeBSD 10.3-RELEASE-p29
    nanobsd (4g)

    My configuration

    [2.3.5-RELEASE][root@pfSense]/var/etc: cat /var/etc/hostapd_ath0_wlan1.conf
    interface=ath0_wlan1
    driver=bsd
    logger_syslog=-1
    logger_syslog_level=0
    logger_stdout=-1
    logger_stdout_level=0
    dump_file=/tmp/hostapd_ath0_wlan1.dump
    ctrl_interface=/var/run/hostapd
    ctrl_interface_group=wheel
    #accept_mac_file=/tmp/hostapd_ath0_wlan1.accept
    #deny_mac_file=/tmp/hostapd_ath0_wlan1.deny
    #macaddr_acl=
    ssid=MySSID
    debug=
    wpa=2
    wpa_key_mgmt=WPA-PSK
    wpa_pairwise=CCMP
    wpa_group_rekey=60
    wpa_gmk_rekey=3600
    wpa_strict_rekey=
    wpa_passphrase=12345678

    I tried to run with more debug flags:

    ps -auwwx | grep hostapd

    root 38155 0.0 0.9 12780 4540 - Ss 3:39PM 0:00.64 /usr/local/sbin/hostapd -B -P /var/run/hostapd_ath0_wlan1.pid /var/etc/hostapd_ath0_wlan1.conf

    cat /var/run/hostapd_ath0_wlan1.pid | xargs kill -9; rm /var/run/hostapd_ath0_wlan1.pid
    /usr/local/sbin/hostapd -BddKt -P /var/run/hostapd_ath0_wlan1.pid /var/etc/hostapd_ath0_wlan1.conf

    ps -auwwx | grep hostapd

    root 27826 1.2 0.9 12780 4528 - Ss 7:40PM 0:00.00 /usr/local/sbin/hostapd -BddKt -P /var/run/hostapd_ath0_wlan1.pid /var/etc/hostapd_ath0_wlan1.conf

    clog -f /var/log/wireless.log | grep ath0_wlan1

    Aug 20 17:39:59 pfSense hostapd: ath0_wlan1: STA c4:85:08:30:a0:61 IEEE 802.11: associated
    Aug 20 17:39:59 pfSense hostapd: ath0_wlan1: STA c4:85:08:30:a0:61 WPA: event 1 notification
    Aug 20 17:39:59 pfSense hostapd: ath0_wlan1: STA c4:85:08:30:a0:61 WPA: start authentication
    Aug 20 17:39:59 pfSense hostapd: ath0_wlan1: STA c4:85:08:30:a0:61 IEEE 802.1X: unauthorizing port
    Aug 20 17:39:59 pfSense hostapd: ath0_wlan1: STA c4:85:08:30:a0:61 WPA: sending 1/4 msg of 4-Way Handshake
    Aug 20 17:40:00 pfSense hostapd: ath0_wlan1: STA c4:85:08:30:a0:61 WPA: EAPOL-Key timeout
    Aug 20 17:40:00 pfSense hostapd: ath0_wlan1: STA c4:85:08:30:a0:61 WPA: sending 1/4 msg of 4-Way Handshake
    Aug 20 17:40:01 pfSense hostapd: ath0_wlan1: WPA rekeying GTK
    Aug 20 17:40:01 pfSense hostapd: ath0_wlan1: STA c4:85:08:30:a0:61 WPA: Not in PTKINITDONE; skip Group Key update
    Aug 20 17:40:01 pfSense hostapd: ath0_wlan1: STA c4:85:08:30:a0:61 WPA: EAPOL-Key timeout
    Aug 20 17:40:01 pfSense hostapd: ath0_wlan1: STA c4:85:08:30:a0:61 WPA: sending 1/4 msg of 4-Way Handshake
    Aug 20 17:40:02 pfSense hostapd: ath0_wlan1: STA c4:85:08:30:a0:61 WPA: EAPOL-Key timeout
    Aug 20 17:40:02 pfSense hostapd: ath0_wlan1: STA c4:85:08:30:a0:61 WPA: sending 1/4 msg of 4-Way Handshake
    Aug 20 17:40:03 pfSense hostapd: ath0_wlan1: STA c4:85:08:30:a0:61 WPA: EAPOL-Key timeout
    Aug 20 17:40:03 pfSense hostapd: ath0_wlan1: STA c4:85:08:30:a0:61 WPA: PTKSTART: Retry limit 4 reached
    Aug 20 17:40:03 pfSense hostapd: ath0_wlan1: STA c4:85:08:30:a0:61 WPA: event 3 notification
    Aug 20 17:40:03 pfSense hostapd: ath0_wlan1: STA c4:85:08:30:a0:61 IEEE 802.1X: unauthorizing port
    Aug 20 17:40:03 pfSense hostapd: ath0_wlan1: STA c4:85:08:30:a0:61 MLME: MLME-DEAUTHENTICATE.indication(c4:85:08:30:a0:61, 2)
    Aug 20 17:40:03 pfSense hostapd: ath0_wlan1: STA c4:85:08:30:a0:61 MLME: MLME-DELETEKEYS.request(c4:85:08:30:a0:61)


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy