Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Problem with run driver and wpa

    Scheduled Pinned Locked Moved Wireless
    10 Posts 2 Posters 4.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      BeerCan
      last edited by

      I have a bunch of small fw appliances, with only usb ports available, that I would love to turn into access points but I am having a problem.  I am using 2 different usb adapters that exhibit the same problem.  One is based on the ra3070 and one is based on the ra2770/2720.  Whenever I set up wpa the client stop working.  I can set up the ap with no authentication and everything works fine, but once I set up wpa they no longer get ip addresses or actually connect.  I built a test machine that pcie slots and used an ath based card and it worked fine, but once I used the same test machine with the ralinks it stopped working.  Any ideas?

      pfsense 2.0 release

      system log

      hostapd: run0_wlan0: STA 98:4b:4a:7e:14:87 RADIUS: starting accounting session 4E860B07-00000004
Sep 30 18:35:52 	hostapd: run0_wlan0: STA <mac redacted=""> WPA: pairwise key handshake completed (RSN)
Sep 30 18:36:38 	hostapd: run0_wlan0: STA <mac redacted=""> IEEE 802.11: deauthenticated due to local deauth request
Sep 30 18:36:38 	hostapd: run0_wlan0: STA <mac redacted=""> IEEE 802.11: deassociated
Sep 30 18:36:52 	hostapd: run0_wlan0: STA <mac redacted=""> IEEE 802.11: associated</mac></mac></mac></mac>
      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by

        I have a run device on a pfSense box that works fine with WPA2, PSK (Pre Shared Key) and AES.  How is your configuration different? (The log extract you posted suggests you might be using RADIUS authentication.)

        1 Reply Last reply Reply Quote 0
        • B
          BeerCan
          last edited by

          no radius, that I configed anyway.  pretty vanilla setup, just installed the nanobsd 4g image and configured the devices.  Are you using the nanobsd version?  Like I said if I switch the ralinks for the atheros card I can get it to work fine.  Perhaps I will try an install from the livedisk to see if it is a problem with the nanobsd mage.

          1 Reply Last reply Reply Quote 0
          • W
            wallabybob
            last edited by

            I'm not using radius either and a check in the logs revealed a similar mention of RADIUS from hostapd:

            clog /var/log/system.log | grep hostapd

            Oct  1 15:58:57 pfsense2 hostapd: run0_wlan0: STA <mac addr="">IEEE 802.11: associated
            Oct  1 15:58:57 pfsense2 hostapd: run0_wlan0: STA <mac addr="">RADIUS: starting accounting session 4E86AB2D-00000000
            Oct  1 15:58:57 pfsense2 hostapd: run0_wlan0: STA <mac addr="">WPA: pairwise key handshake completed (RSN)</mac></mac></mac>

            I'm not using nanobsd.

            Can you try WPA2, PSK and AES (not TKIP)?

            1 Reply Last reply Reply Quote 0
            • B
              BeerCan
              last edited by

              OK sorry for the delay, I had to go out of town for a few days.

              I just tried those specific settings and I get the same exact symptoms as posted above.  I will try livecd install tonight.

              EDIT
              I tried using the livecd installer with the smp kernel and I still get the same errors.  So it appears that the issue lies elsewhere.  I have tried on 3 different computer platforms and 2 different ralink usb dongles.  is there anything else I can do to help diagnose this?

              1 Reply Last reply Reply Quote 0
              • W
                wallabybob
                last edited by

                I can only recall one problem I have had with an encrypted wireless link at home: my pfSense was originally set to WPA2, PSK and (TKIP or AES) and worked fine. After a Linux upgrade my netbook stopped associating. When I removed TKIP as an option on pfSense the netbook correctly associated again.

                Are you in a noisy radio environment? (Maybe using a different channel will help.)

                Do the wireless parameters exactly match on AP and client?

                What is the output of the pfSense shell command ifconfig run0_wlan0

                1 Reply Last reply Reply Quote 0
                • B
                  BeerCan
                  last edited by

                  Here ya go.

                  [2.0-RELEASE][root@pfsense.localdomain]/root(2): ifconfig run0_wlan0
run0_wlan0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        ether <redacted>
        inet6 <redacted>%run0_wlan0 prefixlen 64 scopeid 0xb
        inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255
        nd6 options=3 <performnud,accept_rtadv>media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
        status: running
        ssid BeerCan channel 11 (2462 MHz 11g) bssid <redacted>
        country US authmode WPA2/802.11i privacy MIXED deftxkey 2
        AES-CCM 2:128-bit txpower 0 scanvalid 60 protmode OFF -apbridge
        dtimperiod 1 -dfs</redacted></hostap></performnud,accept_rtadv></redacted></redacted></up,broadcast,running,simplex,multicast>
                  1 Reply Last reply Reply Quote 0
                  • W
                    wallabybob
                    last edited by

                    Here are my settings:```

                    ifconfig run0_wlan0

                    run0_wlan0: flags=108843 <up,broadcast,running,simplex,multicast,ipfw_filter>metric 0 mtu 1500
                    ether <cut>inet6 <cut>%run0_wlan0 prefixlen 64 scopeid 0x9
                    inet 192.168.51.173 netmask 0xffffff00 broadcast 192.168.51.255
                    nd6 options=3 <performnud,accept_rtadv>media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
                    ssid Lothlorien channel 6 (2437 MHz 11g) bssid <cut>regdomain ROW country AU indoor authmode WPA2/802.11i privacy MIXED
                    deftxkey 2 AES-CCM 2:128-bit AES-CCM 3:128-bit txpower 30 scanvalid 60
                    protmode OFF dtimperiod 1 -dfs
                    #</cut></hostap></performnud,accept_rtadv></cut></cut></up,broadcast,running,simplex,multicast,ipfw_filter>

                    Concerning differences that MIGHT be significant:
You have AES-CCM 2: whereas I have AES-CCM 2: and AES-CCM 3: That MIGHT be because I have chosen a rather lengthy pass phrase.

You have txpower 0 whereas I have txpower 30\. I don't know what the numbers mean.  "0" might mean zero or it might mean default. The FreeBSD ifconfig man page says of this parameter

> txpower power
>     Set the power used to transmit frames.  The power argument is
>     specified in .5 dBm units.  Out of range values are truncated.
>     Typically only a few discreet power settings are available and
>     the driver will use the setting closest to the specified value.
>     Not all adapters support changing the transmit power.

You should probably increase the Tx power on the pfSense interface page, _save_ and _apply_ then check the change really happened by looking with ifconfig. Does the change make a significant difference?

You have -apbridge and I don't. This means you have disabled bridging between WLAN clients on that interface. I wouldn't expect it should matter whether the bridging is enabled or not but at least for data collection, please enable the bridging (pfSense parameter _Allow intra-BSS communication_) and check if that makes a significant difference.
                    1 Reply Last reply Reply Quote 0
                    • B
                      BeerCan
                      last edited by

                      Well I can't really explain it but this just simply started working.  After running for some time my client suddenly obtained an ip address and started working.  Wish I knew what I did.

                      thanks for your help wallabybob

                      1 Reply Last reply Reply Quote 0
                      • W
                        wallabybob
                        last edited by

                        @BeerCan:

                        Well I can't really explain it but this just simply started working.  After running for some time my client suddenly obtained an ip address and started working.

                        I hate those "spontaneously started working" circumstances. They leave me with a suspicion that they will just spontaneously stop working at some time.

                        @BeerCan:

                        Wish I knew what I did.

                        It might not be something you did. Just for the record, have any of the parameters displayed by ifconfig run0_wlan0 changed?

                        @BeerCan:

                        thanks for your help wallabybob

                        You are welcome. Thanks for reporting back.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.