Problem with run driver and wpa



  • I have a bunch of small fw appliances, with only usb ports available, that I would love to turn into access points but I am having a problem.  I am using 2 different usb adapters that exhibit the same problem.  One is based on the ra3070 and one is based on the ra2770/2720.  Whenever I set up wpa the client stop working.  I can set up the ap with no authentication and everything works fine, but once I set up wpa they no longer get ip addresses or actually connect.  I built a test machine that pcie slots and used an ath based card and it worked fine, but once I used the same test machine with the ralinks it stopped working.  Any ideas?

    pfsense 2.0 release

    system log

    hostapd: run0_wlan0: STA 98:4b:4a:7e:14:87 RADIUS: starting accounting session 4E860B07-00000004
    Sep 30 18:35:52 	hostapd: run0_wlan0: STA <mac redacted=""> WPA: pairwise key handshake completed (RSN)
    Sep 30 18:36:38 	hostapd: run0_wlan0: STA <mac redacted=""> IEEE 802.11: deauthenticated due to local deauth request
    Sep 30 18:36:38 	hostapd: run0_wlan0: STA <mac redacted=""> IEEE 802.11: deassociated
    Sep 30 18:36:52 	hostapd: run0_wlan0: STA <mac redacted=""> IEEE 802.11: associated</mac></mac></mac></mac>
    


  • I have a run device on a pfSense box that works fine with WPA2, PSK (Pre Shared Key) and AES.  How is your configuration different? (The log extract you posted suggests you might be using RADIUS authentication.)



  • no radius, that I configed anyway.  pretty vanilla setup, just installed the nanobsd 4g image and configured the devices.  Are you using the nanobsd version?  Like I said if I switch the ralinks for the atheros card I can get it to work fine.  Perhaps I will try an install from the livedisk to see if it is a problem with the nanobsd mage.



  • I'm not using radius either and a check in the logs revealed a similar mention of RADIUS from hostapd:

    clog /var/log/system.log | grep hostapd

    Oct  1 15:58:57 pfsense2 hostapd: run0_wlan0: STA <mac addr="">IEEE 802.11: associated
    Oct  1 15:58:57 pfsense2 hostapd: run0_wlan0: STA <mac addr="">RADIUS: starting accounting session 4E86AB2D-00000000
    Oct  1 15:58:57 pfsense2 hostapd: run0_wlan0: STA <mac addr="">WPA: pairwise key handshake completed (RSN)</mac></mac></mac>

    I'm not using nanobsd.

    Can you try WPA2, PSK and AES (not TKIP)?



  • OK sorry for the delay, I had to go out of town for a few days.

    I just tried those specific settings and I get the same exact symptoms as posted above.  I will try livecd install tonight.

    EDIT
    I tried using the livecd installer with the smp kernel and I still get the same errors.  So it appears that the issue lies elsewhere.  I have tried on 3 different computer platforms and 2 different ralink usb dongles.  is there anything else I can do to help diagnose this?



  • I can only recall one problem I have had with an encrypted wireless link at home: my pfSense was originally set to WPA2, PSK and (TKIP or AES) and worked fine. After a Linux upgrade my netbook stopped associating. When I removed TKIP as an option on pfSense the netbook correctly associated again.

    Are you in a noisy radio environment? (Maybe using a different channel will help.)

    Do the wireless parameters exactly match on AP and client?

    What is the output of the pfSense shell command ifconfig run0_wlan0



  • Here ya go.

    [2.0-RELEASE][root@pfsense.localdomain]/root(2): ifconfig run0_wlan0
    run0_wlan0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
            ether <redacted>
            inet6 <redacted>%run0_wlan0 prefixlen 64 scopeid 0xb
            inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255
            nd6 options=3 <performnud,accept_rtadv>media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
            status: running
            ssid BeerCan channel 11 (2462 MHz 11g) bssid <redacted>
            country US authmode WPA2/802.11i privacy MIXED deftxkey 2
            AES-CCM 2:128-bit txpower 0 scanvalid 60 protmode OFF -apbridge
            dtimperiod 1 -dfs</redacted></hostap></performnud,accept_rtadv></redacted></redacted></up,broadcast,running,simplex,multicast>
    


  • Here are my settings:```

    ifconfig run0_wlan0

    run0_wlan0: flags=108843 <up,broadcast,running,simplex,multicast,ipfw_filter>metric 0 mtu 1500
    ether <cut>inet6 <cut>%run0_wlan0 prefixlen 64 scopeid 0x9
    inet 192.168.51.173 netmask 0xffffff00 broadcast 192.168.51.255
    nd6 options=3 <performnud,accept_rtadv>media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: running
    ssid Lothlorien channel 6 (2437 MHz 11g) bssid <cut>regdomain ROW country AU indoor authmode WPA2/802.11i privacy MIXED
    deftxkey 2 AES-CCM 2:128-bit AES-CCM 3:128-bit txpower 30 scanvalid 60
    protmode OFF dtimperiod 1 -dfs
    #</cut></hostap></performnud,accept_rtadv></cut></cut></up,broadcast,running,simplex,multicast,ipfw_filter>

    Concerning differences that MIGHT be significant:
    You have AES-CCM 2: whereas I have AES-CCM 2: and AES-CCM 3: That MIGHT be because I have chosen a rather lengthy pass phrase.
    
    You have txpower 0 whereas I have txpower 30\. I don't know what the numbers mean.  "0" might mean zero or it might mean default. The FreeBSD ifconfig man page says of this parameter
    
    > txpower power
    >     Set the power used to transmit frames.  The power argument is
    >     specified in .5 dBm units.  Out of range values are truncated.
    >     Typically only a few discreet power settings are available and
    >     the driver will use the setting closest to the specified value.
    >     Not all adapters support changing the transmit power.
    
    You should probably increase the Tx power on the pfSense interface page, _save_ and _apply_ then check the change really happened by looking with ifconfig. Does the change make a significant difference?
    
    You have -apbridge and I don't. This means you have disabled bridging between WLAN clients on that interface. I wouldn't expect it should matter whether the bridging is enabled or not but at least for data collection, please enable the bridging (pfSense parameter _Allow intra-BSS communication_) and check if that makes a significant difference.


  • Well I can't really explain it but this just simply started working.  After running for some time my client suddenly obtained an ip address and started working.  Wish I knew what I did.

    thanks for your help wallabybob



  • @BeerCan:

    Well I can't really explain it but this just simply started working.  After running for some time my client suddenly obtained an ip address and started working.

    I hate those "spontaneously started working" circumstances. They leave me with a suspicion that they will just spontaneously stop working at some time.

    @BeerCan:

    Wish I knew what I did.

    It might not be something you did. Just for the record, have any of the parameters displayed by ifconfig run0_wlan0 changed?

    @BeerCan:

    thanks for your help wallabybob

    You are welcome. Thanks for reporting back.


Locked