• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Wireless Problem with Encryption

Scheduled Pinned Locked Moved Wireless
7 Posts 2 Posters 5.3k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    MageMinds
    last edited by May 8, 2008, 1:40 AM May 8, 2008, 1:32 AM

    Hi, I just got my brand new D-Link DWL-G550 that is based on an Atheros chipset, it has been detected without problem. Then I setup my Wireless Card as an Access Point and obviously I want encryption, so I enable WPA. When I try to connect a client, the client seem to connect and pass the encryption, but then I receive a loop of messages in the system log, when I disable all encryption everything works.

    I'm running 1.2 RELEASE embedded

    Is there something I did wrong?

    here is the log

    May 7 19:55:53 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: deassociated
    May 7 19:55:53 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: deauthenticated due to local deauth request
    May 7 19:55:50 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: associated
    May 7 19:55:49 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: deassociated
    May 7 19:55:49 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: deauthenticated due to local deauth request
    May 7 19:55:46 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: associated
    May 7 19:55:44 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: deassociated
    May 7 19:55:44 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: deauthenticated due to local deauth request
    May 7 19:55:41 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: associated
    May 7 19:55:40 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: deassociated
    May 7 19:55:40 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: deauthenticated due to local deauth request
    May 7 19:55:37 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: associated
    

    here is the ifconfig ath0

    # ifconfig ath0
    ath0: flags=8843 <up,broadcast,running,simplex,multicast>mtu 2290
            inet6 fe80::21c:f0ff:fed9:e3e4%ath0 prefixlen 64 scopeid 0x4
            inet 10.79.1.1 netmask 0xffffff00 broadcast 10.79.1.255
            ether 00:1c:f0:d9:e3:e4
            media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
            status: associated
            ssid MyFoB channel 1 bssid 00:1c:f0:d9:e3:e4
            authmode WPA1+WPA2/802.11i privacy MIXED deftxkey 2 TKIP 2:128-bit
            TKIP 3:128-bit txpowmax 42 bmiss 7 pureg protmode OFF wme burst
            -apbridge dtimperiod 1 bintval 100</hostap></up,broadcast,running,simplex,multicast>
    

    here is the wireless config script

    # cat /tmp/ath0_setup.sh
    #!/bin/sh
    # pfSense wireless configuration script.
    
    # enable shell debugging
    set -x
    /bin/ps awwuxx | grep hostapd | grep ath0 | awk '{ print $2 }' | xargs kill
    
    /sbin/ifconfig ath0 down
    /sbin/ifconfig ath0 mediaopt hostap
    /sbin/ifconfig ath0 mode '11g'
    /sbin/ifconfig ath0 channel '0'
    /sbin/ifconfig ath0 -mediaopt turbo
    /sbin/ifconfig ath0 ssid 'MyFoB'
    /sbin/ifconfig ath0 -hidessid
    /sbin/ifconfig ath0 -mediaopt adhoc
    /sbin/ifconfig ath0 protmode 'off'
    /sbin/ifconfig ath0 mode 11g pureg
    /sbin/ifconfig ath0 -apbridge
    /sbin/ifconfig ath0 wme
    /sbin/ifconfig ath0 authmode open wepmode off
    /sbin/ifconfig ath0 txpower '99'
    /sbin/ifconfig ath0 up
    /usr/sbin/hostapd -B /var/etc/hostapd_ath0.conf
    
    1 Reply Last reply Reply Quote 0
    • M
      MageMinds
      last edited by May 16, 2008, 1:19 AM May 16, 2008, 12:45 AM

      Nobody ? I just tried to change the pic card to an other place, but no luck. It does the same thing, when I try without encryption everything works fine, but with encryption the AP seem to disconnect the client.

      I'm now running special version with FreeBSD 6.3 Embedded, and no change either.

      After making the screen shoot, I changed the "WPA Pre Shared Key" in order to do it, but then my test laptop is still able to connect the acess point, but no traffic. Like the problem is with the authentication using WPA.

      Here is my config

      1 Reply Last reply Reply Quote 0
      • A
        Andrey
        last edited by May 17, 2008, 8:31 PM May 17, 2008, 8:27 PM

        Hi,
        I've just installed pfSense and have the same problem. Only my wireless card is not ath0, it's ral0 (Edimax EW-7128g). But the symptoms are the same - endless loop (every 3 seconds) of

        
        ... associated
        ... deauthenticated due to local deauth request
        ... deassociated
        
        

        ifconfig ral0:

        
        ral0: flags=8843 <up,broadcast,running,simplex,multicast>mtu 2290
                inet6 fe80::20e:2eff:fe57:b754%ral0 prefixlen 64 scopeid 0x2
                inet 192.168.12.1 netmask 0xffffffff broadcast 192.168.12.1
                ether 00:0e:2e:57:b7:54
                media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: associated
                ssid XXXXXX channel 2 bssid 00:0e:2e:57:b7:54
                authmode WPA privacy MIXED deftxkey 2 TKIP 2:128-bit TKIP 3:128-bit
                txpowmax 100 bmiss 7 protmode OFF -apbridge dtimperiod 1 bintval 100</hostap></up,broadcast,running,simplex,multicast> 
        

        cat /tmp/ral0_setup.sh

        
        #!/bin/sh
        # pfSense wireless configuration script.
        
        # enable shell debugging
        set -x
        /bin/ps awwuxx | grep hostapd | grep ral0 | awk '{ print $2 }' | xargs kill
        
        /sbin/ifconfig ral0 down
        /sbin/ifconfig ral0 mediaopt hostap
        /sbin/ifconfig ral0 mode '11g'
        /sbin/ifconfig ral0 channel '0'
        /sbin/ifconfig ral0 -mediaopt turbo
        /sbin/ifconfig ral0 ssid 'XXXXXX'
        /sbin/ifconfig ral0 -hidessid
        /sbin/ifconfig ral0 -mediaopt adhoc
        /sbin/ifconfig ral0 protmode 'off'
        /sbin/ifconfig ral0 -pureg
        /sbin/ifconfig ral0 -apbridge
        /sbin/ifconfig ral0 -wme
        /sbin/ifconfig ral0 authmode open wepmode off
        /sbin/ifconfig ral0 txpower '99'
        /sbin/ifconfig ral0 up
        /usr/sbin/hostapd -B /var/etc/hostapd_ral0.conf
        
        

        cat /var/etc/hostapd_ral0.conf:

        
        interface=ral0
        driver=bsd
        logger_syslog=-1
        logger_syslog_level=0
        logger_stdout=-1
        logger_stdout_level=0
        dump_file=/tmp/hostapd_ral0.dump
        ctrl_interface=/var/run/hostapd
        ctrl_interface_group=wheel
        #accept_mac_file=/tmp/hostapd_ral0.accept
        #deny_mac_file=/tmp/hostapd_ral0.deny
        #macaddr_acl=
        ssid=XXXXXX
        debug=
        auth_algs=1
        wpa=1
        wpa_key_mgmt=WPA-PSK
        wpa_pairwise=CCMP TKIP
        wpa_group_rekey=60
        wpa_gmk_rekey=3600
        wpa_strict_rekey=
        wpa_passphrase=XXXXXXXXX
        ieee8021x=
        #Enable the next lines for preauth when roaming. Interface = wired or wireless interface talking to the AP you want to roam from/to
        #rsn_preauth=1
        #rsn_preauth_interfaces=eth0#
        
        

        Does anyone know how to fix this?
        Thanks!

        1 Reply Last reply Reply Quote 0
        • A
          Andrey
          last edited by May 17, 2008, 9:08 PM

          When I run hostapd with debugging messages I see

          WPA: sending 1/4 msg of 4-Way Handshake
          

          and then

          WPA: EAPOL-Key timeout
          

          Could it be the reason?

          1 Reply Last reply Reply Quote 0
          • M
            MageMinds
            last edited by May 22, 2008, 12:26 PM

            Hi,

            Here is an update, yesterday, I was able to test my WiFi again using a 802.11n Intel Wireless card under Windows Vista and it's working flawlessly. The problem is probably caused by the 3com WiFi PCMCIA under Windows 2000 I was using the first time. I know this card work because I can connect to other encrypted network with it. Anyways, pfSense is proving itself again :-)

            MageMinds

            1 Reply Last reply Reply Quote 0
            • A
              Andrey
              last edited by May 31, 2008, 3:56 PM

              After running tcpdump on the client (which is Windows 2000 with 802.11b D-Link wireless card) for both pfSence AP and (working) Linksys router AP I seemed to figure out the reason. The difference is the EAPOL version field, which is 1 for Linksys and 2 for pfSence. It looks like old D-Link driver just ignores version 2 because it doesn't know how to handle it.

              So I edited /var/etc/hostapd_ral0.conf and added "eapol_version=1". Now client associates normally but cannot get IP address  :( . In tcpdump output I see outgoing "DHCP Discover" on the client, incoming "DHCP Discover" on the server, outgoing "DHCP Offer" on the server, but no incoming "DHCP Offer" on the client. What could be the reason (disabling firewall doesn't help) ?

              1 Reply Last reply Reply Quote 0
              • A
                Andrey
                last edited by Jun 7, 2008, 8:40 PM

                Update: if I assign static IP address on the client everything works. Could it be related to the way DHCP server sends "DHCP Offer" message (client doesn't have valid IP address at that point yet)?

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                  This community forum collects and processes your personal information.
                  consent.not_received