Wireless Problem with Encryption

MageMinds · May 8, 2008, 1:40 AM

Hi, I just got my brand new D-Link DWL-G550 that is based on an Atheros chipset, it has been detected without problem. Then I setup my Wireless Card as an Access Point and obviously I want encryption, so I enable WPA. When I try to connect a client, the client seem to connect and pass the encryption, but then I receive a loop of messages in the system log, when I disable all encryption everything works.

I'm running 1.2 RELEASE embedded

Is there something I did wrong?

here is the log

May 7 19:55:53 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: deassociated
May 7 19:55:53 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: deauthenticated due to local deauth request
May 7 19:55:50 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: associated
May 7 19:55:49 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: deassociated
May 7 19:55:49 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: deauthenticated due to local deauth request
May 7 19:55:46 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: associated
May 7 19:55:44 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: deassociated
May 7 19:55:44 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: deauthenticated due to local deauth request
May 7 19:55:41 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: associated
May 7 19:55:40 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: deassociated
May 7 19:55:40 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: deauthenticated due to local deauth request
May 7 19:55:37 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: associated

here is the ifconfig ath0

# ifconfig ath0
ath0: flags=8843 <up,broadcast,running,simplex,multicast>mtu 2290
        inet6 fe80::21c:f0ff:fed9:e3e4%ath0 prefixlen 64 scopeid 0x4
        inet 10.79.1.1 netmask 0xffffff00 broadcast 10.79.1.255
        ether 00:1c:f0:d9:e3:e4
        media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
        status: associated
        ssid MyFoB channel 1 bssid 00:1c:f0:d9:e3:e4
        authmode WPA1+WPA2/802.11i privacy MIXED deftxkey 2 TKIP 2:128-bit
        TKIP 3:128-bit txpowmax 42 bmiss 7 pureg protmode OFF wme burst
        -apbridge dtimperiod 1 bintval 100</hostap></up,broadcast,running,simplex,multicast>

here is the wireless config script

# cat /tmp/ath0_setup.sh
#!/bin/sh
# pfSense wireless configuration script.

# enable shell debugging
set -x
/bin/ps awwuxx | grep hostapd | grep ath0 | awk '{ print $2 }' | xargs kill

/sbin/ifconfig ath0 down
/sbin/ifconfig ath0 mediaopt hostap
/sbin/ifconfig ath0 mode '11g'
/sbin/ifconfig ath0 channel '0'
/sbin/ifconfig ath0 -mediaopt turbo
/sbin/ifconfig ath0 ssid 'MyFoB'
/sbin/ifconfig ath0 -hidessid
/sbin/ifconfig ath0 -mediaopt adhoc
/sbin/ifconfig ath0 protmode 'off'
/sbin/ifconfig ath0 mode 11g pureg
/sbin/ifconfig ath0 -apbridge
/sbin/ifconfig ath0 wme
/sbin/ifconfig ath0 authmode open wepmode off
/sbin/ifconfig ath0 txpower '99'
/sbin/ifconfig ath0 up
/usr/sbin/hostapd -B /var/etc/hostapd_ath0.conf

MageMinds · May 16, 2008, 1:19 AM

Nobody ? I just tried to change the pic card to an other place, but no luck. It does the same thing, when I try without encryption everything works fine, but with encryption the AP seem to disconnect the client.

I'm now running special version with FreeBSD 6.3 Embedded, and no change either.

After making the screen shoot, I changed the "WPA Pre Shared Key" in order to do it, but then my test laptop is still able to connect the acess point, but no traffic. Like the problem is with the authentication using WPA.

Here is my config

Andrey · May 17, 2008, 8:31 PM

Hi,
I've just installed pfSense and have the same problem. Only my wireless card is not ath0, it's ral0 (Edimax EW-7128g). But the symptoms are the same - endless loop (every 3 seconds) of


... associated
... deauthenticated due to local deauth request
... deassociated

ifconfig ral0:


ral0: flags=8843 <up,broadcast,running,simplex,multicast>mtu 2290
        inet6 fe80::20e:2eff:fe57:b754%ral0 prefixlen 64 scopeid 0x2
        inet 192.168.12.1 netmask 0xffffffff broadcast 192.168.12.1
        ether 00:0e:2e:57:b7:54
        media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: associated
        ssid XXXXXX channel 2 bssid 00:0e:2e:57:b7:54
        authmode WPA privacy MIXED deftxkey 2 TKIP 2:128-bit TKIP 3:128-bit
        txpowmax 100 bmiss 7 protmode OFF -apbridge dtimperiod 1 bintval 100</hostap></up,broadcast,running,simplex,multicast>

cat /tmp/ral0_setup.sh


#!/bin/sh
# pfSense wireless configuration script.

# enable shell debugging
set -x
/bin/ps awwuxx | grep hostapd | grep ral0 | awk '{ print $2 }' | xargs kill

/sbin/ifconfig ral0 down
/sbin/ifconfig ral0 mediaopt hostap
/sbin/ifconfig ral0 mode '11g'
/sbin/ifconfig ral0 channel '0'
/sbin/ifconfig ral0 -mediaopt turbo
/sbin/ifconfig ral0 ssid 'XXXXXX'
/sbin/ifconfig ral0 -hidessid
/sbin/ifconfig ral0 -mediaopt adhoc
/sbin/ifconfig ral0 protmode 'off'
/sbin/ifconfig ral0 -pureg
/sbin/ifconfig ral0 -apbridge
/sbin/ifconfig ral0 -wme
/sbin/ifconfig ral0 authmode open wepmode off
/sbin/ifconfig ral0 txpower '99'
/sbin/ifconfig ral0 up
/usr/sbin/hostapd -B /var/etc/hostapd_ral0.conf

cat /var/etc/hostapd_ral0.conf:


interface=ral0
driver=bsd
logger_syslog=-1
logger_syslog_level=0
logger_stdout=-1
logger_stdout_level=0
dump_file=/tmp/hostapd_ral0.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
#accept_mac_file=/tmp/hostapd_ral0.accept
#deny_mac_file=/tmp/hostapd_ral0.deny
#macaddr_acl=
ssid=XXXXXX
debug=
auth_algs=1
wpa=1
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP TKIP
wpa_group_rekey=60
wpa_gmk_rekey=3600
wpa_strict_rekey=
wpa_passphrase=XXXXXXXXX
ieee8021x=
#Enable the next lines for preauth when roaming. Interface = wired or wireless interface talking to the AP you want to roam from/to
#rsn_preauth=1
#rsn_preauth_interfaces=eth0#

Does anyone know how to fix this?
Thanks!

Andrey · May 17, 2008, 9:08 PM

When I run hostapd with debugging messages I see

WPA: sending 1/4 msg of 4-Way Handshake

and then

WPA: EAPOL-Key timeout

Could it be the reason?

MageMinds · May 22, 2008, 12:26 PM

Hi,

Here is an update, yesterday, I was able to test my WiFi again using a 802.11n Intel Wireless card under Windows Vista and it's working flawlessly. The problem is probably caused by the 3com WiFi PCMCIA under Windows 2000 I was using the first time. I know this card work because I can connect to other encrypted network with it. Anyways, pfSense is proving itself again :-)

MageMinds

Andrey · May 31, 2008, 3:56 PM

After running tcpdump on the client (which is Windows 2000 with 802.11b D-Link wireless card) for both pfSence AP and (working) Linksys router AP I seemed to figure out the reason. The difference is the EAPOL version field, which is 1 for Linksys and 2 for pfSence. It looks like old D-Link driver just ignores version 2 because it doesn't know how to handle it.

So I edited /var/etc/hostapd_ral0.conf and added "eapol_version=1". Now client associates normally but cannot get IP address :( . In tcpdump output I see outgoing "DHCP Discover" on the client, incoming "DHCP Discover" on the server, outgoing "DHCP Offer" on the server, but no incoming "DHCP Offer" on the client. What could be the reason (disabling firewall doesn't help) ?

Andrey · Jun 7, 2008, 8:40 PM

Update: if I assign static IP address on the client everything works. Could it be related to the way DHCP server sends "DHCP Offer" message (client doesn't have valid IP address at that point yet)?