Wireless Problem with Encryption



  • Hi, I just got my brand new D-Link DWL-G550 that is based on an Atheros chipset, it has been detected without problem. Then I setup my Wireless Card as an Access Point and obviously I want encryption, so I enable WPA. When I try to connect a client, the client seem to connect and pass the encryption, but then I receive a loop of messages in the system log, when I disable all encryption everything works.

    I'm running 1.2 RELEASE embedded

    Is there something I did wrong?

    here is the log

    May 7 19:55:53 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: deassociated
    May 7 19:55:53 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: deauthenticated due to local deauth request
    May 7 19:55:50 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: associated
    May 7 19:55:49 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: deassociated
    May 7 19:55:49 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: deauthenticated due to local deauth request
    May 7 19:55:46 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: associated
    May 7 19:55:44 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: deassociated
    May 7 19:55:44 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: deauthenticated due to local deauth request
    May 7 19:55:41 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: associated
    May 7 19:55:40 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: deassociated
    May 7 19:55:40 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: deauthenticated due to local deauth request
    May 7 19:55:37 	hostapd: ath0: STA 00:0f:cb:fb:6a:c4 IEEE 802.11: associated
    

    here is the ifconfig ath0

    # ifconfig ath0
    ath0: flags=8843 <up,broadcast,running,simplex,multicast>mtu 2290
            inet6 fe80::21c:f0ff:fed9:e3e4%ath0 prefixlen 64 scopeid 0x4
            inet 10.79.1.1 netmask 0xffffff00 broadcast 10.79.1.255
            ether 00:1c:f0:d9:e3:e4
            media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
            status: associated
            ssid MyFoB channel 1 bssid 00:1c:f0:d9:e3:e4
            authmode WPA1+WPA2/802.11i privacy MIXED deftxkey 2 TKIP 2:128-bit
            TKIP 3:128-bit txpowmax 42 bmiss 7 pureg protmode OFF wme burst
            -apbridge dtimperiod 1 bintval 100</hostap></up,broadcast,running,simplex,multicast>
    

    here is the wireless config script

    # cat /tmp/ath0_setup.sh
    #!/bin/sh
    # pfSense wireless configuration script.
    
    # enable shell debugging
    set -x
    /bin/ps awwuxx | grep hostapd | grep ath0 | awk '{ print $2 }' | xargs kill
    
    /sbin/ifconfig ath0 down
    /sbin/ifconfig ath0 mediaopt hostap
    /sbin/ifconfig ath0 mode '11g'
    /sbin/ifconfig ath0 channel '0'
    /sbin/ifconfig ath0 -mediaopt turbo
    /sbin/ifconfig ath0 ssid 'MyFoB'
    /sbin/ifconfig ath0 -hidessid
    /sbin/ifconfig ath0 -mediaopt adhoc
    /sbin/ifconfig ath0 protmode 'off'
    /sbin/ifconfig ath0 mode 11g pureg
    /sbin/ifconfig ath0 -apbridge
    /sbin/ifconfig ath0 wme
    /sbin/ifconfig ath0 authmode open wepmode off
    /sbin/ifconfig ath0 txpower '99'
    /sbin/ifconfig ath0 up
    /usr/sbin/hostapd -B /var/etc/hostapd_ath0.conf
    


  • Nobody ? I just tried to change the pic card to an other place, but no luck. It does the same thing, when I try without encryption everything works fine, but with encryption the AP seem to disconnect the client.

    I'm now running special version with FreeBSD 6.3 Embedded, and no change either.

    After making the screen shoot, I changed the "WPA Pre Shared Key" in order to do it, but then my test laptop is still able to connect the acess point, but no traffic. Like the problem is with the authentication using WPA.

    Here is my config



  • Hi,
    I've just installed pfSense and have the same problem. Only my wireless card is not ath0, it's ral0 (Edimax EW-7128g). But the symptoms are the same - endless loop (every 3 seconds) of

    
    ... associated
    ... deauthenticated due to local deauth request
    ... deassociated
    
    

    ifconfig ral0:

    
    ral0: flags=8843 <up,broadcast,running,simplex,multicast>mtu 2290
            inet6 fe80::20e:2eff:fe57:b754%ral0 prefixlen 64 scopeid 0x2
            inet 192.168.12.1 netmask 0xffffffff broadcast 192.168.12.1
            ether 00:0e:2e:57:b7:54
            media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>status: associated
            ssid XXXXXX channel 2 bssid 00:0e:2e:57:b7:54
            authmode WPA privacy MIXED deftxkey 2 TKIP 2:128-bit TKIP 3:128-bit
            txpowmax 100 bmiss 7 protmode OFF -apbridge dtimperiod 1 bintval 100</hostap></up,broadcast,running,simplex,multicast> 
    

    cat /tmp/ral0_setup.sh

    
    #!/bin/sh
    # pfSense wireless configuration script.
    
    # enable shell debugging
    set -x
    /bin/ps awwuxx | grep hostapd | grep ral0 | awk '{ print $2 }' | xargs kill
    
    /sbin/ifconfig ral0 down
    /sbin/ifconfig ral0 mediaopt hostap
    /sbin/ifconfig ral0 mode '11g'
    /sbin/ifconfig ral0 channel '0'
    /sbin/ifconfig ral0 -mediaopt turbo
    /sbin/ifconfig ral0 ssid 'XXXXXX'
    /sbin/ifconfig ral0 -hidessid
    /sbin/ifconfig ral0 -mediaopt adhoc
    /sbin/ifconfig ral0 protmode 'off'
    /sbin/ifconfig ral0 -pureg
    /sbin/ifconfig ral0 -apbridge
    /sbin/ifconfig ral0 -wme
    /sbin/ifconfig ral0 authmode open wepmode off
    /sbin/ifconfig ral0 txpower '99'
    /sbin/ifconfig ral0 up
    /usr/sbin/hostapd -B /var/etc/hostapd_ral0.conf
    
    

    cat /var/etc/hostapd_ral0.conf:

    
    interface=ral0
    driver=bsd
    logger_syslog=-1
    logger_syslog_level=0
    logger_stdout=-1
    logger_stdout_level=0
    dump_file=/tmp/hostapd_ral0.dump
    ctrl_interface=/var/run/hostapd
    ctrl_interface_group=wheel
    #accept_mac_file=/tmp/hostapd_ral0.accept
    #deny_mac_file=/tmp/hostapd_ral0.deny
    #macaddr_acl=
    ssid=XXXXXX
    debug=
    auth_algs=1
    wpa=1
    wpa_key_mgmt=WPA-PSK
    wpa_pairwise=CCMP TKIP
    wpa_group_rekey=60
    wpa_gmk_rekey=3600
    wpa_strict_rekey=
    wpa_passphrase=XXXXXXXXX
    ieee8021x=
    #Enable the next lines for preauth when roaming. Interface = wired or wireless interface talking to the AP you want to roam from/to
    #rsn_preauth=1
    #rsn_preauth_interfaces=eth0#
    
    

    Does anyone know how to fix this?
    Thanks!



  • When I run hostapd with debugging messages I see

    WPA: sending 1/4 msg of 4-Way Handshake
    

    and then

    WPA: EAPOL-Key timeout
    

    Could it be the reason?



  • Hi,

    Here is an update, yesterday, I was able to test my WiFi again using a 802.11n Intel Wireless card under Windows Vista and it's working flawlessly. The problem is probably caused by the 3com WiFi PCMCIA under Windows 2000 I was using the first time. I know this card work because I can connect to other encrypted network with it. Anyways, pfSense is proving itself again :-)

    MageMinds



  • After running tcpdump on the client (which is Windows 2000 with 802.11b D-Link wireless card) for both pfSence AP and (working) Linksys router AP I seemed to figure out the reason. The difference is the EAPOL version field, which is 1 for Linksys and 2 for pfSence. It looks like old D-Link driver just ignores version 2 because it doesn't know how to handle it.

    So I edited /var/etc/hostapd_ral0.conf and added "eapol_version=1". Now client associates normally but cannot get IP address  :( . In tcpdump output I see outgoing "DHCP Discover" on the client, incoming "DHCP Discover" on the server, outgoing "DHCP Offer" on the server, but no incoming "DHCP Offer" on the client. What could be the reason (disabling firewall doesn't help) ?



  • Update: if I assign static IP address on the client everything works. Could it be related to the way DHCP server sends "DHCP Offer" message (client doesn't have valid IP address at that point yet)?


Log in to reply