Date: Mon, 19 Jan 2015 18:18:16 +0100 From: =?ISO-8859-1?Q?Olivier_Cochard=2DLabb=E9?= <olivier@cochard.me> To: freebsd-wireless@freebsd.org Subject: Fragmented EAP ACK problem on -current Message-ID: <CA%2Bq%2BTcp5Yp0ia0oWdyTxv2ThswU9cWHcyBi1pEMvPXOpEP76dg@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi, I'm using FreeBSD 11.0-CURRENT r277315 and meet a problem with my FreeBSD Access Point. I'm using WPA2-Enterprise (EAP-TLS) authentication with hostapd. The problem: During EAP-TLS authentication, the Authenticator (FreeBSD/hostapd) correctly send a EAP fragmented "Server Hello, Certificate, Certificate Request" message to the supplicant. The supplicant (MS Windows native client) correctly ACK each of theses fragmented EAP packets with an empty EAP-TLS packet. Once the supplicant re-assemble the full EAP Certificate request from the Authenticator, it send a response (EAP fragmented too). But FreeBSD/hostapd never ACK the first fragmented packet received from the supplicant => Then the authentication phase time out. I've tried with 3 different wireless card as hostap: - Atheros 9280 (ath) - Atheros AR2425 (ath) - Ralink RT2573 (rum) And all these have the same problem. Does anyone is using an EAP-TLS setup with hostapd successfully on -current ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2Bq%2BTcp5Yp0ia0oWdyTxv2ThswU9cWHcyBi1pEMvPXOpEP76dg>