From owner-freebsd-wireless@FreeBSD.ORG Mon Jan 19 17:18:38 2015 Return-Path: Delivered-To: freebsd-wireless@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 655CCCA0 for ; Mon, 19 Jan 2015 17:18:38 +0000 (UTC) Received: from mail-wg0-x235.google.com (mail-wg0-x235.google.com [IPv6:2a00:1450:400c:c00::235]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EC8DAB5E for ; Mon, 19 Jan 2015 17:18:37 +0000 (UTC) Received: by mail-wg0-f53.google.com with SMTP id x13so32748379wgg.12 for ; Mon, 19 Jan 2015 09:18:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:from:date:message-id:subject:to:content-type; bh=bl3OTQ5hXrQyGiFQeJEbG9C0T2GUQAFYNJEyDPlMHaY=; b=OcHOkMu2eIvpGGb6Lwc9fgDdBQf21U9hiEo4vmmy1qygmY6/pejfB/lVjNhgnyPqWJ He2gRlunwjwrXf43Po0rKS5fW/+prZ3OJxdlha+xHhcgddjfYqhpkcUqjGIFR3bH2EgD XX6bU4/Ilf4u5tfz0daeBswQnDkC5i2zqKq1TjXr9EJe7lveAyfAiu1ZHdAL6gcgufr5 xLVpMIjx117mDRCabIK52xz20NNziEvdhC6m8YxnpqrnogcG1OUinVoIRv60bdR30MbU vpJQWr78Mch9G7Ffjuh9a8xV294q7OoQ2eDlKULQxWMLJ6jcMjh3n15t3uzMKAent9Kt ChRw== X-Received: by 10.194.59.234 with SMTP id c10mr62635106wjr.49.1421687916385; Mon, 19 Jan 2015 09:18:36 -0800 (PST) MIME-Version: 1.0 Sender: cochard@gmail.com Received: by 10.194.61.98 with HTTP; Mon, 19 Jan 2015 09:18:16 -0800 (PST) From: =?ISO-8859-1?Q?Olivier_Cochard=2DLabb=E9?= Date: Mon, 19 Jan 2015 18:18:16 +0100 X-Google-Sender-Auth: -93Hzi4S_ttL_XSzyMXvUnBlwqE Message-ID: Subject: Fragmented EAP ACK problem on -current To: freebsd-wireless@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1 X-BeenThere: freebsd-wireless@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "Discussions of 802.11 stack, tools device driver development." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 19 Jan 2015 17:18:38 -0000 Hi, I'm using FreeBSD 11.0-CURRENT r277315 and meet a problem with my FreeBSD Access Point. I'm using WPA2-Enterprise (EAP-TLS) authentication with hostapd. The problem: During EAP-TLS authentication, the Authenticator (FreeBSD/hostapd) correctly send a EAP fragmented "Server Hello, Certificate, Certificate Request" message to the supplicant. The supplicant (MS Windows native client) correctly ACK each of theses fragmented EAP packets with an empty EAP-TLS packet. Once the supplicant re-assemble the full EAP Certificate request from the Authenticator, it send a response (EAP fragmented too). But FreeBSD/hostapd never ACK the first fragmented packet received from the supplicant => Then the authentication phase time out. I've tried with 3 different wireless card as hostap: - Atheros 9280 (ath) - Atheros AR2425 (ath) - Ralink RT2573 (rum) And all these have the same problem. Does anyone is using an EAP-TLS setup with hostapd successfully on -current ?