From owner-freebsd-current@FreeBSD.ORG Tue May 31 16:30:23 2005 Return-Path: X-Original-To: freebsd-current@freebsd.org Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6963B16A41C; Tue, 31 May 2005 16:30:23 +0000 (GMT) (envelope-from sam@errno.com) Received: from ebb.errno.com (ebb.errno.com [66.127.85.87]) by mx1.FreeBSD.org (Postfix) with ESMTP id 07B5D43D54; Tue, 31 May 2005 16:30:22 +0000 (GMT) (envelope-from sam@errno.com) Received: from [66.127.85.91] (sam@[66.127.85.91]) (authenticated bits=0) by ebb.errno.com (8.12.9/8.12.6) with ESMTP id j4VGUMms094284 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 31 May 2005 09:30:22 -0700 (PDT) (envelope-from sam@errno.com) Message-ID: <429C920B.30005@errno.com> Date: Tue, 31 May 2005 09:34:19 -0700 From: Sam Leffler User-Agent: Mozilla Thunderbird 1.0.2 (X11/20050327) X-Accept-Language: en-us, en MIME-Version: 1.0 To: Doug Barton References: <429B71C4.9080803@FreeBSD.org> <20050531013528.V940@ync.qbhto.arg> In-Reply-To: <20050531013528.V940@ync.qbhto.arg> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: wpaul@freebsd.org, freebsd-current@freebsd.org Subject: Re: wpa_supplicant + NDIS (broadcom) + linksys WRT54G possible? X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 May 2005 16:30:23 -0000 Doug Barton wrote: > On Mon, 30 May 2005, Doug Barton wrote: > >> Howdy, >> >> I just bought a new linksys WRT54G broadband router and I want to >> enable WPA-PSK on it, and my freebsd -current laptop. I got the >> configuration working in Windows with the same machine, then booted >> current and added the following to my kernel config. The kernel >> sources are from 25 May, I will try updating next. >> >> device wlan #802.11 support >> device wlan_wep #802.11 WEP support >> device wlan_ccmp #802.11 CCMP support >> device wlan_tkip #802.11 TKIP support >> device wlan_xauth #802.11 external authenticator >> >> The NDIS driver works great for my Dell TrueMobile 1400 Dual Band WLAN >> Mini-PCI Card, and I had static WEP working with it previously as >> well. After rebooting with the new kernel and rebuilding my NDIS >> module, I compiled ports/security/wpa_supplicant (the latest version). >> >> On my linksys I have it set up for WPA-PSK with TKIP. I also tried >> AES, no luck. My wpa_supplicant.conf file looks like this (mostly just >> the defaults): >> >> ctrl_interface=/var/run/wpa_supplicant >> ctrl_interface_group=0 >> eapol_version=1 >> ap_scan=1 >> fast_reauth=1 >> network={ >> ssid="myssid" >> proto=WPA >> key_mgmt=WPA-PSK >> pairwise=CCMP TKIP >> group=CCMP TKIP WEP104 WEP40 >> psk="mypass" >> priority=2 >> } >> >> Changing the eapol_version didn't have any effect. There is a log of >> what's happening at http://people.freebsd.org/~dougb/wpa.log. If there >> is anything else I can do to help debug this, let me know. > > > Two updates. First, it looks like this is definitely a driver issue, as > I dug out my old ath pccard, and it works fine with the same > wpa_supplicant.conf file. Second, the latest sources definitely improved > the situation. The card now associates with the AP, and wpa_supplicant > says: > > WPA: Key negotiation completed with 00:80:c8:1b:28:43 [PTK=TKIP GTK=TKIP] > > However, the TKIP lines never show up when I do an ifconfig, and the > interface doesn't seem to be passing packets as dhcp never sees any offers. > > New log is at http://people.freebsd.org/~dougb/wpa2.log What "latest sources" did you use? wpa_supplicant or the ndis driver? Your log shows a completed handshake and both PTK and GTK plumbed so in theory traffic should flow. You may not see the keys with ifconfig unless the ndis layer installs them in the net80211 data structures (don't recall what it does). You would probably better off setting up an ap where you can see what's happening on the ap side. Since you have an ath card you could use that to test with (even in the same laptop). Sam