Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 17 Oct 2005 18:15:18 -0500
From:      Joe Love <joe@getsomewhere.net>
To:        freebsd-current@freebsd.org
Subject:   cannot get IP when auth with wpa_supplicant + ath0 driver
Message-ID:  <43543086.7020705@getsomewhere.net>

next in thread | raw e-mail | index | archive | help
I'm trying to use my wireless connection on my campus's wireless network.

I'm using FreeBSD 6.0-RC1, with the pre-packaged wpa_supplicant 0.3.9.  
I've tried using both a linksys wpc11 using the wi driver, and a netgear 
wg511t using the ath driver.  I'm currently betting on using the netgear 
permanently, as the linksys card is causing me unending issues as of 
late.  The campus wireless uses TTLS+PAP, and IPs are assigned dynamically.

The problem I'm having is that after the connection is established (it 
seems to authenticate just fine), I cannot get a response to any dhcp 
requests.
Jouni Malinen, from the hostap mailing lists, proposed the following as 
the problem:
"This AP is using somewhat non-standard key configuration (something 
that most Cisco APs do with IEEE 802.1X), i.e., unicast key is using 
non-zero key index (2 or 3) and broadcast key is using the other indexes 
(alternating between 0 and 1).
"The packet dump looked like WEP decryption would not have been done or 
it would have failed completely. I would assume that the driver code 
would drop the packet if ICV is incorrect, so I would assume that the 
packet was not decrypted at all.
"I have seen this kind of key index use having issues with number of 
drivers. In other words, this is a question for FreeBSD mailing lists 
after all. Including the description of key index use with the message 
should make it easier for the driver/IEEE 802.11 stack authors to take a 
closer look at this. Anyway, a fix for this may require changing the 
driver interface code for the set_key handler on wpa_supplicant side, too."

Included below are the wpa_supplicant configuration I am using and the 
output of wpa_supplicant -d -iath0 -cwpa_supplicant.conf

A packet dump of the transaction and some data following it (taken from 
ethereal 0.10.10) can be found at http://www.getsomewhere.net/wpa.dump

Thanks,
-Joe

wpa_supplicant.conf:
ctrl_interface=/var/run/wpa_supplicant
eapol_version=2
ap_scan=1
#ap_scan=2 # suggested.
network={
        ssid="UIC-Wireless"
        scan_ssid=1
        #key_mgmt=IEEE8021X WPA-EAP
        mode=0
        key_mgmt=IEEE8021X
        eap=TTLS
        identity="jlove1"
        password="CENSORED"
        anonymous_identity="anonymous"
        ca_cert="thawte.pem"
        #phase1="include_tls_length=1"
        phase2="auth=PAP"
}

wpa_supplicant output:
# wpa_supplicant -d -iath0 -cwpa_supplicant.conf
Initializing interface 'ath0' conf 'wpa_supplicant.conf' driver 'default'
Configuration file 'wpa_supplicant.conf' -> 
'/usr/home/lyfe/wpa_supplicant.conf'
Reading configuration file '/usr/home/lyfe/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
eapol_version=2
ap_scan=1
Priority group 0
   id=0 ssid='UIC-Wireless'
Initializing interface (2) 'ath0'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Own MAC address: 00:0f:b5:62:28:e3
wpa_driver_bsd_set_wpa: enabled=1
wpa_driver_bsd_set_wpa_internal: wpa=3 privacy=1
wpa_driver_bsd_del_key: keyidx=0
wpa_driver_bsd_del_key: keyidx=1
wpa_driver_bsd_del_key: keyidx=2
wpa_driver_bsd_del_key: keyidx=3
wpa_driver_bsd_set_countermeasures: enabled=0
wpa_driver_bsd_set_drop_unencrypted: enabled=1
Setting scan request: 0 sec 100000 usec
Starting AP scan (specific SSID)
Scan SSID - hexdump_ascii(len=12):
     55 49 43 2d 57 69 72 65 6c 65 73 73               UIC-Wireless   
Received 0 bytes of scan results (3 BSSes)
Scan results: 3
Selecting BSS from priority group 0
0: 00:12:00:d7:0e:00 ssid='' wpa_ie_len=0 rsn_ie_len=0
   skip - no WPA/RSN IE
1: 00:0c:41:75:12:a0 ssid='Linksys' wpa_ie_len=0 rsn_ie_len=0
   skip - no WPA/RSN IE
2: 00:13:46:15:84:5a ssid='powerlab' wpa_ie_len=0 rsn_ie_len=0
   skip - no WPA/RSN IE
No suitable AP found.
Setting scan request: 5 sec 0 usec
Starting AP scan (broadcast SSID)
Received 0 bytes of scan results (4 BSSes)
Scan results: 4
Selecting BSS from priority group 0
0: 00:12:00:d7:0e:00 ssid='' wpa_ie_len=0 rsn_ie_len=0
   skip - no WPA/RSN IE
1: 00:40:05:26:d5:24 ssid='mie-g' wpa_ie_len=0 rsn_ie_len=0
   skip - no WPA/RSN IE
2: 00:0c:41:75:12:a0 ssid='Linksys' wpa_ie_len=0 rsn_ie_len=0
   skip - no WPA/RSN IE
3: 00:13:46:15:84:5a ssid='powerlab' wpa_ie_len=0 rsn_ie_len=0
   skip - no WPA/RSN IE
No suitable AP found.
Setting scan request: 5 sec 0 usec
Starting AP scan (specific SSID)
Scan SSID - hexdump_ascii(len=12):
     55 49 43 2d 57 69 72 65 6c 65 73 73               UIC-Wireless   
Received 0 bytes of scan results (3 BSSes)
Scan results: 3
Selecting BSS from priority group 0
0: 00:12:00:d7:0e:00 ssid='UIC-Wireless' wpa_ie_len=0 rsn_ie_len=0
   skip - no WPA/RSN IE
1: 00:0c:41:75:12:a0 ssid='Linksys' wpa_ie_len=0 rsn_ie_len=0
   skip - no WPA/RSN IE
2: 00:13:46:15:84:5a ssid='powerlab' wpa_ie_len=0 rsn_ie_len=0
   skip - no WPA/RSN IE
   selected non-WPA AP 00:12:00:d7:0e:00 ssid='UIC-Wireless'
Trying to associate with 00:12:00:d7:0e:00 (SSID='UIC-Wireless' 
freq=2462 MHz)
Cancelling scan request
Automatic auth_alg selection: 0x1
No keys have been configured - skip key clearing
wpa_driver_bsd_set_drop_unencrypted: enabled=1
wpa_driver_bsd_associate: ssid 'UIC-Wireless' wpa ie len 0 pairwise 4 
group 4 key mgmt 3
wpa_driver_bsd_associate: set PRIVACY 1
Setting authentication timeout: 5 sec 0 usec
EAPOL: External notification - portControl=Auto
Association event - clear replay counter
Associated to a new BSS: BSSID=00:12:00:d7:0e:00
No keys have been configured - skip key clearing
Associated with 00:12:00:d7:0e:00
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
RX EAPOL from 00:12:00:d7:0e:00
Setting authentication timeout: 70 sec 0 usec
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=1 id=1
EAP: EAP entering state IDENTITY
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using anonymous identity - hexdump_ascii(len=9):
     61 6e 6f 6e 79 6d 6f 75 73                        anonymous      
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 46, expecting at least 99
RX EAPOL from 00:12:00:d7:0e:00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=1 id=2
EAP: EAP entering state IDENTITY
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using anonymous identity - hexdump_ascii(len=9):
     61 6e 6f 6e 79 6d 6f 75 73                        anonymous      
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 46, expecting at least 99
RX EAPOL from 00:12:00:d7:0e:00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=21 id=3
EAP: EAP entering state GET_METHOD
EAP: initialize selected EAP method (21, TTLS)
EAP-TTLS: Phase2 type: PAP
TLS: Trusted root certificate(s) loaded
EAP: EAP entering state METHOD
EAP-TTLS: Received packet(len=6) - Flags 0x20
EAP-TTLS: Start
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data
SSL: 100 bytes pending from ssl_out
SSL: 100 bytes left to be sent out (of total 100 bytes)
EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 46, expecting at least 99
RX EAPOL from 00:12:00:d7:0e:00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=21 id=4
EAP: EAP entering state METHOD
EAP-TTLS: Received packet(len=1396) - Flags 0xc0
EAP-TTLS: TLS Message Length: 2196
SSL: Need 810 bytes more input data
SSL: Building ACK
EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
IEEE 802.1X RX: version=1 type=0 length=1396
WPA: EAPOL frame (type 0) discarded, not a Key frame
RX EAPOL from 00:12:00:d7:0e:00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=21 id=5
EAP: EAP entering state METHOD
EAP-TTLS: Received packet(len=816) - Flags 0x00
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server hello A
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=1 
buf='/C=ZA/ST=Western Cape/L=Cape Town/O=Thawte Consulting 
cc/OU=Certification Services Division/CN=Thawte Server 
CA/emailAddress=server-certs@thawte.com'
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=0 
buf='/C=US/ST=Illinois/L=Chicago/O=University of Illinois at 
Chicago/OU=Academic Computer Center/CN=odyssey1.cc.uic.edu'
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server certificate A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server key exchange A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server done A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client key exchange A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write change cipher spec A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write finished A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 flush data
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read finished A
SSL: SSL_connect - want more data
SSL: 190 bytes pending from ssl_out
SSL: 190 bytes left to be sent out (of total 190 bytes)
EAP: method process -> ignore=FALSE methodState=CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
IEEE 802.1X RX: version=1 type=0 length=816
WPA: EAPOL frame (type 0) discarded, not a Key frame
RX EAPOL from 00:12:00:d7:0e:00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=21 id=6
EAP: EAP entering state METHOD
EAP-TTLS: Received packet(len=61) - Flags 0x80
EAP-TTLS: TLS Message Length: 51
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read finished A
SSL: (where=0x20 ret=0x1)
SSL: (where=0x1002 ret=0x1)
SSL: 0 bytes pending from ssl_out
SSL: No data to be sent out
EAP-TTLS: TLS done, proceed to Phase 2
EAP-TTLS: Derived key - hexdump(len=64): [REMOVED]
EAP-TTLS: received 0 bytes encrypted data for Phase 2
EAP-TTLS: empty data in beginning of Phase 2 - use fake EAP-Request Identity
EAP-TTLS: Phase 2 PAP Request
EAP-TTLS: Encrypting Phase 2 data - hexdump(len=40): [REMOVED]
EAP-TTLS: Authentication completed successfully
EAP: method process -> ignore=FALSE methodState=DONE decision=COND_SUCC
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 65, expecting at least 99
RX EAPOL from 00:12:00:d7:0e:00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Success
EAP: Workaround for unexpected identifier field in EAP Success: reqId=7 
lastId=6 (these are supposed to be same)
EAP: EAP entering state SUCCESS
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_BE entering state IDLE
WPA: EAPOL frame too short, len 46, expecting at least 99
RX EAPOL from 00:12:00:d7:0e:00
EAPOL: Received EAPOL-Key frame
EAPOL: KEY_RX entering state KEY_RECEIVE
EAPOL: processKey
EAPOL: RX IEEE 802.1X ver=1 type=3 len=57 EAPOL-Key: type=1 
key_length=13 key_index=0x1
EAPOL: EAPOL-Key key signature verified
EAPOL: Decrypted(RC4) key - hexdump(len=13): [REMOVED]
EAPOL: Setting dynamic WEP key: broadcast keyidx 1 len 13
wpa_driver_bsd_set_key: alg=WEP addr=ff:ff:ff:ff:ff:ff key_idx=1 
set_tx=0 seq_len=0 key_len=13
WPA: EAPOL frame too short, len 61, expecting at least 99

^CSignal 2 received - terminating
wpa_driver_bsd_deauthenticate
wpa_driver_bsd_del_key: keyidx=0
wpa_driver_bsd_del_key: keyidx=1
wpa_driver_bsd_del_key: keyidx=2
wpa_driver_bsd_del_key: keyidx=3
wpa_driver_bsd_del_key: addr=00:12:00:d7:0e:00 keyidx=0
ioctl[SIOCS80211, op 20, len 7]: Can't assign requested address
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
wpa_driver_bsd_set_wpa: enabled=0
wpa_driver_bsd_set_wpa_internal: wpa=0 privacy=0
wpa_driver_bsd_set_drop_unencrypted: enabled=0
wpa_driver_bsd_set_countermeasures: enabled=0
No keys have been configured - skip key clearing
wpa_driver_bsd_set_wpa_internal: wpa=0 privacy=0
EAP: deinitialize previously used EAP method (21, TTLS) at EAP deinit
#




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43543086.7020705>