Date: Wed, 17 Jan 2007 10:09:06 -0600 From: Brooks Davis <brooks@freebsd.org> To: Sam Leffler <sam@errno.com> Cc: freebsd-current@freebsd.org Subject: Re: WPA-EAP problems Message-ID: <20070117160906.GB1333@lor.one-eyed-alien.net> In-Reply-To: <45ADC311.90008@errno.com> References: <200701171608.49339.doconnor@gsoft.com.au> <45ADC311.90008@errno.com>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On Tue, Jan 16, 2007 at 10:32:49PM -0800, Sam Leffler wrote:
> Daniel O'Connor wrote:
> > Hi,
> > I have a WPA-EAP network setup (to a WRT54G with OpenRadius which
> > authenticates against an OpenLDAP server on my FreeBSD server), however quite
> > often dhclient fails to get a lease at first go.
> >
> > My wpa_supplicant file looks like..
> > network={
> > ssid="dons"
> > scan_ssid=1
> > key_mgmt=WPA-EAP
> > identity="username"
> > password="password"
> > phase2="auth=PAP"
> > }
> >
> > I have the following in rc.conf..
> > ifconfig_ath0="WPA DHCP"
> > background_dhclient="YES"
> >
> > If I kill dhclient and restart it I can get a lease just fine. I don't see the
> > problem on a WPA-TKIP network.
>
> Sounds like an issue with dhclient. I rarely use anything but WPA-PSK
> so haven't noticed issues.
>
> It would be useful to get a wpa log to see how long it's taking to
> authenticate. It'd be nice if dhclient were triggered by authentication
> rather than association as packets cannot pass until before. I've
> considered changing things to work in this way.
This seems like a good idea. The link isn't really up until you can
actually pass packets on it.
> > I think the problem is that the ath interface comes up but no
> > packets can be transferred because WPA stuff is still happening the
> > initial requests get lost.
>
> But dhclient should retry and get a lease w/o your restarting it.
I think this should happen, but I think the back off is random exponential
so it doesn't take long to get to the point where it will appear hung
because it tries for >60s. Is there an 802.11 event we could key
off of to reset the timeouts when authentication occurs?
-- Brooks
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)
iD8DBQFFrkohXY6L6fI4GtQRAg6WAJwNzi2FBuYSaaQNhXrDw/qDOED0fwCg0c1p
nbCc9giQpvPGUFEBKOweoq4=
=zOf9
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070117160906.GB1333>