Re: problems making an access point w/current

From: Sam Leffler <sam_at_freebsd.org>
Date: Thu, 01 May 2008 20:43:02 -0700
What you show are PTK's being plumbed but the issue I asked about was 
for the GTK and you haven't shown the log of it being plumbed. You also 
don't show the Michael failure msg so I cannot tell what key was 
involved.  Please collect a full log and either send it privately or 
give me a url.

You might also look at the scripts in tools/tools/net80211/scripts for 
examples of how I setup working configurations of various flavors.

	Sam

David Cornejo wrote:
> recompiled everything from todays sources,
> 
> [win xp connection attempt]
> 
> wlan0: _ieee80211_crypto_delkey: NONE keyix 65535 flags 0x3 rsc 0 tsc 0 len 0
> wlan0: _ieee80211_crypto_delkey: NONE keyix 65535 flags 0x3 rsc 0 tsc 0 len 0
> wlan0: ieee80211_crypto_setkey: TKIP keyix 4 flags 0x3 mac
> 00:13:e8:30:a7:6d rsc 0 tsc 0 len 16
> wlan0: ieee80211_crypto_setkey: TKIP keyix 4 flags 0x3 mac
> 00:13:e8:30:a7:6d rsc 0 tsc 0 len 16
> wlan0: _ieee80211_crypto_delkey: TKIP keyix 4 flags 0x3 rsc 0 tsc 2 len 16
> wlan0: _ieee80211_crypto_delkey: NONE keyix 65535 flags 0x3 rsc 0 tsc 0 len 0
> wlan0: [00:0b:6b:34:65:99] discard frame due to countermeasures (tkip_encap)
> 
> [ repeat this a couple hundred times ]
> 
> wlan0: [00:0b:6b:34:65:99] discard frame due to countermeasures (tkip_encap)
> wlan0: _ieee80211_crypto_delkey: NONE keyix 65535 flags 0x3 rsc 0 tsc 0 len 0
> wlan0: _ieee80211_crypto_delkey: NONE keyix 65535 flags 0x3 rsc 0 tsc 0 len 0
> wlan0: ieee80211_crypto_setkey: TKIP keyix 4 flags 0x3 mac
> 00:13:e8:30:a7:6d rsc 0 tsc 0 len 16
> 
> [win xp thinks it's connected, but no DHCP]
> 
> I'm wondering if it's not an interaction problem with if_bridge?  I'll
> try a simpler config...
> 
> thanks,
> dave c
> 
> 
> On Thu, May 1, 2008 at 1:28 PM, Sam Leffler <sam_at_freebsd.org> wrote:
>> Are you certain hostapd is up to date?  There was a bug like this a while
>> back (before code was committed to CVS) when I failed to update hostapd to
>> plumb keys correctly.  I routinely test this same config (i.e. card) w/o any
>> issues.
>>
>>    Sam
>>
>>  David Cornejo wrote:
>>
>>>
>>>
>>> from dmesg:
>>>
>>> ath0: mac 5.9 phy 4.3 radio 3.6
>>> ath_hal: 0.9.20.3 (AR5210, AR5211, AR5212, RF5111, RF5112, RF2413, RF5413)
>>>
>>> [root_at_ap2] 111% ifconfig -v wlan0
>>> wlan0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
>>> metric 0 mtu 2290
>>>        ether 00:0b:6b:34:65:99
>>>        media: IEEE 802.11 Wireless Ethernet autoselect mode 11a <hostap>
>>>        status: running
>>>        ssid hmiln channel 52 (5260 Mhz 11a) bssid 00:0b:6b:34:65:99
>>>        regdomain DEBUG country US anywhere ecm authmode WPA -wps -tsn
>>>        privacy MIXED deftxkey 2
>>>        TKIP 2:128-bit
>>>        TKIP 3:128-bit powersavemode OFF powersavesleep 100 txpower 19
>>>        txpowmax 50.0 -dotd rtsthreshold 2346 fragthreshold 2346 bmiss 7
>>>        11a    ucast NONE    mgmt  6 Mb/s mcast  6 Mb/s maxretry 6
>>>        11b    ucast NONE    mgmt  1 Mb/s mcast  1 Mb/s maxretry 6
>>>        11g    ucast NONE    mgmt  1 Mb/s mcast  1 Mb/s maxretry 6
>>>        turboA ucast NONE    mgmt  6 Mb/s mcast  6 Mb/s maxretry 6
>>>        11na   ucast NONE    mgmt  0 MCS  mcast  0 MCS  maxretry 6
>>>        11ng   ucast NONE    mgmt  0 MCS  mcast  0 MCS  maxretry 6
>>>        scanvalid 60 -bgscan bgscanintvl 300 bgscanidle 250
>>>        roam:11a    rssi    7dBm rate 12 Mb/s
>>>        roam:11b    rssi    7dBm rate  1 Mb/s
>>>        roam:11g    rssi    7dBm rate  5 Mb/s
>>>        roam:turboA rssi    7dBm rate 12 Mb/s
>>>        roam:sturbo rssi    7dBm rate 12 Mb/s -pureg protmode CTS -ht
>>>        -htcompat -ampdu ampdulimit 8k ampdudensity - -amsdu -shortgi
>>>        htprotmode RTSCTS -puren -wme burst ff dturbo -dwds -hidessid
>> apbridge
>>>        dtimperiod 1 doth dfs inact bintval 100
>>>        groups: wlan
>>>
>>> I disabled WME and it behaves a little different:
>>>
>>> [root_at_ap2] 115% ifconfig wlan0 list sta
>>> ADDR               AID CHAN RATE RSSI IDLE  TXSEQ  RXSEQ CAPS FLAG
>>> 00:13:e8:30:a7:6d    1   52  54M 25.0    0      5  10624 EP   AQP  WPA WME
>>>
>>> But the client (Win XP) can't get an address from the DHCP server, and
>>> if I set a static address on the client still nothing.  The wired LAN
>>> is very busy, but from tcpdump it looks like the packets from the
>>> client get to the LAN, but they aren't responded to.
>>>
>>> thanks,
>>> dave c
>>>
>>>
>>> On Tue, Apr 29, 2008 at 5:19 PM, Sam Leffler <sam_at_freebsd.org> wrote:
>>>
>>>
>>>> David Cornejo wrote:
>>>>
>>>>
>>>>
>>>>> Hi,
>>>>>
>>>>> I am trying to build an access point out of a Soekris 4801 - I have
>>>>> built two images from the CURRENT source, one on March 28, 2008
>>>>> (pre-VAPS) and one from today April 29th, 2008.
>>>>>
>>>>> The 3/28 one works beautifully, the 4/29 one has authorization
>> problems.
>>>>> I converted the rc.conf to the new wlan_* things.
>>>>>
>>>>> Is there something wrong with my configurations?
>>>>>
>>>>> thanks,
>>>>> dave c
>>>>>
>>>>> good old config, kernel & world built march 28th sources.
>>>>>
>>>>> === rc.conf ===
>>>>>
>>>>> hostname="ap1.dogwood.com"
>>>>>
>>>>> hostapd_enable="YES"
>>>>>
>>>>> ifconfig_sis0="up"
>>>>> ifconfig_sis1="up"
>>>>> ifconfig_sis2="up"
>>>>> ifconfig_ath0="mode 11a mediaopt hostap dturbo"
>>>>>
>>>>> cloned_interfaces="bridge0"
>>>>> ifconfig_bridge0="ether 92:74:fd:88:12:f3 addm sis0 addm sis1 addm
>>>>> sis2 addm ath0 stp sis0 stp sis1 stp sis2 stp ath0 DHCP"
>>>>>
>>>>> ntpdate_enable="YES"
>>>>> ntpdate_flags="pool.ntp.org"
>>>>>
>>>>> sendmail_enable="NONE"
>>>>> sshd_enable="YES"
>>>>> syslogd_flags="-ss"
>>>>> rwhod_enable="YES"
>>>>>
>>>>> smartd_enable="YES"
>>>>>
>>>>> ntpd_enable="YES"
>>>>>
>>>>> === hostapd.conf
>>>>>
>>>>> interface=ath0
>>>>> driver=bsd
>>>>> logger_syslog=-1
>>>>> logger_syslog_level=0
>>>>> logger_stdout=-1
>>>>> logger_stdout_level=0
>>>>> debug=4
>>>>> dump_file=/tmp/hostapd.dump
>>>>> ctrl_interface=/var/run/hostapd
>>>>> ctrl_interface_group=wheel
>>>>> ssid=hoana-a
>>>>> wpa=1
>>>>> wpa_passphrase=v1g1lance
>>>>> wpa_key_mgmt=WPA-PSK
>>>>> wpa_pairwise=TKIP
>>>>>
>>>>> === log output
>>>>>
>>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d IEEE 802.11:
>>>>>
>>>>>
>>>> associated
>>>>
>>>>
>>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d WPA: event 1
>>>>> notification
>>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d WPA: start
>>>>> authentication
>>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d IEEE 802.1X:
>>>>> unauthorizing port
>>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d WPA: sending
>>>>> 1/4 msg of 4-Way Handshake
>>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d WPA: received
>>>>> EAPOL-Key frame (2/4 Pairwise)
>>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d WPA: sending
>>>>> 3/4 msg of 4-Way Handshake
>>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d WPA: received
>>>>> EAPOL-Key frame (4/4 Pairwise)
>>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d IEEE 802.1X:
>>>>> authorizing port
>>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d WPA: pairwise
>>>>> key handshake completed (WPA)
>>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d WPA: sending
>>>>> 1/2 msg of Group Key Handshake
>>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d WPA: received
>>>>> EAPOL-Key frame (2/2 Group)
>>>>> Apr 29 15:22:37 ap1 hostapd: ath0: STA 00:13:e8:30:a7:6d WPA: group
>>>>> key handshake completed (WPA)
>>>>>
>>>>> ==========
>>>>>
>>>>> bad new config, kernel & world built from april 29 sources
>>>>>
>>>>> === rc.conf ===
>>>>>
>>>>> hostname="ap2.dogwood.com"
>>>>>
>>>>> ifconfig_sis0="up"
>>>>> ifconfig_sis1="up"
>>>>> ifconfig_sis2="up"
>>>>> ifconfig_wlan0="mode 11a"
>>>>>
>>>>> wlans_ath0="wlan0"
>>>>> create_args_wlan0="wlanmode ap"
>>>>>
>>>>> cloned_interfaces="bridge0"
>>>>> ifconfig_bridge0="ether 00:40:96:01:01:01 addm sis0 addm sis1 addm
>>>>> sis2 addm wlan0 stp sis0 stp sis1 stp sis2 stp wlan0 DHCP"
>>>>> hostapd_enable="YES"
>>>>>
>>>>> ntpdate_enable="YES"
>>>>> ntpdate_flags="pool.ntp.org"
>>>>> ntpd_enable="YES"
>>>>>
>>>>> sendmail_enable="NONE"
>>>>> sshd_enable="YES"
>>>>> syslogd_flags="-ss"
>>>>> rwhod_enable="YES"
>>>>>
>>>>> # HARDWARE SPECIFIC
>>>>> smartd_enable="YES"
>>>>>
>>>>> dumpdev="NO"
>>>>>
>>>>> === hostapd.conf ===
>>>>>
>>>>> interface=wlan0
>>>>> driver=bsd
>>>>> logger_syslog=-1
>>>>> logger_syslog_level=0
>>>>> logger_stdout=-1
>>>>> logger_stdout_level=0
>>>>> debug=4
>>>>> dump_file=/tmp/hostapd.dump
>>>>> ctrl_interface=/var/run/hostapd
>>>>> ctrl_interface_group=wheel
>>>>> ssid=hmiln
>>>>> wpa=1
>>>>> wpa_passphrase=v1g1lance
>>>>> wpa_key_mgmt=WPA-PSK
>>>>> wpa_pairwise=TKIP
>>>>>
>>>>> === log output
>>>>>
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d IEEE 802.11:
>>>>> associated
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: event 1
>>>>> notification
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: start
>>>>> authentication
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d IEEE 802.1X:
>>>>> unauthorizing port
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: sending
>>>>> 1/4 msg of 4-Way Handshake
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA:
>>>>> received EAPOL-Key frame (2/4 Pairwise)
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: sending
>>>>> 3/4 msg of 4-Way Handshake
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA:
>>>>> received EAPOL-Key frame (4/4 Pairwise)
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d IEEE 802.1X:
>>>>> authorizing port
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA:
>>>>> pairwise key handshake completed (WPA)
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: sending
>>>>> 1/2 msg of Group Key Handshake
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA:
>>>>> received EAPOL-Key frame (2/2 Group)
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: group
>>>>> key handshake completed (WPA)
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA:
>>>>> received EAPOL-Key frame (Request)
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA:
>>>>> received EAPOL-Key Error Request (STA detected Michael MIC failure)
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: sending
>>>>> 1/4 msg of 4-Way Handshake
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA:
>>>>> received EAPOL-Key frame (2/4 Pairwise)
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: sending
>>>>> 3/4 msg of 4-Way Handshake
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA:
>>>>> received EAPOL-Key frame (4/4 Pairwise)
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d IEEE 802.1X:
>>>>> authorizing port
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA:
>>>>> pairwise key handshake completed (WPA)
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: sending
>>>>> 1/2 msg of Group Key Handshake
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA:
>>>>> received EAPOL-Key frame (2/2 Group)
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: group
>>>>> key handshake completed (WPA)
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA:
>>>>> received EAPOL-Key frame (Request)
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA:
>>>>> received EAPOL-Key Error Request (STA detected Michael MIC failure)
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: IEEE 802.11 TKIP countermeasures
>>>>>
>>>>>
>>>> initiated
>>>>
>>>>
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: sending
>>>>> 1/4 msg of 4-Way Handshake
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d IEEE 802.11:
>>>>> deassociated
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d WPA: event 2
>>>>> notification
>>>>> Apr 29 15:20:56 ap2 hostapd: wlan0: STA 00:13:e8:30:a7:6d IEEE 802.1X:
>>>>> unauthorizing port
>>>>>
>>>>>
>>>>>
>>>>  Please show the output of ifconfig -v wlan0 and the mac+phy revs of the
>> ath
>>>> card.  I also need to know what hal you're using.
>>>>
>>>>  This could be because wme is now enabled by default; if it's on try
>> turning
>>>> it off.
>>>>
>>>>        Sam
>>>>
>>>>
>>>>
>>> _______________________________________________
>>> freebsd-current_at_freebsd.org mailing list
>>> http://lists.freebsd.org/mailman/listinfo/freebsd-current
>>> To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org"
>>>
>>>
>>>
>>>
>>
> _______________________________________________
> freebsd-current_at_freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe_at_freebsd.org"
> 
> 
Received on Fri May 02 2008 - 01:43:04 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:39:30 UTC