no more gtk rekeying after local deauth request (hostapd-wpa_supplicant)
thomas schorpp
t.schorpp
Sun Nov 6 12:42:53 PST 2005
Jouni Malinen wrote:
> On Fri, Nov 04, 2005 at 03:07:17AM +0100, thomas schorpp wrote:
>
>>>On Wed, Aug 31, 2005 at 11:54:17PM +0200, thomas schorpp wrote:
>>>
>>>>strange: if a linux wpasuppl. rsn client joins the net no more group key
>>>>handshakes with this xp client with latest hostapd...?
>>>>-> maybe security issue / policy violation
>
>
>>-no more gtk rekeying until wpasupplicant restart.
>
>
>>ok. i do it next, this is a security issue. windows+mac rsn clients not
>> involved and rekeying normal with hostapd.
>
>
> I'm trying to remember what was the exact issue. Could you please give a
> short summary of what the problems you have seen are?
>
> If I understood correctly, you are using madwifi+hostapd as the AP and
> have both Linux (madwifi+wpa_supplicant) and Windows/MAC clients using
> WPA2.
yes. except of one of two winxp clients using WPA1 cause belkin driver doesnt
support RSN but WPA with CCMP/AES. all in all up to 4 clients.
hostapd is configured to accept WPA1+2 but requires CCMP.
>
> Are you saying that hostapd stops rekeying group keys when both Linux
> and Windows/MAC clients are associated, but this does not happen if
> either only the Linux client associates or only Windows/MAC clients
> associate? Or is rekeying only stopped for one of the clients and the
> other clients continue getting new group keys?
>
mac/winxp clients rekeying goes on.
hostapd stops rekeying with wpa_supplicant after
# EAP reauthentication period in seconds (default: 3600 seconds; 0 = disable
# reauthentication).
eap_reauth_period=3600
is fired.
last seen with only one RSN wpa_supplicant linux client on the network.
client machine then prints eap auth failure.
hostapd maintains connection and port further authorized.
it does *not* occur with both in full debugging mode.
ive set it to 0 for now.
y
tom
More information about the Hostap
mailing list