wpa_supplicant troubles with connection following authentication (cannot get IP)

Sam Leffler sam
Fri Oct 14 20:29:33 PDT 2005

Joe Love wrote:
> I'm trying to get my laptop running FreeBSD6 to fully connect and use 
> the wireless network on my university's campus.  They are using TTLS+PAP 
> for the key handling and authentication, and DHCP for ip address assignment.

I think you're in the wrong place for freebsd issues; did you post this 
to a freebsd mailing list already?  I didn't see it...

> The problem I'm experiencing is that under FreeBSD, I cannot get an IP 
> address from the dhcp server after connecting & authentication using 
> wpa_supplicant.  This problem may not be wpa_supplicant-specific, as I 
> tried using the exact same configuration on WindowsXP using the exact 
> same hardware, and was able to connect and get an IP address just fine.  
> I'm hoping someone might be able to shed some light on the subject, as 
> myself and everyone else I've asked is stumped by the problem.

I see no log or information about the interface status after 
wpa_supplicant negotiated the connection.  Try collecting a 
wpa_supplicant log for starters.

> The one comparison between the two connections that has confused me the 
> most is the output from ethereal.  On both freebsd & windows, I see the 
> same EAP, TLS & EAPOL protocol packets, but once the EAP succeeds, and 
> keys are exchanged, the output under windows looks like normal traffic, 
> including one Ethernet II packet, followed by a DHCP request, 
> acknowledgement, and arp traffic (and some other stuff).  Under FreeBSD, 
> however, I see the keys exchanged, and then a bunch of packets of 
> protocol type "LLC", and the only packets that aren't LLC are ones that 
> come from my machine.  I see no typical IP traffic from any other hosts.

I'm guessing you're using an Atheros card.  If so then the collected 
packet trace may include data padding between the 802.11 header and the 
payload that confuses ethereal and/or tcpdump.  I have changes to send 
the ethereal folks to deal with this if you tapped at the driver level 
and changes to the kernel to squeeze out the bytes if you tapped at the 
802.11 layer.  If you tap at the 802.3 layer then frames should display 
fine in ethereal.

> I can provide any useful information, including packet dumps, but at 
> this point, I'm really not quite sure what direction to go.

Collect a wpa_supplicant log with the -d option and take this to a 
freebsd mailing list--unless Jouni's interested in freebsd problems :).


> Thanks
> -Joe
> Since it's common that people like to see these first that there's 
> nothing wrong, here's the same configuration i used on both windows & 
> freebsd.  To make it clear, the configuration below works fine on 
> WindowsXP, and I can proceed to get an IP address after connecting.  It 
> authenticates fine on FreeBSD6, but dhclient cannot get an IP address 
> after authentication.
> Configuration:
> ctrl_interface=/var/run/wpa_supplicant
> eapol_version=2
> ap_scan=1
> #ap_scan=2 # suggested.
> network={
>     ssid="UIC-Wireless"
>     scan_ssid=1
>     mode=0
>     key_mgmt=IEEE8021X
>     eap=TTLS
>     identity="jlove1"
>     password="*CENSORED*"
>     anonymous_identity="anonymous"
>     ca_cert="thawte.pem"
>     #phase1="include_tls_length=1"
>     phase2="auth=PAP"
> }
> _______________________________________________
> HostAP mailing list
> HostAP at shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap

More information about the Hostap mailing list