WPA-Enterprise and wpa_supplicant/hostapd

Jason Carr jason
Mon Sep 19 10:11:08 PDT 2005 

I've been having some weird issues with wpa_supplicant connecting to EAP-TLS
networks.  At home I have hostapd setup, a reauth period of 300 seconds, and
I get disconnected every once and awhile.  It likes to disconnect and go into
scanning mode and never actually reauthenticates.  I would think that if the
access point requests a reauth from the client, the client would just reauth
instead of dropping the port.  Windows also seems to have a similar problem.
Not sure what exactly could be the problem, so here's a bunch of config
files.  I can try to get a log file, how much debugging is required and
what's a good way to record the output of wpa_supplicant?

Also, I've been seeing things like:
hostap_pci: wifi0: resetting card
wifi0: Original COR value: 0x32
wifi0: removed pending cmd_queue entry (type=1, cmd=0x0011, param0=0xf100)
wifi0: removed pending cmd_queue entry (type=1, cmd=0x0011, param0=0xf100)
wifi0: removed pending cmd_queue entry (type=1, cmd=0x010b, param0=0x01b2)
prism2_hw_init: initialized in 195 ms
wlan0: dropped frame from unauthorized port (IEEE 802.1X): ethertype=0x0806
wlan0: dropped frame from unauthorized port (IEEE 802.1X): ethertype=0x0806
wlan0: dropped frame from unauthorized port (IEEE 802.1X): ethertype=0x0800
TKIP: replay detected: STA=00:12:f0:34:60:7f previous TSC 00000000029b
received TSC 000000000001
wifi0: decryption failed (SA=00:12:f0:34:60:7f) res=-4
wifi0: Original COR value: 0x32
wifi0: removed pending cmd_queue entry (type=1, cmd=0x0011, param0=0xf100)
wifi0: removed pending cmd_queue entry (type=1, cmd=0x0011, param0=0xf100)
wifi0: removed pending cmd_queue entry (type=1, cmd=0x0011, param0=0xf100)
wifi0: removed pending cmd_queue entry (type=1, cmd=0x0011, param0=0xf100)

Not sure what those exactly mean...

Versions: 
ipw2200-1.0.6
wpa_supplicant v0.4.4
hostapd v0.4.4
prism firmware 1.8.0

- Jason

This is my wpa_supplicant.conf file:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0

ap_scan=1
eapol_version=1
fast_reauth=1

network={
        ssid="flacid.org"
        key_mgmt=WPA-EAP
        pairwise=TKIP
        group=TKIP
        eap=TLS
        identity="jason at flacid.org"
        ca_cert="/etc/wpa_keys/flacid.org/CAcert.pem"
        client_cert="/etc/wpa_keys/flacid.org/jayne.wireless.intranet-cert.pem"
        private_key="/etc/wpa_keys/flacid.org/jayne.wireless.intranet-key.pem"
}

Here's my hostapd.conf:

interface=wlan0
logger_syslog=-1
logger_syslog_level=1
logger_stdout=-1
logger_stdout_level=1
debug=2
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=flacid.org
macaddr_acl=0
auth_algs=3
ieee8021x=1
eap_message=wireless
eapol_key_index_workaround=1
eap_reauth_period=300
eap_server=0
own_ip_addr=127.0.0.1
auth_server_addr=127.0.0.1
auth_server_port=1812
auth_server_shared_secret=<password>
acct_server_addr=127.0.0.1
acct_server_port=1813
acct_server_shared_secret=<password>
wpa=1
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP CCMP
wpa_group_rekey=300
wpa_strict_rekey=1
wpa_gmk_rekey=3600

-- 
Jason Carr (jason at flacid.org)

More information about the Hostap mailing list