EAP-TLS Connection Problem

Joby Thampan joby.thampan
Mon Aug 4 23:53:04 PDT 2008


Hi,

Thanks for your replies. 

My EAP-TLS Authentication got success. 

Solution:
For wpa_supplicant_0.3.8 we were not able to set the fragment size. The fragment size was fixed at 1398.
After adding the RADIUS attributes the packet senting by AP was of size 1571 which was not received by RADIUS server.
I changed the fragment size to 1300, and now the Authentication process got success.

But 4 way handshaking is getting failed right now. After sending the 2nd EAPOL frame, AP is sending a Deauth request.

I am attaching the logs at wpa_supplicant side. I tried the same with latest wpa_supplicant 0.5.10. 
But still the same result.

I am not able to differentiate whether it is a problem with the certificates or some problem at AP side.

If anybody have an idea please reply.


wlan[0,0]->
wlan[0,0]->
wlan[0,0]->
wlan[0,0]->
wlan[0,0]-> ./wpa_supplicant -iath0 -c/etc/wlan/wpa_supplicant.conf -Dmadwifi -dd
Initializing interface 'ath0' conf '/etc/wlan/wpa_supplicant.conf' driver 'madwifi'
Configuration file '/etc/wlan/wpa_supplicant.conf' -> '/etc/wlan/wpa_supplicant.conf'
Read<4>Active status = 196757
<4>Valid = 1
ing configuration file '/etc/wlan/wpa_supplicant.conf'
eapol_version=1
ap_scan=1
fast_reauth=1
Line: 4 - start of a new network block
ssid - hexdump_ascii(len=8):
     6a 6f 62 79 2d 77 70 61                           joby-wpa
key_mgmt: 0x1
eap methods - hexdump(len=2): 0d 00
identity - hexdump_ascii(len=4):
     4a 6f 62 79                                       Joby
password - hexdump_ascii(len=8): [REMOVED]
ca_cert - hexdump_ascii(len=20):
     2f 65 74 63 2f 63 65 72 74 2f 63 61 63 65 72 74   /etc/cert/cacert
     2e 70 65 6d                                       .pem
client_cert - hexdump_ascii(len=25):
     2f 65 74 63 2f 63 65 72 74 2f 63 6c 69 65 6e 74   /etc/cert/client
     5f 63 65 72 74 2e 70 65 6d                        _cert.pem
private_key - hexdump_ascii(len=24):
     2f 65 74 63 2f 63 65 72 74 2f 63 6c 69 65 6e 74   /etc/cert/client
     5f 6b 65 79 2e 70 65 6d                           _key.pem
private_key_passwd - hexdump_ascii(len=8): [REMOVED]
priority=10 (0xa)
Priority group 10
   id=0 ssid='joby-wpa'
Initializing interface (2) 'ath0'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Own MAC address: 00:30:1a:40:90:f7
wpa_driver_madwifi_set_wpa: enabled=1
wpa_driver_madwifi_del_key: keyidx=0
wpa_driver_madwifi_del_key: keyidx=1
wpa_driver_madwifi_del_key: keyidx=2
wpa_driver_madwifi_del_key: keyidx=3
wpa_driver_madwifi_set_countermeasures: enabled=0
wpa_driver_madwifi_set_drop_unencrypted: enabled=1
Setting scan request: 0 sec 100000 usec
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK, IFLA_IFNAME: Interface 'wifi0' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'ath0' added
Starting AP scan (broadcast SSID)
Wireless event: cmd=0x8b1a len=12
Wireless event: cmd=0x8b19 len=12
Received 4089 bytes of scan results (16 BSSes)
Scan results: 16
Selecting BSS from priority group 10
0: 00:1c:f0:d9:b0:b2 ssid='PH_AP' wpa_ie_len=28 rsn_ie_len=0
   skip - SSID mismatch
1: 00:0b:6b:2c:06:32 ssid='joby-wpa' wpa_ie_len=24 rsn_ie_len=0
   selected
Trying to associate with 00:0b:6b:2c:06:32 (SSID='joby-wpa' freq=2432 MHz)
Cancelling scan request
Automatic auth_alg selection: 0x1
WPA: using IEEE 802.11i/D3.0
WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 1
WPA: using GTK TKIP
WPA: using PTK TKIP
WPA: using KEY_MGMT 802.1X
WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01
No keys have been configured - skip key clearing
wpa_driver_madwifi_set_drop_unencrypted: enabled=1
wpa_driver_madwifi_associate
Setting authentication timeout: 5 sec 0 usec
EAPOL: External notification - portControl=Auto
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:0b:6b:2c:06:32
Association event - clear replay counter
Associated with 00:00:00:00:00:00
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
SENDING EAPOL START
EAPOL: txStart
BSSID not set when trying to send an EAPOL frame
Using the source address of the last received EAPOL frame 00:00:00:00:00:00 as the EAPOL destination
TX EAPOL - hexdump(len=18): 00 00 00 00 00 00 00 30 1a 40 90 f7 88 8e 01 01 00 00
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
RX EAPOL from 00:0b:6b:2c:06:32
RX EAPOL - hexdump(len=9): 02 00 00 05 01 00 00 05 01
Setting authentication timeout: 70 sec 0 usec
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=1 id=0
EAP: EAP entering state IDENTITY
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=4):
     4a 6f 62 79                                       Joby
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
BSSID not set when trying to send an EAPOL frame
Using the source address of the last received EAPOL frame 00:0b:6b:2c:06:32 as the EAPOL destination
TX EAPOL - hexdump(len=27): 00 0b 6b 2c 06 32 00 30 1a 40 90 f7 88 8e 01 00 00 09 02 00 00 09 01 4a 6f 62 79
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 9, expecting at least 99
EAPOL: Port Timers tick - authWhile=29 heldWhile=0 startWhen=29 idleWhile=59
Wireless event: cmd=0x8b1a len=21
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
Setting scan request: 0 sec 100000 usec
Added BSSID 00:00:00:00:00:00 into blacklist
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
Disconnect event - remove keys
wpa_driver_madwifi_del_key: keyidx=0
wpa_driver_madwifi_del_key: keyidx=1
wpa_driver_madwifi_del_key: keyidx=2
wpa_driver_madwifi_del_key: keyidx=3
wpa_driver_madwifi_del_key: keyidx=0
EAPOL: Port Timers tick - authWhile=28 heldWhile=0 startWhen=28 idleWhile=58
Starting AP scan (broadcast SSID)
Wireless event: cmd=0x8b1a len=12
Wireless event: cmd=0x8b19 len=12
Received 4094 bytes of scan results (15 BSSes)
Scan results: 15
Selecting BSS from priority group 10
0: 00:1c:f0:d9:b0:b2 ssid='PH_AP' wpa_ie_len=28 rsn_ie_len=0
   skip - SSID mismatch
1: 00:0b:6b:2c:06:32 ssid='joby-wpa' wpa_ie_len=24 rsn_ie_len=0
   selected
Trying to associate with 00:0b:6b:2c:06:32 (SSID='joby-wpa' freq=2432 MHz)
Cancelling scan request
Automatic auth_alg selection: 0x1
WPA: using IEEE 802.11i/D3.0
WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 1
WPA: using GTK TKIP
WPA: using PTK TKIP
WPA: using KEY_MGMT 802.1X
WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01
No keys have been configured - skip key clearing
wpa_driver_madwifi_set_drop_unencrypted: enabled=1
wpa_driver_madwifi_associate
Setting authentication timeout: 5 sec 0 usec
EAPOL: External notification - portControl=Auto
EAPOL: Port Timers tick - authWhile=27 heldWhile=0 startWhen=27 idleWhile=57
Wireless event: cmd=0x8b1a len=21
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:0b:6b:2c:06:32
Association event - clear replay counter
Associated to a new BSS: BSSID=00:0b:6b:2c:06:32
No keys have been configured - skip key clearing
Associated with 00:0b:6b:2c:06:32
EAPOL: External n - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
SENDING EAPOL START
EAPOL: txStart
TX EAPOL - hexdump(len=18): 00 0b 6b 2c 06 32 00 30 1a 40 90 f7 88 8e 01 01 00 00
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
EAPOL: Port Timers tick - authWhile=26 heldWhile=0 startWhen=29 idleWhile=59
EAPOL: Port Timers tick - authWhile=25 heldWhile=0 startWhen=28 idleWhile=58
EAPOL: Port Timers tick - authWhile=24 heldWhile=0 startWhen=27 idleWhile=57
EAPOL: Port Timers tick - authWhile=23 heldWhile=0 startWhen=26 idleWhile=56
EAPOL: Port Timers tick - authWhile=22 heldWhile=0 startWhen=25 idleWhile=55
EAPOL: Port Timers tick - authWhile=21 heldWhile=0 startWhen=24 idleWhile=54
EAPOL: Port Timers tick - authWhile=20 heldWhile=0 startWhen=23 idleWhile=53
EAPOL: Port Timers tick - authWhile=19 heldWhile=0 startWhen=22 idleWhile=52
EAPOL: Port Timers tick - authWhile=18 heldWhile=0 startWhen=21 idleWhile=51
Authentication with 00:0b:6b:2c:06:32 timed out.
Added BSSID 00:0b:6b:2c:06:32 into blacklist
wpa_driver_madwifi_disassociate
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
Setting scan request: 0 sec 0 usec
Starting AP scan (broadcast SSID)
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Disconnect event - remove keys
wpa_driver_madwifi_del_key: keyidx=0
wpa_driver_madwifi_del_key: keyidx=1
wpa_driver_madwifi_del_key: keyidx=2
wpa_driver_madwifi_del_key: keyidx=3
wpa_driver_madwifi_del_key: keyidx=0
Wireless event: cmd=0x8b1a len=12
EAPOL: Port Timers tick - authWhile=17 heldWhile=0 startWhen=20 idleWhile=50
Wireless event: cmd=0x8b19 len=12
Received 4093 bytes of scan results (16 BSSes)
Scan results: 16
Selecting BSS from priority group 10
0: 00:1c:f0:d9:b0:b2 ssid='PH_AP' wpa_ie_len=28 rsn_ie_len=0
   skip - SSID mismatch
1: 00:0b:6b:2c:06:32 ssid='joby-wpa' wpa_ie_len=24 rsn_ie_len=0
   skip - blacklisted

No APs found - clear blacklist and try again
Removed BSSID 00:0b:6b:2c:06:32 from blacklist (clear)
Removed BSSID 00:00:00:00:00:00 from blacklist (clear)
Selecting BSS from priority group 10
0: 00:1c:f0:d9:b0:b2 ssid='PH_AP' wpa_ie_len=28 rsn_ie_len=0
   skip - SSID mismatch
1: 00:0b:6b:2c:06:32 ssid='joby-wpa' wpa_ie_len=24 rsn_ie_len=0
   selected
Trying to associate with 00:0b:6b:2c:06:32 (SSID='joby-wpa' freq=2432 MHz)
Cancelling scan request
Automatic auth_alg selection: 0x1
WPA: using IEEE 802.11i/D3.0
WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 1
WPA: using GTK TKIP
WPA: using PTK TKIP
WPA: using KEY_MGMT 802.1X
WPA: Own WPA IE - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01
No keys have been configured - skip key clearing
wpa_driver_madwifi_set_drop_unencrypted: enabled=1
wpa_driver_madwifi_associate
Setting authentication timeout: 5 sec 0 usec
EAPOL: External notification - portControl=Auto
Wireless event: cmd=0x8b1a len=21
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:0b:6b:2c:06:32
Association event - clear replay counter
Associated to a new BSS: BSSID=00:0b:6b:2c:06:32
No keys have been configured - skip key clearing
Associated with 00:0b:6b:2c:06:32
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
SENDING EAPOL START
EAPOL: txStart
TX EAPOL - hexdump(len=18): 00 0b 6b 2c 06 32 00 30 1a 40 90 f7 88 8e 01 01 00 00
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
RX EAPOL from 00:0b:6b:2c:06:32
RX EAPOL - hexdump(len=9): 02 00 00 05 01 00 00 05 01
Setting authentication timeout: 70 sec 0 usec
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=1 id=0
EAP: EAP entering state IDENTITY
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=4):
     4a 6f 62 79                                       Joby
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=27): 00 0b 6b 2c 06 32 00 30 1a 40 90 f7 88 8e 01 00 00 09 02 00 00 09 01 4a 6f 62 79
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 9, expecting at least 99
EAPOL: Port Timers tick - authWhile=29 heldWhile=0 startWhen=29 idleWhile=59
RX EAPOL from 00:0b:6b:2c:06:32
RX EAPOL - hexdump(len=9): 02 00 00 05 01 01 00 05 01
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=1 id=1
EAP: EAP entering state IDENTITY
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using real identity - hexdump_ascii(len=4):
     4a 6f 62 79                                       Joby
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=27): 00 0b 6b 2c 06 32 00 30 1a 40 90 f7 88 8e 01 00 00 09 02 01 00 09 01 4a 6f 62 79
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 9, expecting at least 99
RX EAPOL from 00:0b:6b:2c:06:32
RX EAPOL - hexdump(len=10): 02 00 00 06 01 02 00 06 0d 20
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=13 id=2
EAP: EAP entering state GET_METHOD
EAP: initialize selected EAP method (13, TLS)
TLS: Trusted root certificate(s) loaded
EAP: EAP entering state METHOD
EAP-TLS: Received packet(len=6) - Flags 0x20
EAP-TLS: Start
SSL: (where=0x10 ret=0x1)
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:before/connect initialization
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client hello A
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read server hello A
SSL: SSL_connect - want more data
SSL: 72 bytes pending from ssl_out
SSL: 72 bytes left to be sent out (of total 72 bytes)
EAP: method process -> ignore=FALSE methodState=CONT decision=COND_SUCC
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=96): 00 0b 6b 2c 06 32 00 30 1a 40 90 f7 88 8e 01 00 00 4e 02 02 00 4e 0d 00 16 03 01 00 43 01 00 00 3f 03 01 48 98 46 4e 03 fc 3a cc 0f f1 50 4e 9b cb e4 3f dd a4 50 8b cf da e8 a7 80 b7 91 a1 8c e4 a5 75 00 00 18 00 39 00 35 00 16 00 0a 00 33 00 2f 00 07 00 62 00 15 00 09 00 14 00 08 01 00
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 10, expecting at least 99
RX EAPOL from 00:0b:6b:2c:06:32
RX EAPOL - hexdump(len=1400): 
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=13 id=3
EAP: EAP entering state METHOD
EAP-TLS: Received packet(len=1396) - Flags 0xc0
EAP-TLS: TLS Message Length: 1837
SSL: Need 451 bytes more input data
SSL: Building ACK
EAP: method process -> ignore=FALSE methodState=CONT decision=COND_SUCC
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=24): 00 0b 6b 2c 06 32 00 30 1a 40 90 f7 88 8e 01 00 00 06 02 03 00 06 0d 00
EAPOL: SUPP_BE entering state RECEIVE
IEEE 802.1X RX: version=2 type=0 length=1396
WPA: EAPOL frame (type 0) discarded, not a Key frame
EAPOL: Port Timers tick - authWhile=29 heldWhile=0 startWhen=28 idleWhile=59
RX EAPOL from 00:0b:6b:2c:06:32
RX EAPOL - hexdump(len=465): 
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=13 id=4
EAP: EAP entering state METHOD
EAP-TLS: Received packet(len=461) - Flags 0x80
EAP-TLS: TLS Message Length: 1837
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server hello A
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=1 buf='/C=SG/ST=Singapore/O=SB/OU=SB/CN=sr/emailAddress=sr at myorg.com'
TLS: tls_verify_cb - preverify_ok=1 err=0 (ok) depth=0 buf='/C=SG/ST=Singapore/L=Singapore/O=myOrg/OU=SB/CN=myorg.com/emailAddress=admin at myorg.com'
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server certificate A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server key exchange A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server certificate request A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read server done A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client certificate A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write client key exchange A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write certificate verify A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write change cipher spec A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 write finished A
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 flush data
SSL: (where=0x1002 ret=0xffffffff)
SSL: SSL_connect:error in SSLv3 read finished A
SSL: SSL_connect - want more data
SSL: 1626 bytes pending from ssl_out
SSL: 1626 bytes left to be sent out (of total 1626 bytes)
SSL: sending 1300 bytes, more fragments will follow
EAP: method process -> ignore=FALSE methodState=CONT decision=COND_SUCC
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=1328):
EAPOL: SUPP_BE entering state RECEIVE
IEEE 802.1X RX: version=2 type=0 length=461
WPA: EAPOL frame (type 0) discarded, not a Key frame
EAPOL: Port Timers tick - authWhile=29 heldWhile=0 startWhen=27 idleWhile=59
RX EAPOL from 00:0b:6b:2c:06:32
RX EAPOL - hexdump(len=10): 02 00 00 06 01 05 00 06 0d 00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=13 id=5
EAP: EAP entering state METHOD
EAP-TLS: Received packet(len=6) - Flags 0x00
SSL: 326 bytes left to be sent out (of total 1626 bytes)
EAP: method process -> ignore=FALSE methodState=CONT decision=COND_SUCC
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=350): 
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 10, expecting at least 99
EAPOL: Port Timers tick - authWhile=29 heldWhile=0 startWhen=26 idleWhile=59
RX EAPOL from 00:0b:6b:2c:06:32
RX EAPOL - hexdump(len=73): 02 00 00 45 01 06 00 45 0d 80 00 00 00 3b 14 03 01 00 01 01 16 03 01 00 30 69 21 ba de 50 e6 41 55 b5 1b 9c b7 d7 84 b9 bc 4a 9d 38 05 f7 f9 4c 1c d3 16 5d 86 f7 32 7c a3 81 c5 46 14 58 3a 7b 42 a8 ae 91 fa 86 0d af 77
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request method=13 id=6
EAP: EAP entering state METHOD
EAP-TLS: Received packet(len=69) - Flags 0x80
EAP-TLS: TLS Message Length: 59
SSL: (where=0x1001 ret=0x1)
SSL: SSL_connect:SSLv3 read finished A
SSL: (where=0x20 ret=0x1)
SSL: (where=0x1002 ret=0x1)
SSL: 0 bytes pending from ssl_out
SSL: No data to be sent out
EAP-TLS: Done
EAP-TLS: Derived key - hexdump(len=64): [REMOVED]
SSL: Building ACK
EAP: method process -> ignore=FALSE methodState=DONE decision=UNCOND_SUCC
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL - hexdump(len=24): 00 0b 6b 2c 06 32 00 30 1a 40 90 f7 88 8e 01 00 00 06 02 06 00 06 0d 00
EAPOL: SUPP_BE entering state RECEIVE
WPA: EAPOL frame too short, len 73, expecting at least 99
RX EAPOL from 00:0b:6b:2c:06:32
RX EAPOL - hexdump(len=8): 02 00 00 04 03 06 00 04
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Success
EAP: AS used the same Id again, but EAP packets were not identical
EAP: workaround - assume this is not a duplicate packet
EAP: EAP entering state SUCCESS
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_BE entering state IDLE
WPA: EAPOL frame too short, len 8, expecting at least 99
RX EAPOL from 00:0b:6b:2c:06:32
RX EAPOL - hexdump(len=99): 02 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 01 da 7a f1 41 d8 07 0a 6a 79 5c c3 ee 75 b0 86 d0 6c 6d e0 15 8c 03 fc 8a 98 42 8b 93 06 42 a6 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines
IEEE 802.1X RX: version=2 type=3 length=95
  EAPOL-Key type=254
WPA: RX EAPOL-Key - hexdump(len=99): 02 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 01 da 7a f1 41 d8 07 0a 6a 79 5c c3 ee 75 b0 86 d0 6c 6d e0 15 8c 03 fc 8a 98 42 8b 93 06 42 a6 1e 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
WPA: RX message 1 of 4-Way Handshake from 00:0b:6b:2c:06:32 (ver=1)
WPA: WPA IE for msg 2/4 - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01
WPA: Renewed SNonce - hexdump(len=32): 39 79 22 ec f5 91 af c5 0e 8d fd 27 f3 6b 54 a5 e6 6a ba 1e 3a aa d5 8a cc 0a 40 52 d2 09 7b e9
WPA: PMK from EAPOL state machines - hexdump(len=32): [REMOVED]
WPA: PMK - hexdump(len=32): [REMOVED]
WPA: PTK - hexdump(len=64): [REMOVED]
WPA: EAPOL-Key MIC - hexdump(len=16): 33 fc fc 5a 22 01 60 c7 79 07 64 6f ff dc 61 07
WPA: Sending EAPOL-Key 2/4
WPA: TX EAPOL-Key 2/4 - hexdump(len=137): 00 0b 6b 2c 06 32 00 30 1a 40 90 f7 88 8e 01 03 00 77 fe 01 09 00 20 00 00 00 00 00 00 00 01 39 79 22 ec f5 91 af c5 0e 8d fd 27 f3 6b 54 a5 e6 6a ba 1e 3a aa d5 8a cc 0a 40 52 d2 09 7b e9 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 33 fc fc 5a 22 01 60 c7 79 07 64 6f ff dc 61 07 00 18 dd 16 00 50 f2 01 01 00 00 50 f2 02 01 00 00 50 f2 02 01 00 00 50 f2 01
EAPOL: Port Timers tick - authWhile=29 heldWhile=0 startWhen=25 idleWhile=59
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
Setting scan request: 0 sec 100000 usec
Added BSSID 00:0b:6b:2c:06:32 into blacklist
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
Disconnect event - remove keys
wpa_driver_madwifi_del_key: keyidx=0
wpa_driver_madwifi_del_key: keyidx=1
wpa_driver_madwifi_del_key: keyidx=2
wpa_driver_madwifi_del_key: keyidx=3
wpa_driver_madwifi_del_key: keyidx=0


Regards
Joby




Dmitry Shmidt wrote:
> Hi,
>
> If you want to increase fragment size on FreeRadius, you need to change
> fragment_size value in eap.conf (in your radius config directory,
> usually /etc/raddb) to desiged value.
>
> Dmitry
>
> On Sun, Aug 3, 2008 at 10:47 PM, Joby Thampan
> <joby.thampan at smartbridges.com> wrote:
>   
>> Hi,
>>
>> Thanks for your reply.
>>
>> Is there any way to increase the fragment size at wpa_supplicant side and radius server side.
>> I am using freeradius.
>>
>> 802.11 normally is supporting 2304 bytes i guess.
>> Just to confirm whether this is a problem with fragmentation.
>>
>>
>>
>> Jouni Malinen wrote:
>>     
>>> On Fri, Aug 01, 2008 at 05:46:24PM +0800, Joby Thampan wrote:
>>>
>>>
>>>       
>>>> My WPA supplicant is able to send upto
>>>>
>>>> EAP-Response/
>>>>    EAP-Type=EAP-TLS
>>>>    (TLS certificate,
>>>>     TLS client_key_exchange,
>>>>     TLS certificate_verify,
>>>>     TLS change_cipher_spec,
>>>>     TLS finished) ->
>>>>
>>>>
>>>> but in sniffer it is showing as More Fragments to follow. But I am not seeing any fragments following it and the connection
>>>> stops over there. Authenticaton Peer is waiting to recieve the next packet.
>>>>
>>>>         
>>> Please take a look at what the authentication server is doing here. I
>>> did not notice any problems in the supplicant log; the server just seems
>>> to stop answering suddenly (it is supposed to send an empty frame to
>>> request the next fragment of this message).
>>>
>>>
>>>       
>> _______________________________________________
>> HostAP mailing list
>> HostAP at lists.shmoo.com
>> http://lists.shmoo.com/mailman/listinfo/hostap
>>
>>     
>
>   




More information about the Hostap mailing list