Problem with EAP-TLS connection to Atheros AR5002AP-2X AP
Dmitry Shmidt
dimitrysh
Mon Jul 28 09:33:11 PDT 2008
Hi,
Also it seems like the problem can be in fragment size in FreeRadius server.
I set in eap.conf fragment_size = 1024 (default allows 1500-1600) and
it starts to behave differently...
Thanks,
Dmitry
On Sun, Jul 27, 2008 at 7:33 AM, Chr <chunkeey at web.de> wrote:
> On Sunday 27 July 2008 00:15:49 Chr wrote:
>>
>> Well... after sniffing some EAP-Frames it looks like
>> that madwifi's stack or their driver has problems with fragmentation,
>> because the "Server Certificate" in the EAP gets truncated.
>>
>> So, I my theory is this:
>> wpa_supplicant does the right thing by dropping the connection,
>> since it can't verify if the server certificate is valid or not.
>>
>> Unfortunately, I don't have any backups of my old working setup,
>> so I don't really know which was the last madwifi-revision
>> where everything worked well...
>>
> Alright, I found a _simple_ workaround.
>
> just compile your client's wpa_supplicant with gnutls (and don't forget to
> enable gnutls extras) instead of openssl!
>
> This will let you associate..
> But WPA doesn't work for me as madwifi/hostapd seems to have a different
> opinion about the RSN flags when WPA is enabled... So, try to force
> "proto=RSN" in your wpa_supplicant.conf if you see messages about
> "IE in 3/4 msg does not match with IE in Beacon/ProbeResp".
>
> Regards,
> Chr
>
More information about the Hostap
mailing list