Phase 2 on PEAP and EAP-TTLS

Panagiotis Georgopoulos panos
Thu Nov 18 08:15:24 PST 2010

Hello Jouni, Alan, 

	Thanks for your replies, please se my answers below.

> On Thu, Nov 18, 2010 at 11:23:43AM -0000, Panagiotis Georgopoulos
> wrote:
> > > >               phase1="peaplabel=1"
> > >
> > > Are you sure the authentication server is using the new PEAP label?
> > > Most servers don't.
> >
> > Well, I am using FreeRadius 2.1.10 and I see no warnings or errors on
> > the FR's output regarding label=1 and the authentication finishes
> > Shouldn't I have seen an error/warning somewhere in the output?
> Not on the RADIUS server. The authentication part goes through just
> fine, but the derived keys are different and should you use this, e.g.,
> for WPA2-Enterprise, the peer would fail to complete the connection
> because of the mismatch in the keys.

Well, interestingly the keys negotiation between the Client (wpa_supplicant)
and Access Point (hostapd 0.7.3) finishes successfully. 

However, prompted by Alan's email that FR doesn't do PEAPv1, I looked into
the packets in Wireshark and I indeed see that the server requests PEAP
version 0 which I am guessing the client complies with.

> > Well.. since in theory PEAP is using only EAP based methods in Phase
> > 2, I am thinking that setting phase2="auth=MSCHAPV2" it would do
> > characterization as "based" worries me a little...:-D
> Worry about what? Why would be different if it were MSCHAPv2 without
> EAP encapsulation? Anyway, yes, it is EAP-MSCHAPv2 of which the PEAP
> encapsulation removes parts of the tunneled EAP header.

Well, that is the problem I am having.. I see different behaviour on the
FR's side when using PEAP/MSCHAPv2 and EAP-TTLS/EAP-MSCHAPv2 in Phase 2. I
am noticing two pairs of MS-MPEE keys in the Access-Accept message sent by
FR (see below) when I am using EAP-TTLS/EAP-MSCHAPv2 which I don't have when
I use PEAP/MSCHAPv2... 

Sending Access-Accept of id 52 to 2001:db95::100 port 1814
      Reply-Message = "Hello, bob-mr1"
      MS-MPPE-Encryption-Policy = 0x00000001
      MS-MPPE-Encryption-Types = 0x00000006
      MS-MPPE-Send-Key = 0x8566119a6066e8eb7c1663dea8d1629b
      MS-MPPE-Recv-Key = 0xc1f99bac753248c48db73fd5585bf810
      Message-Authenticator = 0x00000000000000000000000000000000
      User-Name = "bob-mr1"
      MS-MPPE-Recv-Key =
      MS-MPPE-Send-Key =
      EAP-Message = 0x03cf0004
      Proxy-State = 0x3130

(My full email to FR's mailing list if you need more information is here :
39.html )

	So, I am trying to investigate why I am getting 2 MS-MPEE keys on
EAP-TTLS/EAP-MSCHAPv2 and not on PEAP/MSCHAPv2 although theoretically they
follow the same (or very similar) process...

> > I totally see your point, thus is the reason I think, you consider
> > valid options both auth=MSCHAPv2 and autheap=MSCHAPv2 for EAP-TTLS in
> > phase2 to distinguish between plain mschapv2 and eap-mschapv2, right?
This is
> > exactly  what I wanted to clarify...
> Correct (or well, with the clarification that the correct spelling of
> that in auth/autheap parameters is with upper case 'v', i.e.,
> "MSCHAPV2").

Sure ;-)


More information about the Hostap mailing list