disconnect after reauth via radius - association problems
Klaus Müller
kmueller
Sat Mar 19 05:23:09 PDT 2011
Hello,
I'm seeing disconnects after a successful reauth via radius. I'm using
WPA2-TLS with a WAP610N (AP) and two different chips on the side of
supplicant:
1. WUSB600N v2 (USB WLAN stick) - it's a chip driven with ralink
rt3572sta driver (version 2.5.0.0 from ralink - it's a OSS-driver)
2. Atheros Communications Inc. AR9285 onboard controller with ath9k
module shipped with the kernel.
Following the output for the Atheros chip:
iwconfig
wlan0 IEEE 802.11bgn ESSID:"ssid"
Mode:Managed Frequency:2.412 GHz Access Point: 00:25:11:bb:cc:aa
Bit Rate=150 Mb/s Tx-Power=20 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=59/70 Signal level=-51 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:50 Invalid misc:517 Missed beacon:0
iw wlan0 scan
BSS 00:25:11:bb:cc:aa (on wlan0) -- associated
TSF: 4680396808 usec (0d, 01:18:00)
freq: 2412
beacon interval: 100
capability: ESS Privacy ShortPreamble ShortSlotTime (0x0431)
signal: -49.00 dBm
last seen: 160 ms ago
SSID: ssid
Supported rates: 1.0* 2.0* 5.5* 11.0*
DS Parameter set: channel 1
Power constraint: 0 dB
ERP: <no flags>
Extended supported rates: 6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0
RSN: * Version: 1
* Group cipher: CCMP
* Pairwise ciphers: CCMP
* Authentication suites: IEEE 802.1X
* Capabilities: 16-PTKSA-RC (0x000c)
WMM: * Parameter version 1
* BE: CW 15-1023, AIFSN 3
* BK: CW 15-1023, AIFSN 7
* VI: CW 7-15, AIFSN 2, TXOP 3008 usec
* VO: acm CW 3-7, AIFSN 2, TXOP 1504 usec
wpa_supplicant.conf
network={
proactive_key_caching=1 # the problem comes up with or without it
ssid="ssid"
scan_ssid=1
key_mgmt=WPA-EAP
pairwise=CCMP
group=CCMP
eap=TLS
identity="id at somewhere.com"
ca_cert="/etc/mycerts/ca.pem"
client_cert="/etc/mycerts/client.crt"
private_key="/etc/mycerts/client.key"
private_key_passwd="private"
}
My distribution is OpenSuSE 11.4 (64 bit and 32 bit) with
2.6.37.1-1.2-desktop. wpa_supplicant is wpa_supplicant-0.7.3-2.1.
The problem is, that mostly after reauthentication (directly after or a
few seconds later), the connection is disconnected by the supplicant.
The log of wpa_supplicant is:
1300437189.810594: CTRL-EVENT-EAP-STARTED EAP authentication started
1300437189.839797: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
1300437189.839840: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS)
selected
1300437189.876134: CTRL-EVENT-EAP-SUCCESS EAP authentication completed
successfully
1300437189.894990: WPA: Key negotiation completed with 00:25:11:bb:cc:aa
[PTK=CCMP GTK=CCMP]
1300437192.972422: CTRL-EVENT-DISCONNECTED bssid=00:25:11:bb:cc:aa reason=0
1300437194.255602: Trying to associate with 00:25:11:bb:cc:aa
(SSID='ssid' freq=2412 MHz)
1300437194.282628: Associated with 00:25:11:bb:cc:aa
1300437194.292817: WPA: Key negotiation completed with 00:25:11:bb:cc:aa
[PTK=CCMP GTK=CCMP]
1300437194.292832: CTRL-EVENT-CONNECTED - Connection to
00:25:11:bb:cc:aa completed (reauth) [id=0 id_str=]
The disconnection after reauth mostly does not appear, if the NIC is
idle during reauth. But if there is going data through the NIC at the
same time (~ 0.1 MB/s or more), the disconnection mostly comes up (as in
the log above).
Additionally I tried an actual git version (from yesterday)
and tested again. The problem seems to be slightly better, but it isn't
really fixed.
After the disconnection happened, building up a new connection doesn't
work always fine. Sometimes it takes more then 3 minutes, until a
successful authentication can be done, because the association doesn't
work. Then it looks like that:
1300441176.148982: CTRL-EVENT-EAP-STARTED EAP authentication started
1300441176.169673: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
1300441176.169713: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 13 (TLS)
selected
1300441176.203153: CTRL-EVENT-EAP-SUCCESS EAP authentication completed
successfully
1300441176.229234: WPA: Key negotiation completed with 00:25:11:bb:cc:aa
[PTK=CCMP GTK=CCMP]
1300441179.291906: CTRL-EVENT-DISCONNECTED bssid=00:25:11:bb:cc:aa reason=0
1300441179.298451: CTRL-EVENT-DISCONNECTED bssid=00:00:00:00:00:00 reason=0
1300441183.310665: Trying to associate with 00:25:11:bb:cc:aa
(SSID='ssid' freq=2412 MHz)
1300441183.310882: Association request to the driver failed
1300441188.311099: Authentication with 00:25:11:bb:cc:aa timed out.
1300441192.234596: Trying to associate with 00:25:11:bb:cc:aa
(SSID='ssid' freq=2412 MHz)
1300441192.234797: Association request to the driver failed
1300441197.234931: Authentication with 00:25:11:bb:cc:aa timed out.
1300441201.154663: Trying to associate with 00:25:11:bb:cc:aa
(SSID='ssid' freq=2412 MHz)
1300441201.154876: Association request to the driver failed
1300441206.155933: Authentication with 00:25:11:bb:cc:aa timed out.
1300441210.068575: Trying to associate with 00:25:11:bb:cc:aa
(SSID='ssid' freq=2412 MHz)
1300441210.068822: Association request to the driver failed
1300441215.069466: Authentication with 00:25:11:bb:cc:aa timed out.
1300441218.989433: Trying to associate with 00:25:11:bb:cc:aa
(SSID='ssid' freq=2412 MHz)
1300441218.989635: Association request to the driver failed
1300441223.990511: Authentication with 00:25:11:bb:cc:aa timed out.
1300441227.910611: Trying to associate with 00:25:11:bb:cc:aa
(SSID='ssid' freq=2412 MHz)
1300441227.910822: Association request to the driver failed
1300441232.911615: Authentication with 00:25:11:bb:cc:aa timed out.
1300441236.834567: Trying to associate with 00:25:11:bb:cc:aa
(SSID='ssid' freq=2412 MHz)
1300441236.834766: Association request to the driver failed
1300441241.838502: Authentication with 00:25:11:bb:cc:aa timed out.
1300441245.751623: Trying to associate with 00:25:11:bb:cc:aa
(SSID='ssid' freq=2412 MHz)
1300441245.751829: Association request to the driver failed
1300441250.754482: Authentication with 00:25:11:bb:cc:aa timed out.
1300441254.671862: Trying to associate with 00:25:11:bb:cc:aa
(SSID='ssid' freq=2412 MHz)
1300441254.672071: Association request to the driver failed
1300441259.672802: Authentication with 00:25:11:bb:cc:aa timed out.
1300441263.589631: Trying to associate with 00:25:11:bb:cc:aa
(SSID='ssid' freq=2412 MHz)
1300441263.589843: Association request to the driver failed
1300441268.590332: Authentication with 00:25:11:bb:cc:aa timed out.
1300441272.511456: Trying to associate with 00:25:11:bb:cc:aa
(SSID='ssid' freq=2412 MHz)
1300441272.511664: Association request to the driver failed
1300441277.516144: Authentication with 00:25:11:bb:cc:aa timed out.
1300441281.439450: Trying to associate with 00:25:11:bb:cc:aa
(SSID='ssid' freq=2412 MHz)
1300441281.439654: Association request to the driver failed
1300441281.580478: Associated with 00:25:11:bb:cc:aa
1300441282.613687: WPA: Key negotiation completed with 00:25:11:bb:cc:aa
[PTK=CCMP GTK=CCMP]
1300441282.613721: CTRL-EVENT-CONNECTED - Connection to
00:25:11:bb:cc:aa completed (reauth) [id=0 id_str=]
1300441381.135741: WPA: Group rekeying completed with 00:25:11:bb:cc:aa
[GTK=CCMP]
I detected, that with the git version of wpa_supplicant, the
ralink-driver (2.5.0.0) does have massive problems to do an initial
connection at all, because the association often doesn't come up at all
(the same as in the log above). Therefore I went back to wpa_supplicant
0.7.3.
I have to say, that the 2.4.0.2-version of the ralink driver works
mostly fine (with wpa_supplicant 0.7.3 and OpenSuSE 11.3 (kernel 2.6.34)).
I would be glad if these two problems could be fixed:
-> disconnection originated by wpa_supplicant after reauth
-> problems to associate to the AP
If you need some more information - please ask - I will try to provide
them. I can do some testing too, if it is needed!
Thank you,
Klaus
More information about the Hostap
mailing list