WPA/WPA2 Authentication failure - EAPOL-Key timeout
Sebastian Siebert
freespacer
Sun Apr 27 17:58:58 PDT 2014
Hello,
I have a problem with hostapd. I use a WLAN-Router from PC-Engines
APU.1C-Board with openSUSE 13.1 (64-bit). The WLAN device is a Compex
WLE200NX [1]. The devices HTC Sensation (Android 4.4.2 / Cyanogenmod)
and iPad (iOS 7.1) can not connect with the WLAN-Router. I use WPA2
(WPA-PSK/CCMP) but WPA (WPA-PSK/TKIP+CCMP) does not also work. Both
devices can see the SSID from the WLAN-Router.
I have tested this with hostapd 2.0, hostapd 2.1 and hostapd-latest-git.
I always get the same authentication failure but I can not find out the
real issue. I turned on the debug output and get "EAPOL-Key timeout"
every time (see below: # journalctl -f).
I attach the output from cli:
# iw list
# lspci | grep Network
# hwinfo --wlan
# lsmod | grep ath9k
# journalctl -f
# grep ^[^#] /etc/hostapd.conf
# ip link show
I am grateful for any hints and advice. Thank you.
Regards,
Sebastian
# iw list
Wiphy phy0
Band 1:
Capabilities: 0x11ce
HT20/HT40
SM Power Save disabled
RX HT40 SGI
TX STBC
RX STBC 1-stream
Max AMSDU length: 3839 bytes
DSSS/CCK HT40
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 8 usec (0x06)
HT TX/RX MCS rate indexes supported: 0-15
Frequencies:
* 2412 MHz [1] (20.0 dBm)
* 2417 MHz [2] (20.0 dBm)
* 2422 MHz [3] (20.0 dBm)
* 2427 MHz [4] (20.0 dBm)
* 2432 MHz [5] (20.0 dBm)
* 2437 MHz [6] (20.0 dBm)
* 2442 MHz [7] (20.0 dBm)
* 2447 MHz [8] (20.0 dBm)
* 2452 MHz [9] (20.0 dBm)
* 2457 MHz [10] (20.0 dBm)
* 2462 MHz [11] (20.0 dBm)
* 2467 MHz [12] (disabled)
* 2472 MHz [13] (disabled)
* 2484 MHz [14] (disabled)
Bitrates (non-HT):
* 1.0 Mbps
* 2.0 Mbps (short preamble supported)
* 5.5 Mbps (short preamble supported)
* 11.0 Mbps (short preamble supported)
* 6.0 Mbps
* 9.0 Mbps
* 12.0 Mbps
* 18.0 Mbps
* 24.0 Mbps
* 36.0 Mbps
* 48.0 Mbps
* 54.0 Mbps
Band 2:
Capabilities: 0x11ce
HT20/HT40
SM Power Save disabled
RX HT40 SGI
TX STBC
RX STBC 1-stream
Max AMSDU length: 3839 bytes
DSSS/CCK HT40
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 8 usec (0x06)
HT TX/RX MCS rate indexes supported: 0-15
Frequencies:
* 5180 MHz [36] (17.0 dBm)
* 5200 MHz [40] (17.0 dBm)
* 5220 MHz [44] (17.0 dBm)
* 5240 MHz [48] (17.0 dBm)
* 5260 MHz [52] (20.0 dBm) (passive scanning,
no IBSS, radar detection)
* 5280 MHz [56] (20.0 dBm) (passive scanning,
no IBSS, radar detection)
* 5300 MHz [60] (20.0 dBm) (passive scanning,
no IBSS, radar detection)
* 5320 MHz [64] (20.0 dBm) (passive scanning,
no IBSS, radar detection)
* 5500 MHz [100] (20.0 dBm) (passive scanning,
no IBSS, radar detection)
* 5520 MHz [104] (20.0 dBm) (passive scanning,
no IBSS, radar detection)
* 5540 MHz [108] (20.0 dBm) (passive scanning,
no IBSS, radar detection)
* 5560 MHz [112] (20.0 dBm) (passive scanning,
no IBSS, radar detection)
* 5580 MHz [116] (20.0 dBm) (passive scanning,
no IBSS, radar detection)
* 5600 MHz [120] (disabled)
* 5620 MHz [124] (disabled)
* 5640 MHz [128] (disabled)
* 5660 MHz [132] (20.0 dBm) (passive scanning,
no IBSS, radar detection)
* 5680 MHz [136] (20.0 dBm) (passive scanning,
no IBSS, radar detection)
* 5700 MHz [140] (20.0 dBm) (passive scanning,
no IBSS, radar detection)
* 5745 MHz [149] (disabled)
* 5765 MHz [153] (disabled)
* 5785 MHz [157] (disabled)
* 5805 MHz [161] (disabled)
* 5825 MHz [165] (disabled)
Bitrates (non-HT):
* 6.0 Mbps
* 9.0 Mbps
* 12.0 Mbps
* 18.0 Mbps
* 24.0 Mbps
* 36.0 Mbps
* 48.0 Mbps
* 54.0 Mbps
max # scan SSIDs: 4
max scan IEs length: 2257 bytes
Coverage class: 0 (up to 0m)
Supported Ciphers:
* WEP40 (00-0f-ac:1)
* WEP104 (00-0f-ac:5)
* TKIP (00-0f-ac:2)
* CCMP (00-0f-ac:4)
* CMAC (00-0f-ac:6)
Available Antennas: TX 0x3 RX 0x3
Configured Antennas: TX 0x3 RX 0x3
Supported interface modes:
* IBSS
* managed
* AP
* AP/VLAN
* WDS
* monitor
* mesh point
* P2P-client
* P2P-GO
software interface modes (can always be added):
* AP/VLAN
* monitor
valid interface combinations:
* #{ managed, WDS, P2P-client } <= 2048, #{ AP, mesh
point, P2P-GO } <= 8,
total <= 2048, #channels <= 1, STA/AP BI must match
* #{ IBSS, AP, mesh point } <= 1,
total <= 1, #channels <= 1, STA/AP BI must match
Supported commands:
* new_interface
* set_interface
* new_key
* start_ap
* new_station
* new_mpath
* set_mesh_config
* set_bss
* authenticate
* associate
* deauthenticate
* disassociate
* join_ibss
* join_mesh
* remain_on_channel
* set_tx_bitrate_mask
* frame
* frame_wait_cancel
* set_wiphy_netns
* set_channel
* set_wds_peer
* tdls_mgmt
* tdls_oper
* probe_client
* set_noack_map
* register_beacons
* Unknown command (89)
* Unknown command (92)
* Unknown command (104)
* connect
* disconnect
Supported TX frame types:
* IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80
0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70
0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80
0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70
0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70
0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70
0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80
0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70
0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
Supported RX frame types:
* IBSS: 0x40 0xb0 0xc0 0xd0
* managed: 0x40 0xd0
* AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* mesh point: 0xb0 0xc0 0xd0
* P2P-client: 0x40 0xd0
* P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* P2P-device: 0x40 0xd0
Device supports RSN-IBSS.
HT Capability overrides:
* MCS: ff ff ff ff ff ff ff ff ff ff
* maximum A-MSDU length
* supported channel width
* short GI for 40 MHz
* max A-MPDU length exponent
* min MPDU start spacing
Device supports TX status socket option.
Device supports HT-IBSS.
# lspci | grep Network
04:00.0 Network controller: Qualcomm Atheros AR928X Wireless Network
Adapter (PCI-Express) (rev 01)
# hwinfo --wlan
32: PCI 400.0: 0282 WLAN controller
[Created at pci.319]
Unique ID: YVtp.WCmXRZemh61
Parent ID: M71A.Quhfnq057a3
SysFS ID: /devices/pci0000:00/0000:00:07.0/0000:04:00.0
SysFS BusID: 0000:04:00.0
Hardware Class: network
Model: "Atheros AR928X Wireless Network Adapter (PCI-Express)"
Vendor: pci 0x168c "Atheros Communications Inc."
Device: pci 0x002a "AR928X Wireless Network Adapter (PCI-Express)"
SubVendor: pci 0x168c "Atheros Communications Inc."
SubDevice: pci 0x3099
Revision: 0x01
Driver: "ath9k"
Driver Modules: "ath9k"
Device File: wlp4s0
Features: WLAN
Memory Range: 0xf7e00000-0xf7e0ffff (rw,non-prefetchable)
IRQ: 19 (no events)
HW Address: 04:f0:21:0a:64:42
Link detected: yes
WLAN channels: 1 2 3 4 5 6 7 8 9 10 11 36 40 44 48 52 56 60 64 100
104 108 112 116 132 136 140
WLAN frequencies: 2.412 2.417 2.422 2.427 2.432 2.437 2.442 2.447
2.452 2.457 2.462 5.18 5.2 5.22 5.24 5.26 5.28 5.3 5.32 5.5 5.52 5.54
5.56 5.58 5.66 5.68 5.7
WLAN encryption modes: WEP40 WEP104 TKIP CCMP
WLAN authentication modes: open sharedkey wpa-psk wpa-eap
Module Alias: "pci:v0000168Cd0000002Asv0000168Csd00003099bc02sc80i00"
Driver Info #0:
Driver Status: ath9k is active
Driver Activation Cmd: "modprobe ath9k"
Config Status: cfg=no, avail=yes, need=no, active=unknown
Attached to: #5 (PCI bridge)
# lsmod | grep ath9k
ath9k 108782 0
mac80211 666756 1 ath9k
ath9k_common 13551 1 ath9k
ath9k_hw 437836 2 ath9k,ath9k_common
ath 33102 3 ath9k,ath9k_common,ath9k_hw
cfg80211 543250 3 ath9k,mac80211,ath
# journalctl -f
Apr 28 02:07:25 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28
IEEE 802.11: authentication OK (open system)
Apr 28 02:07:25 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28
MLME: MLME-AUTHENTICATE.indication(d8:b3:77:cc:8f:28, OPEN_SYSTEM)
Apr 28 02:07:25 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28
MLME: MLME-DELETEKEYS.request(d8:b3:77:cc:8f:28)
Apr 28 02:07:25 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28
IEEE 802.11: authenticated
Apr 28 02:07:25 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28
IEEE 802.11: association OK (aid 1)
Apr 28 02:07:25 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28
IEEE 802.11: associated (aid 1)
Apr 28 02:07:25 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28
MLME: MLME-ASSOCIATE.indication(d8:b3:77:cc:8f:28)
Apr 28 02:07:25 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28
MLME: MLME-DELETEKEYS.request(d8:b3:77:cc:8f:28)
Apr 28 02:07:25 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28
WPA: event 1 notification
Apr 28 02:07:25 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28
WPA: start authentication
Apr 28 02:07:25 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28
IEEE 802.1X: unauthorizing port
Apr 28 02:07:25 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28
WPA: sending 1/4 msg of 4-Way Handshake
Apr 28 02:07:26 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28
WPA: EAPOL-Key timeout
Apr 28 02:07:26 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28
WPA: sending 1/4 msg of 4-Way Handshake
Apr 28 02:07:27 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28
WPA: EAPOL-Key timeout
Apr 28 02:07:27 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28
WPA: sending 1/4 msg of 4-Way Handshake
Apr 28 02:07:28 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28
WPA: EAPOL-Key timeout
Apr 28 02:07:28 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28
WPA: sending 1/4 msg of 4-Way Handshake
Apr 28 02:07:29 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28
WPA: EAPOL-Key timeout
Apr 28 02:07:29 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28
WPA: PTKSTART: Retry limit 4 reached
Apr 28 02:07:29 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28
WPA: event 3 notification
Apr 28 02:07:29 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28
IEEE 802.1X: unauthorizing port
Apr 28 02:07:29 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28
MLME: MLME-DEAUTHENTICATE.indication(d8:b3:77:cc:8f:28, 2)
Apr 28 02:07:29 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28
MLME: MLME-DELETEKEYS.request(d8:b3:77:cc:8f:28)
Apr 28 02:07:34 router hostapd[11012]: wlp4s0: STA d8:b3:77:cc:8f:28
IEEE 802.11: deauthenticated due to local deauth request
# grep ^[^#] /etc/hostapd.conf
interface=wlp4s0
bridge=br0
driver=nl80211
logger_syslog=-1
logger_syslog_level=0
logger_stdout=-1
logger_stdout_level=0
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=PowerRouter
country_code=DE
hw_mode=g
channel=11
beacon_int=100
dtim_period=2
max_num_sta=255
rts_threshold=2347
fragm_threshold=2346
macaddr_acl=0
auth_algs=3
ignore_broadcast_ssid=0
wmm_enabled=1
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0
ieee80211n=1
eapol_key_index_workaround=0
eap_server=0
own_ip_addr=127.0.0.1
wpa=2
wpa_psk=06c58fa2a31010c8215ad9ddc2e83607d8876c006b81920658084df728a83d1b
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
rsn_preauth=1
rsn_preauth_interfaces=br0 wlp4s0
# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode
DEFAULT
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP mode DEFAULT qlen 1000
link/ether 00:0d:b9:33:8e:ec brd ff:ff:ff:ff:ff:ff
3: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP mode DEFAULT qlen 1000
link/ether 00:0d:b9:33:8e:ed brd ff:ff:ff:ff:ff:ff
4: enp3s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast
state DOWN mode DEFAULT qlen 1000
link/ether 00:0d:b9:33:8e:ee brd ff:ff:ff:ff:ff:ff
5: wlp4s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master
br0 state UP mode DEFAULT qlen 1000
link/ether 04:f0:21:0a:64:42 brd ff:ff:ff:ff:ff:ff
6: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc
pfifo_fast state UNKNOWN mode DEFAULT qlen 3
link/ppp
48: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT
link/ether 04:f0:21:0a:64:42 brd ff:ff:ff:ff:ff:ff
[1] Datasheet of WLE200NX: <http://www.pcengines.ch/pdf/wle200nx.pdf>
More information about the Hostap
mailing list