PEAP, MSCHAPV2 and Raspberry Pi 3

Jordan J jordandev678 at gmail.com
Fri Jun 29 11:16:32 PDT 2018


Hello,

To add more information to this, I took a packet capture of the
failing connections:
No.     Time           Source       Destination  Protocol Length Info
      1 0.000000000    JuniperN     Raspberr     EAP      67
Request, Identity
      2 0.037804748    Raspberr     JuniperN     EAP      48
Response, Identity
      3 0.048833160    JuniperN     Raspberr     EAP      64
Request, Protected EAP (EAP-PEAP) *
      4 0.051987766    Raspberr     JuniperN     SSL      191    Client Hello
      5 0.054206063    JuniperN     Raspberr     EAP      64
Request, Protected EAP (EAP-PEAP) *
      6 0.055199715    Raspberr     JuniperN     SSL      191    Client Hello
      7 0.057474888    JuniperN     Raspberr     EAP      64
Request, Protected EAP (EAP-PEAP) *
      8 0.058695886    Raspberr     JuniperN     SSL      191    Client Hello

      And start over again...
      9 0.412136470    JuniperN     Raspberr     EAP      67
Request, Identity
     10 0.495966232    Raspberr     JuniperN     EAP      48
Response, Identity
     11 0.500564858    JuniperN     Raspberr     EAP      64
Request, Protected EAP (EAP-PEAP) *
     12 0.501750440    Raspberr     JuniperN     SSL      191    Client Hello
     13 0.504064935    JuniperN     Raspberr     EAP      64
Request, Protected EAP (EAP-PEAP) *
      ...etc.
      * = [ETHERNET FRAME CHECK SEQUENCE INCORRECT]

It seems like after the Client Hello the server never responds with a
Server hello, or much of anything beyond repeating it's earlier
request.
I looked up some example captures of working connections and it looked
like they all should have elicited a response of some kind, even if
just to indicate the reason for failure.
Anyone have any information on where to start looking next?


Thanks again for any advice that can be offered!

On Tue, Jun 26, 2018 at 4:21 PM, Jordan J <jordandev678 at gmail.com> wrote:
> Hey everyone,
>
> I'm having an issue with WPA-EAP that I've so far been unable to debug.
>
> I've tried all the usual things that looking back through Google and
> the mail archives suggest (disable tls versions, peaplabel, specify
> explicit protocols, etc.) but with no luck.
>
> What I have stumbled upon is that noobs (raspberry pi installer) is
> able to connect successfully with the most basic of config files, yet
> when I boot into Raspbian it fails both with the same config file and
> the more complex ones with the various potential fixes. That lead me
> to compare wpa_supplicant versions - working version is 2.5, Raspbian
> is 2.4, ah-ha!
>
> However, after manually building both 2.5 and 2.6 in Raspbian they
> still don't connect either. So at this point I'm a bit lost. I'd take
> that to mean wpa_supplicant probably isn't the core issue but I don't
> have enough exposure to wpa_supplicant logs to be able to parse out
> where the problem likely is (driver, OpenSSL, etc.). So I'm hoping
> someone can spare some time to have a look and point me in the right
> direction.
>
> The debug logs (-dd) can be found here:
>         Working log - https://pastebin.com/MeqpF8tm
>         Failing log - https://pastebin.com/F8sqXxB1
>
> The wpa_supplicant.conf that worked in noobs:
>     ctrl_interface=DIR=/var/run/wpa_supplicant GROUP=netdev
>     update_config=1
>     country=GB
>     network={
>         ssid="eduroam"
>         key_mgmt=WPA-EAP
>         identity="[Removed]"
>         password="[Removed]"
>     }
>
> Let me know if there is any other information that would be useful.
>
> Thanks for any help that can be provided!



More information about the Hostap mailing list