PTK0 Rekeying Problems

Michael T Farnworth michael at turf.org
Thu Jul 23 06:48:35 EDT 2020 

I am using hostapd under the latest snapshot of OpenWRT on Archer C7, 
Archer A7 and Armor Z2 with WPA2-EAP.

I am aware of the PTK0 rekeying problems and consequently I am using:

eap_reauth_period=0

in an attempt to avoid rekeying generally.

Unfortunately it appears that the iPhoneX attempts to rekey regardless, 
so I added:

wpa_deny_ptk0_rekey=2

This is great for the iPhoneX, but I have now discovered that I have a 
Windows PC which attempts to rekey whenever it first connects and 
consequently it is completely unable to connect.

I get the following log messages:

Thu Jul 23 08:37:28 2020 daemon.info hostapd: wlan-5g: STA 
28:7f:cf:ee:fb:65 IEEE 802.11: authenticated
Thu Jul 23 08:37:28 2020 daemon.info hostapd: wlan-5g: STA 
28:7f:cf:ee:fb:65 IEEE 802.11: associated (aid 1)
Thu Jul 23 08:37:28 2020 daemon.notice hostapd: wlan-2g: Prune 
association for 28:7f:cf:ee:fb:65
Thu Jul 23 08:37:28 2020 daemon.notice hostapd: wlan-5g: 
CTRL-EVENT-EAP-STARTED 28:7f:cf:ee:fb:65
Thu Jul 23 08:37:28 2020 daemon.notice hostapd: wlan-5g: 
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Thu Jul 23 08:37:28 2020 daemon.notice hostapd: WPA: PTK0 rekey not 
allowed, disconnect 28:7f:cf:ee:fb:65
Thu Jul 23 08:37:33 2020 daemon.info hostapd: wlan-5g: STA 
28:7f:cf:ee:fb:65 IEEE 802.11: deauthenticated due to local deauth request
Thu Jul 23 08:37:58 2020 daemon.info hostapd: wlan-2g: STA 
28:7f:cf:ee:fb:65 IEEE 802.11: deauthenticated due to inactivity (timer 
DEAUTH/REMOVE)
Thu Jul 23 08:38:28 2020 daemon.info hostapd: wlan-5g: STA 
28:7f:cf:ee:fb:65 IEEE 802.11: authenticated
Thu Jul 23 08:38:28 2020 daemon.info hostapd: wlan-5g: STA 
28:7f:cf:ee:fb:65 IEEE 802.11: associated (aid 1)
Thu Jul 23 08:38:28 2020 daemon.notice hostapd: wlan-5g: 
CTRL-EVENT-EAP-STARTED 28:7f:cf:ee:fb:65
Thu Jul 23 08:38:28 2020 daemon.notice hostapd: wlan-5g: 
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Thu Jul 23 08:38:28 2020 daemon.notice hostapd: WPA: PTK0 rekey not 
allowed, disconnect 28:7f:cf:ee:fb:65
Thu Jul 23 08:38:28 2020 daemon.info hostapd: wlan-2g: STA 
28:7f:cf:ee:fb:65 IEEE 802.11: authenticated
Thu Jul 23 08:38:28 2020 daemon.info hostapd: wlan-2g: STA 
28:7f:cf:ee:fb:65 IEEE 802.11: associated (aid 5)
Thu Jul 23 08:38:28 2020 daemon.notice hostapd: wlan-5g: Prune 
association for 28:7f:cf:ee:fb:65
Thu Jul 23 08:38:28 2020 daemon.notice hostapd: wlan-2g: 
CTRL-EVENT-EAP-STARTED 28:7f:cf:ee:fb:65
Thu Jul 23 08:38:28 2020 daemon.notice hostapd: wlan-2g: 
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Thu Jul 23 08:38:28 2020 daemon.notice hostapd: WPA: PTK0 rekey not 
allowed, disconnect 28:7f:cf:ee:fb:65
Thu Jul 23 08:38:30 2020 daemon.info hostapd: wlan-5g: STA 
28:7f:cf:ee:fb:65 IEEE 802.11: authenticated
Thu Jul 23 08:38:30 2020 daemon.info hostapd: wlan-5g: STA 
28:7f:cf:ee:fb:65 IEEE 802.11: associated (aid 1)
Thu Jul 23 08:38:30 2020 daemon.notice hostapd: wlan-2g: Prune 
association for 28:7f:cf:ee:fb:65
Thu Jul 23 08:38:30 2020 daemon.notice hostapd: wlan-5g: 
CTRL-EVENT-EAP-STARTED 28:7f:cf:ee:fb:65
Thu Jul 23 08:38:30 2020 daemon.notice hostapd: wlan-5g: 
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Thu Jul 23 08:38:30 2020 daemon.notice hostapd: WPA: PTK0 rekey not 
allowed, disconnect 28:7f:cf:ee:fb:65
Thu Jul 23 08:38:33 2020 daemon.info hostapd: wlan-2g: STA 
28:7f:cf:ee:fb:65 IEEE 802.11: authenticated
Thu Jul 23 08:38:33 2020 daemon.info hostapd: wlan-2g: STA 
28:7f:cf:ee:fb:65 IEEE 802.11: associated (aid 5)
Thu Jul 23 08:38:33 2020 daemon.notice hostapd: wlan-5g: Prune 
association for 28:7f:cf:ee:fb:65
Thu Jul 23 08:38:33 2020 daemon.notice hostapd: wlan-2g: 
CTRL-EVENT-EAP-STARTED 28:7f:cf:ee:fb:65
Thu Jul 23 08:38:33 2020 daemon.notice hostapd: wlan-2g: 
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Thu Jul 23 08:38:33 2020 daemon.notice hostapd: WPA: PTK0 rekey not 
allowed, disconnect 28:7f:cf:ee:fb:65
Thu Jul 23 08:38:34 2020 daemon.info hostapd: wlan-2g: STA 
28:7f:cf:ee:fb:65 IEEE 802.11: authenticated
Thu Jul 23 08:38:34 2020 daemon.info hostapd: wlan-2g: STA 
28:7f:cf:ee:fb:65 IEEE 802.11: associated (aid 5)
Thu Jul 23 08:38:34 2020 daemon.notice hostapd: wlan-5g: Prune 
association for 28:7f:cf:ee:fb:65
Thu Jul 23 08:38:34 2020 daemon.notice hostapd: wlan-2g: 
CTRL-EVENT-EAP-STARTED 28:7f:cf:ee:fb:65
Thu Jul 23 08:38:34 2020 daemon.notice hostapd: wlan-2g: 
CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Thu Jul 23 08:38:34 2020 daemon.notice hostapd: WPA: PTK0 rekey not 
allowed, disconnect 28:7f:cf:ee:fb:65

Wondering if anybody has any views on the best way forward?  My gut 
instinct is that new connections might need a certain grace period 
during which they can rekey.

Thanks,
Michael

More information about the Hostap mailing list