RSN questions

engage engage
Sun Nov 13 13:00:45 PST 2005


CCMP wouldn't work when using proto=WPA2 but it did work with proto=WPA. I do 
get an error message when starting wpa_supplicant: ioctl[SIOCSIWPMKSA]: 
Operation not supported. I'm trying to figure out why but I'm including the 
following debug (wpa_supplicant ...... -d) output when using proto=WPA2. 
Maybe you can figure this out faster than I can:

#cat /etc/wpa_supplicant.conf
#ctrl_interface=/var/run/wpa_supplicant
#
#network={
#       ssid="??????????????????"
#       key_mgmt=WPA-PSK
#       proto=WPA2
#       pairwise=CCMP
#       group=CCMP
#       psk="???????????????????????"
#       scan_ssid=1
#}
#
#dmesg | grep ndiswrapper
#ndiswrapper version 1.5 loaded (preempt=no,smp=no)
#wlan0: ndiswrapper ethernet device 00:0f:66:6d:8d:c9 using driver bcmwl5,

Initializing interface 'wlan0' conf '/etc/wpa_supplicant.conf' driver 
'default'
Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
Priority group 0
   id=0 ssid='???????????'
Initializing interface (2) 'wlan0'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
SIOCGIWRANGE: WE(compiled)=19 WE(source)=18 enc_capa=0xe
  capabilities: key_mgmt 0xa enc 0xf
Own MAC address: 00:0f:66:6d:8d:c9
wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
Setting scan request: 0 sec 100000 usec
Wireless event: cmd=0x8b06 len=8
State: DISCONNECTED -> SCANNING
Starting AP scan (specific SSID)
Scan SSID - hexdump_ascii(len=5):
     4b 49 37 52 57                                    ???????????           
Scan timeout - try to get results
Received 281 bytes of scan results (1 BSSes)
Scan results: 1
Selecting BSS from priority group 0
0: 00:12:17:e2:8d:05 ssid='???????????' wpa_ie_len=0 rsn_ie_len=22 caps=0x11
   selected
Trying to associate with 00:12:17:e2:8d:05 (SSID='???????????' freq=2462 MHz)
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
RSN: using IEEE 802.11i/D9.0
WPA: Selected cipher suites: group 16 pairwise 16 key_mgmt 2
WPA: clearing AP WPA IE
WPA: set AP RSN IE - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 
04 01 00 00 0f ac 02 00 00
WPA: using GTK CCMP
WPA: using PTK CCMP
WPA: using KEY_MGMT WPA-PSK
WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 
00 0f ac 04 01 00 00 0f ac 02 00 00
No keys have been configured - skip key clearing
State: SCANNING -> ASSOCIATING
Setting authentication timeout: 5 sec 0 usec
EAPOL: External notification - EAP success=0
EAPOL: External notification - EAP fail=0
EAPOL: External notification - portControl=Auto
RSN: Ignored PMKID candidate without preauth flag
Authentication with 00:00:00:00:00:00 timed out.
Added BSSID 00:00:00:00:00:00 into blacklist
State: ASSOCIATING -> DISCONNECTED
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
Setting scan request: 0 sec 0 usec
State: DISCONNECTED -> SCANNING
Starting AP scan (broadcast SSID)
Scan timeout - try to get results
Received 281 bytes of scan results (1 BSSes)
Scan results: 1
Selecting BSS from priority group 0
0: 00:12:17:e2:8d:05 ssid='???????????' wpa_ie_len=0 rsn_ie_len=22 caps=0x11
   selected
Trying to associate with 00:12:17:e2:8d:05 (SSID='???????????' freq=2462 MHz)
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
RSN: using IEEE 802.11i/D9.0
WPA: Selected cipher suites: group 16 pairwise 16 key_mgmt 2
WPA: clearing AP WPA IE
WPA: set AP RSN IE - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 
04 01 00 00 0f ac 02 00 00
WPA: using GTK CCMP
WPA: using PTK CCMP
WPA: using KEY_MGMT WPA-PSK
WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 
00 0f ac 04 01 00 00 0f ac 02 00 00
No keys have been configured - skip key clearing
State: SCANNING -> ASSOCIATING
Setting authentication timeout: 5 sec 0 usec
EAPOL: External notification - EAP success=0
EAPOL: External notification - EAP fail=0
EAPOL: External notification - portControl=Auto
RSN: Ignored PMKID candidate without preauth flag
State: ASSOCIATING -> DISCONNECTED
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
No keys have been configured - skip key clearing
Removed BSSID 00:00:00:00:00:00 from blacklist (clear)

On Sunday 13 November 2005 04:43 am, you wrote:
>Change the lines 2 to:
>
>pairwise=CCMP TKIP
>group=CCMP TKIP
>
>and it works :)
>
>On 11/13/05, engage <engage at n0sq.us> wrote:
>> I'm trying to get wpa_supplicant-0.4.5 set up for WPA2. I don't want to
>> use a
>> radius server for this. Anyway, I set up my Linksys WRT54G for
>> WPA2-Personal
>> with TKIP+AES (the other option for WPA2-Personal is AES).
>>
>> Here's what I used for wpa_supplicant.conf:
>>
>> #WPA2-Personal
>>
>> ctrl_interface=/var/run/wpa_supplicant
>>
>> network={
>> ssid="??????????"
>> key_mgmt=WPA-PSK
>> proto=WPA2 #i tried using RSN also
>> pairwise=TKIP
>> group=TKIP
>> psk="?????????????????????????????"
>> scan_ssid=1
>> }
>>
>> It doesn't work. iwconfig shows an AP association and an encryption key. I
>> can
>> ping the router but I can't access my DNS server or web surf. I can't ping
>> anything outside my LAN. The above config file does work with proto=WPA.
>>
>> I've been reading a few howto's but they have me confused and most of them
>> are
>> directed at Enterprise setups (port authentication with a radius server).
>> And
>> the only thing I've seen in the supplicant's README concerning AES is
>> CCMP.
>> If I understand correctly , CCMP is an improvement over AES and is used
>> with
>> a radius server? I don't see any other options in the README that are
>> appropriate. Does WPA2 require something more sophisticated than TKIP or
>> AES? The sample config files that I've seen have EAP in them. Like I said,
>> I'm confused as to how to do this.
>>
>> What am I missing?
>> _______________________________________________
>> HostAP mailing list
>> HostAP at shmoo.com
>> http://lists.shmoo.com/mailman/listinfo/hostap
>
>--
>
>
>Greetz
>Theetjuh




More information about the Hostap mailing list