ibss mode with wpa2 encryption?

[Ben Greear]

On 11/24/2014 03:35 PM, Jouni Malinen wrote:
> On Mon, Nov 24, 2014 at 02:39:40PM -0800, Ben Greear wrote:
>> I'm trying to get ath9k NICs to do wpa2 encryption on ibss
>> networks with the config below.  I do not see any obvious errors
>> in the supplicant logs, but it will not pass traffic.
> 
>> Is this supposed to work?  The peer station has a similar setup.
> 
> RSN IBSS is supposed to work and well, works at least with
> mac80211_hwsim, but I have not tested with ath9k recently. Anyway, your
> configuration has some issues that would likely explain traffic not
> working.
> 
>>     proto=RSN
>>     pairwise=NONE
>>     group=TKIP
> 
> While TKIP is allowed, I'd use CCMP with RSN since TKIP does not make
> much sense for a case where every single device supporting RSN will also
> support CCMP. Anyway, the larger issue is with pairwise=NONE. That is
> not really something I would have ever tested with RSN IBSS since proper
> pairwise encryption should be used with RSN STAs. In other words,
> replace those with pairwise=CCMP and group=CCMP to make this more
> meaningful.


Ok, does this look better?

I am seeing auth timeouts in supplicant logs when I try to bring up two
stations like this on ath9k.  (It fails on ath10k too, but not sure if
that is a separate issue or not.)

Open auth works fine.


ctrl_interface=/var/run/wpa_supplicant
fast_reauth=1
concurrent_assoc_ok=1
scan_cur_freq=1
min_scan_gap=5
freq_list=2462

bss_max_count=2000
network={
    ssid="ben-138"
    disable_ht=0
    disable_vht=1
    ieee80211w=0
    disable_ht40=0
    disable_sgi=0
    ht_mcs=""
    disable_max_amsdu=-1
    ampdu_factor=-1
    ampdu_density=-1
    freq_list=2462

    mode=1
    frequency=2462
    proto=RSN
    key_mgmt=WPA-PSK
    #psk="ben-138-pwd"
    psk=fb926ec0b8c1467c29553d3241b03af31360b5c2a16d1640b2c151d12b70dc76
    pairwise=CCMP
    group=CCMP
    proactive_key_caching=0

}



-- 
Ben Greear <greearb at candelatech.com>
Candela Technologies Inc  http://www.candelatech.com