You are not logged in.

#1 2008-06-07 19:20:58

zenlord
Member
From: Belgium
Registered: 2006-05-24
Posts: 1,221
Website

WPA2 - WPA-PSK - TKIP trouble

Situation:
- D-Link DIR-635 802.11n-router configured: only WPA2 (personal) with TKIP
- D-Link DWA-645 802.11n-pcmcia with atheros chipset and working ndiswrapper driver (ath5k is not yet supporting this chipset)

I cannot connect to the router and I'm not sure it's the linux-config or the router-config that is to blame (which makes troubleshooting a real pain), so here goes:

#  wpa_supplicant -dd -c/etc/wpa_supplicant.conf -iwlan0 -Dwext

Initializing interface 'wlan0' conf '/etc/wpa_supplicant.conf' driver 'wext' ctrl_interface 'N/A' bridge 'N/A'
Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group='0' (DEPRECATED)
eapol_version=1
ap_scan=1
fast_reauth=1
Line: 7 - start of a new network block
ssid - hexdump_ascii(len=9):
     53 4c 2d 61 63 63 65 73 73                        SL-access       
key_mgmt: 0x2
pairwise: 0x8
group: 0x8
proto: 0x2
priority=9 (0x9)
PSK - hexdump(len=32): [REMOVED]
Priority group 9
   id=0 ssid='SL-access'
Initializing interface (2) 'wlan0'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
SIOCGIWRANGE: WE(compiled)=22 WE(source)=18 enc_capa=0xf
  capabilities: key_mgmt 0xf enc 0xf
WEXT: Operstate: linkmode=1, operstate=5
Own MAC address: 00:17:9a:45:9b:1f
wpa_driver_wext_set_wpa
wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_countermeasures
wpa_driver_wext_set_drop_unencrypted
Setting scan request: 0 sec 100000 usec
ctrl_interface_group=0
Added interface wlan0
RTM_NEWLINK: operstate=0 ifi_flags=0x1002 ()
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
State: DISCONNECTED -> SCANNING
Starting AP scan (broadcast SSID)
Trying to get current scan results first without requesting a new scan to speed up initial association
Received 256 bytes of scan results (1 BSSes)
Scan results: 1
Selecting BSS from priority group 9
Try to find WPA-enabled AP
0: 00:1c:f0:ee:f8:68 ssid='SL-access' wpa_ie_len=0 rsn_ie_len=22 caps=0x11
   selected based on RSN IE
   selected WPA AP 00:1c:f0:ee:f8:68 ssid='SL-access'
Try to find non-WPA AP
Trying to associate with 00:1c:f0:ee:f8:68 (SSID='SL-access' freq=2412 MHz)
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
RSN: using IEEE 802.11i/D9.0
WPA: Selected cipher suites: group 8 pairwise 8 key_mgmt 2 proto 2
WPA: clearing AP WPA IE
WPA: set AP RSN IE - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00 00 0f ac 02 01 00 00 0f ac 02 00 00
WPA: using GTK TKIP
WPA: using PTK TKIP
WPA: using KEY_MGMT WPA-PSK
WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 02 01 00 00 0f ac 02 01 00 00 0f ac 02 00 00
No keys have been configured - skip key clearing
wpa_driver_wext_set_drop_unencrypted
State: SCANNING -> ASSOCIATING
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
wpa_driver_wext_associate
Setting authentication timeout: 10 sec 0 usec
EAPOL: External notification - EAP success=0
EAPOL: External notification - EAP fail=0
EAPOL: External notification - portControl=Auto
RSN: Ignored PMKID candidate without preauth flag
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b04 len=12
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b1a len=17
Authentication with 00:1c:f0:ee:f8:68 timed out.
Added BSSID 00:1c:f0:ee:f8:68 into blacklist
No keys have been configured - skip key clearing
State: ASSOCIATING -> DISCONNECTED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - EAP success=0
Setting scan request: 0 sec 0 usec
State: DISCONNECTED -> SCANNING
Starting AP scan (broadcast SSID)
Scan requested (ret=0) - scan timeout 5 seconds
^CCTRL-EVENT-TERMINATING - signal 2 received
Removing interface wlan0
State: SCANNING -> DISCONNECTED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
wpa_driver_wext_set_wpa
wpa_driver_wext_set_drop_unencrypted
wpa_driver_wext_set_countermeasures
No keys have been configured - skip key clearing
Removed BSSID 00:1c:f0:ee:f8:68 from blacklist (clear)
Cancelling scan request
Cancelling authentication timeout
WEXT: Operstate: linkmode=0, operstate=6

net-profile wl-Synergy:

CONNECTION="wireless"
DESCRIPTION="SynergyLaw wireless access"
INTERFACE=wlan0
ESSID="SL-access"
SCAN="yes"
SECURITY="wpa-config"
IP="dhcp"
TIMEOUT=40
WPA_CONF=/etc/wpa_supplicant.conf

/etc/wpa_supplicant.conf:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=1
fast_reauth=1

network={
    ssid="SL-access"
    key_mgmt=WPA-PSK
    pairwise=TKIP
    group=TKIP
    proto=WPA2
    priority=9
    #psk="abc"
    psk=<censored>
}

#  iwlist wlan0 scan:

wlan0     Scan completed :
          Cell 01 - Address: 00:1C:F0:EE:F8:68
                    ESSID:"SL-access"
                    Protocol:IEEE 802.11g
                    Mode:Managed
                    Frequency:2.412 GHz (Channel 1)
                    Quality:45/100  Signal level:-67 dBm  Noise level:-96 dBm
                    Encryption key:on
                    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
                              9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s; 36 Mb/s
                              48 Mb/s; 54 Mb/s
                    Extra:bcn_int=100
                    Extra:atim=0
                    IE: IEEE 802.11i/WPA2 Version 1
                        Group Cipher : TKIP
                        Pairwise Ciphers (1) : TKIP
                        Authentication Suites (1) : PSK

I find a lot of people asking similar questions, but none of the answers have helped me so far. I hope to find someone here with a similar setup and the answer to all my problems smile

Zl.

Offline

#2 2008-06-09 08:50:59

zenlord
Member
From: Belgium
Registered: 2006-05-24
Posts: 1,221
Website

Re: WPA2 - WPA-PSK - TKIP trouble

Latest ndiswrapper only works with wext-driver I was told. I'll try it your way later today since I get no other suggestions...

Zl.
PS: I tried to connect to my other wlan (only WEP) and it wouldn't work, where as my father's laptop (up2date Arch with iwl3945) has no problems connecting - so there's probably something wrong with my laptop-setup...

Offline

#3 2008-06-09 15:46:03

zouzou85
Member
From: hopefully some where peaceful
Registered: 2007-12-25
Posts: 29

Re: WPA2 - WPA-PSK - TKIP trouble

try using wicd (front-end of wpa-supplicant), very easy to configure.
http://wiki.archlinux.org/index.php/Wicd

note that this package is still in heavy developement, but sofar it worked better than plain wpa_supplicant or networkmanager


It's nice to be in a peaceful place like this. smile

Offline

#4 2008-06-12 08:00:24

zenlord
Member
From: Belgium
Registered: 2006-05-24
Posts: 1,221
Website

Re: WPA2 - WPA-PSK - TKIP trouble

OK, I think my router/access point is setup correctly now, but I still cannot connect to any wireless network, not with my onboard prism54-card and not with my Atheros 5416-PCMCIA-card.

I blacklisted following modules: ath5k, mac80211, prism54 - but still no go.

'iwlist scan' works, but neither netcfg2, neither wpa_supplicant enables me to connect.

Any other suggestions? Tonight I'll try wicd, but I would *really* like netcfg2 to do this for me...

Zl.

Offline

#5 2008-06-12 08:13:14

iphitus
Forum Fellow
From: Melbourne, Australia
Registered: 2004-10-09
Posts: 4,927

Re: WPA2 - WPA-PSK - TKIP trouble

what error do you get from wpa_supplicant with the prism?

Offline

#6 2008-06-12 09:42:37

zenlord
Member
From: Belgium
Registered: 2006-05-24
Posts: 1,221
Website

Re: WPA2 - WPA-PSK - TKIP trouble

http://bbs.archlinux.org/viewtopic.php?id=45679

I never tried wpa_supplicant with the prism-card, because it couldn't even connect to a WEP-'secured'-network.

Zl.

Offline

#7 2008-06-12 12:43:49

.:B:.
Forum Fellow
Registered: 2006-11-26
Posts: 5,819
Website

Re: WPA2 - WPA-PSK - TKIP trouble

zenlord wrote:

[...]

'iwlist scan' works, but neither netcfg2, neither wpa_supplicant enables me to connect.

Iwlist will only probe for networks, it will not interfere with the encryption, if any, so unfortunately that is no help smile.

Did you try to run an open network - not for kicks, just to check if it works? The fact your laptop does not connect to neither WEP or (hybrid!) WPA2 would mean - as you guessed - that the laptop is to blame.

I'd first try to switch to regular WPA2 (AES), WPA2 TKIP is not WPA2, it's some mix between WPA (which has TKIP as encryption) and WPA2 (which is AES). They aren't fully interchangeable and TKIP is very close to WEP's encryption protocol, which means it is easier to crack - and surely more vulnerable. Going with the vanilla implementations might help (although of course it's no guarantee that's the source of your problem).

Last edited by B (2008-06-12 12:45:20)


Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy

Offline

#8 2008-06-12 14:17:22

zenlord
Member
From: Belgium
Registered: 2006-05-24
Posts: 1,221
Website

Re: WPA2 - WPA-PSK - TKIP trouble

I know that iwlist is very limited, but with my prism-card, iwlist wouldn't even work, so I'm listing it as a partial success smile

This weekend I tried to connect to a WEP-network at home and recently I tried the same with a WEP- and unsecured network. I admit that I didn't try either one of those possibilities after blacklisting every wireless module except the ndiswrapper-one. I'll try to do this tonight.

As for your suggestion to use WPA2 (AES): I don't know enough about WPA(2), so I'll try that suggestion also. Should my wpa_supplicant be like this?

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
eapol_version=1
ap_scan=1
fast_reauth=1

network={
    ssid="SL-access"
    key_mgmt=WPA-PSK
    pairwise=CCMP
    group=CCMP
    proto=WPA2
    priority=9
    #psk="abc"
    psk=<censored>
}

Am I the only one to find the examples on the wpa_supplicant-website very confusing / complicated? I 've not been able to find information about all the possible values of all the possible variables. That's why my wpa_supplicant.conf is a merge of several confs I found with google...

Zl.
PS, B: I think I read that you're using WPA2 on your wireless-n network. How did you setup your access point/router? All the 'n'-specific options are new to me, so maybe I can set those options a little less strict? (20 or 40 MHz-wide band - only b / g / n -connections or all - etc.) If possible of course, I would like to make it as hard as possible to break the security.

Last edited by zenlord (2008-06-12 14:23:55)

Offline

#9 2008-06-12 14:34:22

.:B:.
Forum Fellow
Registered: 2006-11-26
Posts: 5,819
Website

Re: WPA2 - WPA-PSK - TKIP trouble

I am running WPA2 indeed, but no N - plain G for the moment.

That wpa_supplicant.conf looks dandy :).

Here's mine for reference:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
#fast_reauth=0
#ap_scan=0

#DIR=/var/run/wpa_supplicant GROUP=wheel

# My home network
network={
        ssid=*snip*
        key_mgmt=WPA-PSK
        proto=WPA2
        pairwise=CCMP
        group=CCMP
        #psk=*snip*
        psk=*snip*
}

# Arne's network 
network={
        ssid=*snip*
        key_mgmt=WPA-PSK
        proto=WPA
        pairwise=TKIP
        group=TKIP
        #psk=*snip*
        psk=*snip*
}

As you can see the first one is WPA2, the second one WPA. Of course you can mix but that will imho only increase possible incompatibilities.

My netcfg setup:

CONNECTION="wireless"
INTERFACE="intel"
HOSTNAME="hermes"

# AP authentication
SCAN="yes"
SECURITY="wpa-config"
WPA_CONF="/etc/wpa_supplicant.conf"
WPA_OPTS="-Dwext -B"
ESSID=*snip*

# IP address
IP="dhcp"
DHCP_TIMEOUT=10

N does not add any additional security (except that it makes WPA2 mandatory as far as I understood, I might be wrong about this). My router runs OpenWRT and I only intend to switch to N when I find a router that is stable on OpenWRT, and provides N performance and range (now you often have to resort to G MIMO drivers and stuff with OpenWRT on N models).


Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy

Offline

#10 2008-06-12 22:33:10

zenlord
Member
From: Belgium
Registered: 2006-05-24
Posts: 1,221
Website

Re: WPA2 - WPA-PSK - TKIP trouble

Well, the unthinkable happened: using wicd I was able to connect (typing this over the wireless connection right now).

I'll try again with netcfg2 - wicd installed dhclient along the way and I read somewhere people were sometimes having succes with dhclient where dhcpd failed.

Zl.

Offline

#11 2008-06-13 08:39:57

iphitus
Forum Fellow
From: Melbourne, Australia
Registered: 2004-10-09
Posts: 4,927

Re: WPA2 - WPA-PSK - TKIP trouble

I hate linux wireless sometimes/usually/all the time. It's exactly why I wrote netcfg2, to make something that works for most, and yet it still doesnt.

Some say wicd works, some say netcfg2 works, some say networkmanager works. All the drivers are so bloody inconsistent and it's a nightmare to develop for, and near impossible to test properly.

I'm sick of the various driver specific workarounds, so in the next netcfg2 update, they're all being removed, leaving stock, standard connection code that SHOULD work with every driver.

If your driver doesnt work, it's broken, non standard, and you'll have to turn on the hacks in the QUIRKS=() array necessary to make it work. People can put on the wiki which hacks work with each and bitch to their driver maintainers.

If anyone has any hacks/quirks/workarounds they want added.. please file a bug report titled QUIRK.

zenlord: Sorry im using your thread to rant, could you mess about with the present netcfg2, and see what you can change to make it work? Or just find a set of commands you can run by hand that work. (wpa_supplicant/iwconfig/dhcpcd/etc)

James

Last edited by iphitus (2008-06-13 08:42:07)

Offline

#12 2008-06-13 11:21:21

zenlord
Member
From: Belgium
Registered: 2006-05-24
Posts: 1,221
Website

Re: WPA2 - WPA-PSK - TKIP trouble

iphitus wrote:

zenlord: Sorry im using your thread to rant, could you mess about with the present netcfg2, and see what you can change to make it work? Or just find a set of commands you can run by hand that work. (wpa_supplicant/iwconfig/dhcpcd/etc)

No problem at all - I feel your pain (albeit from a user POV) and I'm so sorry that I have not yet been of any real assistance to your script. I will try to find out why wicd is successful at this and netcfg2 not - that might inspire you to improve or debug netcfg2 (whatever is holding it back sometimes).

Maybe my problems would be solved using the ath5k-driver, but at this moment my chipset is not yet supported by this driver.

Zl.

Offline

#13 2008-06-27 11:42:29

ST.x
Member
From: Sydney, Australia
Registered: 2008-01-25
Posts: 363
Website

Re: WPA2 - WPA-PSK - TKIP trouble

B wrote:

I am running WPA2 indeed, but no N - plain G for the moment.

That wpa_supplicant.conf looks dandy smile.

Here's mine for reference:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
#fast_reauth=0
#ap_scan=0

#DIR=/var/run/wpa_supplicant GROUP=wheel

# My home network
network={
        ssid=*snip*
        key_mgmt=WPA-PSK
        proto=WPA2
        pairwise=CCMP
        group=CCMP
        #psk=*snip*
        psk=*snip*
}

# Arne's network 
network={
        ssid=*snip*
        key_mgmt=WPA-PSK
        proto=WPA
        pairwise=TKIP
        group=TKIP
        #psk=*snip*
        psk=*snip*
}

As you can see the first one is WPA2, the second one WPA. Of course you can mix but that will imho only increase possible incompatibilities.

My netcfg setup:

CONNECTION="wireless"
INTERFACE="intel"
HOSTNAME="hermes"

# AP authentication
SCAN="yes"
SECURITY="wpa-config"
WPA_CONF="/etc/wpa_supplicant.conf"
WPA_OPTS="-Dwext -B"
ESSID=*snip*

# IP address
IP="dhcp"
DHCP_TIMEOUT=10

N does not add any additional security (except that it makes WPA2 mandatory as far as I understood, I might be wrong about this). My router runs OpenWRT and I only intend to switch to N when I find a router that is stable on OpenWRT, and provides N performance and range (now you often have to resort to G MIMO drivers and stuff with OpenWRT on N models).

hey!, thanks for your config there, now I have wifi using wpa2 connecting properly on a dell xps m1330.
But I also found that if I didn't use netcfg to stop the profile manually, I couldn't reboot the system and after typing 'reboot' I think the wpa_supplicant is just killed or crashes and the system is stuck on '> Rebooting'. I had to use 'netcfg2 -d abc' to stop the profile then reboot.

Last edited by ST.x (2008-06-27 11:43:17)

Offline

#14 2008-06-27 20:00:28

.:B:.
Forum Fellow
Registered: 2006-11-26
Posts: 5,819
Website

Re: WPA2 - WPA-PSK - TKIP trouble

Glad I could be of help tongue. For me everything shuts down nicely though...


Got Leenucks? :: Arch: Power in simplicity :: Get Counted! Registered Linux User #392717 :: Blog thingy

Offline

#15 2008-06-27 22:20:51

ST.x
Member
From: Sydney, Australia
Registered: 2008-01-25
Posts: 363
Website

Re: WPA2 - WPA-PSK - TKIP trouble

B wrote:

Glad I could be of help tongue. For me everything shuts down nicely though...

hmm odd.. Did you also remove comment out INTERFACES=(..) and just leave <interface_name>="dhcp". I also commented out gateway="default gw 192.168.0.1"

Offline

#16 2008-06-27 23:18:02

ST.x
Member
From: Sydney, Australia
Registered: 2008-01-25
Posts: 363
Website

Re: WPA2 - WPA-PSK - TKIP trouble

Well yep just confirming that it's wpa_supplicant just crashing and it prints some random stuff, also since arch is stuck at '> Rebooting' I have to hard power it down. Thinking of trying wpa_supplicant beta: http://aur.archlinux.org/packages.php?ID=17370

Offline

#17 2008-07-22 08:16:51

m3tr0g33k
Member
From: Staffordshire, UK
Registered: 2008-05-04
Posts: 22
Website

Re: WPA2 - WPA-PSK - TKIP trouble

Great advice so far - thanks. I hope I am nearly at a working netcfg2/wpa_supplicant setup.

My wpa2 setup works fine by itself (bcm4310 usb using ndiswrapper), followed by dhclient wlan0:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel

network={
    ssid="teamdemons"
    psk="key"
    #psk=long-hex-key-not-used
    proto=RSN
    key_mgmt=WPA-PSK
    pairwise=CCMP
    group=CCMP
}

With the following netcfg2 config, I get an error about wpa_supplicant command line not being correct: wpa_supplicant: option requires and argument -- 'D'

CONNECTION="wireless"
INTERFACE=wlan0
HOSTNAME="widey"

SCAN="yes"
SECURITY="wpa-config"
WPA_CONF="/etc/wpa_supplicant.conf"
WPA_OPTS="-D wext -B"
ESSID="*snip*"

IP="dhcp"
TIMEOUT=10

** solved **

While I was typing this, I tried removing the space to make WPA_OPTS="-Dwext -B" and it works!

Hope that helps someone - I struggled with this for hours!


___
Change is inevitable; progress less so.

Offline

Board footer

Powered by FluxBB