AUTHSAE Not allowing traffic over a mesh link.
I Thought I had this working a while ago when Thomas created a patch for
the rate settings on a basic radio card.
But after extensive testing and modifying my startup script I realize the
encryption portion was not working.
I had a interface up/down setup after the authsae startup which removed the
encrypted path (see below).
So I have been trying to narrow down the issue with not being able to send
traffic across the encrypted link.
I Can ping no problem without authsae running.
I have 2 nodes with the same 802.11a hardware running with ath5k
and
I also have 2 other nodes running 802.11a/n running with ath9k with the
same results
Running kernel 3.5.0-rc6-wl from open80211s, IW-3.6, latest Authsae build
I have also tried the nohwcrypt=1 on all units with no luck.
The startup is pretty straight forward.
Create mesh interface
bring interface up with channel
start authsae & Let authsae bring up the interface with the ssid
----config----
authsae:
{
sae:
{
debug = 480;
password = "supers3cret";
group = [19, 26, 21, 25, 20];
blacklist = 5;
thresh = 5;
lifetime = 3600;
};
meshd:
{
meshid = "mesh5giga";
interface = "mesh0";
passive = 0;
debug = 1;
mediaopt = 1;
band = "11a";
channel = 157;
htmode = "none";
mcast-rate = 12;
};
};
---
---
System 1 shows mesh plink: ESTAB
estab with 00:14:6d:65:8c:a0
set auth flag (seq num=1346627193)
set plink state (seq num=1346627198)
mesh plink with 00:14:6d:65:8c:a0 established
*nlerror, cmd 11, seq 1346627196: Invalid argument*
Mesh plink timer for 00:14:6d:65:8c:a0 fired on state ESTAB
Timeout for peer 00:14:6d:65:8c:a0 in state 4
Sytem 2 shows mesh plink: ESTAB
estab with 00:14:6d:65:8b:fe
set auth flag (seq num=1346627249)
set plink state (seq num=1346627254)
mesh plink with 00:14:6d:65:8b:fe established
*nlerror, cmd 11, seq 1346627252: Invalid argument*
Mesh plink timer for 00:14:6d:65:8b:fe fired on state ESTAB
Timeout for peer 00:14:6d:65:8b:fe in state 4
The nlerror sticks out to me, but I'm not quite sure what to look at.
Other notes.
If I look at the interface by scanning the air I see the following
Cell 03 - Address: 00:14:6D:65:8B:FE
Channel:157
Frequency:5.785 GHz (Channel 157)
Quality=43/70 Signal level=-67 dBm
Encryption key:on
ESSID:""
Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s
36 Mb/s; 48 Mb/s; 54 Mb/s
ESSID:"my-mesh5gs"
Extra:Mesh Network Path Selection Protocol ID: 0x01
Extra:Path Selection Metric ID: 0x01
Extra:Congestion Control Mode ID: 0x00
Extra:Synchronization ID: 0x01
Extra:Authentication ID: 0x00
Extra:Formation Info: 0x1E
Extra:Capabilities: 0x09
Mode:Unknown/bug
Extra:tsf=000000000ba86004
Extra: Last beacon: 2059ms ago
IE: Unknown: 0000
IE: Unknown: 01088C129824B048606C
IE: IEEE 802.11i/WPA2 Version 1
Group Cipher : CCMP
Pairwise Ciphers (1) : CCMP
Authentication Suites (1) : unknown (8)
IE: Unknown: 720A6D792D6D657368356773
IE: Unknown: 710701010001001E09
If I do a ifconfig mesh0 down && iw dev mesh0 set channel 157 && ifconfig
mesh0 up
without shutting the authsae I scan the following
Cell 03 - Address: 00:14:6D:65:8B:FE
Channel:157
Frequency:5.785 GHz (Channel 157)
Quality=43/70 Signal level=-67 dBm
Encryption key:off
ESSID:""
Bit Rates:6 Mb/s; 9 Mb/s; 12 Mb/s; 18 Mb/s; 24 Mb/s
36 Mb/s; 48 Mb/s; 54 Mb/s
ESSID:"my-mesh5gs"
Extra:Mesh Network Path Selection Protocol ID: 0x01
Extra:Path Selection Metric ID: 0x01
Extra:Congestion Control Mode ID: 0x00
Extra:Synchronization ID: 0x01
Extra:Authentication ID: 0x00
Extra:Formation Info: 0x00
Extra:Capabilities: 0x09
Mode:Unknown/bug
Extra:tsf=000000000222e004
Extra: Last beacon: 2048ms ago
IE: Unknown: 0000
IE: Unknown: 01088C129824B048606C
IE: Unknown: 720A6D792D6D657368356773
IE: Unknown: 710701010001000009
Notice the encryption goes away. But authsae is still running.
If I restart authsae I will get
Mesh plink: incorrect plink ie length 3 6
then the nlerror, cmd 11, seq 1346629691: Invalid argument
And the encryption shows up again in the scan.
Fred.
_______________________________________________
> Devel mailing list
> [email protected]
> http://lists.open80211s.org/cgi-bin/mailman/listinfo/devel
>
_______________________________________________
Devel mailing list
[email protected]
http://lists.open80211s.org/cgi-bin/mailman/listinfo/devel
