#18343: WPA2 802.1x with 4addr mode hangs on rekey
-------------------------------------+-------------------------------------
Reporter: Vittorio G (VittGam) | Owner: developers
<openwrt@…> | Status: new
Type: defect | Milestone:
Priority: normal | Version: Trunk
Component: base system | Keywords: hostapd, wpa-
Resolution: | supplicant, wpa2, 802.1x, 4addr
-------------------------------------+-------------------------------------
Comment (by VittGam):
This just happened again, but connection was only lost for 21 seconds and
not for 10 minutes as before.
So the problem seems to be that the AP decides for some reason to
deauthenticate the STA, but the STA does not receive the deauth. Maybe
this is happening because of some MFP-related bug after the change of the
group key?
I'm now going to try to disable ieee80211w MFP temporarily on the STA to
see if this gets somehow better.
(By the way, is there a way to make the log on the STA more verbose?)
== AP log ==
{{{
Sat Nov 15 05:45:39 2014 daemon.info hostapd: wlan0: STA cc:cc:cc:cc:cc:cc
RADIUS: starting accounting session 12345678-00000006
Sat Nov 15 05:45:39 2014 daemon.info hostapd: wlan0: STA cc:cc:cc:cc:cc:cc
IEEE 802.1X: authenticated - EAP type: 13 (TLS) (PMKSA cache)
Sat Nov 15 05:45:48 2014 daemon.info hostapd: wlan0: STA cc:cc:cc:cc:cc:cc
IEEE 802.11: deauthenticated due to local deauth request
Sat Nov 15 05:45:48 2014 kern.info kernel: [398814.090000] device
wlan0.sta1 left promiscuous mode
Sat Nov 15 05:45:48 2014 kern.info kernel: [398814.100000] br-lan: port
4(wlan0.sta1) entered disabled state
Sat Nov 15 05:45:57 2014 daemon.info hostapd: wlan0: STA cc:cc:cc:cc:cc:cc
IEEE 802.11: authenticated
Sat Nov 15 05:45:57 2014 daemon.info hostapd: wlan0: STA cc:cc:cc:cc:cc:cc
IEEE 802.11: associated (aid 1)
Sat Nov 15 05:45:57 2014 kern.info kernel: [398822.880000] device
wlan0.sta1 entered promiscuous mode
Sat Nov 15 05:45:57 2014 kern.info kernel: [398822.890000] br-lan: port
4(wlan0.sta1) entered forwarding state
Sat Nov 15 05:45:57 2014 kern.info kernel: [398822.890000] br-lan: port
4(wlan0.sta1) entered forwarding state
Sat Nov 15 05:45:57 2014 daemon.info hostapd: wlan0: STA cc:cc:cc:cc:cc:cc
WPA: pairwise key handshake completed (RSN)
Sat Nov 15 05:45:57 2014 daemon.info hostapd: wlan0: STA cc:cc:cc:cc:cc:cc
RADIUS: starting accounting session 12345678-00000009
Sat Nov 15 05:45:57 2014 daemon.info hostapd: wlan0: STA cc:cc:cc:cc:cc:cc
IEEE 802.1X: authenticated - EAP type: 13 (TLS) (PMKSA cache)
Sat Nov 15 05:45:59 2014 kern.info kernel: [398824.890000] br-lan: port
4(wlan0.sta1) entered forwarding state
}}}
== STA log ==
{{{
Sat Nov 15 05:45:56 2014 kern.info kernel: [47504.390000] wlan0:
deauthenticating from aa:aa:aa:aa:aa:aa by local choice (Reason:
2=PREV_AUTH_NOT_VALID)
Sat Nov 15 05:45:56 2014 kern.info kernel: [47504.410000] br-lan: port
2(wlan0) entered disabled state
Sat Nov 15 05:45:56 2014 daemon.notice netifd: Network device 'wlan0' link
is down
Sat Nov 15 05:45:57 2014 kern.info kernel: [47505.210000] wlan0:
authenticate with aa:aa:aa:aa:aa:aa
Sat Nov 15 05:45:57 2014 kern.info kernel: [47505.230000] wlan0: send auth
to aa:aa:aa:aa:aa:aa (try 1/3)
Sat Nov 15 05:45:57 2014 kern.info kernel: [47505.230000] wlan0:
authenticated
Sat Nov 15 05:45:57 2014 kern.info kernel: [47505.250000] wlan0: associate
with aa:aa:aa:aa:aa:aa (try 1/3)
Sat Nov 15 05:45:57 2014 kern.info kernel: [47505.250000] wlan0: RX
AssocResp from aa:aa:aa:aa:aa:aa (capab=0x431 status=0 aid=1)
Sat Nov 15 05:45:57 2014 kern.info kernel: [47505.260000] wlan0:
associated
Sat Nov 15 05:45:57 2014 daemon.notice netifd: Network device 'wlan0' link
is up
Sat Nov 15 05:45:57 2014 kern.info kernel: [47505.300000] br-lan: port
2(wlan0) entered forwarding state
Sat Nov 15 05:45:57 2014 kern.info kernel: [47505.310000] br-lan: port
2(wlan0) entered forwarding state
Sat Nov 15 05:45:59 2014 kern.info kernel: [47507.310000] br-lan: port
2(wlan0) entered forwarding state
}}}
--
Ticket URL: <https://dev.openwrt.org/ticket/18343#comment:1>
OpenWrt <http://openwrt.org>
Opensource Wireless Router Technology
_______________________________________________
openwrt-tickets mailing list
[email protected]
https://lists.openwrt.org/cgi-bin/mailman/listinfo/openwrt-tickets
