Re: Fragmented EAP ACK problem on -current
The problem was identified and have nothing to do with the wireless stack. The author of hostapd found the problem: The RADIUS UDP packet containing the client certificate is a very big packet, and was fragmented between the Authenticator and Authentication server. The first (big) UDP packet never reach to join the Authentication server (OpenVPN tunnel between)... This is why the authentication server never ACK, then Authenticator never transfer the ACK to the client. Sorry for the noise. ___ freebsd-wireless@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-wireless To unsubscribe, send any mail to freebsd-wireless-unsubscr...@freebsd.org
Re: Fragmented EAP ACK problem on -current
how are they being fragmented? 802.11 fragments? Or just separate MPDUs, but not 802.11 fragments? -a On 19 January 2015 at 09:18, Olivier Cochard-Labbé oliv...@cochard.me wrote: Hi, I'm using FreeBSD 11.0-CURRENT r277315 and meet a problem with my FreeBSD Access Point. I'm using WPA2-Enterprise (EAP-TLS) authentication with hostapd. The problem: During EAP-TLS authentication, the Authenticator (FreeBSD/hostapd) correctly send a EAP fragmented Server Hello, Certificate, Certificate Request message to the supplicant. The supplicant (MS Windows native client) correctly ACK each of theses fragmented EAP packets with an empty EAP-TLS packet. Once the supplicant re-assemble the full EAP Certificate request from the Authenticator, it send a response (EAP fragmented too). But FreeBSD/hostapd never ACK the first fragmented packet received from the supplicant = Then the authentication phase time out. I've tried with 3 different wireless card as hostap: - Atheros 9280 (ath) - Atheros AR2425 (ath) - Ralink RT2573 (rum) And all these have the same problem. Does anyone is using an EAP-TLS setup with hostapd successfully on -current ? ___ freebsd-wireless@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-wireless To unsubscribe, send any mail to freebsd-wireless-unsubscr...@freebsd.org ___ freebsd-wireless@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-wireless To unsubscribe, send any mail to freebsd-wireless-unsubscr...@freebsd.org
Fragmented EAP ACK problem on -current
Hi, I'm using FreeBSD 11.0-CURRENT r277315 and meet a problem with my FreeBSD Access Point. I'm using WPA2-Enterprise (EAP-TLS) authentication with hostapd. The problem: During EAP-TLS authentication, the Authenticator (FreeBSD/hostapd) correctly send a EAP fragmented Server Hello, Certificate, Certificate Request message to the supplicant. The supplicant (MS Windows native client) correctly ACK each of theses fragmented EAP packets with an empty EAP-TLS packet. Once the supplicant re-assemble the full EAP Certificate request from the Authenticator, it send a response (EAP fragmented too). But FreeBSD/hostapd never ACK the first fragmented packet received from the supplicant = Then the authentication phase time out. I've tried with 3 different wireless card as hostap: - Atheros 9280 (ath) - Atheros AR2425 (ath) - Ralink RT2573 (rum) And all these have the same problem. Does anyone is using an EAP-TLS setup with hostapd successfully on -current ? ___ freebsd-wireless@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-wireless To unsubscribe, send any mail to freebsd-wireless-unsubscr...@freebsd.org