Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
wpa_supplicant won't connect [SOLVED]
View unanswered posts
View posts from last 24 hours

Goto page 1, 2, 3  Next  
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
jyoung
Guru
Guru


Joined: 20 Mar 2007
Posts: 436

PostPosted: Mon Aug 13, 2012 10:08 pm    Post subject: wpa_supplicant won't connect [SOLVED] Reply with quote

Hi Folks,

I'm having trouble connecting wpa_supplicant to a secured network. When I connect with:
wpa_supplicant -D wext -i wlan0 -c /etc/wpa_supplicant.conf

I get:
Code:

wlan0: Trying to associate with d8:c7:c8:17:56:3a (SSID='psu' freq=5220 MHz)
wlan0: Associated with d8:c7:c8:17:56:3a
wlan0: Authentication with d8:c7:c8:17:56:3a timed out.
wlan0: CTRL-EVENT-DISCONNECTED bssid=00:00:00:00:00:00 reason=0

or, sometimes:
Code:

wlan0: Trying to associate with d8:c7:c8:17:56:32 (SSID='psu' freq=2412 MHz)
wlan0: Associated with d8:c7:c8:17:56:32
wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=4 -> NAK
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21
wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
TLS: Certificate verification failed, error 20 (unable to get local issuer certificate) depth 1 for '/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA'
wlan0: CTRL-EVENT-EAP-TLS-CERT-ERROR reason=1 depth=1 subject='/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA' err='unable to get local issuer certificate'
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA
OpenSSL: openssl_handshake - SSL_connect error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
wlan0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
wlan0: Authentication with d8:c7:c8:17:56:32 timed out.
wlan0: CTRL-EVENT-DISCONNECTED bssid=00:00:00:00:00:00 reason=0


After searching the forums and doing a bit of googling, I found a few hits from people having similar problems. Sadly, none really matched mine. A few were having driver problems. This seems unlikely in my case since I can connect to insecure networks using wireless tools using the same wireless card and driver. Also, I can detect the secure wireless network with 'iwlist wlan0 scan'. One forum thread suggested:

wpa_supplicant -D nl80211 -i wlan0 -c /etc/wpa_supplicant.conf

which gave me.
Code:

wlan0: Trying to associate with d8:c7:c8:17:53:82 (SSID='psu' freq=2437 MHz)
wlan0: Associated with d8:c7:c8:17:53:82
wlan0: Authentication with d8:c7:c8:17:53:82 timed out.
wlan0: CTRL-EVENT-DISCONNECTED bssid=00:00:00:00:00:00 reason=3

My wireless card is an intel centrino 6300 (Ultimate-N), and the driver I'm using is iwlwifi, compiled into the kernel. My wpa_supplicant.conf file is below. What do you folks think?

wpa_supplicant.conf:
Code:

ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=0
ap_scan=1

network={
     ssid="psu"
     identity=<username>
     password=<password>
     key_mgmt=WPA-EAP
     eap=TTLS
     phase2="auth=PAP"
     scan_ssid=1
     ca_cert="/etc/ssl/certs/Thawte_Premium_Server_CA.pem"
}


Last edited by jyoung on Fri Nov 02, 2012 7:15 pm; edited 1 time in total
Back to top
View user's profile Send private message
Odward
n00b
n00b


Joined: 21 Mar 2012
Posts: 65

PostPosted: Tue Aug 14, 2012 12:36 am    Post subject: Reply with quote

I may be of little help, but I'll try anyway!

My knowledge is really just from the gentoo wiki for iwlwifi here.

You may be missing Cryptographic API modules, preventing secure connections.

Also, I use a different centrino model with iwlwifi and according to that wiki the microcode is required to really make full use of the cards.
To do so you will probably need to compile it as a module, not built-in, so the firmware can be applied to the module. This is also covered
in the wiki article. I don't know how to build firmware into the kernel itself, if that is even an issue.

I've never used WPA-Enterprise to know if your wpa_supplicant.conf is properly configured.
I do use '-D nl80211' for my centrino card.

In short, and in lieu of a more knowledgeable answer..

Switch iwlwifi to a module
Ensure mac80211 and Crypto API modules (or built-in may be ok here?) are selected and then
Quote:
emerge -av net-wireless/iwl6000-ucode


**Edit: I forgot in my 'shortened' version to add
Device Drivers
--->Generic Driver Options
------>[*] Userspace firmware loading support
Is needed in the kernel, to allow the microcode to be applied.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Tue Aug 14, 2012 3:00 am    Post subject: Re: wpa_supplicant won't connect Reply with quote

jyoung wrote:
TLS: Certificate verification failed, error 20 (unable to get local issuer certificate) depth 1 for '/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA'
wlan0: CTRL-EVENT-EAP-TLS-CERT-ERROR reason=1 depth=1 subject='/C=US/O=Internet2/OU=InCommon/CN=InCommon Server CA' err='unable to get local issuer certificate'
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:unknown CA

jyoung ... this is openssl saying: "I can't follow the certificate chain to a trusted root". So the CA does not match the CA your providing.

Now, this suggests the issuer for InCommon is AddTrust, and this PEM in included with openssl.

Code:
# openssl x509 -in /etc/ssl/certs/AddTrust_External_Root.pem -noout -text | grep Issuer
Issuer: C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root

So ... please try the following:

Code:
ca_cert="/etc/ssl/certs/AddTrust_External_Root.pem"

HTH & best ... khay
Back to top
View user's profile Send private message
jyoung
Guru
Guru


Joined: 20 Mar 2007
Posts: 436

PostPosted: Thu Aug 16, 2012 4:16 am    Post subject: Reply with quote

Thanks both for the speedy reply!

Odward, I think the iwlwifi is outdated, which is really a shame because it's quite thorough. If I'm not mistaken, the functionality of the iwlagn driver has been folded into the iwlwifi driver, which it seems doesn't suffer from the same problem with needing to be loaded as a module. But, I tried an experiment and recompiled with iwlwifi as a module; the system couldn't see wlan0 at all, which is kind of weird.

khayyam, I took your advice and set ca_cert="/etc/ssl/certs/AddTrust_External_Root.pem". The first time I ran wpa_supplicant after that, it seemed like it was working. I didn't capture the exact messages (sadly!), but it seemed to indicate that it was connecting. But, I couldn't ping any url from another terminal, so something still wasn't right. I thought perhaps that I should run it in the background with -B , so I killed wpa_supplicant with ctrl+c and ran the command again with -B. It wouldn't connect, and I haven't been able to recreat that instance since.

Any ideas?
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Thu Aug 16, 2012 4:48 am    Post subject: Reply with quote

jyoung wrote:
khayyam, I took your advice and set ca_cert="/etc/ssl/certs/AddTrust_External_Root.pem". The first time I ran wpa_supplicant after that, it seemed like it was working. I didn't capture the exact messages (sadly!), but it seemed to indicate that it was connecting. But, I couldn't ping any url from another terminal, so something still wasn't right. I thought perhaps that I should run it in the background with -B , so I killed wpa_supplicant with ctrl+c and ran the command again with -B. It wouldn't connect, and I haven't been able to recreat that instance since.

jyoung ... wpa_supplicant only negociates the connection, you will need to configure the interface for an IP, route, DNS, etc ... eg, using dhcp (net-misc/dhcpcd)

/etc/conf.d/net
Code:
modules_wlan0="!plug wpa_supplicant dhcpcd"
wpa_supplicant_wlan0="-Dwext"
wpa_timeout_wlan0="15"
config_wlan0="dhcp"
dhcpcd_wlan0="-t 10"

Code:
# ln -s /etc/init.d/net.lo /etc/init.d/net.wlan0
# /etc/init.d/net.wlan0 start

You should check that dhcpcd (or whatever dhcp client you use) and wpa_supplicant, are not running prior to starting net.wlan0.

If this fails you will need to post logs, etc.

Also, FYI, you can't ping a "URL", only hosts.

best ... khay
Back to top
View user's profile Send private message
jyoung
Guru
Guru


Joined: 20 Mar 2007
Posts: 436

PostPosted: Thu Aug 16, 2012 10:17 pm    Post subject: Reply with quote

khayyam, I put the code you indicated in /etc/conf.d/net. Did you mean net.lo? /etc/conf.d/net didn't exist until I created it and put the code there.

In any case, /etc/init.d/net.wlan0 start returns 'WARNING: net.wlan0 has started, but is inactive'. Trying to start wpa_supplicant by hand still doesn't recreate the instance I mentioned above, where it seemd to connect. I wonder what happened that time - I don't think I did anything differently. In every case I've been sure to run 'dhcpcd -k' and 'ifconfig wlan0 up' first.

Okay, it seems like I'll need to post the logs - where can I find those?
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Fri Aug 17, 2012 1:15 am    Post subject: Reply with quote

jyoung wrote:
khayyam, I put the code you indicated in /etc/conf.d/net. Did you mean net.lo? /etc/conf.d/net didn't exist until I created it and put the code there.

jyoung ... no, I ment /etc/conf.d/net

jyoung wrote:
In any case, /etc/init.d/net.wlan0 start returns 'WARNING: net.wlan0 has started, but is inactive'.

That is quite normal ... its a warning, not an error ... its simply informing you the service has started but its not waiting to be sure the connection is established. All being well it should negociate with the AP, run dhcp, and provide you with and IP, route, DNS, etc.

jyoung wrote:
Trying to start wpa_supplicant by hand still doesn't recreate the instance I mentioned above, where it seemd to connect. I wonder what happened that time - I don't think I did anything differently. In every case I've been sure to run 'dhcpcd -k' and 'ifconfig wlan0 up' first.

Why are you running dhcpcd/ifconfig? The configuration/command above should be all thats needed (assuming your wpa_supplicant.conf is correct).

jyoung wrote:
Okay, it seems like I'll need to post the logs - where can I find those?

Normally ... /var/log/messages.

best ... khay
Back to top
View user's profile Send private message
jyoung
Guru
Guru


Joined: 20 Mar 2007
Posts: 436

PostPosted: Sat Aug 18, 2012 3:31 am    Post subject: Reply with quote

Thanks! I went back and tried '/etc/init.d/net.wlan0 start' again. It issued the same warning, but 'ping www.google.com' returned 'unknown host www.google.com' (this is how I've been testing for connectivity). I tried ping again in a few minutes, still no luck. Then, a few hours later, I pinged google again, and this time I got a hit. I opened a web browser, and sure enough I had a connection.

This is a huge step forward for me, but I'm not out of the woods yet. The connection died after about five minutes. It's been on an off all day, though more often off than on. So, two questions: First, after I launch net.wlan0, is there any way to get a status report from it? More than just the warning? Second, any ideas why the connection is so unpredictable?

I found the log file you mentioned. I've copied below the output of ' grep wlan0 /var/log/messages | grep "Aug 17" '

Aug 17 13:03:29 murbella kernel: [ 25.492769] ADDRCONF(NETDEV_UP): wlan0: link is not ready
Aug 17 14:27:47 murbella kernel: [ 5083.478466] ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
Aug 17 14:41:56 murbella kernel: [ 5932.330073] ADDRCONF(NETDEV_UP): wlan0: link is not ready
Aug 17 14:42:00 murbella kernel: [ 5937.180469] ADDRCONF(NETDEV_UP): wlan0: link is not ready
Aug 17 14:42:42 murbella kernel: [ 5978.709203] ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
Aug 17 14:47:11 murbella kernel: [ 6247.511146] ADDRCONF(NETDEV_UP): wlan0: link is not ready
Aug 17 14:47:15 murbella kernel: [ 6251.393704] ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
Aug 17 16:54:32 murbella wpa_cli: interface wlan0 CONNECTED
Aug 17 17:11:35 murbella wpa_cli: interface wlan0 DISCONNECTED
Aug 17 17:11:35 murbella wpa_cli: executing 'false /etc/init.d/net.wlan0 --quiet stop' failed
Aug 17 18:21:05 murbella wpa_cli: interface wlan0 CONNECTED
Aug 17 18:21:05 murbella wpa_cli: executing '/etc/init.d/net.wlan0 --quiet start' failed
Aug 17 18:24:27 murbella wpa_cli: interface wlan0 DISCONNECTED
Aug 17 18:24:27 murbella wpa_cli: executing 'false /etc/init.d/net.wlan0 --quiet stop' failed
Aug 17 18:30:25 murbella wpa_cli: interface wlan0 CONNECTED
Aug 17 18:30:25 murbella wpa_cli: executing '/etc/init.d/net.wlan0 --quiet start' failed
Aug 17 18:39:06 murbella wpa_cli: interface wlan0 DISCONNECTED
Aug 17 18:39:06 murbella wpa_cli: executing 'false /etc/init.d/net.wlan0 --quiet stop' failed
Aug 17 18:44:49 murbella wpa_cli: interface wlan0 CONNECTED
Aug 17 18:44:49 murbella wpa_cli: executing '/etc/init.d/net.wlan0 --quiet start' failed
Aug 17 18:55:37 murbella wpa_cli: interface wlan0 DISCONNECTED
Aug 17 18:55:37 murbella wpa_cli: executing 'false /etc/init.d/net.wlan0 --quiet stop' failed
Aug 17 18:59:32 murbella wpa_cli: interface wlan0 CONNECTED
Aug 17 18:59:32 murbella wpa_cli: executing '/etc/init.d/net.wlan0 --quiet start' failed
Aug 17 19:04:30 murbella wpa_cli: interface wlan0 DISCONNECTED
Aug 17 19:04:30 murbella wpa_cli: executing 'false /etc/init.d/net.wlan0 --quiet stop' failed
Aug 17 19:05:06 murbella wpa_cli: interface wlan0 CONNECTED
Aug 17 19:05:06 murbella wpa_cli: executing '/etc/init.d/net.wlan0 --quiet start' failed
Aug 17 19:12:27 murbella wpa_cli: interface wlan0 DISCONNECTED
Aug 17 19:12:27 murbella wpa_cli: executing 'false /etc/init.d/net.wlan0 --quiet stop' failed
Aug 17 19:15:03 murbella wpa_cli: interface wlan0 CONNECTED
Aug 17 19:15:03 murbella wpa_cli: executing '/etc/init.d/net.wlan0 --quiet start' failed
Aug 17 19:20:42 murbella wpa_cli: interface wlan0 DISCONNECTED
Aug 17 19:20:42 murbella wpa_cli: executing 'false /etc/init.d/net.wlan0 --quiet stop' failed
Aug 17 19:21:02 murbella wpa_cli: interface wlan0 CONNECTED
Aug 17 19:21:02 murbella wpa_cli: executing '/etc/init.d/net.wlan0 --quiet start' failed
Aug 17 19:42:21 murbella wpa_cli: interface wlan0 DISCONNECTED
Aug 17 19:42:21 murbella wpa_cli: executing 'false /etc/init.d/net.wlan0 --quiet stop' failed
Aug 17 19:52:14 murbella kernel: [24550.660090] ADDRCONF(NETDEV_UP): wlan0: link is not ready
Aug 17 19:52:46 murbella kernel: [24583.136785] ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Sat Aug 18, 2012 3:06 pm    Post subject: Reply with quote

jyoung ... your welcome ...

This simply looks like the driver/firmware isn't initalised correctly ... did you follow Odward's advice above? You should probably check the iwlwifi wiki page ... and you should probably be using ''-Dnl80211' rather than 'Dwext', and as it has a firmware to load you should probably make sure the driver is compiled as a module, not directly into the kernel.

best ... khay
Back to top
View user's profile Send private message
jyoung
Guru
Guru


Joined: 20 Mar 2007
Posts: 436

PostPosted: Wed Aug 22, 2012 2:00 pm    Post subject: Reply with quote

Hmm, I'm having trouble setting the driver up as a module. When I set
CONFIG_IWLWIFI=m

with menuconfig and recompile the kernel, the module is created

/lib/modules/3.4.4-gentoo/kernel/drivers/net/wireless/iwlwifi/iwlwifi.ko

but isn't loaded at boot:

lsmod
Module Size Used by
nvidia 10827892 38


When I try to load it manually,
modprobe --first-time iwlwifi

I get
ERROR: could not insert 'iwlwifi': Module already in kernel

Which seems odd to begin with, since it's compiled with 'm'. Also, ifconfig doesn't detect wlan0, which tells me that sometime is wrong:

ifconfig wlan0 up
wlan0: ERROR while getting interface flags: No such device

In my previous configuration, the one with the driver in the kernel, I also had the firmware in the kernel:

CONFIG_FIRMWARE_IN_KERNEL=y

So, I thought perhaps that having the firmware in the kernel but the driver as a module might screw things up, so I changed that with menuconfig, and recompiled. But, the wlan0 still wasn't detected. I confirmed that the firmware is installed:

qlist -Iv | grep ucode
net-wireless/iwl6000-ucode-9.221.4.1

Also, changed from -Dwext to -Dnl80211 before I did any of this, without effect. I've also checked my confirguration against the wiki - I did find one mistake, I'd forgotten to select 'Common routines for IEEE802.11 drivers'. I also made that change before I recompiled the driver as a module.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Wed Aug 22, 2012 2:55 pm    Post subject: Reply with quote

jyoung wrote:
ERROR: could not insert 'iwlwifi': Module already in kernel

jyoung ... this just sounds as though you've installed the module, but not copied the kernel from that compile to /boot (or /boot wasn't mounted when you did, one or other).

best ... khay
Back to top
View user's profile Send private message
jyoung
Guru
Guru


Joined: 20 Mar 2007
Posts: 436

PostPosted: Wed Aug 22, 2012 3:58 pm    Post subject: Reply with quote

Yes, I did a double take as well, thinking I'd forgotten to copy it over. I should have mentioned that in my last post; I'm definitely running the new kernel. To check, I just ran make && make modules_install in /usr/src/linux, and then differenced the newly compiled kernel with the one in the boot partition; they're the same.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Wed Aug 22, 2012 5:39 pm    Post subject: Reply with quote

jyoung wrote:
Yes, I did a double take as well, thinking I'd forgotten to copy it over. I should have mentioned that in my last post; I'm definitely running the new kernel. To check, I just ran make && make modules_install in /usr/src/linux, and then differenced the newly compiled kernel with the one in the boot partition; they're the same.

jyoung ... sorry that sounded in the realm of the too obvious, but users forgetting to copy, or copying when /boot isn't mounted, happens often enough that its the most common cause of such an error. In future though 'uname -a' will output the number of times the kernel has been compiled in the 5th column.

So, this not being the case I'm stumped as to why the modprobe doesn't work and a quick search doesn't reveal anything, sorry.

best ... khay
Back to top
View user's profile Send private message
jyoung
Guru
Guru


Joined: 20 Mar 2007
Posts: 436

PostPosted: Mon Sep 03, 2012 4:18 am    Post subject: Reply with quote

Hey Folks,

I'm still looking into reasons why my 'iwlwifi as a module' setup didn't work out. I hope to report back on that in the near future, but for now I thought of a different test I could do. So far I've been trying to connect to a secure network, but I also sometimes use an insecure one at a different location. I normally connect to this with wireless tools, but it would be interesting to test wpa_supplicant on it. Basically, it would tell me if there's something wrong with my configuration or something funky with the secure network. If it is a problem with my driver, then I should get the same results as on the secure network (right?).

But, I'm stuck. What does the wpa_supplicant.conf configuration for an insecure network look like? After reading the man pages and a few sites I converged on this:

network={
ssid="<network name>"
scan_ssid=1
key_mgmt=WPA-PSK
}

But, that didn't work out. As with the secure network, '/etc/initi.d/net.wlan0 start' started but was inactive. However, I was never able to get a connection with 'ping', even after waiting an hour. Any ideas for the above configuration?
Back to top
View user's profile Send private message
Odward
n00b
n00b


Joined: 21 Mar 2012
Posts: 65

PostPosted: Mon Sep 03, 2012 5:41 am    Post subject: Reply with quote

I haven't tried to configure for an unsecured network, but I believe
Code:
key_mgmt=NONE

would be more appropriate. Is this a clean wpa_supplicant.conf you're working with? Or are you
appending those rules to your existing wpa_supplicant.conf? If it's the latter, you might want to
temporarily add
Code:
priority=10

So it will try to connect to the unsecure network before any other settings (assuming they don't have
a priority set with a Higher number).

So
Code:
network={
ssid="<network name>"
scan_ssid=1
key_mgmt=NONE
priority=10
}


Relating to some of the general troubles, after learning of a bug with iwlwifi would you mind checking:
If your kernel supports this
Code:
zgrep CONFIG_SUSPEND /proc/config.gz

otherwise
Code:
grep CONFIG_SUSPEND /usr/src/linux/.config


If that is not set let us know, if it is '=y' then disregard
Back to top
View user's profile Send private message
jyoung
Guru
Guru


Joined: 20 Mar 2007
Posts: 436

PostPosted: Fri Sep 07, 2012 6:21 pm    Post subject: Reply with quote

Hi Folks,

I checked out my configuration, and CONFIG_SUSPEND=y, so it seems that the iwlwifi bug doesn't apply to my case. I've also done the experiment of reverting to the default /usr/src/linux/.config file, and enabling the iwlwifi driver as a module from there. This .config file is a copy I made of the .config file generated by menuconfig without modifications after I emerged the 3.4.4 kernel. The idea was that if some changes I'd made were conflicting with iwlwifi or somehow demanding that it be compiled into the kernel despite the '=m', this would circumvent those issues. But, no luck. I got the same message, that iwlwifi was already in the kernel.

Here's a question: Is there any way to confirm that a module is actually in the kernel? Beyond checking .config?

I plan to try the insecure network today; I'll report back on how that goes. Thanks, Odward, for all the help on that.
Back to top
View user's profile Send private message
Odward
n00b
n00b


Joined: 21 Mar 2012
Posts: 65

PostPosted: Fri Sep 07, 2012 6:46 pm    Post subject: Reply with quote

The only method I'm aware of to determine details about the running kernel, requires that you have enabled
Code:
General Setup --->
     <*> Kernel .config support


This will let you use tools like zgrep or zcat to see what is in the file /proc/config.gz
Which is a .config for the Running kernel. If you currently have /proc/config.gz then the running kernel was
compiled with that option.

What is returned by
Code:
uname -a
Back to top
View user's profile Send private message
wrc1944
Advocate
Advocate


Joined: 15 Aug 2002
Posts: 3432
Location: Gainesville, Florida

PostPosted: Sun Sep 09, 2012 6:53 am    Post subject: Reply with quote

Since wlan0 doesn't seem to be detected by ifconfig -a, do you have the net.wlan0 symlink to net.lo in etc/init.d/?
_________________
Main box- AsRock x370 Gaming K4
Ryzen 7 3700x, 3.6GHz, 16GB GSkill Flare DDR4 3200mhz
Samsung SATA 1000GB, Radeon HD R7 350 2GB DDR5
OpenRC Gentoo ~amd64 plasma, glibc-2.36-r7, gcc-13.2.1_p20230304
kernel-6.7.2 USE=experimental python3_11
Back to top
View user's profile Send private message
jyoung
Guru
Guru


Joined: 20 Mar 2007
Posts: 436

PostPosted: Tue Sep 11, 2012 11:09 pm    Post subject: Reply with quote

My experiment with the insecure network had interesting results. I was able to connect to it, and remain connected indefinitely. This worked with either the -Dwext or -Dnl80211 options. To me, that suggests that the issue isn't with the driver, but with the wireless configuration or with the secured network. Another experiment would be to connect to a different secure network and see if I have the same issues. What do you folks think?

On the driver side of my investigation, recompiling with <*> Kernel .config support allowed me to check /proc/config.gz - indeed, CONFIG_IWLWIFI=m, even though when I try to load the module I get the message that it's already in the kernel.

Odward, uname -a returns:
Linux murbella 3.4.4-gentoo #17 SMP Tue Sep 11 15:28:18 EST 2012 x86_64 Intel(R) Core(TM)2 Duo CPU P8800 @ 2.66GHz GenuineIntel GNU/Linux

wrc1944, /etc/init.d/net.wlan0 is a symlink to /etc/init.d/net.lo
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Wed Sep 12, 2012 12:51 am    Post subject: Reply with quote

jyoung wrote:
On the driver side of my investigation, recompiling with <*> Kernel .config support allowed me to check /proc/config.gz - indeed, CONFIG_IWLWIFI=m, even though when I try to load the module I get the message that it's already in the kernel.

jyoung ... I wonder if this isn't perhaps a case where the firmware is in kernel, and so once the module is loaded (no doubt at boot) then the two are fused. Have you tried to unload the module?

As for encrypted/unencrypted networks, this may be due to missing cryptograpic cyphers, or CRC functions,check that CRYPTO_AES, CRC32 and ARC4 are enabled.

best ... khay
Back to top
View user's profile Send private message
jyoung
Guru
Guru


Joined: 20 Mar 2007
Posts: 436

PostPosted: Tue Sep 18, 2012 8:20 pm    Post subject: Reply with quote

Hey Folks, I followed up on khayyam's idea that the in-kernel firmware might be pulling the driver in. I recompiled the kernel with

# CONFIG_FIRMWARE_IN_KERNEL is not set

But, no luck - iwlwifi was still reported as already being in the kernel.

On the secure vs. insecure network issues, I already had the following:

CONFIG_CRYPTO_AES=y
CONFIG_CRC32=y
CONFIG_CRYPTO_ARC4=y

but I also had:

CONFIG_CRYPTO_CRC32C is not set
CONFIG_CRYPTO_CRC32C_INTEL is not set

so I changed those:

CONFIG_CRYPTO_CRC32C=y
CONFIG_CRYPTO_CRC32C_INTEL=y

But, after trying the connection all day yesterday I must report that it is the same as before - connects sometimes after many hours of wait, and breaks the connection within minutes. There are some other references to CRC32:

CONFIG_CRC32_SELFTEST is not set
CONFIG_CRC32_SLICEBY8=y
CONFIG_CRC32_SLICEBY4 is not set
CONFIG_CRC32_SARWATE is not set
CONFIG_CRC32_BIT is not set
CONFIG_LIBCRC32C is not set

Do you think any of these matter? I may have a chance to try a different secured network next weekend; perhaps that will shed some light on this matter.
Back to top
View user's profile Send private message
jyoung
Guru
Guru


Joined: 20 Mar 2007
Posts: 436

PostPosted: Thu Sep 20, 2012 3:38 pm    Post subject: Reply with quote

Do any of you know if there's a log file for wpa_supplicant? Something where it would report the reason for disconnection? I'm thinking that if I can learn why the connection is failing, it might be easier to diagnose the problem.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Thu Sep 20, 2012 4:27 pm    Post subject: Reply with quote

jyoung wrote:
Do any of you know if there's a log file for wpa_supplicant?

jyoung ... for logging above that provided in dmesg you need to enable the debug useflag. You would then edit /etc/conf.d/net and add the following to wpa_supplicant_wlan0

Code:
wpa_supplicant_wlan0="-Dnl80211 -f /var/log/wpa_supplicant.log -dd"

with '-dd' being the debug level (-d debug, -dd more debug), and -qq for less (so that you can quiet debugging once you're satisfied).

best ... khay
Back to top
View user's profile Send private message
jyoung
Guru
Guru


Joined: 20 Mar 2007
Posts: 436

PostPosted: Wed Oct 03, 2012 10:15 pm    Post subject: Reply with quote

Hi Folks,

Since I last posted, khayyam, I took your suggestion and recompiled wpa_supplicant with the debug flag and directed its output to a log file. Today I cleared the log, connected to the secured network, and waited for it to drop me. After I was disconnected, I made a copy of the log file. As you might expect, there were a lot of messages; I'd be happy to post as much of it as you folks want, but to my eyes these lines seems to bracket the problem:

EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
TX EAPOL: dst=d8:c7:c8:17:56:32
TX EAPOL - hexdump(len=4): 01 01 00 00
wlan0: Authentication with d8:c7:c8:17:56:32 timed out.
CTRL_IFACE monitor send - hexdump(len=21): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 32 32 39 33 2d 31 00
Added BSSID d8:c7:c8:17:56:32 into blacklist
wpa_driver_wext_disassociate
wlan0: No keys have been configured - skip key clearing
wlan0: State: ASSOCIATED -> DISCONNECTED

I'm particularly interested in the line 'wpa_driver_wext_disassociate' - that seems to back up our ealier theory that it's a driver problem. Sadly, I haven't made any progress on getting the driver to work outside the kernel. Any new ideas on that front? Or, does this snippet of the log file suggest other lines of attack?

On a different front, I've tried to connect to two other secured networks so that I'd have points of comparison with the network that I'm having trouble with. Unfortunately, my machine wouldn't connect to either of those two networks at all (this is VERY different symptomatically from the problems I'm having with the regulars secure network, to which my computer will eventually connect for a short period of time and then loose a connection after 5-30 minutes). I suspect the problem is with the fact that I've used basically the same configuration to try to connect to these two networks as I do the regular, when in reality they might need something different. Here's what I'm putting in my /etc/conf.d/net file to try to connect to them:


network={
ssid=<network name>
identity=<my user name>
password=<password>
key_mgmt=WPA-EAP
eap=TTLS
phase2="auth=PAP"
scan_ssid=1
ca_cert="/etc/ssl/certs/AddTrust_External_Root.pem"
}

How should I set this up? For one thing, I don't have a username on these networks. Also, is there a way to tell from iwlist or something like that what the other parameters should be? I captured the output from iwlist on both of these networks, but I'm not sure how to interpret it.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Wed Oct 03, 2012 11:19 pm    Post subject: Reply with quote

jyoung wrote:
Here's what I'm putting in my /etc/conf.d/net file to try to connect to them:

Code:
network={
     ssid=<network name>
     identity=<my user name>
     password=<password>
     key_mgmt=WPA-EAP
     eap=TTLS
     phase2="auth=PAP"
     scan_ssid=1
     ca_cert="/etc/ssl/certs/AddTrust_External_Root.pem"
}

jyoung ... this is not suitable for /etc/conf.d/net ... this is an entry for /etc/wpa_supplicant/wpa_supplicant.conf.

jyoung wrote:
How should I set this up? For one thing, I don't have a username on these networks. Also, is there a way to tell from iwlist or something like that what the other parameters should be? I captured the output from iwlist on both of these networks, but I'm not sure how to interpret it.

If you have no username then you are not using EAP (wpa-enterprise) ... I suspect these networks are PSK (wpa-personal). So, a basic wpa_supplicant.conf entry for WPA2 would look something like the following:

Code:
network={
    ssid="my_essid"
    proto=WPA2
    key_mgmt=WPA-PSK
    group=CCMP TKIP
    pairwise=CCMP TKIP
    psk=        <= password here
}

I'm a little rushed at the moment and so can't comment further, however can you pastebin your kernel config

best ... khay
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Goto page 1, 2, 3  Next
Page 1 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum