Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Can't connect to hostapd when wpa(2) is enabled
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
pa4wdh
l33t
l33t


Joined: 16 Dec 2005
Posts: 867

PostPosted: Sat Jul 19, 2014 9:37 am    Post subject: Can't connect to hostapd when wpa(2) is enabled Reply with quote

Hi All,

I'm trying to setup hostapd by following this guide: http://wireless.kernel.org/en/users/Documentation/hostapd
When i use it as an open AP it works and the client is able to connect and receives an IP address from the running dhcp server. However, when i enable wpa and/or wpa2 it doesn't work at all.

My hardware is a virtualbox instance with a USB Wifi adapter:
Bus 001 Device 006: ID 050d:11f2 Belkin Components ISY Wireless Micro Adapter IWL 2000 [RTL8188CUS]

My current configuration is:
Code:

interface=wlan0
driver=nl80211
ssid=test
channel=1
hw_mode=g

wme_enabled=1
ieee80211n=1
ht_capab=[HT40+][SHIRT-GI-40][DSSS_CCK-40]

macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wpa=3
wpa_passphrase=123457890
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP


I've made some logging with hostapd -dd /etc/hostapd/hostapd-minimal.conf, i've grepped on the client's MAC address and replaced the MAC address itself with CLIENT-MAC-ADDR, if required i can upload the full log file (110KB):
Code:

authentication: STA=CLIENT-MAC-ADDR auth_alg=0 auth_transaction=1 status_code=0 wep=0
ap_sta_add: register ap_handle_timer timeout for CLIENT-MAC-ADDR (300 seconds - ap_max_inactivity)
wlan0: STA CLIENT-MAC-ADDR IEEE 802.11: authentication OK (open system)
wlan0: STA CLIENT-MAC-ADDR MLME: MLME-AUTHENTICATE.indication(CLIENT-MAC-ADDR, OPEN_SYSTEM)
wlan0: STA CLIENT-MAC-ADDR MLME: MLME-DELETEKEYS.request(CLIENT-MAC-ADDR)
authentication reply: STA=CLIENT-MAC-ADDR auth_alg=0 auth_transaction=2 resp=0 (IE len=0)
wlan0: STA CLIENT-MAC-ADDR IEEE 802.11: authenticated
association request: STA=CLIENT-MAC-ADDR capab_info=0x431 listen_interval=1
HT: STA CLIENT-MAC-ADDR HT Capabilities Info: 0x012c
update_sta_ht STA CLIENT-MAC-ADDR - no greenfield, num of non-gf stations 1
update_sta_ht STA CLIENT-MAC-ADDR - 20 MHz HT, num of 20MHz HT STAs 1
wlan0: STA CLIENT-MAC-ADDR IEEE 802.11: association OK (aid 1)
wlan0: STA CLIENT-MAC-ADDR IEEE 802.11: associated (aid 1)
wlan0: STA CLIENT-MAC-ADDR MLME: MLME-ASSOCIATE.indication(CLIENT-MAC-ADDR)
wlan0: STA CLIENT-MAC-ADDR MLME: MLME-DELETEKEYS.request(CLIENT-MAC-ADDR)
   addr=CLIENT-MAC-ADDR
wlan0: STA CLIENT-MAC-ADDR WPA: event 1 notification
   addr=CLIENT-MAC-ADDR
wlan0: STA CLIENT-MAC-ADDR WPA: start authentication
WPA: CLIENT-MAC-ADDR WPA_PTK entering state INITIALIZE
   addr=CLIENT-MAC-ADDR
wlan0: STA CLIENT-MAC-ADDR IEEE 802.1X: unauthorizing port
WPA: CLIENT-MAC-ADDR WPA_PTK_GROUP entering state IDLE
WPA: CLIENT-MAC-ADDR WPA_PTK entering state AUTHENTICATION
WPA: CLIENT-MAC-ADDR WPA_PTK entering state AUTHENTICATION2
WPA: CLIENT-MAC-ADDR WPA_PTK entering state INITPSK
WPA: CLIENT-MAC-ADDR WPA_PTK entering state PTKSTART
wlan0: STA CLIENT-MAC-ADDR WPA: sending 1/4 msg of 4-Way Handshake
hostapd_new_assoc_sta: reschedule ap_handle_timer timeout for CLIENT-MAC-ADDR (300 seconds - ap_max_inactivity)
nl80211: New station CLIENT-MAC-ADDR
IEEE 802.1X: CLIENT-MAC-ADDR TX status - version=2 type=3 length=95 - ack=1
WPA: EAPOL-Key TX status for STA CLIENT-MAC-ADDR ack=1
wlan0: STA CLIENT-MAC-ADDR WPA: EAPOL-Key timeout
WPA: CLIENT-MAC-ADDR WPA_PTK entering state PTKSTART
wlan0: STA CLIENT-MAC-ADDR WPA: sending 1/4 msg of 4-Way Handshake
IEEE 802.1X: CLIENT-MAC-ADDR TX status - version=2 type=3 length=95 - ack=1
WPA: EAPOL-Key TX status for STA CLIENT-MAC-ADDR ack=1
wlan0: STA CLIENT-MAC-ADDR WPA: EAPOL-Key timeout
WPA: CLIENT-MAC-ADDR WPA_PTK entering state PTKSTART
wlan0: STA CLIENT-MAC-ADDR WPA: sending 1/4 msg of 4-Way Handshake
IEEE 802.1X: CLIENT-MAC-ADDR TX status - version=2 type=3 length=95 - ack=1
WPA: EAPOL-Key TX status for STA CLIENT-MAC-ADDR ack=1
wlan0: STA CLIENT-MAC-ADDR WPA: EAPOL-Key timeout
WPA: CLIENT-MAC-ADDR WPA_PTK entering state PTKSTART
wlan0: STA CLIENT-MAC-ADDR WPA: sending 1/4 msg of 4-Way Handshake
IEEE 802.1X: CLIENT-MAC-ADDR TX status - version=2 type=3 length=95 - ack=1
WPA: EAPOL-Key TX status for STA CLIENT-MAC-ADDR ack=1
wlan0: STA CLIENT-MAC-ADDR WPA: EAPOL-Key timeout
WPA: CLIENT-MAC-ADDR WPA_PTK entering state PTKSTART
wlan0: STA CLIENT-MAC-ADDR WPA: PTKSTART: Retry limit 4 reached
WPA: CLIENT-MAC-ADDR WPA_PTK entering state DISCONNECT
wpa_sta_disconnect STA CLIENT-MAC-ADDR
hostapd_wpa_auth_disconnect: WPA authenticator requests disconnect: STA CLIENT-MAC-ADDR reason 2
wlan0: STA CLIENT-MAC-ADDR WPA: event 3 notification
   addr=CLIENT-MAC-ADDR
ap_sta_disconnect: reschedule ap_handle_timer timeout for CLIENT-MAC-ADDR (5 seconds - AP_MAX_INACTIVITY_AFTER_DEAUTH)
WPA: CLIENT-MAC-ADDR WPA_PTK entering state DISCONNECTED
WPA: CLIENT-MAC-ADDR WPA_PTK entering state INITIALIZE
   addr=CLIENT-MAC-ADDR
wlan0: STA CLIENT-MAC-ADDR IEEE 802.1X: unauthorizing port
STA CLIENT-MAC-ADDR acknowledged deauth
Removing STA CLIENT-MAC-ADDR from kernel driver
wlan0: STA CLIENT-MAC-ADDR MLME: MLME-DEAUTHENTICATE.indication(CLIENT-MAC-ADDR, 2)
wlan0: STA CLIENT-MAC-ADDR MLME: MLME-DELETEKEYS.request(CLIENT-MAC-ADDR)
   addr=CLIENT-MAC-ADDR
nl80211: Delete station CLIENT-MAC-ADDR
ap_handle_timer: CLIENT-MAC-ADDR flags=0x8a80 timeout_next=3
wlan0: STA CLIENT-MAC-ADDR IEEE 802.11: deauthenticated due to local deauth request
ap_free_sta: cancel ap_handle_timer for CLIENT-MAC-ADDR
authentication: STA=CLIENT-MAC-ADDR auth_alg=0 auth_transaction=1 status_code=0 wep=0
ap_sta_add: register ap_handle_timer timeout for CLIENT-MAC-ADDR (300 seconds - ap_max_inactivity)
wlan0: STA CLIENT-MAC-ADDR IEEE 802.11: authentication OK (open system)
wlan0: STA CLIENT-MAC-ADDR MLME: MLME-AUTHENTICATE.indication(CLIENT-MAC-ADDR, OPEN_SYSTEM)
wlan0: STA CLIENT-MAC-ADDR MLME: MLME-DELETEKEYS.request(CLIENT-MAC-ADDR)
authentication reply: STA=CLIENT-MAC-ADDR auth_alg=0 auth_transaction=2 resp=0 (IE len=0)
authentication: STA=CLIENT-MAC-ADDR auth_alg=0 auth_transaction=1 status_code=0 wep=0
wlan0: STA CLIENT-MAC-ADDR IEEE 802.11: authentication OK (open system)
wlan0: STA CLIENT-MAC-ADDR MLME: MLME-AUTHENTICATE.indication(CLIENT-MAC-ADDR, OPEN_SYSTEM)
wlan0: STA CLIENT-MAC-ADDR MLME: MLME-DELETEKEYS.request(CLIENT-MAC-ADDR)
authentication reply: STA=CLIENT-MAC-ADDR auth_alg=0 auth_transaction=2 resp=0 (IE len=0)
wlan0: STA CLIENT-MAC-ADDR IEEE 802.11: authenticated
wlan0: STA CLIENT-MAC-ADDR IEEE 802.11: authenticated
association request: STA=CLIENT-MAC-ADDR capab_info=0x431 listen_interval=1
HT: STA CLIENT-MAC-ADDR HT Capabilities Info: 0x012c
update_sta_ht STA CLIENT-MAC-ADDR - no greenfield, num of non-gf stations 1
update_sta_ht STA CLIENT-MAC-ADDR - 20 MHz HT, num of 20MHz HT STAs 1
wlan0: STA CLIENT-MAC-ADDR IEEE 802.11: association OK (aid 1)
wlan0: STA CLIENT-MAC-ADDR IEEE 802.11: associated (aid 1)
wlan0: STA CLIENT-MAC-ADDR MLME: MLME-ASSOCIATE.indication(CLIENT-MAC-ADDR)
wlan0: STA CLIENT-MAC-ADDR MLME: MLME-DELETEKEYS.request(CLIENT-MAC-ADDR)
   addr=CLIENT-MAC-ADDR
wlan0: STA CLIENT-MAC-ADDR WPA: event 1 notification
   addr=CLIENT-MAC-ADDR
wlan0: STA CLIENT-MAC-ADDR WPA: start authentication
WPA: CLIENT-MAC-ADDR WPA_PTK entering state INITIALIZE
   addr=CLIENT-MAC-ADDR
wlan0: STA CLIENT-MAC-ADDR IEEE 802.1X: unauthorizing port
WPA: CLIENT-MAC-ADDR WPA_PTK_GROUP entering state IDLE
WPA: CLIENT-MAC-ADDR WPA_PTK entering state AUTHENTICATION
WPA: CLIENT-MAC-ADDR WPA_PTK entering state AUTHENTICATION2
WPA: CLIENT-MAC-ADDR WPA_PTK entering state INITPSK
WPA: CLIENT-MAC-ADDR WPA_PTK entering state PTKSTART
wlan0: STA CLIENT-MAC-ADDR WPA: sending 1/4 msg of 4-Way Handshake
hostapd_new_assoc_sta: reschedule ap_handle_timer timeout for CLIENT-MAC-ADDR (300 seconds - ap_max_inactivity)
nl80211: New station CLIENT-MAC-ADDR
IEEE 802.1X: CLIENT-MAC-ADDR TX status - version=2 type=3 length=95 - ack=1
WPA: EAPOL-Key TX status for STA CLIENT-MAC-ADDR ack=1
wlan0: STA CLIENT-MAC-ADDR WPA: EAPOL-Key timeout
WPA: CLIENT-MAC-ADDR WPA_PTK entering state PTKSTART
wlan0: STA CLIENT-MAC-ADDR WPA: sending 1/4 msg of 4-Way Handshake
IEEE 802.1X: CLIENT-MAC-ADDR TX status - version=2 type=3 length=95 - ack=1
WPA: EAPOL-Key TX status for STA CLIENT-MAC-ADDR ack=1
wlan0: STA CLIENT-MAC-ADDR WPA: EAPOL-Key timeout
WPA: CLIENT-MAC-ADDR WPA_PTK entering state PTKSTART
wlan0: STA CLIENT-MAC-ADDR WPA: sending 1/4 msg of 4-Way Handshake
IEEE 802.1X: CLIENT-MAC-ADDR TX status - version=2 type=3 length=95 - ack=1
WPA: EAPOL-Key TX status for STA CLIENT-MAC-ADDR ack=1
wlan0: STA CLIENT-MAC-ADDR WPA: EAPOL-Key timeout
WPA: CLIENT-MAC-ADDR WPA_PTK entering state PTKSTART
wlan0: STA CLIENT-MAC-ADDR WPA: sending 1/4 msg of 4-Way Handshake
IEEE 802.1X: CLIENT-MAC-ADDR TX status - version=2 type=3 length=95 - ack=1
WPA: EAPOL-Key TX status for STA CLIENT-MAC-ADDR ack=1
wlan0: STA CLIENT-MAC-ADDR WPA: EAPOL-Key timeout
WPA: CLIENT-MAC-ADDR WPA_PTK entering state PTKSTART
wlan0: STA CLIENT-MAC-ADDR WPA: PTKSTART: Retry limit 4 reached
WPA: CLIENT-MAC-ADDR WPA_PTK entering state DISCONNECT
wpa_sta_disconnect STA CLIENT-MAC-ADDR
hostapd_wpa_auth_disconnect: WPA authenticator requests disconnect: STA CLIENT-MAC-ADDR reason 2
wlan0: STA CLIENT-MAC-ADDR WPA: event 3 notification
   addr=CLIENT-MAC-ADDR
ap_sta_disconnect: reschedule ap_handle_timer timeout for CLIENT-MAC-ADDR (5 seconds - AP_MAX_INACTIVITY_AFTER_DEAUTH)
WPA: CLIENT-MAC-ADDR WPA_PTK entering state DISCONNECTED
WPA: CLIENT-MAC-ADDR WPA_PTK entering state INITIALIZE
   addr=CLIENT-MAC-ADDR
wlan0: STA CLIENT-MAC-ADDR IEEE 802.1X: unauthorizing port
STA CLIENT-MAC-ADDR acknowledged deauth
Removing STA CLIENT-MAC-ADDR from kernel driver
wlan0: STA CLIENT-MAC-ADDR MLME: MLME-DEAUTHENTICATE.indication(CLIENT-MAC-ADDR, 2)
wlan0: STA CLIENT-MAC-ADDR MLME: MLME-DELETEKEYS.request(CLIENT-MAC-ADDR)
   addr=CLIENT-MAC-ADDR
nl80211: Delete station CLIENT-MAC-ADDR

I'm quite unfamiliar with WiFi protocols in general and hostapd any help is greatly appreciated.
_________________
The gentoo way of bringing peace to the world:
USE="-war" emerge --newuse @world

My shared code repository: https://code.pa4wdh.nl.eu.org
Music, Free as in Freedom: https://www.jamendo.com
Back to top
View user's profile Send private message
pa4wdh
l33t
l33t


Joined: 16 Dec 2005
Posts: 867

PostPosted: Mon Aug 11, 2014 3:35 pm    Post subject: Reply with quote

3 weeks, more than 180 reads and nobody is able to help ? 8O

Just to be sure i'm bumping it to give it a second chance. 8)

Thanks in advance for any help or suggestion.
_________________
The gentoo way of bringing peace to the world:
USE="-war" emerge --newuse @world

My shared code repository: https://code.pa4wdh.nl.eu.org
Music, Free as in Freedom: https://www.jamendo.com
Back to top
View user's profile Send private message
Logicien
Veteran
Veteran


Joined: 16 Sep 2005
Posts: 1555
Location: Montréal

PostPosted: Mon Aug 11, 2014 10:17 pm    Post subject: Reply with quote

This is my personnal configuration. country_code=CA and some other options should be change for your country and needs. I use channel=2. I am alone using this channel. I do not interfere with other access points in the wireless network neighborhood.

In /etc/hostapd/hostapd.accept, only the MAC address of allowed wireless cards are listed. In /etc/hostapd/hostapd.deny, I have nothing. Everything work without problem.

Note that the kernel of the access point must forward the packets and the firewall must make the NAT.

/etc/hostapd/hostapd.conf:
Code:

interface=wlan0
driver=nl80211
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=hello
country_code=CA
hw_mode=g
channel=2
beacon_int=100
dtim_period=2
max_num_sta=255
rts_threshold=2347
fragm_threshold=2346
macaddr_acl=1
accept_mac_file=/etc/hostapd/hostapd.accept
auth_algs=1
ignore_broadcast_ssid=0
wmm_enabled=1
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0
eapol_key_index_workaround=0
eap_server=0
wpa=3
wpa_passphrase=hello
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP

_________________
Paul
Back to top
View user's profile Send private message
pa4wdh
l33t
l33t


Joined: 16 Dec 2005
Posts: 867

PostPosted: Wed Aug 13, 2014 6:17 pm    Post subject: Reply with quote

Thanks for sharing your configuration. Unfortunately it didn't work out for me. It seems stuck in the same way as with my first post, it seems the AP doesn't receive a response in phase 1/4 of the setup. The client (a phone) just tells me that the passphase was incorrect and offers me to try again. I've set the passphrase to something as easy as possible to avoid typos on the phone so i'm quite sure i entered it correct.

Do you have any suggestions to troubleshoot this ?
_________________
The gentoo way of bringing peace to the world:
USE="-war" emerge --newuse @world

My shared code repository: https://code.pa4wdh.nl.eu.org
Music, Free as in Freedom: https://www.jamendo.com
Back to top
View user's profile Send private message
Aiken
Apprentice
Apprentice


Joined: 22 Jan 2003
Posts: 239
Location: Toowoomba/Australia

PostPosted: Wed Aug 13, 2014 9:52 pm    Post subject: Reply with quote

From what I can see the rtl8188cus uses the rtl8192cu driver. I have some usb rtl8192cu devices I tried both on client machines and with hostapd on the server. Won't put in print what I think of them.

I think last time I looked at them was around kernel 3.8. On the clients they could not maintain a connection to the ap. When I tried a rtl8192cu with hostapd then clients had trouble connecting and if they did manage to connect the connection dropped out shortly after. A work around that worked for some people was load the rtl8192cu module with the option swenc=1 to force encryption to be done in software. That did not work for me. I have been using usb wna110 and rt5370 devices since.

You having trouble with encryption where unencrypted worked reminded me of this.
_________________
Beware the grue.
Back to top
View user's profile Send private message
pa4wdh
l33t
l33t


Joined: 16 Dec 2005
Posts: 867

PostPosted: Thu Aug 14, 2014 5:25 pm    Post subject: Reply with quote

Thanks for your suggestion Aiken, you are indeed right about the driver.

Since i usually don't use modules i provided the parameter on the kernel commandline, but that didn't work. After that i recompiled the kernel to use modules and loaded the rtl8192 module with the swenc=1 parameter, but that also didn't change the behavior.
_________________
The gentoo way of bringing peace to the world:
USE="-war" emerge --newuse @world

My shared code repository: https://code.pa4wdh.nl.eu.org
Music, Free as in Freedom: https://www.jamendo.com
Back to top
View user's profile Send private message
Logicien
Veteran
Veteran


Joined: 16 Sep 2005
Posts: 1555
Location: Montréal

PostPosted: Sat Aug 16, 2014 10:29 am    Post subject: Reply with quote

You should try to connect as client with your Belkin wireless card who use the rtl8192 module for wlan0. If it can connect to an AP or in Haddoc mode and work, the problem can come the fact that the card cannot act as an Access Point. Did you check in the Supported interface modes if wlan0 can act as an AP when you do
Code:
iw list | less

_________________
Paul
Back to top
View user's profile Send private message
pa4wdh
l33t
l33t


Joined: 16 Dec 2005
Posts: 867

PostPosted: Sun Aug 17, 2014 4:22 pm    Post subject: Reply with quote

I'm quite sure it supports AP mode, because that's why i started experimenting with hostapd :) I think this is confirmed because it works as an open AP without encryption.
But to be sure: The "iw list" command shows IBSS, managed, AP, AP/VLAN, monitor, P2P-client and P2P-GO as supported interface modes.

Before i started experimenting with hostapd i used it for my daily work and everything worked as expected, so i'm sure the hardware is ok.
_________________
The gentoo way of bringing peace to the world:
USE="-war" emerge --newuse @world

My shared code repository: https://code.pa4wdh.nl.eu.org
Music, Free as in Freedom: https://www.jamendo.com
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum