FreeBSD + EAP/TLS + IPv6 != OK

Henrik Brix Andersen brix at gentoo.org
Wed Dec 7 06:13:36 EST 2005 

On Wed, Dec 07, 2005 at 12:18:25PM +0200, Sébastien Pierrel wrote:
> I'm having a weird problem while combining FreeBSD 6.0-RELEASE,
> wpa_supplicant and IPv6.

Me too :)

> I'm using wpa_supplicant v0.4.7 to authenticate my mobile host (mob_1)
> to the access point (linksys wrt54gs).
>
> Authentication (eap/tls) works ok, dhcp gives me an IPv4 address, but
> for some strange reason IPv6 doesn't work.
> I used ethereal to figure it out and it seems that the router
> advertisement (RA) packet is corrupted when "entering" the freebsd host.

Same configuration here - although using Linux and WPA-PSK. The RAs
are (sometimes) corrupted here as well. I have also tested with my
hostap-based AP, same issue.

> I used another laptop (mob_2) running linux with the same wpa_supplicant
> settings (same wlan card (Dlink DWL-G650), same certificate) to sniff
> the traffic. From mob_2, I can see the RS packet sent by mob_1 and the
> RA sent by the IPv6 router on the network.
> 
> Ethereal captures on mob_1 and mob_2 show different content of the very
> same packet (RA): in the ethernet frame, src and dst MACs are the same
> but all the rest is different (size is even different: 8bytes longer on
> mob_1).

Exactly the same issue here.

> If I disable wpa on the AP, mob_1 will have no problem to get proper RA
> and configure its IPv6 address.

Same here.

> I'm quite confused by this problem. I thought about an encryption issue,
> but how could this affect the IPv6 packets and not IPv4?
> 
> Has anyone tried to run a similar setup? (bsd, eap, ipv6)

I actually thought this was an issue with the ipw2200 driver, but now
that you report that it also occurs with FreeBSD...

I have opened a bug for the ipw2200 driver at
http://bughost.org/bugzilla/show_bug.cgi?id=810 - but perhaps the
problem is to be found elsewhere? The bug report has more information
including tcpdumps.

Regards
Brix
-- 
Henrik Brix Andersen <brix at gentoo.org>
Gentoo Metadistribution | Mobile computing herd
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 211 bytes
Desc: not available
Url : http://lists.shmoo.com/pipermail/hostap/attachments/20051207/2d214f19/attachment.pgp

More information about the HostAP mailing list