wpa_supplicant WPA-PSK pairwise OK, group fails

Jouni Malinen jkmaline at cc.hut.fi
Tue May 17 22:31:51 EDT 2005

On Tue, May 17, 2005 at 09:13:03AM -0700, Dimitris Kogias wrote:

> ipw2200 1.0.3
> wpa_supplicant 0.4.0 (debian unstable package).
> D-Link DWL-900AP+ access point configured for WPA-PSK.

Are you using the latest firmware image on that AP?

> WPA: Installing PTK to the driver.
> WPA: RSC - hexdump(len=6): 00 00 00 00 00 00
> wpa_driver_ipw_set_key: alg=TKIP key_idx=0 set_tx=1 seq_len=6 key_len=32
> At this point, I can ping other hosts on the WLAN (static IP, have
> already ifconfig'd the interface and set default route).  However,
> wpa_supplicant continues with:

OK, so PTK is configured and unicast packets are working at that point..

> Authentication with 00:40:05:5b:3f:34 timed out.

However, Group Key handshake was not received from the AP.

> For the few seconds that, I presume, wpa_supplicant is trying to set up
> the group keying, I have connectivity to the WLAN.  Also, the AP's log
> says that my station has connected and authenticated successfully - I
> suppose that reflects the end of the pairwise key setup.


> While all of the above is going on, I see this in the kernel logs:
> May 15 18:50:18 0x19 kernel: TKIP: replay detected:
> STA=00:40:05:5b:3f:34 previous TSC 000000000000 received TSC 000000000000

If this is indeed what is happening, the AP sent out two packets with
the same packet number and the client driver dropped one of them. If
that one happened to be the Group Key packet, that could explain why it
was not seen in the wpa_supplicant debug. Another possibility would be
in the AP sending out the Group Key packets in plaintext.. Would you
happen to have a way of using a wireless sniffer to capture what packets
are being sent between the AP and client when this happens?

Jouni Malinen                                            PGP id EFC895FA

More information about the HostAP mailing list