RSN questions

engage engage at n0sq.us
Sat Nov 12 23:30:45 EST 2005


I'm trying to get wpa_supplicant-0.4.5 set up for WPA2. I don't want to use a 
radius server for this. Anyway, I set up my Linksys WRT54G for WPA2-Personal 
with TKIP+AES (the other option for WPA2-Personal is AES).

Here's what I used for wpa_supplicant.conf:

#WPA2-Personal

ctrl_interface=/var/run/wpa_supplicant

network={
        ssid="??????????"
        key_mgmt=WPA-PSK
        proto=WPA2 #i tried using RSN also
        pairwise=TKIP
        group=TKIP
        psk="?????????????????????????????"
        scan_ssid=1
}

It doesn't work. iwconfig shows an AP association and an encryption key. I can 
ping the router but I can't access my DNS server or web surf. I can't ping 
anything outside my LAN. The above config file does work with proto=WPA.

I've been reading a few howto's but they have me confused and most of them are 
directed at Enterprise setups (port authentication with a radius server). And 
the only thing I've seen in the supplicant's README concerning AES is CCMP. 
If I understand correctly , CCMP is an improvement over AES and is used with 
a radius server?  I don't see any other options in the README that are 
appropriate.  Does WPA2 require something more sophisticated than TKIP or 
AES? The sample config files that I've seen have EAP in them. Like I said, 
I'm confused as to how to do this.

What am I missing?



More information about the HostAP mailing list