EAP-TLS Connection Problem

Joby Thampan joby.thampan at smartbridges.com
Fri Aug 1 05:46:24 EDT 2008


Thanks bryan for the fast answer.
The interface i am using for hostapd.conf is wireless itself., only some naming convention issue.


I checked with sniffer for EAP-TLS connection 

According to RFC for a successfull connection this is the handshake required.

Authenticating Peer     Authenticator
   -------------------     -------------
                           <- EAP-Request/
                           Identity
   EAP-Response/
   Identity (MyID) ->
                           <- EAP-Request/
                           EAP-Type=EAP-TLS
                           (TLS Start)
   EAP-Response/
   EAP-Type=EAP-TLS
   (TLS client_hello)->
                           <- EAP-Request/
                           EAP-Type=EAP-TLS
                           (TLS server_hello,
                             TLS certificate,
                    [TLS server_key_exchange,]
                     TLS certificate_request,
                        TLS server_hello_done)
   EAP-Response/
   EAP-Type=EAP-TLS
   (TLS certificate,
    TLS client_key_exchange,
    TLS certificate_verify,
    TLS change_cipher_spec,
    TLS finished) ->
                           <- EAP-Request/
                           EAP-Type=EAP-TLS
                           (TLS change_cipher_spec,
                            TLS finished)
   EAP-Response/
   EAP-Type=EAP-TLS ->
                           <- EAP-Success


My WPA supplicant is able to send upto 

EAP-Response/
   EAP-Type=EAP-TLS
   (TLS certificate,
    TLS client_key_exchange,
    TLS certificate_verify,
    TLS change_cipher_spec,
    TLS finished) ->


but in sniffer it is showing as More Fragments to follow. But I am not seeing any fragments following it and the connection
stops over there. Authenticaton Peer is waiting to recieve the next packet.




Bryan Chin wrote:
> I never try the wpa_supplciant and hostapd of your version. Maybe you 
> should download the latest version 0.6.3 for both of them
>  
> hostapd.conf 
>  
> interface=eth0 *// change your interface, should be your wireless 
> interface, not your wired *interface
> bridge=br0
> * driver=madwifi*
>  ssid=joby-wpa
>  ieee8021x=1
>  eap_server=0
>  wpa=1 
>  wpa_pairwise=TKIP
>  wpa_key_mgmt=WPA-EAP
>  eap_reauth_period=300
>  wpa_group_rekey=300
>  wpa_gmk_rekey=300
> *own_ip_addr= <ip address of AP>*
>  aut_server_addr=192.168.0.228
> auth_server_port=1812
> auth_server_shared_secret=joby1234
>
> wpa_supplicant.conf
>  
> eapol_version=2
> ap_scan=1
> fast_reauth=1
> network={
> ssid=joby-wpa
> scan_ssid=0
> *proto=WPA
> *pairwise=TKIP CCMP *//remove CCMP since you are using WPA *
> group= TKIP CCMP *//remove CCMP
> *key_mgmt=WPA-EAP
> eap=TLS
> identity="Joby"
> password="joby1234" *//remove this line
> *ca_cert="/etc/cert/cacert.pem"
> client_cert="/etc/cert/client_cert.pem"
> private_key="/etc/cert/client_key.pem"
> private_key_password="joby1234"
> priority=10
>  
> Regards,
> Bryan
>
> ------------------------------------------------------------------------
> Chat online and in real-time with friends and family! Windows Live 
> Messenger <http://get.live.com/messenger/overview>



More information about the HostAP mailing list