Is there any inter-operating tests experience with "BridgeWater Systems's AAA Server"?
j at w1.fi
Mon Feb 4 21:52:12 EST 2008
On Mon, Feb 04, 2008 at 05:28:50PM +0800, Macpaul Lin wrote:
> I've used wpa-supplicant-0.5.7 to test EAP-TTLS/TLS with AAA Server
> which developed by "BridgeWater Systems".
> However, EAP-TLS always failed right away when "Client CA" and "Change
> cipher spec option" were sent by Auth client .
Could you please send me debug log from wpa_supplicant showing this
> AAA server (Bridgewater Systems's solution) will show log on its own
> terminal "decrypt error". Then AAA server will response Auth Complete
> EAP packet with "Error code" then close the EAP connections.
Unfortunately, that does not sound like a very helpful error code..
> I've logged EAP-TLS handshaking messages.
Would it be possible for you to send me packet capture logs (e.g., with
Wireshark or tcpdump) that show both a successful EAP-TLS handshake with
another supplicant and the failed one from wpa_supplicant test?
I'm not familiar with this AAA server, but in general, EAP-TLS is one of
the most interoperable EAP methods available.. It has worked with every
server I've tested with so far. As such, I would suspect that there
could be something wrong in the client configuration as far as the
certificate setup is concerned, but the "decrypt error" would not sound
like something that a server would likely show in such a case..
Do you use any complex certificate configurations (i.e., multiple CAs
and different intermediate CAs for the server and client, etc.)?
Jouni Malinen PGP id EFC895FA
More information about the HostAP