Problem with EAP-TLS connection to Atheros AR5002AP-2X AP

Dan Williams dcbw at redhat.com
Mon Jul 28 13:22:44 EDT 2008


On Mon, 2008-07-28 at 09:33 -0700, Dmitry Shmidt wrote:
> Hi,
> 
> Also it seems like the problem can be in fragment size in FreeRadius server.
> I set in eap.conf fragment_size = 1024 (default allows 1500-1600) and
> it starts to behave differently...

You can also set fragment size in wpa_supplicant which might work around
that if you don't have access to the radius server.

Dan

> Thanks,
> 
> Dmitry
> 
> On Sun, Jul 27, 2008 at 7:33 AM, Chr <chunkeey at web.de> wrote:
> > On Sunday 27 July 2008 00:15:49 Chr wrote:
> >>
> >> Well... after sniffing some EAP-Frames it looks like
> >> that madwifi's stack or  their driver has problems with fragmentation,
> >> because the "Server Certificate" in the EAP gets truncated.
> >>
> >> So, I my theory is this:
> >> wpa_supplicant does the right thing by dropping the connection,
> >> since it can't verify if the server certificate is valid or not.
> >>
> >> Unfortunately, I don't have any backups of my old working setup,
> >> so I don't really know which was the last madwifi-revision
> >> where everything worked well...
> >>
> > Alright, I found a _simple_ workaround.
> >
> > just compile your client's wpa_supplicant with gnutls (and don't forget to
> > enable gnutls extras) instead of openssl!
> >
> > This will let you associate..
> > But WPA doesn't work for me as madwifi/hostapd seems to have a different
> > opinion about the RSN flags when WPA is enabled... So, try to force
> > "proto=RSN" in your wpa_supplicant.conf if you see messages about
> > "IE in 3/4 msg does not match with IE in Beacon/ProbeResp".
> >
> > Regards,
> >        Chr
> >
> _______________________________________________
> HostAP mailing list
> HostAP at lists.shmoo.com
> http://lists.shmoo.com/mailman/listinfo/hostap



More information about the HostAP mailing list