Problem with EAP-TLS connection to Atheros AR5002AP-2X AP
dimitrysh at google.com
Mon Jul 28 13:46:42 EDT 2008
It is only for phase 2 ?
On Mon, Jul 28, 2008 at 10:22 AM, Dan Williams <dcbw at redhat.com> wrote:
> On Mon, 2008-07-28 at 09:33 -0700, Dmitry Shmidt wrote:
>> Also it seems like the problem can be in fragment size in FreeRadius server.
>> I set in eap.conf fragment_size = 1024 (default allows 1500-1600) and
>> it starts to behave differently...
> You can also set fragment size in wpa_supplicant which might work around
> that if you don't have access to the radius server.
>> On Sun, Jul 27, 2008 at 7:33 AM, Chr <chunkeey at web.de> wrote:
>> > On Sunday 27 July 2008 00:15:49 Chr wrote:
>> >> Well... after sniffing some EAP-Frames it looks like
>> >> that madwifi's stack or their driver has problems with fragmentation,
>> >> because the "Server Certificate" in the EAP gets truncated.
>> >> So, I my theory is this:
>> >> wpa_supplicant does the right thing by dropping the connection,
>> >> since it can't verify if the server certificate is valid or not.
>> >> Unfortunately, I don't have any backups of my old working setup,
>> >> so I don't really know which was the last madwifi-revision
>> >> where everything worked well...
>> > Alright, I found a _simple_ workaround.
>> > just compile your client's wpa_supplicant with gnutls (and don't forget to
>> > enable gnutls extras) instead of openssl!
>> > This will let you associate..
>> > But WPA doesn't work for me as madwifi/hostapd seems to have a different
>> > opinion about the RSN flags when WPA is enabled... So, try to force
>> > "proto=RSN" in your wpa_supplicant.conf if you see messages about
>> > "IE in 3/4 msg does not match with IE in Beacon/ProbeResp".
>> > Regards,
>> > Chr
>> HostAP mailing list
>> HostAP at lists.shmoo.com
More information about the HostAP