Problem with EAP-TLS connection to Atheros AR5002AP-2X AP

Dmitry Shmidt dimitrysh at google.com
Mon Jul 28 13:46:42 EDT 2008


Thanks, Dan...
It is only for phase 2 ?

Dmitry

On Mon, Jul 28, 2008 at 10:22 AM, Dan Williams <dcbw at redhat.com> wrote:
> On Mon, 2008-07-28 at 09:33 -0700, Dmitry Shmidt wrote:
>> Hi,
>>
>> Also it seems like the problem can be in fragment size in FreeRadius server.
>> I set in eap.conf fragment_size = 1024 (default allows 1500-1600) and
>> it starts to behave differently...
>
> You can also set fragment size in wpa_supplicant which might work around
> that if you don't have access to the radius server.
>
> Dan
>
>> Thanks,
>>
>> Dmitry
>>
>> On Sun, Jul 27, 2008 at 7:33 AM, Chr <chunkeey at web.de> wrote:
>> > On Sunday 27 July 2008 00:15:49 Chr wrote:
>> >>
>> >> Well... after sniffing some EAP-Frames it looks like
>> >> that madwifi's stack or  their driver has problems with fragmentation,
>> >> because the "Server Certificate" in the EAP gets truncated.
>> >>
>> >> So, I my theory is this:
>> >> wpa_supplicant does the right thing by dropping the connection,
>> >> since it can't verify if the server certificate is valid or not.
>> >>
>> >> Unfortunately, I don't have any backups of my old working setup,
>> >> so I don't really know which was the last madwifi-revision
>> >> where everything worked well...
>> >>
>> > Alright, I found a _simple_ workaround.
>> >
>> > just compile your client's wpa_supplicant with gnutls (and don't forget to
>> > enable gnutls extras) instead of openssl!
>> >
>> > This will let you associate..
>> > But WPA doesn't work for me as madwifi/hostapd seems to have a different
>> > opinion about the RSN flags when WPA is enabled... So, try to force
>> > "proto=RSN" in your wpa_supplicant.conf if you see messages about
>> > "IE in 3/4 msg does not match with IE in Beacon/ProbeResp".
>> >
>> > Regards,
>> >        Chr
>> >
>> _______________________________________________
>> HostAP mailing list
>> HostAP at lists.shmoo.com
>> http://lists.shmoo.com/mailman/listinfo/hostap
>
>


More information about the HostAP mailing list