Client-Client communication not possible before "wpa_group_rekey"

Dennis Borgmann dennis.borgmann at googlemail.com
Fri May 9 08:13:03 EDT 2008


Hello Jouni,

I solved the problem. The solution was, that the version of hostapd must 
not be newer than the supplicant version of any client. So far I only 
tested this with wpa_supplicant on Linux.

wpa_supplicant client1 0.5.10
wpa_supplicant client2 0.5.5
hostapd 0.5.7
NO function according to my described problem

wpa_supplicant client1 0.5.10
wpa_supplicant client2 0.5.8
hostapd 0.5.10
NO function according to my described problem

wpa_supplicant client1 0.5.10
wpa_supplicant client2 0.5.5
hostapd 0.5.5
WORKS

wpa_supplicant client1 0.5.10
wpa_supplicant client2 0.5.8
hostapd 0.5.5
WORKS

Greetings, Dennis

Jouni Malinen schrieb:
> On Tue, May 06, 2008 at 08:28:20AM +0200, Dennis Borgmann wrote:
>
>   
>> I am facing problems using hostapd with two nodes, that want to 
>> communicate with one another. If I connect a machine to an accesspoint 
>> running hostapd, everything works fine, I am able to ping the 
>> accesspoint from the client and ping the client from the accesspoint. If 
>> I try to ping the clients themselves from client to client, this won't 
>> work, until a "wpa_group_rekey" has occurred. If I set this value within 
>> hostapd.conf to "60", it takes exactly one minute until I am able to 
>> ping one client from the other one.
>>     
>
> It sounds like the ARP request (broadcast) would not work in this case
> prior to the first group rekeying, i.e., the clients would not be able
> to use the group key received from the initial handshake. However, I'm
> somewhat surprised that the ping from AP to the client would work in
> this case.. I would assume ARP cache on the AP could have been filled
> based on a frame received from the client in that case, though. You
> could test this by stopping all transmits from client and on the AP,
> first remove the ARP entry ("ip nei del <client IP addr> dev <ifname>";
> if you are using bridging, the ifname would be your bridge interface
> otherwise it would be ath0) and then try to ping the client.
>
>   
>> hostapd.conf
>> wpa=1
>> wpa_pairwise=TKIP
>>     
>
>   
>> wpa_supplicant.conf (on both client-machines):
>>     proto=RSN WPA
>>        pairwise=CCMP TKIP
>>     
>
> Are you disabling WPA2 (RSN) and CCMP on the AP on purpose (these are
> enabled in the client configuration)? You could try testing what happens
> if WPA2 is used instead (it uses a bit different mechanism for
> configuring the group key) with CCMP.
>
> I would also be interested in seeing debug log from all three devices,
> i.e., something that shows the initial handshake and key configuration
> for a case where pinging between clients does not work. If you are using
> a test PSK (i.e., don't care about it being revealed), I would suggest
> using -ddKt on the command line for both hostapd and wpa_supplicant to
> enable verbose debugging output that includes the derived keys.
>
>   



More information about the HostAP mailing list