WPA2 Connection Problems between Android and DLink DIR-825 running OpenWRT

Jouni Malinen j at w1.fi
Wed Jul 28 01:25:39 EDT 2010


On Tue, Jul 27, 2010 at 06:01:10PM -0700, David Levitan wrote:

> I recently upgraded to a DIR-825 router (atk9k based), on which I've 
> installed the trunk build of OpenWRT (with an early-July version of 
> hostapd). I've been able to setup everything as needed, except for one 
> major problem. WPA2 connections work with no problems between the router 
> and a MacBook and a Linux laptop, with both radios. I cannot get a WPA2 
> negotiation to complete between my Motorola Droid and the router.

> The configuration file for hostapd on the 2.4Ghz interface is below, 
> along with a log from hostapd. Looking through the log, the problem 
> appears to occur in comparing the second step of the handshake, with one 
> octet being different. However, I know little about WPA2, and I'm 
> wondering if anyone has any thoughts on where something is going wrong. 
> Is it hostapd on the router, or wpa_supplicant on the Droid? Is it 
> possible to fix with just hostapd on the router (even if it means a 
> custom build)?

This looks like a client side issue. The RSN IE must match between
(Re)Association Request and message 2 in 4-way handshake. It looks
likely that the driver ignores the RSN IE that wpa_supplicant generates
and instead, builds a different RSN IE for Association Request. The
difference is in number of PTKSA/GTKSA replay counters that the device
claims to support. There is no way to fix this at the AP. A workaround
would be to ignore the differences in RSN IE, but that could potentially
open some security downgrade attacks. Anyway, this should be filed as a
bug against the phone so that this issue can be resolved properly.

-- 
Jouni Malinen                                            PGP id EFC895FA


More information about the HostAP mailing list