WPA-EAP network stops working after random interval

Håvard Espeland gus at ping.uio.no
Thu Nov 24 07:34:54 EST 2011


On Wed, Nov 23, 2011 at 10:54:38PM +0200, Jouni Malinen wrote:
> On Wed, Nov 23, 2011 at 07:29:45PM +0100, Håvard Espeland wrote:
> > Thanks for the reply. The complete log from my previous post is available here:
> > http://www.ping.uio.no/~gus/rot/eduroam-problems.txt
> 
> As far as wpa_supplicant is concerned, everything seemed to work fine.
> The initial connection was successful and the AP re-keyed its GTK a bit
> over 19 minutes after this. That group key handshake was completed
> successfully.
> 
> How did you notice that the network connection was not working? Could it
> be possible that unicast packets would still be going through and just
> reception of broadcast/multicast packets would be broken after the group
> key handshake?
> 
> It looks like this issue would need debugging at a lower level, i.e.,
> either trying to get some debug information from the driver or with a
> wireless sniffer. I'm not familiar with the driver you were using, so I
> cannot help with that. As far as use of wireless sniffer is concerned, I
> could potentially take a look at a sniffer trace, but this would likely
> require that I know some of the keys used in the connection which may
> not be exactly good thing in a production network.

OK. I took a tcpdump today to further investigate, and one can see the problem
occuring after the EAPOL messages. After group msg 2/2, ARP packets are no
longer answered. Since the trace contains the WPA KEY, I'm only able to share a
screenshot of wireshark:

http://www.ping.uio.no/~gus/rot/wireshark_eapol.png

If having a monitor level trace of the network is essential to solving this
problem, I'll let the technical support department know, and they should be
able to create a temporary account for doing the traces where the key can be
shared.

As for other platforms, I have asked around; Of the three MAC users I
talked to today, two of them were having similar problems with random
connectivity loss, and both were running OSX 10.6. Another user has not
experienced lost connectivity, and he was using 10.7. I haven't found any
Windows users with similar problems. Since the sample size is so small, I'm not
sure if this really says anything.

-- 
Håvard Espeland


More information about the HostAP mailing list