<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.2627" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>Hi all,</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I am still attempting to get WDS to work on with
WPA. I have this setup that I expected to work but it is not:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>- Using Two APs (AP1 and AP2) running hostap
0.3.7</FONT></DIV>
<DIV><FONT face=Arial size=2>- Establish a WDS link between 2
APs</FONT></DIV>
<DIV><FONT face=Arial size=2>- Run hostapd 0.3.7 with the "rsn_preauth=1 and
rsn_preauth_interfaces=wlan0wds0"</FONT></DIV>
<DIV><FONT face=Arial size=2>- Associate and authenticate two client,
one with each AP (C-AP1 and C-AP2), using EAP-PSK</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>When I attempt to ping C-AP2 from C-AP1 I
get the following message at AP2</FONT></DIV>
<DIV><FONT face=Arial size=2>"TKIP ICV error detected: STA={MAC address of
AP1}</FONT></DIV>
<DIV><FONT face=Arial size=2>wifi0: decryption failed (SA={MAC address of AP1})
res=-5". </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>This has been reported before, that </FONT><FONT
face=Arial size=2>data on the WDS link is encrypted using AP individual
keys. Since these keys are not shared they are unable to decrypt the
packets.</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Using hostap_crypt_conf I created manual entries
for each of the APs with encryption algorithm set to NULL</FONT></DIV>
<DIV><FONT face=Arial size=2>- At AP 1: </FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>> hostap_crypt_conf -p wlan0 {MAC of AP 2}
NULL</FONT></DIV>
<DIV><FONT face=Arial size=2>> hostap_crypt_conf -l wlan0, would
show</FONT></DIV>
<DIV><FONT face=Arial size=2>Keys for {MAC of AP 2}</FONT></DIV>
<DIV><FONT face=Arial size=2> algorithm: NULL</FONT></DIV>
<DIV><FONT face=Arial size=2> TX key idx: 1</FONT></DIV>
<DIV><FONT face=Arial size=2> key 1:</FONT></DIV>
<DIV><FONT face=Arial size=2> key 2:</FONT></DIV>
<DIV><FONT face=Arial size=2> key 3:</FONT></DIV>
<DIV><FONT face=Arial size=2> key 4:</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>same thing for AP 2</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>I tried to ping again. My packet capture
indicate that the ping packets are sent unencrypted over the WDS link.
However, </FONT><FONT face=Arial size=2>I see at AP2 </FONT></DIV>
<DIV><FONT face=Arial size=2>"wlan0wds0: dropped frame from unauthorized port
(IEEE 802.1X): ethertype=0x0800)"</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>Even though "rsn_preauth_interfaces=wlan0wds0" is
set the stations still drop packets from wlan0wds0 interface. Am I missing
something here? Is there something wrong in this setup?</FONT></DIV>
<DIV><FONT face=Arial size=2></FONT> </DIV>
<DIV><FONT face=Arial size=2>thanks much</FONT></DIV></BODY></HTML>