Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 30 Jul 2013 14:43:58 +0200
From:      =?ISO-8859-1?Q?Jean-S=E9bastien_P=E9dron?= <jean-sebastien.pedron@dumbbell.fr>
To:        Rui Paulo <rpaulo@felyko.com>
Cc:        Adrian Chadd <adrian@freebsd.org>, freebsd-current@freebsd.org, Lars Engels <lars.engels@0x20.net>, wireless@freebsd.org
Subject:   Re: 802.1X: dhclient started before the auth. process ends
Message-ID:  <51F7B50E.30708@dumbbell.fr>
In-Reply-To: <5FE3C8E1-E073-423D-84E2-242D16CA31E4@felyko.com>
References:  <51F26CEB.9010200@dumbbell.fr> <20130729095946.GK59101@e-new.0x20.net> <CAJ-Vmo=yw-jL%2BT2QUfiOfx8oGZweNt%2BgWFBaVriVPtWsrVCEiA@mail.gmail.com> <51F6758C.9020004@dumbbell.fr> <5FE3C8E1-E073-423D-84E2-242D16CA31E4@felyko.com>

next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
------enig2FJUOAEFCEQQIEVNILNSV
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

On 29.07.2013 21:56, Rui Paulo wrote:
> Disable all the configuration settings and run wpa_supplicant -ddd
> <all your other options...>

I'm not sure I understand what you mean by "disable all the
configuration settings" but I did some more tests by running
wpa_supplicant manually  (ie. not using netif script) with the same optio=
ns.

I found that when the interface (here, bge0) is already UP before
running wpa_supplicant, the authentication process is fast. However,
when the interface is DOWN, wpa_supplicant "associates" quickly but the
authentication process starts between 5 and 20 seconds after.

Here's a log with both run (with interface UP then DOWN):
http://pastebin.com/f5ydiBpV

This delay is new with the recent 10-CURRENT.

A comment about the behavior I would expect (but keep in mind I'm a dumb
user here, not a network expert at all). I see in the logs that when
issueing "service netif restart bge0":
    1. the interface is put DOWN, which terminates a previous dhclient
    2. wpa_supplicant is stopped
    3. wpa_supplicant is started again
    4. wpa_supplicant associates with a remote peer, which puts the
       interface UP and triggers dhclient

I guess that this works for a Wifi network because the association is
only valid after the authentication finishes successfully. However, with
802.1X not involving Wifi (only wired), the association is made right at
the beginning (see the logs I pasted), putting the interface UP (and
triggering dhclient) before the authentication starts.

--=20
Jean-S=E9bastien P=E9dron


------enig2FJUOAEFCEQQIEVNILNSV
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.20 (FreeBSD)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iEYEARECAAYFAlH3tRcACgkQa+xGJsFYOlNWewCfbGiWPrxkAGtJSpfvJgpqEmqN
4hYAn2fJw0Ko+AwOEYd62a8cCb7GMRjE
=34Q/
-----END PGP SIGNATURE-----

------enig2FJUOAEFCEQQIEVNILNSV--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51F7B50E.30708>