Date: Wed, 17 Jan 2007 10:09:06 -0600 From: Brooks Davis <brooks@freebsd.org> To: Sam Leffler <sam@errno.com> Cc: freebsd-current@freebsd.org Subject: Re: WPA-EAP problems Message-ID: <20070117160906.GB1333@lor.one-eyed-alien.net> In-Reply-To: <45ADC311.90008@errno.com> References: <200701171608.49339.doconnor@gsoft.com.au> <45ADC311.90008@errno.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--eJnRUKwClWJh1Khz
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Tue, Jan 16, 2007 at 10:32:49PM -0800, Sam Leffler wrote:
> Daniel O'Connor wrote:
> > Hi,
> > I have a WPA-EAP network setup (to a WRT54G with OpenRadius which=20
> > authenticates against an OpenLDAP server on my FreeBSD server), however=
quite=20
> > often dhclient fails to get a lease at first go.
> >=20
> > My wpa_supplicant file looks like..
> > network=3D{
> > ssid=3D"dons"
> > scan_ssid=3D1
> > key_mgmt=3DWPA-EAP
> > identity=3D"username"
> > password=3D"password"
> > phase2=3D"auth=3DPAP"
> > }
> >=20
> > I have the following in rc.conf..
> > ifconfig_ath0=3D"WPA DHCP"
> > background_dhclient=3D"YES"
> >=20
> > If I kill dhclient and restart it I can get a lease just fine. I don't =
see the=20
> > problem on a WPA-TKIP network.
>=20
> Sounds like an issue with dhclient. I rarely use anything but WPA-PSK
> so haven't noticed issues.
>=20
> It would be useful to get a wpa log to see how long it's taking to
> authenticate. It'd be nice if dhclient were triggered by authentication
> rather than association as packets cannot pass until before. I've
> considered changing things to work in this way.
This seems like a good idea. The link isn't really up until you can
actually pass packets on it.
> > I think the problem is that the ath interface comes up but no
> > packets can be transferred because WPA stuff is still happening the
> > initial requests get lost.
>=20
> But dhclient should retry and get a lease w/o your restarting it.
I think this should happen, but I think the back off is random exponential
so it doesn't take long to get to the point where it will appear hung
because it tries for >60s. Is there an 802.11 event we could key
off of to reset the timeouts when authentication occurs?
-- Brooks
--eJnRUKwClWJh1Khz
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (FreeBSD)
iD8DBQFFrkohXY6L6fI4GtQRAg6WAJwNzi2FBuYSaaQNhXrDw/qDOED0fwCg0c1p
nbCc9giQpvPGUFEBKOweoq4=
=zOf9
-----END PGP SIGNATURE-----
--eJnRUKwClWJh1Khz--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070117160906.GB1333>