[prev in list] [next in list] [prev in thread] [next in thread] List: freebsd-wireless Subject: Re: WPA2 Enterprise with hostapd and iphone From: Peter_Ankerstål <peter () pean ! org> Date: 2015-03-30 17:29:16 Message-ID: 06936CA4-2099-47EE-8CA3-63FF6CB79164 () pean ! org [Download RAW message or body] > On 30 Mar 2015, at 02:22, Adrian Chadd <adrian.chadd@gmail.com> wrote: > > Hi! > > * which NIC is this? AR9300 > * can you please try -HEAD A lot of bugs have been fixed! > Hehe, Im not sure Im ready for another round of -HEAD right now. :) > > -a > > > On 29 March 2015 at 06:31, Peter Ankerstål <peter@pean.org> wrote: > > Hi! > > > > I have problems with my iphone since i switched to wpa2 enterprise on my home \ > > network. (All other devices work fine including ipad and macs). The connection \ > > seems to work fine at first but then it gets REALLY slow or no connection at all. \ > > (but iOS still shows it as connected). > > machine: > > FreeBSD gw 10.1-RELEASE-p1 FreeBSD 10.1-RELEASE-p1 #2 r275849 > > > > # hostapd -v > > hostapd v2.0 > > User space daemon for IEEE 802.11 AP management, > > IEEE 802.1X/WPA/WPA2/EAP/RADIUS Authenticator > > Copyright (c) 2002-2012, Jouni Malinen <j@w1.fi> and contributors > > > > hostapd.conf: > > — > > interface=wlan0 > > driver=bsd > > logger_syslog=-1 > > logger_syslog_level=0 > > ctrl_interface=/var/run/hostapd > > ctrl_interface_group=wheel > > ssid=web > > wpa=2 > > wpa_key_mgmt=WPA-EAP > > wpa_pairwise=TKIP CCMP > > macaddr_acl=0 > > auth_algs=1 > > own_ip_addr=127.0.0.1 > > ieee8021x=1 > > eap_server=1 > > eapol_version=1 > > eap_user_file=/etc/hostapd_eap_user > > ca_cert=/etc/ssl/startssl.ca.pem > > server_cert=/etc/ssl/auth.pean.org/auth.pean.org.crt > > private_key=/etc/ssl/auth.pean.org/auth.pean.org.key > > — > > > > This is what hostapd spits out when I connect with the phone: > > > > — > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.11: associated > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: event 1 \ > > notification > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: start \ > > authentication > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: start \ > > authentication > > Mar 29 15:14:08 gw hostapd: wlan1: STA cb:aa:3a:a1:78:7b IEEE 802.11: associated > > Mar 29 15:14:08 gw hostapd: wlan2: STA cb:aa:3a:a1:78:7b IEEE 802.11: associated > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: \ > > unauthorizing port > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: Sending EAP \ > > Packet (identifier 105) > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: received \ > > EAP packet (code=2 id=105 len=19) from STA: EAP Response-Identity \ > > (1) > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: Sending EAP \ > > Packet (identifier 106) > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: received \ > > EAP packet (code=2 id=106 len=152) from STA: EAP Response-PEAP \ > > (25) > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: Sending EAP \ > > Packet (identifier 107) > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: received \ > > EAP packet (code=2 id=107 len=6) from STA: EAP Response-PEAP (25) > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: Sending EAP \ > > Packet (identifier 108) > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: received \ > > EAP packet (code=2 id=108 len=6) from STA: EAP Response-PEAP (25) > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: Sending EAP \ > > Packet (identifier 109) > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: received \ > > EAP packet (code=2 id=109 len=6) from STA: EAP Response-PEAP (25) > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: Sending EAP \ > > Packet (identifier 110) > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: received \ > > EAP packet (code=2 id=110 len=592) from STA: EAP Response-PEAP \ > > (25) > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: Sending EAP \ > > Packet (identifier 111) > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: received \ > > EAP packet (code=2 id=111 len=6) from STA: EAP Response-PEAP (25) > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: Sending EAP \ > > Packet (identifier 112) > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: received \ > > EAP packet (code=2 id=112 len=59) from STA: EAP Response-PEAP \ > > (25) > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: Sending EAP \ > > Packet (identifier 113) > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: received \ > > EAP packet (code=2 id=113 len=107) from STA: EAP Response-PEAP \ > > (25) > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: Sending EAP \ > > Packet (identifier 114) > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: received \ > > EAP packet (code=2 id=114 len=43) from STA: EAP Response-PEAP \ > > (25) > > Mar 29 15:14:08 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: Sending EAP \ > > Packet (identifier 115) > > Mar 29 15:14:09 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: received \ > > EAP packet (code=2 id=115 len=43) from STA: EAP Response-PEAP \ > > (25) > > Mar 29 15:14:09 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: Sending EAP \ > > Packet (identifier 115) > > Mar 29 15:14:09 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: sending 1/4 msg of \ > > 4-Way Handshake > > Mar 29 15:14:09 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: received EAPOL-Key \ > > frame (2/4 Pairwise) > > Mar 29 15:14:09 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: sending 3/4 msg of \ > > 4-Way Handshake > > Mar 29 15:14:09 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: received EAPOL-Key \ > > frame (4/4 Pairwise) > > Mar 29 15:14:09 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: pairwise key \ > > handshake completed (RSN) > > Mar 29 15:14:09 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: authorizing \ > > port > > Mar 29 15:14:09 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b RADIUS: starting \ > > accounting session 54E5E3BB-00000E3D > > Mar 29 15:14:09 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: \ > > authenticated - EAP type: 0 ((null)) > > Mar 29 15:14:09 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: Added PMKSA cache \ > > entry (IEEE 802.1X) > > Mar 29 15:14:09 gw dhcpd: DHCPREQUEST for 172.25.0.70 from cb:aa:3a:a1:78:7b via \ > > bridge0 > > Mar 29 15:14:09 gw dhcpd: DHCPACK on 172.25.0.70 to cb:aa:3a:a1:78:7b via bridge0 > > Mar 29 15:15:20 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.11: associated > > Mar 29 15:15:20 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: event 1 \ > > notification > > Mar 29 15:15:20 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: event 4 \ > > notification > > Mar 29 15:15:20 gw hostapd: wlan1: STA cb:aa:3a:a1:78:7b IEEE 802.11: associated > > Mar 29 15:15:20 gw hostapd: wlan1: STA cb:aa:3a:a1:78:7b WPA: event 1 \ > > notification > > Mar 29 15:15:20 gw hostapd: wlan1: STA cb:aa:3a:a1:78:7b IEEE 802.1X: start \ > > authentication > > Mar 29 15:15:20 gw hostapd: wlan1: STA cb:aa:3a:a1:78:7b WPA: start \ > > authentication > > Mar 29 15:15:20 gw hostapd: wlan2: STA cb:aa:3a:a1:78:7b IEEE 802.11: associated > > Mar 29 15:15:20 gw hostapd: wlan1: STA cb:aa:3a:a1:78:7b MLME: \ > > MLME-DISASSOCIATE.indication(cb:aa:3a:a1:78:7b, 1) > > Mar 29 15:15:20 gw hostapd: wlan1: STA cb:aa:3a:a1:78:7b MLME: \ > > MLME-DELETEKEYS.request(cb:aa:3a:a1:78:7b) > > Mar 29 15:15:20 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b MLME: \ > > MLME-DISASSOCIATE.indication(cb:aa:3a:a1:78:7b, 1) > > Mar 29 15:15:20 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b MLME: \ > > MLME-DELETEKEYS.request(cb:aa:3a:a1:78:7b) > > Mar 29 15:15:20 gw hostapd: wlan2: STA cb:aa:3a:a1:78:7b MLME: \ > > MLME-DISASSOCIATE.indication(cb:aa:3a:a1:78:7b, 1) > > Mar 29 15:15:20 gw hostapd: wlan2: STA cb:aa:3a:a1:78:7b MLME: \ > > MLME-DELETEKEYS.request(cb:aa:3a:a1:78:7b) > > Mar 29 15:15:28 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.11: associated > > Mar 29 15:15:28 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: PMKID found from \ > > PMKSA cache eap_type=0 vlan_id=0 > > Mar 29 15:15:28 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: event 1 \ > > notification > > Mar 29 15:15:28 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: start \ > > authentication > > Mar 29 15:15:28 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: PMK from \ > > PMKSA cache - skip IEEE 802.1X/EAP > > Mar 29 15:15:28 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: sending 1/4 msg of \ > > 4-Way Handshake > > Mar 29 15:15:28 gw hostapd: wlan1: STA cb:aa:3a:a1:78:7b IEEE 802.11: associated > > Mar 29 15:15:28 gw hostapd: wlan1: STA cb:aa:3a:a1:78:7b WPA: event 1 \ > > notification > > Mar 29 15:15:28 gw hostapd: wlan1: STA cb:aa:3a:a1:78:7b IEEE 802.1X: start \ > > authentication > > Mar 29 15:15:28 gw hostapd: wlan2: STA cb:aa:3a:a1:78:7b IEEE 802.11: associated > > Mar 29 15:15:28 gw hostapd: wlan1: STA cb:aa:3a:a1:78:7b MLME: \ > > MLME-DISASSOCIATE.indication(cb:aa:3a:a1:78:7b, 1) > > Mar 29 15:15:28 gw hostapd: wlan1: STA cb:aa:3a:a1:78:7b MLME: \ > > MLME-DELETEKEYS.request(cb:aa:3a:a1:78:7b) > > Mar 29 15:15:28 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b MLME: \ > > MLME-DISASSOCIATE.indication(cb:aa:3a:a1:78:7b, 1) > > Mar 29 15:15:28 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b MLME: \ > > MLME-DELETEKEYS.request(cb:aa:3a:a1:78:7b) > > Mar 29 15:15:28 gw hostapd: wlan2: STA cb:aa:3a:a1:78:7b MLME: \ > > MLME-DISASSOCIATE.indication(cb:aa:3a:a1:78:7b, 1) > > Mar 29 15:15:28 gw hostapd: wlan2: STA cb:aa:3a:a1:78:7b MLME: \ > > MLME-DELETEKEYS.request(cb:aa:3a:a1:78:7b) > > Mar 29 15:15:29 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: EAPOL-Key timeout > > Mar 29 15:15:29 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: sending 1/4 msg of \ > > 4-Way Handshake > > Mar 29 15:15:30 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: EAPOL-Key timeout > > Mar 29 15:15:30 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: sending 1/4 msg of \ > > 4-Way Handshake > > Mar 29 15:15:31 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: EAPOL-Key timeout > > Mar 29 15:15:31 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: sending 1/4 msg of \ > > 4-Way Handshake > > Mar 29 15:15:32 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: EAPOL-Key timeout > > Mar 29 15:15:32 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: PTKSTART: Retry \ > > limit 4 reached > > Mar 29 15:15:32 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: event 3 \ > > notification > > Mar 29 15:15:32 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.11: \ > > disassociated > > Mar 29 15:15:32 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: event 2 \ > > notification > > Mar 29 15:15:32 gw hostapd: wlan1: STA cb:aa:3a:a1:78:7b IEEE 802.11: \ > > disassociated > > Mar 29 15:15:32 gw hostapd: wlan1: STA cb:aa:3a:a1:78:7b WPA: event 2 \ > > notification > > Mar 29 15:15:32 gw hostapd: wlan2: STA cb:aa:3a:a1:78:7b IEEE 802.11: \ > > disassociated > > Mar 29 15:15:32 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.11: associated > > Mar 29 15:15:32 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: event 1 \ > > notification > > Mar 29 15:15:32 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.1X: start \ > > authentication > > Mar 29 15:15:32 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: start \ > > authentication > > Mar 29 15:15:32 gw hostapd: wlan1: STA cb:aa:3a:a1:78:7b IEEE 802.11: associated > > Mar 29 15:15:32 gw hostapd: wlan1: STA cb:aa:3a:a1:78:7b WPA: event 1 \ > > notification > > Mar 29 15:15:32 gw hostapd: wlan1: STA cb:aa:3a:a1:78:7b IEEE 802.1X: start \ > > authentication > > Mar 29 15:15:32 gw hostapd: wlan1: STA cb:aa:3a:a1:78:7b WPA: start \ > > authentication > > Mar 29 15:15:32 gw hostapd: wlan2: STA cb:aa:3a:a1:78:7b IEEE 802.11: associated > > Mar 29 15:15:32 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b MLME: \ > > MLME-DISASSOCIATE.indication(cb:aa:3a:a1:78:7b, 1) > > Mar 29 15:15:32 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b MLME: \ > > MLME-DELETEKEYS.request(cb:aa:3a:a1:78:7b) > > Mar 29 15:15:32 gw hostapd: wlan1: STA cb:aa:3a:a1:78:7b IEEE 802.1X: \ > > unauthorizing port > > Mar 29 15:15:32 gw hostapd: wlan1: STA cb:aa:3a:a1:78:7b IEEE 802.1X: Sending EAP \ > > Packet (identifier 220) > > Mar 29 15:15:56 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b IEEE 802.11: \ > > disassociated > > Mar 29 15:15:56 gw hostapd: wlan0: STA cb:aa:3a:a1:78:7b WPA: event 2 \ > > notification > > Mar 29 15:15:56 gw hostapd: wlan1: STA cb:aa:3a:a1:78:7b IEEE 802.11: \ > > disassociated > > Mar 29 15:15:56 gw hostapd: wlan1: STA cb:aa:3a:a1:78:7b WPA: event 2 \ > > notification > > Mar 29 15:15:56 gw hostapd: wlan2: STA cb:aa:3a:a1:78:7b IEEE 802.11: \ > > disassociated — > > > ["smime.p7s" (smime.p7s)] 0 *H 010 + 0 *H T00 0 *H 010 UIL10U StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 \ Primary Intermediate Client CA0 150120233316Z 160121194839Z0810Upeter@pean.org10 *H peter@pean.org0"0 *H 0 2RSk"eFd nKaz쪋ǺO?_+^=JR&p \ UsZ ݡlCw508+Vu \ 0ffZ`| m d\fPE룏2gd| \ 53hH[NJ]XWe,94YVYcdk=;:^X8r&W 8`'z -~=θxj#ԉ \ H("@Pŏ 00 U0 0U0U%0++0U \ <)4{zZ{10U#0Sr풜\|~5NԸQ0U0peter@pean.org0LU \ C0?0;+70*0.+"http://www.startssl.com/policy.pdf0+00' \ StartCom Certification Authority0This certificate was issued according to the \ Class 1 Validation requirements of the StartCom CA policy, reliance only for the \ intended purpose in compliance of the relying party obligations.06U/0-0+ ) \ '%http://crl.startssl.com/crtu1-crl.crl0+009+0-http://ocsp.st \ artssl.com/sub/class1/client/ca0B+06http://aia.startssl.com/certs/sub.class1.client.ca.crt0#U0http://www.startssl.com/0 *H "DsG]qSatTZ!'D~."8u.P dLIe YEj)Ld=HeJM^nƩ'iAC_ \ I"$W5R&T"כ{7_Q%DmwUnɴq!baV@zIAaet~nFM%-&zpۦ]:0mԣ($EjC%6YYRfEha040 \ 0 *H 0}10 UIL10U StartCom Ltd.1+0)U"Secure Digital Certificate Signing1)0'U StartCom \ Certification Authority0 071024210155Z 171024210155Z010 UIL10U StartCom Ltd.1+0)U"Secure Digital Certificate Signing1806U/StartCom Class 1 \ Primary Intermediate Client CA0"0 *H 0 -).2AUGo#G B|NDRpM-B=o-we5JQpa>O.# ._<V [~**pz~3WG .ᘟMlr[<Ce6fqO"uxfWN#uic \ gkv$Lb%y`_{`xK'GN 00U00U \ 0USr풜\|~5NԸQ0U#0N@[i04hCA0f+ \ Z0X0'+0http://ocsp.startssl.com/ca0-+0!http://www.startssl.com/sfsca.crt0[UT0R0' \ % #!http://www.startssl.com/sfsca.crl0' % \ #!http://crl.startssl.com/sfsca.crl0U \ y0w0u+70f0.+"http://www.startssl.com/policy.pdf04+(http://www.startssl.com/intermediate.pdf0 *H }x,\c^#wMq}>UK/^yX֏y \ frMIŲB61ymQҨݬZ0&