Bugzilla – Bug 17040
4-Way Handshake timeout when connecting baby to WPA/WPA2-PSK accesspoint
Last modified: 2011-04-14 02:30:56 UTC
When trying to connect the Radio to a accesspoint, no connection can be made. After entering the PSK the "connecting to..." screen comes up with the throbber spinning. This spinning goes on for about half a minute and then I am notified that no connection could be set up. Using a wifi card with radiotap support I am able to observe the key exchange between the AP and the Baby. The dump is attached and shows that the Baby does not react to the initial EAPOL key exchange. A second Baby device is showing the same issues. A Boom does not have these problems and connects without issues. A similar packet trace is attached. I was not able to test the FAB4 nor the Jive devices as they are at another location where a different accesspoint is currently used. Running wpa_supplicant with debugging enabled shows the following messages: 1299550515.948226: Authentication with 00:a0:57:17:53:7d timed out. 1299550515.948301: CTRL_IFACE monitor send - hexdump(len=20): 2f 74 6d 70 2f 77 70 61 5f 63 74 72 6c 5f 39 31 39 2d 31 00 1299550515.949238: Added BSSID 00:a0:57:17:53:7d into blacklist 1299550515.949330: No keys have been configured - skip key clearing 1299550515.949366: State: ASSOCIATING -> DISCONNECTED The full log is attached which shows some more events going on. Involved devices: Squeezebox Radio 7.5.3 r9283/AR6K2 with SW63(?) Lancom L-322agn AP running LCOS 8.00UP3/AR9280 with Merlin/2.1[14.21] Configuration details for the 2.4GHz radio of the AP running in 802.11b/g/n mixed mode on channel 13: Ifc WLAN-2 Radio-Band 2.4GHz Radio-Channel 13 108Mbps-Mode No Noise-Level -68 Modem-Load 3 Transmit-Power 15 dBm EIRP 18 dBm Exc.-EIRP No Beacon-Period 100 Regulatory-Domain Undefined PHY-Type HT Supported-Antennas Antenna-1+2 Tx-Chains 2 Rx-Chains 2 WEP-Support Yes(128-Bits) TKIP-Support Yes AES-Support CCM Minimum-Rate 1M Maximum-Rate HT-2-130M Temperature-Range unknown PHY-Variant 0xd0/0xc0 Supported-Bands 2.4GHz/5GHz Supports-40MHz Yes Supports-Short-Preamble Yes Supports-Short-Slot-Time Yes Supports-Short-Guard-Interval 40MHz Supports-Compression No Supported-DFS-Schemes EN302502,EN301893-V1.3,EN301893-V1.5 /etc/wpa_supplicant.conf: ctrl_interface=/var/run/wpa_supplicant update_config=1 network={ ssid="dicp-mobile" scan_ssid=1 psk="01234567890123" proto=RSN key_mgmt=WPA-PSK }
Created attachment 7203 [details] radiotap capture of the failing authentication between baby and ap This pcap dump can be viewed with wireshark and will show the EAPOL key exchange failing as the baby does not answer.
Created attachment 7204 [details] radiotap capture of the successful authentication between boom and ap This pcap dump can be viewed with wireshark and will show the EAPOL key exchange succeeding.
Created attachment 7205 [details] wpa_supplicant debugging output This attachment shows the output of wpa_supplicant manually run on the device as follows: /etc/init.d/wlan stop export WORKAREA=/lib/atheros export EEPROM=${WORKAREA}/calData_ar6102_15dBm.bin /lib/atheros/loadAR6000l.sh /lib/atheros/wmiconfig -eth1 --filter=all /lib/atheros/wmiconfig -eth1 --power maxperf /usr/sbin/wpa_supplicant -Dwext -ieth1 -c/etc/wpa_supplicant.conf -K -d -t 2>&1 | tee /tmp/wpa.log wpa_cli has been used to manually trigger a connection. bss output of wpa_cli: > bss 00:a0:57:17:53:7d bssid=00:a0:57:17:53:7d freq=2472 beacon_int=0 capabilities=0x0011 qual=53 noise=161 level=214 tsf=0000000000000000 ie=000b646963702d6d6f62696c6501016cdd1c0050f20101000050f20202000050f2020050f20401000050f2023c0030180100000fac020200000fac02000fac040100000fac023c00 flags=[WPA-PSK-TKIP+CCMP][WPA2-PSK-TKIP+CCMP] ssid=dicp-mobile >
Created attachment 7225 [details] radiotap capture of the failing authentication between baby and ap with recent firmware Attached is a new radiotap dump of the communication between AP and Squeezebox Radio running with the nightly firmware 7.6.0-r9405. In the text version pasted below you can see the probe as well as the authentication and association requests and responses. This works fine. But then there is never any reply from the squeezebox to the WPA2 handshake and after 3 seconds the AP sends the deauth frame due to an incomplete 4 way handshake. Observing the exchange by opening the attached file with wireshark works much better however. 01:54:12.971446 1.0 Mb/s 2412 MHz 11b -41dB signal antenna 3 [bit 14] Probe Request (dicp-mobile) [1.0* 2.0* 5.5* 6.0 9.0 11.0* 12.0 18.0 Mbit][|802.11] 01:54:12.974000 1.0 Mb/s 2412 MHz 11b -68dB signal antenna 3 [bit 14] Probe Response (dicp-mobile) [1.0* 2.0* 5.5 11.0 Mbit] CH: 1, PRIVACY[|802.11] 01:54:12.975024 1.0 Mb/s 2412 MHz 11b -42dB signal antenna 3 [bit 14] Authentication (Open System)-1: Succesful 01:54:12.976105 1.0 Mb/s 2412 MHz 11b -69dB signal antenna 3 [bit 14] Authentication (Open System)-2: 01:54:12.977706 1.0 Mb/s 2412 MHz 11b -41dB signal antenna 3 [bit 14] Assoc Request (dicp-mobile) [1.0* 2.0* 5.5 6.0 9.0 11.0 12.0 18.0 Mbit][|802.11] 01:54:12.980153 1.0 Mb/s 2412 MHz 11b -69dB signal antenna 3 [bit 14] Assoc Response AID(3) : PRIVACY : Succesful[|802.11] 01:54:12.982012 1.0 Mb/s 2412 MHz 11b -68dB signal antenna 3 [bit 14] CF +QoS EAPOL key (3) v2, len 117 01:54:13.273541 1.0 Mb/s 2412 MHz 11b -69dB signal antenna 3 [bit 14] CF +QoS EAPOL key (3) v2, len 117 01:54:13.333583 1.0 Mb/s 2412 MHz 11b -69dB signal antenna 3 [bit 14] CF +QoS EAPOL key (3) v2, len 117 01:54:13.443563 1.0 Mb/s 2412 MHz 11b -67dB signal antenna 3 [bit 14] CF +QoS EAPOL key (3) v2, len 117 01:54:13.553563 1.0 Mb/s 2412 MHz 11b -67dB signal antenna 3 [bit 14] CF +QoS EAPOL key (3) v2, len 117 01:54:13.663576 1.0 Mb/s 2412 MHz 11b -69dB signal antenna 3 [bit 14] CF +QoS EAPOL key (3) v2, len 117 01:54:13.773559 1.0 Mb/s 2412 MHz 11b -69dB signal antenna 3 [bit 14] CF +QoS EAPOL key (3) v2, len 117 01:54:13.883746 1.0 Mb/s 2412 MHz 11b -68dB signal antenna 3 [bit 14] CF +QoS EAPOL key (3) v2, len 117 01:54:13.993541 1.0 Mb/s 2412 MHz 11b -69dB signal antenna 3 [bit 14] CF +QoS EAPOL key (3) v2, len 117 01:54:14.103567 1.0 Mb/s 2412 MHz 11b -68dB signal antenna 3 [bit 14] CF +QoS EAPOL key (3) v2, len 117 01:54:14.212840 short preamble 2.0 Mb/s 2412 MHz 11b -68dB signal antenna 3 [bit 14] CF +QoS EAPOL key (3) v2, len 117 01:54:14.322867 short preamble 2.0 Mb/s 2412 MHz 11b -68dB signal antenna 3 [bit 14] CF +QoS EAPOL key (3) v2, len 117 01:54:14.432866 short preamble 2.0 Mb/s 2412 MHz 11b -70dB signal antenna 3 [bit 14] CF +QoS EAPOL key (3) v2, len 117 01:54:14.542922 short preamble 2.0 Mb/s 2412 MHz 11b -70dB signal antenna 3 [bit 14] CF +QoS EAPOL key (3) v2, len 117 01:54:14.652881 short preamble 2.0 Mb/s 2412 MHz 11b -67dB signal antenna 3 [bit 14] CF +QoS EAPOL key (3) v2, len 117 01:54:14.762876 short preamble 2.0 Mb/s 2412 MHz 11b -67dB signal antenna 3 [bit 14] CF +QoS EAPOL key (3) v2, len 117 01:54:14.872866 short preamble 2.0 Mb/s 2412 MHz 11b -68dB signal antenna 3 [bit 14] CF +QoS EAPOL key (3) v2, len 117 01:54:14.985384 short preamble 2.0 Mb/s 2412 MHz 11b -68dB signal antenna 3 [bit 14] CF +QoS EAPOL key (3) v2, len 117 01:54:15.092820 short preamble 2.0 Mb/s 2412 MHz 11b -67dB signal antenna 3 [bit 14] CF +QoS EAPOL key (3) v2, len 117 01:54:15.203277 short preamble 2.0 Mb/s 2412 MHz 11b -67dB signal antenna 3 [bit 14] CF +QoS EAPOL key (3) v2, len 117 01:54:15.312845 short preamble 2.0 Mb/s 2412 MHz 11b -69dB signal antenna 3 [bit 14] CF +QoS EAPOL key (3) v2, len 117 01:54:15.423112 1.0 Mb/s 2412 MHz 11b -68dB signal antenna 3 [bit 14] DeAuthentication (00:a0:57:17:54:4b (oui Unknown)): 4-Way Handshake timeout 01:54:15.423600 1.0 Mb/s 2412 MHz 11b -70dB signal antenna 3 [bit 14] DeAuthentication (00:a0:57:17:54:4b (oui Unknown)): 4-Way Handshake timeout 01:54:15.424107 1.0 Mb/s 2412 MHz 11b -68dB signal antenna 3 [bit 14] DeAuthentication (00:a0:57:17:54:4b (oui Unknown)): 4-Way Handshake timeout 01:54:15.424631 1.0 Mb/s 2412 MHz 11b -69dB signal antenna 3 [bit 14] DeAuthentication (00:a0:57:17:54:4b (oui Unknown)): 4-Way Handshake timeout 01:54:15.425131 1.0 Mb/s 2412 MHz 11b -68dB signal antenna 3 [bit 14] DeAuthentication (00:a0:57:17:54:4b (oui Unknown)): 4-Way Handshake timeout 01:54:15.425643 1.0 Mb/s 2412 MHz 11b -68dB signal antenna 3 [bit 14] DeAuthentication (00:a0:57:17:54:4b (oui Unknown)): 4-Way Handshake timeout 01:54:15.426173 1.0 Mb/s 2412 MHz 11b -67dB signal antenna 3 [bit 14] DeAuthentication (00:a0:57:17:54:4b (oui Unknown)): 4-Way Handshake timeout 01:54:15.426678 1.0 Mb/s 2412 MHz 11b -68dB signal antenna 3 [bit 14] DeAuthentication (00:a0:57:17:54:4b (oui Unknown)): 4-Way Handshake timeout 01:54:15.427200 1.0 Mb/s 2412 MHz 11b -68dB signal antenna 3 [bit 14] DeAuthentication (00:a0:57:17:54:4b (oui Unknown)): 4-Way Handshake timeout 01:54:15.427722 1.0 Mb/s 2412 MHz 11b -69dB signal antenna 3 [bit 14] DeAuthentication (00:a0:57:17:54:4b (oui Unknown)): 4-Way Handshake timeout
Created attachment 7233 [details] beacon frame capture Attached is a beacon frame which shows that the AP is running on Channel 1 and the Country Information is correctly set to NL for Netherlands. Despite these changes, the squeezebox radio cannot connect to the AP.