From nobody Wed Jun 28 16:54:24 2023 X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Qrnkm6rRRz4kswt for ; Wed, 28 Jun 2023 16:55:12 +0000 (UTC) (envelope-from mail@nsood.in) Received: from wout3-smtp.messagingengine.com (wout3-smtp.messagingengine.com [64.147.123.19]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4Qrnkm2tPFz3NFH for ; Wed, 28 Jun 2023 16:55:12 +0000 (UTC) (envelope-from mail@nsood.in) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=nsood.in header.s=fm1 header.b=k1xL1KpN; dkim=pass header.d=messagingengine.com header.s=fm2 header.b=gCfwQ53L; spf=pass (mx1.freebsd.org: domain of mail@nsood.in designates 64.147.123.19 as permitted sender) smtp.mailfrom=mail@nsood.in; dmarc=pass (policy=quarantine) header.from=nsood.in Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by mailout.west.internal (Postfix) with ESMTP id 5C5E73200258 for ; Wed, 28 Jun 2023 12:55:11 -0400 (EDT) Received: from imap51 ([10.202.2.101]) by compute1.internal (MEProxy); Wed, 28 Jun 2023 12:55:11 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nsood.in; h=cc :content-type:content-type:date:date:from:from:in-reply-to :message-id:mime-version:reply-to:sender:subject:subject:to:to; s=fm1; t=1687971310; x=1688057710; bh=PRBnAjbq9GlPqySpoBeOf59sJ 3dQl3pRacT6yE/i7+s=; b=k1xL1KpNHwif0/NaPqpe4rwx3YPNY7pehEVVHPiOF Vxdlu6UhozsBZU7LD7U9E97Cs9I3qQWH+5UCcvQ1DwHFpeIVFlGD7mOIPTUAaoBt FWBGkN+tnziGb7zKw7zl+RCaGNYd1cyHssNznlLxJb/b+UHruXotvvnkYPdXsz3f UVTxEnJ1GojXLe44Q1/hF+kwAAZ6Y03xH7Hk5BJ6Uh6EzbyjKzvohLorSCgsQpL0 fkrP53G6a6/96zSLlo7KK3U/bbpKlShHT+6y2XfmZL8C+iRdiTK/QX5ARGYV9Nnl OLr3mQxTlq7MwYcWcVFIrWmsO1H+AqqYJ5za+kFemT8Ow== DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:message-id :mime-version:reply-to:sender:subject:subject:to:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; t= 1687971310; x=1688057710; bh=PRBnAjbq9GlPqySpoBeOf59sJ3dQl3pRacT 6yE/i7+s=; b=gCfwQ53LJYSQE1mAlqpJrfU6p9X+wJFuOPsuFHZISSSoTcv+ZHI vP/m1wjvdH3cNb+xDrIO/ATl5U4JemnL7us2hgIuxhkCZhVBAx9s+3evtqSuP38t c6CJkXBikLKoMTHM/NTjzMchY7dlhRzXH6CH8nzwbEvoy1kUjiYVZMKSeoTQJd63 BROBbapHi0emgfr5sPsXbKjMRqkecV5WbYrnRUrKmGL6PRb6ps/JmyF55mdzag0f EnPnWdhTujj2ETiRY+GseLEr77XsfQa/0XLanQLGvOVFj871COy59bP4/QPFSMaM 6FMuiOM098uHE8J4Sk6KTmD8d3A2QE1vx4g== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedviedrtddvgddutdehucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefofgggkfffhffvufgtsehttdertd erredtnecuhfhrohhmpedfpfgrmhgrnhcuufhoohgufdcuoehmrghilhesnhhsohhougdr ihhnqeenucggtffrrghtthgvrhhnpedvueeivddvueeuuefgueehieegjedvkefhteevff evfeejjeettdeggfdutedthfenucffohhmrghinhepuhifrghtvghrlhhoohdrtggrnecu vehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepmhgrihhlse hnshhoohgurdhinh X-ME-Proxy: Feedback-ID: ic6014606:Fastmail Received: by mailuser.nyi.internal (Postfix, from userid 501) id BEFBCB60086; Wed, 28 Jun 2023 12:55:10 -0400 (EDT) X-Mailer: MessagingEngine.com Webmail Interface User-Agent: Cyrus-JMAP/3.9.0-alpha0-499-gf27bbf33e2-fm-20230619.001-gf27bbf33 List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@freebsd.org Mime-Version: 1.0 Message-Id: <3757e302-5eca-4174-b459-81737c0fe8de@app.fastmail.com> Date: Wed, 28 Jun 2023 12:54:24 -0400 From: "Naman Sood" To: freebsd-current@freebsd.org Subject: dhclient unable to negotiate on WPA2-Enterprise network (eduroam) Content-Type: text/plain X-Spamd-Result: default: False [-4.25 / 15.00]; DWL_DNSWL_LOW(-1.00)[messagingengine.com:dkim]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-0.97)[-0.974]; DMARC_POLICY_ALLOW(-0.50)[nsood.in,quarantine]; MV_CASE(0.50)[]; RWL_MAILSPIKE_EXCELLENT(-0.40)[64.147.123.19:from]; NEURAL_HAM_SHORT(-0.29)[-0.291]; R_SPF_ALLOW(-0.20)[+ip4:64.147.123.19:c]; R_DKIM_ALLOW(-0.20)[nsood.in:s=fm1,messagingengine.com:s=fm2]; RCVD_IN_DNSWL_LOW(-0.10)[64.147.123.19:from]; MIME_GOOD(-0.10)[text/plain]; XM_UA_NO_VERSION(0.01)[]; MLMMJ_DEST(0.00)[freebsd-current@freebsd.org]; PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; RCVD_TLS_LAST(0.00)[]; MIME_TRACE(0.00)[0:+]; TO_DN_NONE(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; DKIM_TRACE(0.00)[nsood.in:+,messagingengine.com:+]; ASN(0.00)[asn:29838, ipnet:64.147.123.0/24, country:US]; RCVD_COUNT_THREE(0.00)[4]; ARC_NA(0.00)[] X-Rspamd-Queue-Id: 4Qrnkm2tPFz3NFH X-Spamd-Bar: ---- X-ThisMailContainsUnwantedMimeParts: N Hi, After doing a system update to the newest CURRENT, dhclient is not able to obtain an IP address for itself over an eduroam WPA2-Enterprise PEAP network. Connecting to open and WPA2-Personal networks works fine. I'm using the rtwn network driver. Here's some relevant bits from all.log (I got this by killing dhclient, restarting netif, then running dhclient again manually on wlan0): Jun 28 12:32:52 neon sudo[3656]: nsood : TTY=pts/1 ; PWD=/usr/home/nsood ; USER=root ; ENV=PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/home/nsood/binCOMMAND=/usr/bin/env dhclient wlan0 Jun 28 12:32:52 neon dhclient[3660]: DHCPREQUEST on wlan0 to 255.255.255.255 port 67 Jun 28 12:32:52 neon dhclient[3660]: send_packet: No buffer space available Jun 28 12:32:52 neon kernel: Jun 28 12:32:52 neon dhclient[3660]: send_packet: No buffer space available Jun 28 12:32:59 neon dhclient[3660]: DHCPREQUEST on wlan0 to 255.255.255.255 port 67 Jun 28 12:32:59 neon dhclient[3660]: send_packet: No buffer space available Jun 28 12:33:00 neon /usr/sbin/cron[3665]: (operator) CMD (/usr/libexec/save-entropy) Jun 28 12:33:13 neon dhclient[3660]: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 3 Jun 28 12:33:13 neon dhclient[3660]: send_packet: No buffer space available Jun 28 12:33:16 neon dhclient[3660]: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 6 Jun 28 12:33:16 neon dhclient[3660]: send_packet: No buffer space available Jun 28 12:33:22 neon dhclient[3660]: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 14 Jun 28 12:33:22 neon dhclient[3660]: send_packet: No buffer space available Jun 28 12:33:36 neon dhclient[3660]: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 21 Jun 28 12:33:36 neon dhclient[3660]: send_packet: No buffer space available Jun 28 12:33:36 neon kernel: Jun 28 12:33:36 neon syslogd: last message repeated 5 times Jun 28 12:33:39 neon wpa_supplicant[3494]: wlan0: CTRL-EVENT-EAP-FAILURE EAP authentication failed Jun 28 12:33:41 neon wpa_supplicant[3494]: wlan0: Authentication with 84:f1:47:d6:48:20 timed out. Jun 28 12:33:41 neon wpa_supplicant[3494]: wlan0: CTRL-EVENT-DISCONNECTED bssid=84:f1:47:d6:48:20 reason=3 locally_generated=1 Jun 28 12:33:41 neon wpa_supplicant[3494]: wlan0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="eduroam" auth_failures=1 duration=10 reason=AUTH_FAILED Jun 28 12:33:41 neon wpa_supplicant[3494]: BSSID 84:f1:47:d6:48:20 ignore list count incremented to 2, ignoring for 10 seconds Jun 28 12:33:41 neon wpa_supplicant[3494]: wlan0: CTRL-EVENT-DSCP-POLICY clear_all Jun 28 12:33:41 neon kernel: wlan0: link state changed to DOWN Jun 28 12:33:41 neon dhclient[3660]: wlan0 link state up -> down After this wlan0 came back up and successfully negotiated an IP from a lower-priority WPA2-Personal network. I also saw this a bit further up in all.log when it tried to connect to eduroam automatically: Jun 28 12:44:24 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-SSID-REENABLED id=0 ssid="eduroam" Jun 28 12:44:24 neon wpa_supplicant[1517]: wlan0: Trying to associate with 84:f1:47:d6:48:20 (SSID='eduroam' freq=2437 MHz) Jun 28 12:44:25 neon kernel: wlan0: link state changed to UP Jun 28 12:44:25 neon dhclient[1951]: wlan0 link state down -> up Jun 28 12:44:25 neon dhclient[1951]: DHCPREQUEST on wlan0 to 255.255.255.255 port 67 Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: Associated with 84:f1:47:d6:48:20 Jun 28 12:44:25 neon dhclient[1951]: send_packet: No buffer space available Jun 28 12:44:25 neon kernel: Jun 28 12:44:25 neon dhclient[1951]: send_packet: No buffer space available Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25 Jun 28 12:44:25 neon wpa_supplicant[1517]: tls_connection_set_params: Clearing pending SSL error: error:12800067:DSO support routines::could not load the shared library Jun 28 12:44:25 neon wpa_supplicant[1517]: tls_connection_set_params: Clearing pending SSL error: error:07880025:common libcrypto routines::reason(524325) Jun 28 12:44:25 neon wpa_supplicant[1517]: tls_connection_set_params: Clearing pending SSL error: error:0308010C:digital envelope routines::unsupported Jun 28 12:44:25 neon wpa_supplicant[1517]: tls_connection_set_params: Clearing pending SSL error: error:03000086:digital envelope routines::initialization error Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-CERT depth=2 subject='/OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign' hash=[redacted] Jun 28 12:44:25 neon syslogd: last message repeated 1 times Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=BE/O=GlobalSign nv-sa/CN=GlobalSign RSA OV SSL CA 2018' hash=[redacted] Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=CA/ST=Ontario/L=Waterloo/O=University of Waterloo/CN=eduroam.uwaterloo.ca' hash=[redacted] Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:eduroam.uwaterloo.ca Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:cn-aaa.uwaterloo.ca Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:ns-aaa.uwaterloo.ca Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:auth-x.uwaterloo.ca Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:guest.wifi.uwaterloo.ca Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:ns-ise-psn-a.private.uwaterloo.ca Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:ns-ise-psn-b.private.uwaterloo.ca Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:ns-ise-psn-c.private.uwaterloo.ca Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:ns-ise-psn-d.private.uwaterloo.ca Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:ns-ise-psn-e.private.uwaterloo.ca Jun 28 12:44:25 neon wpa_supplicant[1517]: OpenSSL: EVP_DigestInit_ex failed: error:12800067:DSO support routines::could not load the shared library Jun 28 12:44:25 neon kernel: Jun 28 12:44:25 neon wpa_supplicant[1517]: OpenSSL: EVP_DigestInit_ex failed: error:12800067:DSO support routines::could not load the shared library Jun 28 12:44:25 neon wpa_supplicant[1517]: EAP-MSCHAPV2: Failed to derive response This makes me think the change might be related to the recent OpenSSL migration? Either way, things seem to be broken at the moment and a solution would be appreciated. Thanks, Naman. (they/them)