Fragmented EAP ACK problem on -current
Olivier Cochard-Labbé
olivier at cochard.me
Mon Jan 19 17:18:38 UTC 2015
Hi,
I'm using FreeBSD 11.0-CURRENT r277315 and meet a problem with my FreeBSD
Access Point.
I'm using WPA2-Enterprise (EAP-TLS) authentication with hostapd.
The problem:
During EAP-TLS authentication, the Authenticator (FreeBSD/hostapd)
correctly send a EAP fragmented "Server Hello, Certificate, Certificate
Request" message to the supplicant.
The supplicant (MS Windows native client) correctly ACK each of theses
fragmented EAP packets with an empty EAP-TLS packet.
Once the supplicant re-assemble the full EAP Certificate request from the
Authenticator, it send a response (EAP fragmented too).
But FreeBSD/hostapd never ACK the first fragmented packet received from the
supplicant
=> Then the authentication phase time out.
I've tried with 3 different wireless card as hostap:
- Atheros 9280 (ath)
- Atheros AR2425 (ath)
- Ralink RT2573 (rum)
And all these have the same problem.
Does anyone is using an EAP-TLS setup with hostapd successfully on -current
?
More information about the freebsd-wireless
mailing list