# FreeBSD AP WPA Issue



## Toli (Jul 29, 2010)

Hi Mates,
For a long time I have s strange problem with my access point. It's based on freebsd of course and at the moment 8.1-release. 
The AP works fine with WEP but when I try to switch to WPA and hostapd it works stable for a small period of time, for example 1 day. I can connect disconnect and I have a traffic but on the next day I can connect but cannot obtain dhcp addresses. My only solution is to restart hostapd and isc-dhcp31-server-3.1.3_1.

I am thinking I am wrong somewhere in my configs....
Please help. I do not want to switch back to WEP.....

So my information about the system:

```
[toli@office.***.com]:/home/toli>uname -a
FreeBSD office.***.com 8.1-RELEASE FreeBSD 8.1-RELEASE #0: Mon Jul 19 02:55:53 UTC 2010     [email]root@almeida.cse.buffalo.edu[/email]:/usr/obj/usr/src/sys/GENERIC  i386
```

my wireless card is Ralink:

```
[toli@office.***.com]:/home/toli>ifconfig (partial)
ral0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 2290
        ether 00:1f:1f:51:1f:46
        media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
        status: running
wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 00:1f:1f:51:1f:46
        inet 172.16.11.1 netmask 0xffffff00 broadcast 172.16.11.255
        media: IEEE 802.11 Wireless Ethernet autoselect mode 11g <hostap>
        status: running
        ssid wfap channel 11 (2462 MHz 11g) bssid 00:1f:1f:51:1f:46
        country US authmode WPA privacy MIXED deftxkey 3 TKIP 2:128-bit
        TKIP 3:128-bit txpower 0 scanvalid 60 protmode CTS dtimperiod 1 -dfs
```


```
[toli@office.***.com]:/home/toli>kldstat
Id Refs Address    Size     Name
 1    8 0xc0400000 bb5504   kernel
 2    1 0xc39c1000 3000     pflog.ko
 3    1 0xc39c5000 35000    pf.ko
 4    1 0xc3b7d000 2000     wlan_xauth.ko
```


```
[toli@office.***.com]:/home/toli>cat /etc/hostapd.conf
interface=wlan0
hw_mode=g
macaddr_acl=0
auth_algs=1
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=wfap
wpa=1
wpa_passphrase=my_super_secret_pass
wpa_key_mgmt=WPA-PSK
wpa_pairwise=CCMP TKIP
```


```
[toli@office.***.com]:/home/toli>cat /usr/local/etc/dhcpd.conf
option domain-name "office.***.com";
option domain-name-servers 172.16.11.1;
default-lease-time 63072000;
max-lease-time 63072000;
authoritative;
ddns-update-style none;
log-facility local7;
subnet 172.16.11.0 netmask 255.255.255.0 {
 range 172.16.11.2 172.16.11.254;
 option routers 172.16.11.1;
}
```


```
[toli@office.***.com]:/home/toli>cat /etc/rc.conf
gateway_enable="YES"
hostname="office.***.com"
ifconfig_fxp0="inet 95.XXX.XXX.151  netmask 255.255.255.192"

wlans_ral0="wlan0"
create_args_wlan0="wlanmode hostap mode 11g"
ifconfig_wlan0="inet 172.16.11.1 netmask 0xffffff00"

defaultrouter="95.XXX.XXX.129"

pf_enable="YES"
pf_rules="/etc/pf.squid"
pflog_enable="YES"

sshd_enable="YES"
named_enable="YES"
named_wait="NO"
named_auto_forward="NO"
named_auto_forward_only="NO"
dhcpd_enable="YES"
dhcpd_ifaces="wlan0"
hostapd_enable="YES"
inetd_enable=YES
squid_enable=YES
```


And at least i do not think it is a hardware problem. The adapter works fine with WEP and now with WPA I can connect but could not obtain dhcp adresses.

Thanks in advance.


----------



## Toli (Aug 2, 2010)

I tested the issue today again. It appears every next day. I restarted dhcpd but this did not fix the situation. The AP start working fine after I restarted hostapd. 
So there may be something wrong with it.
Can I turn on debug logging for it ? How?


----------



## Toli (Aug 2, 2010)

For every hostapd restart in dmesg there is a line with "ifa_add_loopback_route: insertion failed" ...


----------



## Toli (Aug 2, 2010)

I've turned on hostapd debug messages:

```
logger_syslog=-1
logger_syslog_level=0
logger_stdout=-1
logger_stdout_level=0
debug=3
```

and will wait to see the issue again.
Btw I observe the problem on 2 APs with ralink card.


----------



## bschmidt (Aug 2, 2010)

Do you run 8.1-RELEASE on both sides, hostapd and wpa_supplicant?

That issue sounds pretty familiar, try playing with the wpa_group_rekey and wpa_gmk_rekey intervals. If I'm not too wrong, those default to 1 day.


----------



## Toli (Aug 3, 2010)

AP is running with 8.1-RELEASE, but on client's side there could be any wireless enabled device. Currently I am testing with a laptop with installed vista and nokia n800 that have maemo linux (it seems to be a debian fork).


----------



## bschmidt (Aug 3, 2010)

Ok, as said try playing with wpa_group_rekey and wpa_gmk_rekey. Sometimes it also make a difference when wpa_pairwise is set to only one cipher, either CCMP or TKIP. There are supplicants out there which do get confused if a hostapd announces both.


----------



## Toli (Aug 6, 2010)

*It seems the issue is fixed*

I removed TKIP from wpa_pairwise and add wpa_gmk_rekey=600.
Now it looks like the follow. And it works .
Thanks


```
driver=bsd
logger_syslog=-1
logger_syslog_level=0
logger_stdout=-1
logger_stdout_level=0
debug=3                                                                                    
dump_file=/tmp/hostapd.dump
interface=wlan0
hw_mode=g      
macaddr_acl=0           
auth_algs=1         
ctrl_interface=/var/run/hostapd
ctrl_interface_group=wheel
ssid=wfap
wpa=1   
wpa_passphrase=mySuperSecretPass
wpa_key_mgmt=WPA-PSK                  
wpa_pairwise=CCMP
wpa_gmk_rekey=600
```


----------



## frankpeng (Aug 8, 2010)

What is your Ralink card? I am looking for such a card for several days and I cannot find it.


----------



## Toli (Aug 11, 2010)

Edimax EW-7128g IEEE 802.11g/b Wireless Adapter
http://www.edimax.com/en/produce_detail.php?pd_id=1&pl1_id=1&pl2_id=44


```
ral0@pci0:5:9:0:        class=0x028000 card=0x71281432 chip=0x03011814 rev=0x00 hdr=0x00
    vendor     = 'Ralink Technology, Corp.'
    device     = 'Edimax 54 MBit WLan 802.11g rt 2500 (b8341462)'
    class      = network
```


----------

