# WPA2 personal AES issue



## zarere (Sep 12, 2011)

Hello UNIX gurus,

I need some help from you. I'm trying to connect my laptop which is using atheros wi-fi card to my router wrt 54gl with Tomato software on it (Version 1.28). I have set up the router to use WPA2 personal encryption with AES shared key. I'm using wpa_supplicant in order to connect to the router. When I issued the command `wpa_supplicant -i interface -c /etc/wpa_supplicant.conf` it displays that I'm connected to the router but I'm not able to ping nothing, neither my default route which is 192.168.1.1 or external addresses. Here is the content of my wpa_supplicant:


```
network={
ssid="mynetwork"
scan_ssid=1
proto=RSN
pairwise=CCMP TKIP
key_mgmt=WPA-PSK
psk="myshared key"
}
```

Here is the content of my rc.conf:


```
moused_enable="YES"
sshd_enable="YES"
wlans_ath0="wlan0"
ifconfig_wlan0="inet 192.168.1.102 netmask 255.255.255.0 ssid zarere"
```

Here is the content of my `ifconfig wlan0 scan`


```
zarere          c0:c1:c0:c3:50:2a    6   54M -68:-96  100 EP   RSN
```

Here is the content of `wpa_supplicant -dd -i interface -c /etc/wpa_supplicant.conf`


```
Initializing interface 'wlan0' conf '/etc/wpa_supplicant.conf' driver 'default' ctrl_interface 'N/A' bridge 'N/A'
Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
Line: 1 - start of a new network block
ssid - hexdump_ascii(len=6):
     7a 61 72 65 72 65                                 zarere          
scan_ssid=1 (0x1)
proto: 0x2
pairwise: 0x18
key_mgmt: 0x2
PSK (ASCII passphrase) - hexdump_ascii(len=14): [REMOVED]
PSK (from passphrase) - hexdump(len=32): [REMOVED]
Priority group 0
   id=0 ssid='zarere'
Initializing interface (2) 'wlan0'
Own MAC address: 00:1c:26:bb:a4:ed
wpa_driver_bsd_set_wpa: enabled=1
wpa_driver_bsd_set_wpa_internal: wpa=3 privacy=1
wpa_driver_bsd_del_key: keyidx=0
wpa_driver_bsd_del_key: keyidx=1
wpa_driver_bsd_del_key: keyidx=2
wpa_driver_bsd_del_key: keyidx=3
wpa_driver_bsd_set_countermeasures: enabled=0
wpa_driver_bsd_set_drop_unencrypted: enabled=1
RSN: flushing PMKID list in the driver
Setting scan request: 0 sec 100000 usec
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
Added interface wlan0
State: DISCONNECTED -> SCANNING
Starting AP scan (specific SSID)
Scan SSID - hexdump_ascii(len=6):
     7a 61 72 65 72 65                                 zarere          
Trying to get current scan results first without requesting a new scan to speed up initial association
Received 0 bytes of scan results (0 BSSes)
Scan results: 0
Cached scan results are empty - not posting
Selecting BSS from priority group 0
Try to find WPA-enabled AP
Try to find non-WPA AP
No suitable AP found.
Setting scan request: 0 sec 0 usec
Starting AP scan (broadcast SSID)
EAPOL: disable timer tick
Received 0 bytes of scan results (12 BSSes)
Scan results: 12
CTRL-EVENT-SCAN-RESULTS 
Selecting BSS from priority group 0
Try to find WPA-enabled AP
0: c0:c1:c0:c3:50:2a ssid='zarere' wpa_ie_len=0 rsn_ie_len=20 caps=0x11
   selected based on RSN IE
   selected WPA AP c0:c1:c0:c3:50:2a ssid='zarere'
Trying to associate with c0:c1:c0:c3:50:2a (SSID='zarere' freq=2437 MHz)
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
wpa_driver_bsd_set_auth_alg alg 0x1 authmode 1
RSN: using IEEE 802.11i/D9.0
WPA: Selected cipher suites: group 16 pairwise 16 key_mgmt 2 proto 2
WPA: clearing AP WPA IE
WPA: set AP RSN IE - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00
WPA: using GTK CCMP
WPA: using PTK CCMP
WPA: using KEY_MGMT WPA-PSK
WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00
No keys have been configured - skip key clearing
wpa_driver_bsd_set_drop_unencrypted: enabled=1
State: SCANNING -> ASSOCIATING
wpa_driver_bsd_associate: ssid 'zarere' wpa ie len 22 pairwise 3 group 3 key mgmt 1
wpa_driver_bsd_associate: set PRIVACY 1
Setting authentication timeout: 10 sec 0 usec
EAPOL: External notification - EAP success=0
EAPOL: External notification - EAP fail=0
EAPOL: External notification - portControl=Auto
RSN: Ignored PMKID candidate without preauth flag
State: ASSOCIATING -> ASSOCIATED
Associated to a new BSS: BSSID=c0:c1:c0:c3:50:2a
No keys have been configured - skip key clearing
Associated with c0:c1:c0:c3:50:2a
WPA: Association event - clear replay counter
WPA: Clear old PTK

WPA: Renewed SNonce - hexdump(len=32): 31 04 06 56 5f 85 3e 02 e1 fd 91 c7 fb 20 de 83 10 52 25 b4 51 d8 01 7b 54 81 60 9a 18 c8 0a 9f

WPA: decrypted EAPOL-Key key data - hexdump(len=48): [REMOVED]
State: 4WAY_HANDSHAKE -> 4WAY_HANDSHAKE
WPA: RX message 3 of 4-Way Handshake from c0:c1:c0:c3:50:2a (ver=2)
WPA: IE KeyData - hexdump(len=48): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00 dd 16 00 0f ac 01 01 00 
18 55 92 5d b9 b9 91 62 95 bb c1 35 bb ee 28 a1 dd 00
WPA: Sending EAPOL-Key 4/4
WPA: TX EAPOL-Key - hexdump(len=99): 01 03 00 5f 02 03 0a 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
 00 00 00 00 00 00 00 00 00 00 00 1a a8 60 20 41 76 33 0b 23 12 9a 72 fc f4 95 c4 00 00
WPA: Installing PTK to the driver.
wpa_driver_bsd_set_key: alg=CCMP addr=c0:c1:c0:c3:50:2a key_idx=0 set_tx=1 seq_len=6 key_len=16
EAPOL: External notification - portValid=1
State: 4WAY_HANDSHAKE -> GROUP_HANDSHAKE
RSN: received GTK in pairwise handshake - hexdump(len=18): [REMOVED]
WPA: Group Key - hexdump(len=16): [REMOVED]
WPA: Installing GTK to the driver (keyidx=1 tx=0 len=16).
WPA: RSC - hexdump(len=6): 0f 01 00 00 00 00
wpa_driver_bsd_set_key: alg=CCMP addr=ff:ff:ff:ff:ff:ff key_idx=1 set_tx=0 seq_len=6 key_len=16
WPA: Key negotiation completed with c0:c1:c0:c3:50:2a [PTK=CCMP GTK=CCMP]
Cancelling authentication timeout
State: GROUP_HANDSHAKE -> COMPLETED
CTRL-EVENT-CONNECTED - Connection to c0:c1:c0:c3:50:2a completed (auth) [id=0 id_str=]
EAPOL: External notification - portValid=1
EAPOL: External notification - EAP success=1
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state SUCCESS
EAP: EAP entering state DISABLED
EAPOL: SUPP_PAE entering state AUTHENTICATED
EAPOL: SUPP_BE entering state IDLE
EAPOL authentication completed successfully
EAPOL: startWhen --> 0
EAPOL: disable timer tick
CTRL-EVENT-TERMINATING - signal 2 received
Removing interface wlan0
State: COMPLETED -> DISCONNECTED
wpa_driver_bsd_deauthenticate
wpa_driver_bsd_del_key: keyidx=0
wpa_driver_bsd_del_key: keyidx=1
wpa_driver_bsd_del_key: keyidx=2
wpa_driver_bsd_del_key: keyidx=3
wpa_driver_bsd_del_key: addr=c0:c1:c0:c3:50:2a keyidx=0
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAPOL: External notification - portValid=0
wpa_driver_bsd_set_wpa: enabled=0
wpa_driver_bsd_set_wpa_internal: wpa=0 privacy=0
Failed to disable WPA in the driver.
wpa_driver_bsd_set_drop_unencrypted: enabled=0
wpa_driver_bsd_set_countermeasures: enabled=0
No keys have been configured - skip key clearing
Cancelling scan request
Cancelling authentication timeout
wpa_driver_bsd_set_wpa_internal: wpa=3 privacy=0
ELOOP: remaining socket: sock=4 eloop_data=0x800e0b1c0 user_data=0x800e070f0 handler=0x421840
```

Here is the content of my loader.conf:


```
if_ath_load="YES"
wlan_wep_load="YES"
wlan_tkip_load="YES"
wlan_ccmp_load="YES"
```

and finally the output of [cmd=]ifconfig wlan0[/cmd] after the assassination from my laptop with the router



```
wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	ether 00:1c:26:bb:a4:ed
	inet 192.168.1.102 netmask 0xffffff00 broadcast 192.168.1.255
	media: IEEE 802.11 Wireless Ethernet OFDM/54Mbps mode 11g
	status: associated
	ssid zarere channel 6 (2437 MHz 11g) bssid c0:c1:c0:c3:50:2a
	regdomain 101 indoor ecm authmode WPA2/802.11i privacy ON
	deftxkey UNDEF AES-CCM 2:128-bit txpower 20 bmiss 7 scanvalid 450
	bgscan bgscanintvl 300 bgscanidle 250 roam:rssi 7 roam:rate 5
	protmode CTS wme burst roaming MANUAL
```

The arp look like this after authentication from the laptop with the router:

```
? (192.168.1.1) at (incomplete) on wlan0 expires in 9 seconds [ethernet]
```

My OS is :                    FreeBSD 8.2 amd64
router is :                   wrt 54gl
software on router :          tomato version 1.28
encryption on the router is : WPA2 personal with AES shared key
wi-fi card on laptop is:      Atheros Communications Inc. AR5001 Wireless Network Adapter

Any help is appreciated.


----------



## zarere (Sep 12, 2011)

Forgot to mention that i have the my /etc/resolv.conf looking like this:


```
nameserver ip_of the _server
nameserver ip_of_the_server
```

And I add my default route as it is said in the Handbook :

`route add default 192.168.1.1` (in my case)


----------



## wblock@ (Sep 12, 2011)

```
scan_ssid=1
```

Unless you have a "hidden" SSID, remove that.  If you do have a "hidden" SSID, do some searching on how useful "hiding" the SSID really is.

Rather than a static config of wlan0, try SYNCDHCP.


----------



## zarere (Sep 12, 2011)

Hello wblock,

it seems that this SYNCDHCP do the trick and now everything is working fine for me,thanks a ton mate.


----------



## zarere (Sep 12, 2011)

BTW i readed about SSID  hiding and as you said there is no point in using it as far as i can see from security perspective.



			
				wblock said:
			
		

> ```
> scan_ssid=1
> ```
> 
> ...


----------

