New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Issue] SSID is visible but cannot join in #12

Open
WendySanarwanto opened this Issue Apr 24, 2017 · 1 comment

Comments

Projects
None yet
1 participant
@WendySanarwanto

WendySanarwanto commented Apr 24, 2017

Synopsis:

When hostapd is configured with WPA-PSK enabled, Passphrase is set and then started, the AP SSID is visible from other devices (e.g.iPhone, macbook, PC). However, when joined the AP SSID, it kept challenging us to enter passphrase, despite we have entered correct passphrase.

When we disable WPA-PSK within /etc/hostapd/hostapd.conf file then re-started hostapd, our devices could join in the network without entering passphrase and all it's good. However, it's not desired since everyone could join in the network which could abuse our AP.

Replication steps:

  1. Ensure that DHCP server has been configured & started properly against the wlan0 interface.
  2. Configure hostapd.conf file as follow (enabled wpa-psk):
#ctrl_interface=/var/run/hostapd
#ctrl_interface_group=0
macaddr_acl=0
auth_algs=3
ignore_broadcast_ssid=0

# 802.11n related stuff
ieee80211n=1
noscan=1
ht_capab=[HT40+][SHORT-GI-20][SHORT-GI-40]

#WPA2 settings
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
#wpa_pairwise=CCMP
rsn_pairwise=CCMP

# CHANGE THE PASSPHRASE
wpa_passphrase=12341234

# Most modern wireless drivers in the kernel need driver=nl80211
#driver=nl80211
driver=rtl871xdrv
max_num_sta=8
beacon_int=100
wme_enabled=1
#wpa_group_rekey=86400
device_name=RTL8192CU
manufacturer=Realtek

# set proper interface
interface=wlan0
#bridge=lanbr0
hw_mode=g
# best channels are 1 6 11 14 (scan networks first to find which slot is free)
channel=1
# this is the network name
ssid=Tornberry
  1. Run sudo /usr/sbin/hostapd -dd /etc/hostapd/hostapd.conf command to start the hostapd. Below are the displayed log messages:
random: Trying to read entropy from /dev/random
Configuration file: /etc/hostapd/hostapd.conf
drv->ifindex=3
l2_sock_recv==l2_sock_xmit=0x0x152e6c0
BSS count 1, BSSID mask 00:00:00:00:00:00 (0 bits)
Allowed channel: mode=1 chan=1 freq=2412 MHz max_tx_power=0 dBm
Allowed channel: mode=1 chan=2 freq=2417 MHz max_tx_power=0 dBm
Allowed channel: mode=1 chan=3 freq=2422 MHz max_tx_power=0 dBm
Allowed channel: mode=1 chan=4 freq=2427 MHz max_tx_power=0 dBm
Allowed channel: mode=1 chan=5 freq=2432 MHz max_tx_power=0 dBm
Allowed channel: mode=1 chan=6 freq=2437 MHz max_tx_power=0 dBm
Allowed channel: mode=1 chan=7 freq=2442 MHz max_tx_power=0 dBm
Allowed channel: mode=1 chan=8 freq=2447 MHz max_tx_power=0 dBm
Allowed channel: mode=1 chan=9 freq=2452 MHz max_tx_power=0 dBm
Allowed channel: mode=1 chan=10 freq=2457 MHz max_tx_power=0 dBm
Allowed channel: mode=1 chan=11 freq=2462 MHz max_tx_power=0 dBm
Allowed channel: mode=1 chan=12 freq=2467 MHz max_tx_power=0 dBm
Allowed channel: mode=1 chan=13 freq=2472 MHz max_tx_power=0 dBm
Allowed channel: mode=0 chan=1 freq=2412 MHz max_tx_power=0 dBm
Allowed channel: mode=0 chan=2 freq=2417 MHz max_tx_power=0 dBm
Allowed channel: mode=0 chan=3 freq=2422 MHz max_tx_power=0 dBm
Allowed channel: mode=0 chan=4 freq=2427 MHz max_tx_power=0 dBm
Allowed channel: mode=0 chan=5 freq=2432 MHz max_tx_power=0 dBm
Allowed channel: mode=0 chan=6 freq=2437 MHz max_tx_power=0 dBm
Allowed channel: mode=0 chan=7 freq=2442 MHz max_tx_power=0 dBm
Allowed channel: mode=0 chan=8 freq=2447 MHz max_tx_power=0 dBm
Allowed channel: mode=0 chan=9 freq=2452 MHz max_tx_power=0 dBm
Allowed channel: mode=0 chan=10 freq=2457 MHz max_tx_power=0 dBm
Allowed channel: mode=0 chan=11 freq=2462 MHz max_tx_power=0 dBm
Allowed channel: mode=2 chan=36 freq=5180 MHz max_tx_power=0 dBm
Allowed channel: mode=2 chan=40 freq=5200 MHz max_tx_power=0 dBm
Allowed channel: mode=2 chan=44 freq=5220 MHz max_tx_power=0 dBm
Allowed channel: mode=2 chan=48 freq=5240 MHz max_tx_power=0 dBm
Allowed channel: mode=2 chan=52 freq=5260 MHz max_tx_power=0 dBm
Allowed channel: mode=2 chan=56 freq=5280 MHz max_tx_power=0 dBm
Allowed channel: mode=2 chan=60 freq=5300 MHz max_tx_power=0 dBm
Allowed channel: mode=2 chan=64 freq=5320 MHz max_tx_power=0 dBm
Allowed channel: mode=2 chan=100 freq=5500 MHz max_tx_power=0 dBm
Allowed channel: mode=2 chan=104 freq=5520 MHz max_tx_power=0 dBm
Allowed channel: mode=2 chan=108 freq=5540 MHz max_tx_power=0 dBm
Allowed channel: mode=2 chan=112 freq=5560 MHz max_tx_power=0 dBm
Allowed channel: mode=2 chan=116 freq=5580 MHz max_tx_power=0 dBm
Allowed channel: mode=2 chan=120 freq=5600 MHz max_tx_power=0 dBm
Allowed channel: mode=2 chan=124 freq=5620 MHz max_tx_power=0 dBm
Allowed channel: mode=2 chan=128 freq=5640 MHz max_tx_power=0 dBm
Allowed channel: mode=2 chan=132 freq=5660 MHz max_tx_power=0 dBm
Allowed channel: mode=2 chan=136 freq=5680 MHz max_tx_power=0 dBm
Allowed channel: mode=2 chan=140 freq=5700 MHz max_tx_power=0 dBm
Allowed channel: mode=2 chan=149 freq=5745 MHz max_tx_power=0 dBm
Allowed channel: mode=2 chan=153 freq=5765 MHz max_tx_power=0 dBm
Allowed channel: mode=2 chan=157 freq=5785 MHz max_tx_power=0 dBm
Allowed channel: mode=2 chan=161 freq=5805 MHz max_tx_power=0 dBm
Allowed channel: mode=2 chan=165 freq=5825 MHz max_tx_power=0 dBm
HT40: control channel: 1  secondary channel: 5
Completing interface initialization
Mode: IEEE 802.11g  Channel: 1  Frequency: 2412 MHz
DFS 0 channels required radar detection
RATE[0] rate=10 flags=0x1
RATE[1] rate=20 flags=0x1
RATE[2] rate=55 flags=0x1
RATE[3] rate=110 flags=0x1
RATE[4] rate=60 flags=0x0
RATE[5] rate=90 flags=0x0
RATE[6] rate=120 flags=0x0
RATE[7] rate=180 flags=0x0
RATE[8] rate=240 flags=0x0
RATE[9] rate=360 flags=0x0
RATE[10] rate=480 flags=0x0
RATE[11] rate=540 flags=0x0
hostapd_setup_bss(hapd=0x152ed60 (wlan0), first=1)
wlan0: Flushing old station entries
wlan0: Deauthenticate all stations
+rtl871x_sta_deauth_ops, ff:ff:ff:ff:ff:ff is deauth, reason=2
rtl871x_set_key_ops
rtl871x_set_key_ops
rtl871x_set_key_ops
rtl871x_set_key_ops
Using interface wlan0 with hwaddr e8:4e:06:25:d4:88 and ssid "Tornberry"
Deriving WPA PSK based on passphrase
SSID - hexdump_ascii(len=9):
     54 6f 72 6e 62 65 72 72 79                        Tornberry       
PSK (ASCII passphrase) - hexdump_ascii(len=8): [REMOVED]
PSK (from passphrase) - hexdump(len=32): [REMOVED]
rtl871x_set_wps_assoc_resp_ie
rtl871x_set_wps_beacon_ie
rtl871x_set_wps_probe_resp_ie
random: Got 20/20 bytes from /dev/random
Get randomness: len=32 entropy=0
GMK - hexdump(len=32): [REMOVED]
Get randomness: len=32 entropy=0
Key Counter - hexdump(len=32): [REMOVED]
WPA: Delay group state machine start until Beacon frames have been configured
rtl871x_set_beacon_ops
rtl871x_set_hidden_ssid_ops
ioctl[RTL_IOCTL_HOSTAPD]: Invalid argument
WPA: Start group state machine to set initial keys
WPA: group state machine entering state GTK_INIT (VLAN-ID 0)
Get randomness: len=16 entropy=0
GTK - hexdump(len=32): [REMOVED]
WPA: group state machine entering state SETKEYSDONE (VLAN-ID 0)
rtl871x_set_key_ops
wlan0: interface state UNINITIALIZED->ENABLED
wlan0: AP-ENABLED 
wlan0: Setup of interface done.
ctrl_iface not configured!
  1. Turn on the WiFi of any devices such as mobile phones, PCs, or laptops. Confirm that the AP SSID appears on the device's wireless networks screen.
  2. Join the AP SSID , enter correct passphrase and confirm that the screen returns Incorrect Passphrase despite we have entered correct passphrase.
  3. Turn off hostapd, edit the /etc/hostapd/hostapd.conf file and comment lines related to WPA-PSK feature to disable this. Re-started hostapd.
  4. Back to any devices (e.g. phone). re-join the AP SSID/ Confirm that the device could join the AP without entering passphrase.

System Environments:

  1. Machine which runs hostapd: Raspberry Pi 2 model B+
  2. OS: Raspbian Pixel 2017
  3. Kernel version: 4.4.50-v7+
  4. Wireless adapter: Edimax , Realtek Semiconductor Corp. RTL8188CUS 802.11n WLAN Adapter.
  5. DHCPD version: 4.3.1, 2004-2014
  6. Content of /etc/network/interfaces:
auto lo
iface lo inet loopback
iface eth0 inet dhcp
allow-hotplug wlan0
iface wlan0 inet static
  address 172.24.1.1
  netmask 255.255.255.0
  1. Content of /etc/dhcp/dhcpd.conf:
ddns-update-style none;
default-lease-time 600;
max-lease-time 7200;
authoritative;
log-facility local7;
subnet 172.24.1.0 netmask 255.255.255.0 {
	range 172.24.1.10 172.24.1.50;
	option broadcast-address 172.24.1.255;
	option routers 172.24.1.1;
	default-lease-time 600;
	max-lease-time 7200;
	option domain-name "local";
	option domain-name-servers 8.8.8.8, 8.8.4.4;
}
  1. Content of /etc/dhcp/dhclient.conf:
option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
send host-name = gethostname();
request subnet-mask, broadcast-address, time-offset, routers,
	domain-name, domain-name-servers, domain-search, host-name,
	dhcp6.name-servers, dhcp6.domain-search,
	netbios-name-servers, netbios-scope, interface-mtu,
	rfc3442-classless-static-routes, ntp-servers;
  1. Content of /etc/dhcpcd.conf:
hostname
clientid
persistent
option rapid_commit
option domain_name_servers, domain_name, domain_search, host_name
option classless_static_routes
option ntp_servers
require dhcp_server_identifier
slaac private
nohook lookup-hostname
  1. Content of /etc/iptables/rules.v4:
# Generated by iptables-save v1.4.21 on Mon Apr 24 00:15:13 2017
*filter
:INPUT ACCEPT [79:5524]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [82:6760]
-A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -j ACCEPT
-A FORWARD -i eth0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0 -o eth0 -j ACCEPT
-A FORWARD -i ppp0 -o wlan0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i wlan0 -o ppp0 -j ACCEPT
COMMIT
# Completed on Mon Apr 24 00:15:13 2017
# Generated by iptables-save v1.4.21 on Mon Apr 24 00:15:13 2017
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [4:248]
:POSTROUTING ACCEPT [2:96]
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -o ppp0 -j MASQUERADE
COMMIT
# Completed on Mon Apr 24 00:15:13 2017
  1. Displayed info after running ifconfig:
eth0      Link encap:Ethernet  HWaddr b8:27:eb:ef:77:00  
          inet6 addr: fe80::7993:aba6:c46:942d/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:253 errors:0 dropped:0 overruns:0 frame:0
          TX packets:253 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:20560 (20.0 KiB)  TX bytes:20560 (20.0 KiB)

ppp0      Link encap:Point-to-Point Protocol  
          inet addr:10.137.145.95  P-t-P:10.64.64.64  Mask:255.255.255.255
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:17883 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18374 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:3 
          RX bytes:16792283 (16.0 MiB)  TX bytes:2124141 (2.0 MiB)

wlan0     Link encap:Ethernet  HWaddr e8:4e:06:25:d4:88  
          inet addr:172.24.1.1  Bcast:172.24.1.255  Mask:255.255.255.0
          inet6 addr: fe80::7e43:9bf2:23ce:79b2/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:4 overruns:0 frame:0
          TX packets:220 errors:0 dropped:80 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:341281 (333.2 KiB)  TX bytes:650141 (634.9 KiB)
@WendySanarwanto

This comment has been minimized.

WendySanarwanto commented Apr 24, 2017

Hello All,

Some people have encountered this issue since they've upgraded their Raspbian with newest version of linux kernel. The workaround for this issue are explained as follow:

  • Uninstall/remove current hostapd: sudo apt-get autoremove hostapd
  • Reinstall hostapd version v2.3 or above : sudo apt-get install hostapd
  • Create a file 8192cu.conf inside /etc/modprobe.d/ directory and paste this string inside the file:
options 8192cu rtw_power_mgnt=0 rtw_enusbss=0 rtw_hwpwrp_detect=0 rtw_ips_mode=1

Then save the changes.

  • Modify /etc/hostapd/hostapd.conf by commenting #driver=rtl871xdrv and re-added driver=nl80211 entry. Here's the working sample of this file:
## Basic setup

interface=wlan0
#bridge=br1
#driver=rtl871xdrv
driver=nl80211
hw_mode=g
channel=1
macaddr_acl=0
country_code=ID

ieee80211n=1    # 802.11n support
wmm_enabled=1   # QoS support
ieee80211d=1          # limit the frequencies used to those allowed in the country

ssid=PiAP
auth_algs=1           # 1=wpa, 2=wep, 3=both
wpa=2
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
wpa_passphrase=12341234
  • Reboot the system. Confirm that the Raspberry Pi is turned as a proper internet Hotspot AP, secured by WPA-PSK now.

Hereby, I suggested this issue can be closed, and hopefully this finding could be useful for other people whom are stumbled with this problem.

Cheers.

Reference: https://www.raspberrypi.org/forums/viewtopic.php?f=28&t=152603&p=1009804

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment