Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FS#3857 - WPA2 Enterprise auth fails for Apple devices on mt76 #8907

Closed
openwrt-bot opened this issue Jun 6, 2021 · 2 comments
Closed

FS#3857 - WPA2 Enterprise auth fails for Apple devices on mt76 #8907

openwrt-bot opened this issue Jun 6, 2021 · 2 comments
Labels

Comments

@openwrt-bot
Copy link

openwrt-bot commented Jun 6, 2021

titanous:

There appears to be a regression caused by the recent [[https://github.com/openwrt/openwrt/commit/eefed841b05c3cd4c65a78b50ce0934d879e6acf|hostapd upgrade]].

I have a Linksys E8450 (mt7622) AP that was working well before the hostapd version upgrade (I bisected to confirm) but now my Apple devices fail to authenticate via WPA2 EAP-TLS. A Chromebook can authenticate and connect with no issues, and WPA2-PSK works fine for all devices.

Notably there are no issues when connecting to an ath10k AP when running the same revision, so it seems like this issue may be specific to the combination of WPA2 Enterprise, mt76, and Apple clients. Log snippet below, the key error appears to be "received EAPOL-Key 2/4 Pairwise with unexpected replay counter".

hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx IEEE 802.1X: decapsulated EAP packet (code=3 id=133 len=4) from RADIUS server: EAP Success
hostapd: wlan1: CTRL-EVENT-EAP-SUCCESS2 6a:dd:0a:xx:xx:xx
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx IEEE 802.1X: Sending EAP Packet (identifier 133)
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: sending 1/4 msg of 4-Way Handshake
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: EAPOL-Key timeout
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: sending 1/4 msg of 4-Way Handshake
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: EAPOL-Key timeout
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: sending 1/4 msg of 4-Way Handshake
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: received EAPOL-Key frame (2/4 Pairwise)
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: sending 3/4 msg of 4-Way Handshake
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: Process SNonce update from STA based on retransmitted EAPOL-Key 1/4
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: received EAPOL-Key frame (2/4 Pairwise)
hostapd: wlan0: STA 7a:dd:0a:xx:xx:xx WPA: sending 3/4 msg of 4-Way Handshake
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: received EAPOL-Key 2/4 Pairwise with unexpected replay counter
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: EAPOL-Key timeout
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: sending 3/4 msg of 4-Way Handshake

@openwrt-bot
Copy link
Author

openwrt-bot commented Jun 26, 2021

titanous:

I've bisected hostapd, and this is the commit that caused the regression: https://w1.fi/cgit/hostap/commit/?id=67efd19e0a6019c11fd83a47f68a3573da1db520

Please let me know if you have any patches you want me to test that might resolve this issue.

@openwrt-bot
Copy link
Author

openwrt-bot commented Jun 30, 2021

nbd:

Fixed in r17074-de499573006a, thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant