On 4 November 2016 at 19:19, Bob Copeland <me@xxxxxxxxxxxxxxx> wrote:
>> so I added ieee80211w=2 to the configuration:
>>
>> %< snip >%
>> user_mpm=1
>> update_config=1
>>
>> network={
>> mode=5
>> ssid="secret"
>> frequency=2412
>> proto=RSN
>> pairwise=CCMP
>> key_mgmt=SAE
>> group=CCMP
>> psk="secret"
>> }
>> %< snip >%
>
> (I don't see ieee80211w here?)
I did say I *added* it. :)
>> The first mesh node that went up initially showed this:
>>
>> 2016-11-04T12:33:06.987105+00:00 AirFi wpa_supplicant[476]: AP-ENABLED
>> 2016-11-04T12:33:07.004874+00:00 AirFi wpa_supplicant[476]: wlan1:
>> joining mesh "<secret>"
>> 2016-11-04T12:33:07.006015+00:00 AirFi wpa_supplicant[476]: wlan1:
>> mesh join error=-114
>
> Hmm -EALREADY, I guess this one was already operating?
No, three nodes were starting, and this one was the first to be up and
running, ahead by about half a minute. I would expect it to create a
mesh if it cannot join one, but in this case it just gave up without
further explanation, even after other nodes started up. No further
messages ensued so I stopped wpa_supplicant.
>> After restarting wpa_supplicant (with two other nodes running already)
>> I instead got this:
>
> [snip]
>
>> 2016-11-04T12:40:22.923110+00:00 AirFi wpa_supplicant[1019]: wlan1:
>> new peer notification for xx:xx:xx:xx:xx:55
>> 2016-11-04T12:40:23.438482+00:00 AirFi wpa_supplicant[1019]: wlan1:
>> new peer notification for xx:xx:xx:xx:xx:6c
>> 2016-11-04T12:40:36.131965+00:00 AirFi wpa_supplicant[1019]: wlan1:
>> MESH-SAE-AUTH-FAILURE addr=xx:xx:xx:xx:xx:55
>> 2016-11-04T12:40:39.639177+00:00 AirFi wpa_supplicant[1019]: wlan1:
>> MESH-SAE-AUTH-FAILURE addr=xx:xx:xx:xx:xx:6c
>
> So two were running already, same wpa_s version?
Yes, this is after restarting wpa_supplicant on the first node, and
after the two others had started as well. All run identical software
and configurations.
>> 2016-11-04T12:40:53.579341+00:00 AirFi wpa_supplicant[1019]: wlan1:
>> MESH-SAE-AUTH-FAILURE addr=xx:xx:xx:xx:xx:55
>> 2016-11-04T12:40:54.826637+00:00 AirFi wpa_supplicant[1019]: wlan1:
>> MESH-SAE-AUTH-FAILURE addr=xx:xx:xx:xx:xx:6c
>
> ...but SAE authentication failed. This happens before even peering,
> so it sounds like this is something other than the encryption change.
> Just to be sure, the password and SAE group configurations are the
> same across all nodes?
I could go on for a long time about things that are exactly the same
between these different nodes. Everything is the same except MAC
addresses.
Perhaps it's more useful to assume that where I do not mention a
possible difference in hardware or software or configuration you can
think of, there actually isn't one? :)
> To be clear, the sequence goes like this:
>
> SAE authentication (derives PMK from password)
> ---> AMPE peering (derives MTK from PMK, MGTK generated and exchanged)
> ---> HWMP route establishment (uses keys from previous step)
>
> The changes referred to in my blog post happened at steps 2 and 3, while
> looks like your failure happened at step 1.
OK, so there is another bug (or backward incompatibility) in wpa_supplicant 2.6?
Kind regards,
jer
_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
