hostapd doesn't create macsec interface

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi, I've been playing around with macsec between two real devices
using wpa_supplicant and MKA (PSK), and this works nice and without
any problems, now I need to do the same but based on certificates
authentication, as far as I understand wpa_supplicant can't do this
since doesn't have a radius server, but hostapd could do it, so I'm
trying to do it with hostapd but It's not working.

I have built the hostapd service with the compilation flags for MACSEC
(based on example-hostapd.config):
+CONFIG_DRIVER_WIRED=y
+CONFIG_MACSEC=y
+CONFIG_DRIVER_MACSEC_LINUX=y

And did the same for wpa_supplicant (based on example-wpa_supplicant.config):
+CONFIG_MACSEC=y
+CONFIG_DRIVER_MACSEC_LINUX=y

Then created a very simple config file to have working a MKA (PSK)
solution before move to certificates like this (based on the configs
params in test_macsec_hostapd.py:
# Johan.conf
interface=enp1s0
eapol_version=3
driver=macsec_linux
# ap_scan=0 #
# fast_reauth=1
# key_mgmt=NONE
mka_cak=000102030405060708090a0b0c0d0e0f
mka_ckn=000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f
# eapol_flags=0
macsec_policy=1
mka_priority=100
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0

Then I execute the follow command:
sudo ./hostapd -f /tmp/MyAwesomeLog -i enp1s0 -B /home/mka1/Johan.conf

The command doesn't crash nor show any trace or error, but the
interface macsec0 is not created as when I use wpa_supplicant

Checking your test, I have seen you execute the hostapd and then
communicate to the service via hostapd_cli and send an enable signal,
but I can not make it work
I have tried to execute it like this hostapd:
sudo ./hostapd -G adm -f /tmp/MyAwesomeLog -i enp1s0 -B /home/mka1/Johan.conf
Then try to send the command like this:
sudo ./hostapd_cli -s /var/run/hostapd -G adm -i enp1s0 -r enable
But the response is:
FAIL

In the log I see this:
Interface enp1s0 already enabled
Enabling of interface failed

What must I do to have the macsec0 interface working? I feel I'm very
close to have this working but I'm stuck.

Thank you guys for your awesome work, I'm impressed with such amazing work.

_______________________________________________
Hostap mailing list
Hostap@xxxxxxxxxxxxxxxxxxx
http://lists.infradead.org/mailman/listinfo/hostap
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]

  Powered by Linux