Fix the wrong "case3" CASE3: ==================================================== ================================= Set CASE1. And run as below. can be checked immediately. * Execute reauth request command after connection is complete wpa_cli reauthenticate 2022년 6월 22일 (수) 오후 7:37, mun-chang jung <biting74@xxxxxxxxx>님이 작성: > > hello > > Recently, I checked that the Station (wpa_suplicant) connected to the > Synology WiFi Router with WPA-Enterprise is disconnected and > reconnected every 60 minutes. > > As a result of the analysis of this phenomenon, it was confirmed that > there was a problem in 4way-HS in the reauthentication process by > receiving the Request identity message from the Router (AP). > (No Session timeout setting in radius) > > * During the 4way-HS process, 4way-HS-1/4 ~ 3/4 are encrypted and MSG > is transmitted and received normally. > I've seen 4way-HS-4/4 transmit unencrypted (I think this is a bug). > Discard unencrypted 4way-HS-4/4 MSG and retry 4way-HS-3/4 to AP. Then, > the AP sends disassociate with authentication timeout to disconnect > the station. > > Below is a similar case and test environment, and the simplest > reproducible test is case 3. > > Is this a bug? > > > <Test Bed> > ================================================================================ > <Station> > RaspberryPi 3 > WLAN: Netgear WNA1100 USB > Version : Supplicant 2.10 > > <AP> > Synology MR2200AC > ================================================================================ > > > CASE1: WPA2-Enterprise: Synology Router AP MR2200AC > ================================================================================ > wpa_cli flush > wpa_cli log_level debug > wpa_cli sta_autoconnect 0 > wpa_cli add_network > wpa_cli set_network 1 ssid "Synology_MR2200AC_2.4G_ENT" > wpa_cli set_network 1 proto RSN WPA > wpa_cli set_network 1 pairwise CCMP TKIP > wpa_cli set_network 1 key_mgmt WPA-EAP > wpa_cli set_network 1 eap TTLS PEAP > wpa_cli set_network 1 phase2 "auth=MSCHAPV2 GTC" > wpa_cli set_network 1 identity "test" > wpa_cli set_network 1 password "1@34Qwer" > wpa_cli select_network 1 > > After 60 minutes of WiFi connection, reauth is performed by receiving > Request Identity from AP. > > > AP ==> STA RX: Request Identity (EAP) > ... > Request, Protected EAP (EAP-PEAP) > > AP <== STA TX: PTK Key Request (EAPOL) > AP ==> STA RX: 4way-HS-1/4 > AP <== STA TX: 4way-HS-2/4 > AP ==> STA RX: 4way-HS-3/4 > STA: PTK install OK(update) > STA: GTK not reinstall (KRACK patch) > AP <== STA TX: 4way-HS-4/4 > AP ==> STA RX: 4way-HS-3/4 (Retry) > AP ==> STA RX: 4way-HS-3/4 (Retry) > AP ==> STA RX: Disassociate > STA: Disconnected > > > > CASE2: PTK rekey > ================================================================================ > WPA2-PSK CCMP > <WPA-PSK> > wpa_cli flush > wpa_cli log_level debug > wpa_cli sta_autoconnect 0 > wpa_cli add_network > wpa_cli set_network 0 ssid \"WPA_PTK_KEY_TEST\" > wpa_cli set_network 0 proto RSN > wpa_cli set_network 0 pairwise CCMP > wpa_cli set_network 0 key_mgmt WPA-PSK > wpa_cli set_network 0 psk \"12345678\" > wpa_cli set_network 0 wpa_ptk_rekey 60 > wpa_cli select_network 0 > > 1 minute after connection, the connection is disconnected in the PTK > rekey process by sending a Key Request (EAPOL) from the station. > : When sta_autoconnect 1 is set, disconnect and reconnect. > > AP <== STA TX: PTK Key Request (EAPOL) > AP ==> STA RX: 4way-HS-1/4 > AP <== STA TX: 4way-HS-2/4 > AP ==> STA RX: 4way-HS-3/4 > STA: PTK install OK(update) > STA: GTK not reinstall (KRACK patch) > AP <== STA TX: 4way-HS-4/4 > AP ==> STA RX: 4way-HS-3/4 (Retry) > AP ==> STA RX: 4way-HS-3/4 (Retry) > AP ==> STA RX: Disassociate > STA: Disconnected > > > > CASE3: > ================================================================================ > <WPA-PSK> > wpa_cli flush > wpa_cli log_level debug > wpa_cli sta_autoconnect 0 > wpa_cli add_network > wpa_cli set_network 0 ssid \"WPA_PTK_KEY_TEST\" > wpa_cli set_network 0 proto RSN > wpa_cli set_network 0 pairwise CCMP > wpa_cli set_network 0 key_mgmt WPA-PSK > wpa_cli set_network 0 psk \"12345678\" > wpa_cli set_network 0 wpa_ptk_rekey 0 > wpa_cli select_network 0 > > * Execute reauth request command after connection is complete > wpa_cli reauthenticate > > > thanks, cheers and best regards > : mun-chang jung _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap