Hi Stefan,
sorry for the delayed response, but dayjob took over and for that I
unfortunately cannot use an old OpenBSD laptop with no wireless :) Also
I had to use another system to conveniently do the tests you asked me.
Stefan Sperling wrote:
With WEP, if the key is wrong, the interface will appear connected
but it will be unable to communicate. There is no setup phase in WEP.
You either encrypt and decrypt packets with the correct key, or you
don't.
With WPA, the link should no reach 'active' state unless you are using
the correct passphrase. This is because the AP and client will try to
negotiate a per-client session key, and if this key cannot be obtained,
the link will stay down. The interface flags will show UP, however.
Thank you for this confirmation. Right now in my studio I have thi setup
- Router which runs DHCP and offers WiFi-WPA + Wired connectivity
- Second wireless router which offers WiFi WEP, which DHCP deactivated
So, I have 3 networks, but they all the the address from the same DHCP,
it should help "debugging"
Wired network works perfectly and I just connected remotely so I can
easily type this email while tinkering and it restricts the issue on the
Network part, not a fundamental incompatibility between OpenBSD and that
DHCP server (fact that was also refuted when being able to connect with
a Cardbus WiFi)
OK, thanks for confirming.
The script proves that the network settings if applied are correct and do
work and that I do not "mistype"!
Yes, since the WPA link is 'active' the key should be correct.
Perfect let's concentrate on WPA, since also being with one device less
in the chain makes it easier to debug. I hope he older onboard card has
no issues with WPA?
The next step is getting a DHCP lease.
If DHCP does not manage to obtain a lease, something is wrong.
Perhaps this driver was broken somehow for multicast encryption or decryption.
Ok. Let me follow yours. I run the commancs in the script -except
removing the defaults routes, to keep my wired connection alive.
What does this command print before, and after, an attempt to connect?
netstat -W ipw0
Before:
tecra$ netstat -W ipw0
ieee80211 on ipw0:
0 input packets with bad version
0 input packets too short
0 input packets from wrong bssid
0 input packet duplicates discarded
0 input packets with wrong direction
0 input multicast echo packets discarded
0 input packets from unassociated station discarded
0 input encrypted packets without wep/wpa config discarded
0 input unencrypted packets with wep/wpa config discarded
0 input wep/wpa packets processing failed
0 input packet decapsulations failed
0 input management packets discarded
0 input control packets discarded
0 input packets with truncated rate set
0 input packets with missing elements
0 input packets with elements too big
0 input packets with elements too small
0 input packets with invalid channel
0 input packets with mismatched channel
0 node allocations failed
0 input packets with mismatched ssid
0 input packets with unsupported auth algorithm
0 input authentications failed
0 input associations from wrong bssid
0 input associations without authentication
0 input associations with mismatched capabilities
0 input associations without matching rates
0 input associations with bad rsn ie
0 input deauthentication packets
0 input disassociation packets
0 input packets with unknown subtype
0 input packets failed for lack of mbufs
0 input decryptions failed on crc
0 input ahdemo management packets discarded
0 input packets with bad auth request
0 input eapol-key packets
0 input eapol-key packets with bad mic
0 input eapol-key packets replayed
0 input packets with bad tkip mic
0 input tkip mic failure notifications
0 input packets on unauthenticated port
0 output packets failed for lack of mbufs
0 output packets failed for no nodes
0 output packets of unknown management type
0 output packets on unauthenticated port
0 active scans started
0 passive scans started
0 nodes timed out
0 failures with no memory for crypto ctx
0 ccmp decryption errors
0 ccmp replayed frames
0 cmac icv errors
0 cmac replayed frames
0 tkip icv errors
0 tkip replays
0 pbac errors
0 HT negotiation failures because peer does not support MCS 0-7
0 HT negotiation failures because we do not support basic MCS set
0 HT negotiation failures because peer uses bad crypto
0 HT protection changes
0 new input block ack agreements
0 new output block ack agreements
0 input frames below block ack window start
0 input frames above block ack window end
0 input block ack window slides
0 input block ack window jumps
0 duplicate input block ack frames
0 expected input block ack frames never arrived
0 input block ack window gaps timed out
0 input block ack agreements timed out
0 output block ack agreements timed out
then I pull the interface up with the WPA key and it goes up:
ipw0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:0c:f1:1f:b2:a0
index 1 priority 4 llprio 3
groups: wlan
media: IEEE802.11 autoselect (DS11 mode 11b)
status: active
ieee80211: nwid westernesse-hl chan 5 bssid 78:b2:13:69:9e:91
-53dBm wpakey wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher ccmp
dhclient ipw0
ipw0: no link.......... sleeping
After this attempt:
tecra$ netstat -W ipw0
ieee80211 on ipw0:
0 input packets with bad version
0 input packets too short
0 input packets from wrong bssid
0 input packet duplicates discarded
0 input packets with wrong direction
0 input multicast echo packets discarded
0 input packets from unassociated station discarded
48 input encrypted packets without wep/wpa config discarded
0 input unencrypted packets with wep/wpa config discarded
0 input wep/wpa packets processing failed
0 input packet decapsulations failed
10 input management packets discarded
0 input control packets discarded
0 input packets with truncated rate set
0 input packets with missing elements
0 input packets with elements too big
0 input packets with elements too small
0 input packets with invalid channel
10 input packets with mismatched channel
0 node allocations failed
0 input packets with mismatched ssid
0 input packets with unsupported auth algorithm
0 input authentications failed
0 input associations from wrong bssid
0 input associations without authentication
0 input associations with mismatched capabilities
0 input associations without matching rates
0 input associations with bad rsn ie
0 input deauthentication packets
0 input disassociation packets
0 input packets with unknown subtype
0 input packets failed for lack of mbufs
0 input decryptions failed on crc
0 input ahdemo management packets discarded
0 input packets with bad auth request
74 input eapol-key packets
0 input eapol-key packets with bad mic
0 input eapol-key packets replayed
0 input packets with bad tkip mic
0 input tkip mic failure notifications
0 input packets on unauthenticated port
0 output packets failed for lack of mbufs
0 output packets failed for no nodes
0 output packets of unknown management type
0 output packets on unauthenticated port
4 active scans started
0 passive scans started
0 nodes timed out
0 failures with no memory for crypto ctx
0 ccmp decryption errors
0 ccmp replayed frames
0 cmac icv errors
0 cmac replayed frames
0 tkip icv errors
0 tkip replays
0 pbac errors
0 HT negotiation failures because peer does not support MCS 0-7
0 HT negotiation failures because we do not support basic MCS set
0 HT negotiation failures because peer uses bad crypto
0 HT protection changes
0 new input block ack agreements
0 new output block ack agreements
0 input frames below block ack window start
0 input frames above block ack window end
0 input block ack window slides
0 input block ack window jumps
0 duplicate input block ack frames
0 expected input block ack frames never arrived
0 input block ack window gaps timed out
0 input block ack agreements timed out
0 output block ack agreements timed out
What does this command display while you are trying to connect?
tcpdump -n -i ipw0 -y IEEE802_11_RADIO -D in -s 4096
This is the dump which I started, then did run dhclient and then stopped.
What do those packages mean? the ssid is westernesse-hl, I see it is
also has a beacon on Wind3 HUB-42B7AA
tcpdump: listening on ipw0, link-type IEEE802_11_RADIO
13:20:29.774925 802.11: data: 78:b2:13:69:9e:91 > 00:0c:f1:1f:b2:a0 sap
aa ui/C len=118, <radiotap v0, chan 1, 11b, signal 53dB>
13:20:29.774926 802.11: data: 78:b2:13:69:9e:91 > 00:0c:f1:1f:b2:a0 sap
aa ui/C len=118, <radiotap v0, chan 1, 11b, signal 52dB>
13:20:29.774926 802.11: data: 78:b2:13:69:9e:91 > 00:0c:f1:1f:b2:a0 sap
aa ui/C len=118, <radiotap v0, chan 1, 11b, signal 55dB>
13:20:29.774925 802.11: data: 78:b2:13:69:9e:91 > 00:0c:f1:1f:b2:a0 sap
aa ui/C len=118, <radiotap v0, chan 1, 11b, signal 52dB>
13:20:29.774924 802.11: data: 78:b2:13:69:9e:91 > 00:0c:f1:1f:b2:a0 sap
aa ui/C len=118, <radiotap v0, chan 1, 11b, signal 54dB>
13:20:29.774925 802.11: probe response, ssid (westernesse-hl), rates,
ds, country, erp, xrates, rsn, 2 stations, 5% utilization, admission
capacity 0us/s, htcaps, htop, 74:14, 127:8, vendor, vendor, vendor,
vendor, <radiotap v0, chan 1, 11b, signal 62dB>
13:20:29.774924 802.11: association response, <radiotap v0, chan 1, 11b,
signal 53dB>
13:20:29.768449 802.11: data: 78:b2:13:69:9e:91 > 00:0c:f1:1f:b2:a0 sap
aa ui/C len=118, <radiotap v0, chan 1, 11b, signal 55dB>
13:20:29.774921 802.11: data: 78:b2:13:69:9e:91 > 00:0c:f1:1f:b2:a0 sap
aa ui/C len=118, <radiotap v0, chan 1, 11b, signal 54dB>
13:20:29.774865 802.11: data: 78:b2:13:69:9e:91 > 00:0c:f1:1f:b2:a0 sap
aa ui/C len=118, <radiotap v0, chan 1, 11b, signal 55dB>
13:20:29.775003 802.11: data: 78:b2:13:69:9e:91 > 00:0c:f1:1f:b2:a0 sap
aa ui/C len=118, <radiotap v0, chan 1, 11b, signal 56dB>
13:20:29.775105 802.11: data: 78:b2:13:69:9e:91 > 00:0c:f1:1f:b2:a0 sap
aa ui/C len=118, <radiotap v0, chan 1, 11b, signal 55dB>
13:20:29.774963 802.11: data: 78:b2:13:69:9e:91 > 00:0c:f1:1f:b2:a0 sap
aa ui/C len=118, <radiotap v0, chan 1, 11b, signal 56dB>
13:20:29.774960 802.11: data: 78:b2:13:69:9e:91 > 00:0c:f1:1f:b2:a0 sap
aa ui/C len=118, <radiotap v0, chan 1, 11b, signal 55dB>
13:20:29.768526 802.11: data: 78:b2:13:69:9e:91 > 00:0c:f1:1f:b2:a0 sap
aa ui/C len=118, <radiotap v0, chan 1, 11b, signal 53dB>
13:20:29.775218 802.11: probe response, ssid (westernesse-hl), rates,
ds, country, erp, xrates, rsn, 2 stations, 5% utilization, admission
capacity 0us/s, htcaps, htop, 74:14, 127:8, vendor, vendor, vendor,
vendor, <radiotap v0, chan 1, 11b, signal 62dB>
13:20:29.775216 802.11: beacon, ssid (Wind3 HUB-42B7AA), rates, ds, tim,
erp, xrates, rsn, 6 stations, 15% utilization, admission capacity 0us/s,
66:2, htcaps, htop, 74:14, 127:8, vendor, vendor, vendor, vendor,
<radiotap v0, chan 1, 11b, signal 39dB>
13:20:29.768335 802.11: association response, <radiotap v0, chan 1, 11b,
signal 55dB>
13:20:29.768336 802.11: data: 78:b2:13:69:9e:91 > 00:0c:f1:1f:b2:a0 sap
aa ui/C len=118, <radiotap v0, chan 1, 11b, signal 54dB>
13:20:29.775216 802.11: data: 78:b2:13:69:9e:91 > 00:0c:f1:1f:b2:a0 sap
aa ui/C len=118, <radiotap v0, chan 1, 11b, signal 54dB>
13:20:29.775214 802.11: data: 78:b2:13:69:9e:91 > 00:0c:f1:1f:b2:a0 sap
aa ui/C len=118, <radiotap v0, chan 1, 11b, signal 55dB>
13:20:29.768447 802.11: data: 78:b2:13:69:9e:91 > 00:0c:f1:1f:b2:a0 sap
aa ui/C len=118, <radiotap v0, chan 1, 11b, signal 53dB>
13:20:29.775216 802.11: data: 78:b2:13:69:9e:91 > 00:0c:f1:1f:b2:a0 sap
aa ui/C len=118, <radiotap v0, chan 1, 11b, signal 54dB>
13:20:29.768333 802.11: data: 78:b2:13:69:9e:91 > 00:0c:f1:1f:b2:a0 sap
aa ui/C len=118, <radiotap v0, chan 1, 11b, signal 57dB>
13:20:29.774923 802.11: data: 78:b2:13:69:9e:91 > 00:0c:f1:1f:b2:a0 sap
aa ui/C len=118, <radiotap v0, chan 1, 11b, signal 53dB>
13:20:29.775215 802.11: data: 78:b2:13:69:9e:91 > 00:0c:f1:1f:b2:a0 sap
aa ui/C len=118, <radiotap v0, chan 1, 11b, signal 57dB>
13:20:29.774961 802.11: probe response, ssid (westernesse-hl), rates,
ds, country, erp, xrates, rsn, 2 stations, 6% utilization, admission
capacity 0us/s, htcaps, htop, 74:14, 127:8, vendor, vendor, vendor,
vendor, <radiotap v0, chan 1, 11b, signal 58dB>
13:20:29.774963 802.11: association response, <radiotap v0, chan 1, 11b,
signal 53dB>
13:20:29.768414 802.11: data: 78:b2:13:69:9e:91 > 00:0c:f1:1f:b2:a0 sap
aa ui/C len=118, <radiotap v0, chan 1, 11b, signal 56dB>
13:20:29.768602 802.11: data: 78:b2:13:69:9e:91 > 00:0c:f1:1f:b2:a0 sap
aa ui/C len=118, <radiotap v0, chan 1, 11b, signal 56dB>
13:20:29.775002 802.11: data: 78:b2:13:69:9e:91 > 00:0c:f1:1f:b2:a0 sap
aa ui/C len=118, <radiotap v0, chan 1, 11b, signal 53dB>
13:20:29.768412 802.11: data: 78:b2:13:69:9e:91 > 00:0c:f1:1f:b2:a0 sap
aa ui/C len=118, <radiotap v0, chan 1, 11b, signal 54dB>
^C
33 packets received by filter
0 packets dropped by kernel
Just as a comparison, I did run scan and see several accesspoints:
ipw0: flags=808843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,AUTOCONF4>
mtu 1500
lladdr 00:0c:f1:1f:b2:a0
index 1 priority 4 llprio 3
groups: wlan
media: IEEE802.11 autoselect (DS11 mode 11b)
status: active
ieee80211: nwid westernesse-hl chan 5 bssid 78:b2:13:69:9e:91
-54dBm wpakey wpaprotos wpa2 wpaakms psk wpaciphers ccmp wpagroupcipher ccmp
nwid Alice-58213396 chan 10 bssid 00:1d:8b:6f:ff:fc
-20dBm 54M privacy,short_slottime,wpa2,wpa1
nwid "" chan 10 bssid fa:8f:ca:89:2f:85 -22dBm HT-MCS7
short_preamble,short_slottime
nwid Vodafone-35086147 chan 12 bssid e4:8f:34:50:83:ec
-34dBm HT-MCS15 privacy,short_slottime,wpa2
nwid Vodafone-WiFi chan 12 bssid e4:8f:34:50:83:ee
-34dBm HT-MCS15 short_slottime
nwid "Wind3 HUB-42B7AA" chan 8 bssid b8:d5:26:42:b7:aa
-36dBm HT-MCS31 privacy,short_slottime,wpa2
nwid westernesse chan 2 bssid 94:0c:6d:f7:a4:9c -52dBm
54M privacy,short_preamble,short_slottime,wep !wpaproto
nwid westernesse-hl chan 5 bssid 78:b2:13:69:9e:91
-56dBm HT-MCS23 privacy,wpa2
inet 40.68.249.35 netmask 0xff000000 broadcast 40.255.255.255
We see the one I am trying to connect to, the WEP alter-ego, the other
one seen and a mysterious "" one.
why does the interface now has a totally bogus IP ?
Thanks a lot in advance,
Riccardo
