HOWTO: ipw2200 + wpa

**pm4000** · August 8th, 2005

Hello !

I'm new to ubuntu , and I try hopelessly to get my wlan connexion work.

My laptop has an Intel 2200BG card. My AP is set up to use WPA2 (PSK/AES) with SSID broadcast disabled (no dhcp).

First, I would like to thank the author for his work on this how-to. It was so easy for a newbie like me to compile and install the drivers and the firmware with such explanations!

With WindowsXP SP2, I had no problem to get a connexion between the intel card and the AP using WPA2.

With ubuntu, when wpa_supplicant is running if I ping my AP (IP 192.168.1.1) I get:

Code:

root@ubuntu:/home/pm4000 # ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
From 192.168.1.3 icmp_seq=2 Destination Host Unreachable
From 192.168.1.3 icmp_seq=3 Destination Host Unreachable
From 192.168.1.3 icmp_seq=4 Destination Host Unreachable
...

Here is my /etc/wpa_supplicant.conf

Code:

root@ubuntu:/home/pm4000 # more /etc/wpa_supplicant.conf
ctrl_interface=/var/run/wpa_supplicant

# mandatory when ssid broadcast is disabled
ap_scan=2

network={
       ssid="my_ssid"
       mode=0
       proto=WPA2
       key_mgmt=WPA-PSK
       #auth_alg=OPEN
       #pairwise=CCMP
       #group=CCMP
       psk=my_key
}

Here is the output of wpa_supplicant with debug (MAC and ssid hidden)

Code:

root@ubuntu:/home/pm4000 # wpa_supplicant -ieth1 -c/etc/wpa_supplicant.conf -Dipw -d
Initializing interface 'eth1' conf '/etc/wpa_supplicant.conf' driver 'ipw'
Configuration file '/etc/wpa_supplicant.conf' -> '/etc/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ap_scan=2
Priority group 0
   id=0 ssid='my_ssid'
Initializing interface (2) 'eth1'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
wpa_driver_ipw_init is called
Own MAC address: eth1_MAC_ADRESS
wpa_driver_ipw_set_wpa: enabled=1
wpa_driver_ipw_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_ipw_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_ipw_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_ipw_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_ipw_set_countermeasures: enabled=0
wpa_driver_ipw_set_drop_unencrypted: enabled=1
Setting scan request: 0 sec 100000 usec
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added
Trying to associate with SSID 'my_ssid'
Cancelling scan request
Automatic auth_alg selection: 0x1
wpa_driver_ipw_set_auth_alg: auth_alg=0x1
WPA: Set cipher suites based on configuration
WPA: Selected cipher suites: group 30 pairwise 24 key_mgmt 2
WPA: using GTK CCMP
WPA: using PTK CCMP
WPA: using KEY_MGMT WPA-PSK
WPA: Own WPA IE - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00
No keys have been configured - skip key clearing
wpa_driver_ipw_set_drop_unencrypted: enabled=1
Setting authentication timeout: 5 sec 0 usec
EAPOL: External notification - EAP success=0
EAPOL: External notification - EAP fail=0
EAPOL: External notification - portControl=Auto
Wireless event: cmd=0x8b1a len=24
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: AP_MAC_ADDRESS
Association event - clear replay counter
Associated to a new BSS: BSSID=AP_MAC_ADDRESS
No keys have been configured - skip key clearing
Network configuration found for the current AP
WPA: Set cipher suites based on configuration
WPA: Selected cipher suites: group 30 pairwise 24 key_mgmt 2
WPA: using GTK CCMP
WPA: using PTK CCMP
WPA: using KEY_MGMT WPA-PSK
WPA: Own WPA IE - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00
EAPOL: External notification - EAP success=0
EAPOL: External notification - EAP fail=0
EAPOL: External notification - portControl=Auto
Associated with AP_MAC_ADDRESS
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - EAP success=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
WPA: drop TX EAPOL in non-IEEE 802.1X mode (type=1 len=0)
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Setting authentication timeout: 10 sec 0 usec
RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added
RX EAPOL from AP_MAC_ADDRESS
Setting authentication timeout: 10 sec 0 usec
EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines
IEEE 802.1X RX: version=2 type=3 length=117
  EAPOL-Key type=2
WPA: RX message 1 of 4-Way Handshake from AP_MAC_ADDRESS (ver=2)
RSN: msg 1/4 key data - hexdump(len=22): dd 14 00 0f ac 04 fc e8 bb c2 5c e2 c4 69 70 29 fd a3 49 f5 b9 75
RSN: PMKID from Authenticator - hexdump(len=16): fc e8 bb c2 5c e2 c4 69 70 29 fd a3 49 f5 b9 75
WPA: WPA IE for msg 2/4 - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00
WPA: Renewed SNonce - hexdump(len=32): cc 18 a5 97 94 c2 c0 4b a7 9e 24 e8 c6 4f 7a 94 7e e2 bf 22 6e 88 e7 e2 8c 46 e9 e3 3f 9e ae 37
RSN: no matching PMKID found
WPA: PMK - hexdump(len=32): [REMOVED]
WPA: PTK - hexdump(len=64): [REMOVED]
WPA: EAPOL-Key MIC - hexdump(len=16): 1a 48 34 b4 e6 6a f9 a0 58 13 2a 7b c0 87 3a 11
WPA: Sending EAPOL-Key 2/4
RX EAPOL from AP_MAC_ADDRESS
EAPOL: Ignoring WPA EAPOL-Key frame in EAPOL state machines
IEEE 802.1X RX: version=2 type=3 length=151
  EAPOL-Key type=2
RSN: encrypted key data - hexdump(len=56): 9f c6 39 bf e5 b0 73 05 59 9f 15 fb bc b1 ab 3a f3 cc 1a a2 1a 15 44 2b 5c 09 d9 5e 84 43 d5 8a 80 57 5f 83 c7 29 68 c6 85 fc 1f e3 62 36 10 a7 49 89 c9 6a af e1 29 73
WPA: decrypted EAPOL-Key key data - hexdump(len=48): [REMOVED]
WPA: RX message 3 of 4-Way Handshake from AP_MAC_ADDRESS (ver=2)
WPA: IE KeyData - hexdump(len=48): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00 dd 16 00 0f ac 01 01 00 45 ec d7 c4 b8 41
b5 ae b6 f4 eb c9 90 0b c8 78 dd 00
WPA: No WPA/RSN IE for this AP known. Trying to get from scan results
Received 542 bytes of scan results (2 BSSes)
Scan results: 2
WPA: Found the current AP from updated scan results
WPA: Sending EAPOL-Key 4/4
WPA: Installing PTK to the driver.
wpa_driver_ipw_set_key: alg=CCMP key_idx=0 set_tx=1 seq_len=6 key_len=16
EAPOL: External notification - portValid=1
RSN: received GTK in pairwise handshake - hexdump(len=18): [REMOVED]
WPA: Group Key - hexdump(len=16): [REMOVED]
WPA: Installing GTK to the driver (keyidx=1 tx=0).
WPA: RSC - hexdump(len=6): 17 01 00 00 00 00
wpa_driver_ipw_set_key: alg=CCMP key_idx=1 set_tx=0 seq_len=6 key_len=16
WPA: Key negotiation completed with AP_MAC_ADDRESS [PTK=CCMP GTK=CCMP]
Cancelling authentication timeout
EAPOL: External notification - portValid=1
EAPOL: External notification - EAP success=1
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_PAE entering state AUTHENTICATED
EAPOL: SUPP_BE entering state IDLE
***************** HERE I SENT ^C *******************
Signal 2 received - terminating
wpa_driver_ipw_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_ipw_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_ipw_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_ipw_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_ipw_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
wpa_driver_ipw_set_wpa: enabled=0
wpa_driver_ipw_set_drop_unencrypted: enabled=0
wpa_driver_ipw_set_countermeasures: enabled=0

And the output of iwconfig before I sent ^C:

Code:

root@ubuntu:/home/pm4000 # iwconfig eth1
eth1      IEEE 802.11g  ESSID:"my_ssid"
          Mode:Managed  Frequency:2.462 GHz  Access Point: AP_MAC_ADDRESS
          Bit Rate=54 Mb/s   Tx-Power=20 dBm
          Retry limit:7   RTS thr:off   Fragment thr:off
          Encryption key:my_key   Security mode:open
          Power Management:off
          Link Quality=97/100  Signal level=-28 dBm  Noise level=-83 dBm
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:27   Missed beacon:0

It seems that the AP and eth1 are associated (not sure). eth1 has a static ip:

Code:

root@neptune:/home/thomas # ifconfig eth1
eth1      Link encap:Ethernet  HWaddr MAC_ADDRESS
          inet addr:192.168.1.3  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: IPV6_ADDRESS/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:50550 errors:0 dropped:27 overruns:0 frame:0
          TX packets:17937 errors:0 dropped:0 overruns:0 carrier:1
          collisions:0 txqueuelen:1000
          RX bytes:55604 (54.3 KiB)  TX bytes:33700 (32.9 KiB)
          Interrupt:5 Base address:0xc000 Memory:90000000-90000fff

So what's wrong ? Any ideas ?

Thanks in advance, and sorry for my poor english!

**luca_linux** · August 8th, 2005

Try the following /etc/wpa_supplicant.conf:

Code:

ctrl_interface=/var/run/wpa_supplicant

# mandatory when ssid broadcast is disabled
ap_scan=2

network={
       ssid="my_ssid"
       mode=0
       #proto=WPA2
       key_mgmt=WPA-PSK
       #auth_alg=OPEN
       pairwise=CCMP
       group=CCMP
       psk=my_key
}

Anyway remember that if you type the key as a string, you'll have to put it between quotes (psk="my_key").

**pm4000** · August 9th, 2005

Originally Posted by luca_linux

Try the following /etc/wpa_supplicant.conf:

Code:

ctrl_interface=/var/run/wpa_supplicant

# mandatory when ssid broadcast is disabled
ap_scan=2

network={
       ssid="my_ssid"
       mode=0
       #proto=WPA2
       key_mgmt=WPA-PSK
       #auth_alg=OPEN
       pairwise=CCMP
       group=CCMP
       psk=my_key
}

Anyway remember that if you type the key as a string, you'll have to put it between quotes (psk="my_key").

Hello and thank you for trying to help me!
This config file doesn't change anything. I get exactly the same outputs from wpa_supplicant, iwconfig and ping.
For the key it's ok, it's hexadecimal so I did not put quotes. If you take a look at the output of wpa_supplicant, it seems to me that the association works

Code:

[...]
Associated with AP_MAC_ADDRESS
[...]
WPA: Key negotiation completed with AP_MAC_ADDRESS [PTK=CCMP GTK=CCMP]
[...]

So I don't understand where is the problem

Thank you for your attention

**luca_linux** · August 9th, 2005

What happens if you take "ap_scan=2" out?

**pm4000** · August 9th, 2005

Originally Posted by luca_linux

What happens if you take "ap_scan=2" out?

Hello :)

Always the same without "ap_scan=2". Here is the end of output of wpa_supplicant.

Code:

WPA: decrypted EAPOL-Key key data - hexdump(len=48): [REMOVED]
WPA: RX message 3 of 4-Way Handshake from xx:xx:xx:xx:xx:xx (ver=2)
WPA: IE KeyData - hexdump(len=48): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00 dd 16 00 0f ac 01 01 00 45 ec d7 c4 b8 41 b5 ae b6 f4 eb c9 90 0b c8 78 dd 00
WPA: Sending EAPOL-Key 4/4
WPA: Installing PTK to the driver.
wpa_driver_ipw_set_key: alg=CCMP key_idx=0 set_tx=1 seq_len=6 key_len=16
EAPOL: External notification - portValid=1
RSN: received GTK in pairwise handshake - hexdump(len=18): [REMOVED]
WPA: Group Key - hexdump(len=16): [REMOVED]
WPA: Installing GTK to the driver (keyidx=1 tx=0).
WPA: RSC - hexdump(len=6): 88 01 00 00 00 00
wpa_driver_ipw_set_key: alg=CCMP key_idx=1 set_tx=0 seq_len=6 key_len=16
WPA: Key negotiation completed with xx:xx:xx:xx:xx:xx [PTK=CCMP GTK=CCMP]
Cancelling authentication timeout
EAPOL: External notification - portValid=1
EAPOL: External notification - EAP success=1
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state SUCCESS
EAPOL: SUPP_PAE entering state AUTHENTICATED
EAPOL: SUPP_BE entering state IDLE

All that is strange :(

**luca_linux** · August 9th, 2005

Have you set gateway and DNS up in the networking panel?

Anyway, let's make a test: try to use WPA instead WPA2 and so TKIP instead of CCMP.
Let's see if that works, to figure out if it's a general problem or just WPA2 related.

**pm4000** · August 9th, 2005

Originally Posted by luca_linux

Have you set gateway and DNS up in the networking panel?

DNS was set because I can post from this laptop without problem with eth0 (wired) enabled.
Gateway doesn't seems to be useful because I only tried to ping AP's IP (192.168.1.1). I also tested with "route add default gw 192.168.1.1" before pinging but I got nothing new.

Originally Posted by luca_linux

Anyway, let's make a test: try to use WPA instead WPA2 and so TKIP instead of CCMP.
Let's see is that works, to figure out if it's a general problem or just WPA2 related.

Ok, I'll try and keep you informed.
Thank you once again

**pm4000** · August 9th, 2005

Ok. I first enabled ssid broadcast without effect.

So I changed the settings to WPA/PSK/TKIP and tested again.
And it works! I'm sending this reply over wifi. Thank you again

But I would prefer to use WPA2 (more secured).
I'll do several other tests (AES intead of TKIP, etc.) and try to discover where the problem (WPA2 or AES ?) comes from.

Bye.

**luca_linux** · August 9th, 2005

Ok. So it's just a config problem.

Set WPA2 on your AP again and try:

Code:

ctrl_interface=/var/run/wpa_supplicant

proactive_key_caching=1

network={
       ssid="my_ssid"
       scan_ssid=1
       mode=0
       proto=RSN
       key_mgmt=WPA-PSK
       #auth_alg=OPEN
       pairwise=CCMP
       group=CCMP
       psk=my_key
}

And if it doesn't work, try:

Code:

ctrl_interface=/var/run/wpa_supplicant

network={
       ssid="my_ssid"
       scan_ssid=1
       mode=0
       proto=RSN
       key_mgmt=WPA-PSK
       #auth_alg=OPEN
       pairwise=CCMP
       group=CCMP
       psk=my_key
}

You could also try to update to the latest version of wpa_supplicant (0.4.3), while Ubuntu uses 0.3.8. Quite old.
Look at here: http://hostap.epitest.fi/wpa_supplicant/

P.S.: Disable ssid broadcast. That's really important hiding it.

**pm4000** · August 9th, 2005

Originally Posted by luca_linux

Code:

ctrl_interface=/var/run/wpa_supplicant

proactive_key_caching=1

network={
       ssid="my_ssid"
       scan_ssid=1
       mode=0
       proto=RSN
       key_mgmt=WPA-PSK
       #auth_alg=OPEN
       pairwise=CCMP
       group=CCMP
       psk=my_key
}

And if it doesn't work, try:

Code:

ctrl_interface=/var/run/wpa_supplicant

network={
       ssid="my_ssid"
       scan_ssid=1
       mode=0
       proto=RSN
       key_mgmt=WPA-PSK
       #auth_alg=OPEN
       pairwise=CCMP
       group=CCMP
       psk=my_key
}

Both config files don't work. For the first one I get the error below:

Code:

Line 4: Invalid configuration line 'proactive_key_caching=1'.

I think this keyword isn't recognized by my version of wpa_supplicant (0.3.8 ).
For the second one it is always the same problem (association and key negociation ok, but can't ping my AP).

Also I tried tu use WPA2/PSK+TKIP instead of CCMP (AES) and it works well.
In my config file I only changed pairwise and group from CCMP to TKIP (and set my AP consequently)...
I wonder if AES is correctly supported by my kernel (from default installation of Hoary 5.04). How can I check this ?

Originally Posted by luca_linux

You could also try to update to the latest version of wpa_supplicant (0.4.3), while Ubuntu uses 0.3.8. Quite old.
Look at here: http://hostap.epitest.fi/wpa_supplicant/

P.S.: Disable ssid broadcast. That's really important hiding it.

Ok, I'll now try to update it (I'm new to linux so it will take some time

).
And ssid broadcast is disabled, I just enabled it for testing

Thread: HOWTO: ipw2200 + wpa

Thread Tools

Display

IPW2200, wpa_supplicant and WPA2 (PSK/AES)

Re: IPW2200, wpa_supplicant and WPA2 (PSK/AES)

Re: IPW2200, wpa_supplicant and WPA2 (PSK/AES)

Re: IPW2200, wpa_supplicant and WPA2 (PSK/AES)

Re: IPW2200, wpa_supplicant and WPA2 (PSK/AES)

Re: IPW2200, wpa_supplicant and WPA2 (PSK/AES)

Re: IPW2200, wpa_supplicant and WPA2 (PSK/AES)

Re: HOWTO: ipw2200 + wpa

Re: HOWTO: ipw2200 + wpa

Re: HOWTO: ipw2200 + wpa

Bookmarks

Bookmarks

Posting Permissions