Problem get WPA working on Edimax EW-7128g

Live forum: http://rt2x00.serialmonkey.com/viewtopic.php?t=293

MadMax

25-08-2005 20:33:44

Hello RT2500-Users,

I've installed driver version "rt2500-1.1.0-b3" and have problems to get WPA working. This is what I tried to do after loading the module

[code3teeh76l]ifconfig ra0 up
iwconfig ra0 mode managed
iwpriv ra0 set AuthMode=WPAPSK
iwpriv ra0 set EncrypType=TKIP
iwpriv ra0 set WPAPSK="MyPassword"
iwconfig ra0 essid "MyModemsESSID"
dhclient ra0[/code3teeh76l]

Networking seems to be established, but I cannot reach the Internet or the Web-Interface of my modem.

WEP works fine for me

[code3teeh76l]iwconfig ra0 key xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xx enc open essid "MyModemsESSID"
dhclient ra0[/code3teeh76l]

Did I forget something? Could this be a bug? How could I help you to fix this problem? (I unfortunately have no skills in coding)


Max

Fenrir

25-08-2005 20:52:45

There is a known problem with WPA keys not apparently being excahnged properly the first time the interface is ifup'd. Try doing an ifdown after the first ifup and then ifup again.

If that doesn't work there are a group of us generating debugging on this issue at present, so it may be fixed soon.

Some results of iwconfig, ifconfig, iwlist <iface> scan would be useful.

Can you give more details of distie and kernel etc just to be sure.

MadMax

25-08-2005 21:10:57

erase me - wrong post!

MadMax

25-08-2005 21:12:00

[quote3ulqf1bz]Try doing an ifdown after the first ifup and then ifup again.[/quote3ulqf1bz]

You mean
[code3ulqf1bz]ifconfig ra0 up
ifconfig ra0 down
ifconfig ra0 up
iwconfig ra0 mode managed
iwpriv ra0 set AuthMode=WPAPSK
iwpriv ra0 set EncrypType=TKIP
iwpriv ra0 set WPAPSK="MyPassword"
iwconfig ra0 essid "MyModemsESSID"
dhclient ra0[/code3ulqf1bz]
?????????????????????????????????????????????

[quote3ulqf1bz]Can you give more details of distie and kernel etc just to be sure[/quote3ulqf1bz]

Mandriva LE2005 with Kernel 2.6.11

[quote3ulqf1bz]Some results of iwconfig, ifconfig, iwlist <iface> scan would be useful.[/quote3ulqf1bz]

O.k., but now I'm running with WEP, it takes some time but it's time to go to bed for me -), I will do that tomorrow...


Max

MadMax

26-08-2005 15:13:14

[quote1iamrohm]Try doing an ifdown after the first ifup and then ifup again. [/quote1iamrohm]

Bad luck for me - this trick didn't work for me -(

[quote1iamrohm]Some results of iwconfig, ifconfig, iwlist <iface> scan would be useful.[/quote1iamrohm]

The results after doing
[code1iamrohm]ifconfig ra0 up
iwconfig ra0 mode managed
iwpriv ra0 set AuthMode=WPAPSK
iwpriv ra0 set EncrypType=TKIP
iwpriv ra0 set WPAPSK="MyPassword"
iwconfig ra0 essid "MyModemsESSID"[/code1iamrohm]

are as follows

[code1iamrohm]
result of "iwconfig ra0":
---------------------------
ra0 RT2500 Wireless ESSID:"MyModemsESSID"
Mode:Managed Frequency=2.437 GHz Access Point: 00:04:0E:43:8C:62
Bit Rate:54 Mb/s
RTS thr:off Fragment thr:off
Encryption key:0000-0000-00
Link Quality=40/100 Signal level=-36 dBm Noise level:-207 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0

result of "iwlist ra0 scan":
------------------------------
ra0 Scan completed :
Cell 01 - Address: 00:04:0E:43:8C:62
Mode:Managed
ESSID:"MyModemsESSID"
Encryption key:on
Channel:6
Quality:60/100 Signal level:-102 dBm Noise level:-207 dBm

result of "ifconfig ra0":
---------------------------
ra0 Protokoll:Ethernet Hardware Adresse 00:0E:2E:57:85:27
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1645 errors:0 dropped:0 overruns:0 frame:0
TX packets:3845 errors:10 dropped:10 overruns:0 carrier:0
Kollisionen:883 Sendewarteschlangenlänge:1000
RX bytes:1544583 (1.4 Mb) TX bytes:350348 (342.1 Kb)
Interrupt:17 Basisadresse:0x8000[/code1iamrohm]

After doing "dhclient ra0" it looks like this
[code1iamrohm]
result of "iwconfig ra0":
---------------------------
ra0 RT2500 Wireless ESSID:"MyModemsESSID"
Mode:Managed Frequency=2.412 GHz Bit Rate:54 Mb/s
RTS thr:off Fragment thr:off
Encryption key:0000-0000-00
Link Quality=61/100 Signal level=-35 dBm Noise level:-207 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0

result of "iwlist ra0 scan":
------------------------------
ra0 Scan completed :
Cell 01 - Address: 00:04:0E:43:8C:62
Mode:Managed
ESSID:"MyModemsESSID
Encryption key:on
Channel:6
Quality:61/100 Signal level:-102 dBm Noise level:-207 dBm

result of "ifconfig ra0":
---------------------------
ra0 Protokoll:Ethernet Hardware Adresse 00:0E:2E:57:85:27
inet Adresse:192.168.178.20 Bcast:192.168.178.255 Maske:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1694 errors:0 dropped:0 overruns:0 frame:0
TX packets:5327 errors:20 dropped:20 overruns:0 carrier:0
Kollisionen:1032 Sendewarteschlangenlänge:1000
RX bytes:1568417 (1.4 Mb) TX bytes:435465 (425.2 Kb)
Interrupt:17 Basisadresse:0x8000[/code1iamrohm]

Any suggestions? Or do I have to waint until a new driver will be released?


Max

serialmonkey

28-08-2005 06:14:37

Do this.

iwconfig ra0 mode managed
iwpriv ra0 set AuthMode=WPAPSK
iwpriv ra0 set EncrypType=TKIP
iwconfig ra0 essid "MyModemsESSID"
iwpriv ra0 set WPAPSK="MyPassword"
ifconfig ra0 up
sleep 5
dhclient ra0

MadMax

29-08-2005 18:24:04

No luck with this either.

I typed in the commands in exact your proposed new order + "sleep 5" - same result -(

serialmonkey

29-08-2005 22:26:28

Please provide a debug trace of running the commands above.

MadMax

30-08-2005 18:09:35

[quote338qg6gs]Please provide a debug trace of running the commands above.[/quote338qg6gs]

You mean building a new module with
[code338qg6gs]make debug[/code338qg6gs]
and loading it with
[code338qg6gs]modprobe rt2500 debug=1[/code338qg6gs] ???

Or is there something else I have to do to enable debugging with ALL the commands?

serialmonkey

30-08-2005 22:48:27

As per the Module\TESTING file (what you have above is correct)

MadMax

01-09-2005 18:37:13

Hi there,

this is what I did
loading the module with
[codeondwqjls]modprobe rt2500 debug=1[/codeondwqjls]

Then I ran following commands in a script:

[codeondwqjls]iwconfig ra0 mode managed
iwpriv ra0 set AuthMode=WPAPSK
iwpriv ra0 set EncrypType=TKIP
iwconfig ra0 essid "Max-Box SL WLAN"
iwpriv ra0 set WPAPSK="DuKummstDaNedNei"
ifconfig ra0 up
sleep 5
dhclient ra0[/codeondwqjls]

The last thing I did was
[codeondwqjls]grep "kernel: rt2500" /var/log/messages > RaLink_debug.txt[/codeondwqjls]

The attached file is the result, 1,4MB size!!!!!!!
Is this normal when debug-mode on?

Max

serialmonkey

01-09-2005 23:33:55

Quite, which is why most people gzip them before posting, and why it takes awhile to analyse them. I'll have a read now.

serialmonkey

01-09-2005 23:43:11

Okay, somehow, the interface is up before you set all that. You can see at line 16480 is where you set the ESSID - the driver has been up for at least 30 seconds before that. Something autoupping it on your behalf ?

But, you do successful associate and auth at 17120. We recieve the first WPA EAP handshake at 17154 and the third at 17212.

From there on I can't spot any problems (though I don't have my working debug sample handy). I'd start by working out what is upping that interface on you.

OR

Rerun the test and provide me another debug where the first thing you do after modprobe is 'ifconfig ra0 down'

MadMax

02-09-2005 07:12:19

What I did to bring the network down was
[code18o5uqqa]service network stop[/code18o5uqqa]

This hopefully should do the same thing, doesn't it? Or do I have to bring it down every time AFTER I am modprobing? Isn't the network already down then?

[quote18o5uqqa]the driver has been up for at least 30 seconds before that. Something autoupping it on your behalf ?[/quote18o5uqqa]

I was modprobing manually, and after that (perhaps 30sec???) I ran the script. Maybe it has something to do with this?
I don't think that something is done automaticly beside booting.

[quote18o5uqqa]Rerun the test and provide me another debug where the first thing you do after modprobe is 'ifconfig ra0 down'[/quote18o5uqqa]

Well, weekend is near and perhaps I provide you with a new debug-info if necessary.

MadMax

03-09-2005 11:38:34

Hello all,

back again with a new debug-message - now I've added the line "ifconfig ra0 down" to my script and it looks like this
[codegvikmkir]ifconfig ra0 down
iwconfig ra0 mode managed
iwpriv ra0 set AuthMode=WPAPSK
iwpriv ra0 set EncrypType=TKIP
iwconfig ra0 essid "Max-Box SL WLAN"
iwpriv ra0 set WPAPSK="DuKummstDaNedNei"
ifconfig ra0 up
sleep 5
dhclient ra0[/codegvikmkir]

Gosh - the debug-text is now 3,6MB!!!!! But now I made a .gz-file.

Happy bug-finding - I wouln't find anything in all the lines...



Max

MadMax

06-09-2005 16:41:58

Hello all!

Any progress about finding this WPA-bug, yet?

Is my 2nd debug-text what you expected?


Would be great if I could connect to my router with WPA-encryption soon...

Max

serialmonkey

06-09-2005 22:36:49

We have been busy with rt2x00.

I'll try and get through this debug today sometime. You are still on my open issues list so I won't forget.

serialmonkey

09-09-2005 06:18:34

Reading through it I still can't spot any problems. I'll generate myself a new clean sample trace and compare.

MadMax

07-10-2005 22:25:05

Any results regarding this issue?

MadMax

08-12-2005 19:25:52

Hello there,

now working on Mandriva 2006 with latest CVS-built of the rt2500-driver, same problems (WPA doesn't work).

Is there a solution for this problem, or are you still busy with bug-hunting?


Max

MadMax

10-12-2005 16:51:31

Hello all,

I don't want to fall on your nerves, but could you please give me a short reply if

* I am alone with this issue
* this is a nown bug
* it is possible to get WPA working with the rt2x00-driver instead
* you need a 3rd debug-info to help you finding this bug
* you need more information about my hardware / system



I cannot find a similar bug on these pages
http//rt2x00.serialmonkey.com/wiki/ind ... %27s_Broke
http//rt2x00.serialmonkey.com/wiki/ind ... ug_reports
http//sourceforge.net/tracker/?group_i ... tid=648844

serialmonkey

11-12-2005 10:03:36

70% of people (including myself) have no problem with WPA

The 30% of people that do, have problems which we haven't been able to debug due to the messy way that WPA has been implemented by Ralink in the code.

The overall solution is for us to get WPA working with rt2x00.

It doesn't currently.

We are working on it though. As soon as WPA works on rt2x00 we will just tell all WPA-wanting people to just migrate to it - as it's a waste of time trying to debug WPA in the current source.

MadMax

29-08-2006 15:08:35

Hello there,

because of the recent canges in the rt2500 driver regarding WPA I wanted to give the latest CVS-version a try.

My system now is Mandriva 2006 with kernel 2.6.12-22mdk

But - as in the past - for me it is still impossible to establish a working connection via WPA.

To prevent strange effects I've also deleted the file
[b1mby55hb]/etc/Wireless/RT2500STA/RT2500STA.dat[/b1mby55hb]

My script to establish the connection looks like this
[code1mby55hb]#!/bin/bash
ifconfig ra0 down
iwconfig ra0 mode managed
iwpriv ra0 set AuthMode=WPAPSK
iwpriv ra0 set EncrypType=TKIP
iwconfig ra0 essid "Max-Box SL WLAN"
iwpriv ra0 set WPAPSK="DuKummstDaNedNei"
ifconfig ra0 up
sleep 5
dhcpcd -d ra0[/code1mby55hb]

Please have a look at my debug-trace - perhaps you can spot the problem now.

The router is defentively set to WPA and TKIP, as you can see in the screenshot I've made and added to the *.tar.gz



Can you tell me what's wrong here?

Vern

07-09-2006 21:26:05

Hi Mad,

Are you still interested in pursuing this problem?

If so, are you comfortable with patching and compiling driver source?

MadMax

08-09-2006 07:40:01

[quote1ys91ppo]Are you still interested in pursuing this problem? [/quote1ys91ppo]
Of course I am! As you can see at my first post - I am having this WPA-problem since ONE year!
Or do you think I should better give up and by a PRISM-based card instead? lol

[quote1ys91ppo]If so, are you comfortable with patching and compiling driver source?[/quote1ys91ppo]
Compliling a new driver from source should not be a problem for me - I already tried out several rt2500-drivers.
Patching a driver - I never did that but if someone can tell me how?!?!

Do you already have a patch for me?

Vern

08-09-2006 18:24:12

Hi Mad,

Man after my own heart, but first ...

Make *sure* the command that starts "iwconfig ra0 essid ..." is the last one issued. The reason is that the driver starts the association process when it gets one, even though the rest of its state may not yet be what you want. (I consider this a bug.) Anyway, try that, and if there's still no success, you might want to read the rest of this post.

Next caveat is that this is probably going to be a non-trvial process. But anyway, here goes

What AP are you using?

Looking at your latest log file, I see that after the first successful association, there are actually 50 data frames sent before getting the de-authentication frame from your AP. The driver then tries to associate again, and the second association attempt fails.

The fact that the first association attempt succeeds while the second fails implies that there may be some difference in what is sent to the AP on each attempt. This could happen if, for example, the driver has hurt itself somehow and corrupted it's internal state.

To help evaluate this hypothesis, I've attached a patch that - when the driver is compiled with debug enabled - emits a debug message showing the Association Request frame data with the idea of seeing if the request data is the same in both instances.

The patch is in "cvs diff -u" format. The modified files are assoc.c and rtmp_def.h.

assoc.c
=======
MlmeAssocReqAction() - When compiled with debug enabled, emits target MAC address and frame data for association request frame.

rtmp_def.h
=========
#defines MAC2STR, MACSTR macros.

If you care to try the patch, it should be applied to a vanilla version of the latest CVS for the legacy driver. Specific steps are

1. Download the patch file (arfd.patch.gz) from here.
2. Obtain vanilla CVS of RT2500 legacy driver.
3. Go to source/rt2500/Module.
4. Say this zcat <path-to-download-dir>/arfd.patch.gz | patch -s
5. Perform the same build steps as you would to get debug output from
the unpatched driver.

Then please post a gzipped debug log of your results here. I'll take a look at it and see what needs to be done next.

MadMax

09-09-2006 09:17:00

[quote1ga8c9ed]Make *sure* the command that starts "iwconfig ra0 essid ..." is the last one issued.[/quote1ga8c9ed]
Are you sure about that? I did what you proposed - my script in new order looks as follows
[code1ga8c9ed]#!/bin/bash
ifconfig ra0 down
iwconfig ra0 mode managed
iwpriv ra0 set AuthMode=WPAPSK
iwpriv ra0 set EncrypType=TKIP
iwpriv ra0 set WPAPSK="DuKummstDaNedNei"
iwconfig ra0 essid "Max-Box SL WLAN"
ifconfig ra0 up
sleep 5
dhcpcd -d ra0[/code1ga8c9ed]
But I think that the script was o.k. like before! Look at the 1st page of this thread, there a person called "Fenrir" writes
[quote1ga8c9ed]There is a known problem with WPA keys not apparently being excahnged properly the first time the interface is ifup'd. [/quote1ga8c9ed]
With the new script-order and if I unload the driver (modprobe -r rt2500), reload it again, I now have to run the script twice to get a connection.
With the old script I just had to run it once.
This is the reason why I changed my script - compared to the explanations in the file "iwpriv_usage.txt".



If the WPA-connection is established - it's still all the same; doesn't work -(
No, to be honest, this is not completely true - because it seems to work for sites which produce very low traffic.
I.e. I can reach http//www.google.de/ and also search for some things.
But I can not reach the Web-Interface of my AP (perhaps because of the transmitted graphics?).

My AP is an "FRITZ!Box SL WLAN", it's very popular here in Germany.
http//www.avm.de/de/Produkte/FRITZBox/ ... index.html


Perhaps within the next days I find some time to get your patch working - but where do I get this "vanilla CVS of RT2500 legacy driver"?
Is it enough to download the latest nightly CVS-tarball, or is this something different?

Vern

09-09-2006 16:29:01

madmax wrote[quote1b2qmrz0]
Perhaps within the next days I find some time to get your patch working - but where do I get this "vanilla CVS of RT2500 legacy driver"?
Is it enough to download the latest nightly CVS-tarball, or is this something different?[/quote1b2qmrz0]

This is something different. You can view the CVS tree at

http//rt2400.cvs.sourceforge.net/rt2400/[

To get one of more of the main branches, create/go to a directory (like, say ~/rt2400), then say (e.g.)

cvs -q -dpserveranonymous@rt2400.cvs.sourceforge.net/cvsroot/rt2400 co -P source

Also, a debug log trace of the results of using your modified bringup script would be useful.

MadMax

10-09-2006 09:47:47

O.k. - hopefully I did everything right

1. cvs -q -dpserveranonymous@rt2400.cvs.sourceforge.net/cvsroot/rt2400 co -P source
2. Download your patch
3. zcat <path-to-download-dir>/arfd.patch.gz | patch -s
4. make debug

Before modprobing, I also did a logrotate to have a fresh var/log/messages
For the script, I used the one in the old order, as explained above
[code1zgkojx7]#!/bin/bash
ifconfig ra0 down
iwconfig ra0 mode managed
iwpriv ra0 set AuthMode=WPAPSK
iwpriv ra0 set EncrypType=TKIP
iwconfig ra0 essid "Max-Box SL WLAN"
iwpriv ra0 set WPAPSK="DuKummstDaNedNei"
ifconfig ra0 up
sleep 3
dhcpcd -d ra0[/code1zgkojx7]

As with the other debug-traces before, I grep'ed the debug-infos with
[code1zgkojx7]grep "kernel: rt2500" /var/log/messages > debug_Patch_CVS.txt[/code1zgkojx7]


I hope you can use this one now successfully for bug-finding.
Good luck and thank you very much in advance!

Vern

10-09-2006 18:47:54

Hi madmax,

Everything was bang on. Thanks.

First, three questions

1. On your posts of Aug 26, '05 and Sep 3 '05, your script ends with "dhclient ra0". On Aug 29 '06 and Sep 09 '06, it ends with "dhcpcd -d ra0". What difference in behavior does that produce? (I can't find dhcpcd on my own system, but judging from the command line, it looks like a dhcpd/dhcpd3 variant.)

2. On your post of Sep 09 '06, I read
[quote3qai8scp]... because it seems to work for sites which produce very low traffic.
I.e. I can reach http//www.google.de/ and also search for some things.
But I can not reach the Web-Interface of my AP ...[/quote3qai8scp]
If I understand your configuration OK, it would seem that if you've reached Google, you have to have gone thru your AP; which would imply things are working. Getting to the AP itself (as a destination rather than a relay point) is a different process. For that, you need to have the DNS name/IP address of the AP itself.

3. So where, physically, is your DHCP server? The dhcpd command starts one up. If your AP provides one, you should use it by using the dhclient command in your script. I suspect its on your AP, because the ifconfig outputs of your Aug 26 05 post show that before the dhclient command your adapter does not have an IP address and after the dhclient command, it does have one.

You might try this command sequence before proceeding with more patching
[code3qai8scp]ifdown ra0
iwconfig ra0 mode managed
iwpriv ra0 set AuthMode=WPAPSK
iwpriv ra0 set EncrypType=TKIP
iwpriv ra0 set WPAPSK="DuKummstDaNedNei"
iwconfig ra0 essid "Max-Box SL WLAN"
ifup ra0
dhclient ra0[/code3qai8scp]
If one run of this sequence doesn't result in a connection, try repeating just this part
[code3qai8scp]iwconfig ra0 essid "Max-Box SL WLAN"[/code3qai8scp]
If there is still no success, then I did say this might be a non-trivial process, right?

Turns out that the frame data sent in the association request message is the same every time. So much for the "driver hurt itself" hypothesis.

I have noticed, however, that the WPA1 IE (#221) your adapter is getting from the AP's beacon frame is 24 bytes long. This doesn't match a valid combination of content (OUI, cipher suite, pmk suite, akm suite) that I can imagine.

So ... would you be willing to try yet another patch in order to get information on this? If so, I've uploaded it here as "arfd_2.patch.gz". Just to keep things simple, it too should be applied to a vanilla version of the latest CVS for the legacy driver using the same procedure as before. The previous patch should be discarded.

The modified files are rtmp_def.h and sanity.c

rtmp_def.h
==========
MAC2STR, MACSTR debug macros.

sanity.c
========
PeerBeaconAndProbeRspSanity()
When compiled with debug enabled, emits content of WPA1 IE.

Thanks for your efforts.

MadMax

10-09-2006 20:16:23

[quote2p4bq9af]1. On your posts of Aug 26, '05 and Sep 3 '05, your script ends with "dhclient ra0". On Aug 29 '06 and Sep 09 '06, it ends with "dhcpcd -d ra0".[/quote2p4bq9af]
This is because I have defined a special host-name in my system. Normaly, the dhcp-server should be able to accept the request from the client and advice the client to use the hostname requested.
But actually dhclient doesn't do this for me. The hostname always turns to "noname" instead. This only works for me with dhcpcd. This is why I canged the programs for establishing the connection.
I already made a bug-entry some time ago for this
http//marc.theaimsgroup.com/?l=dhcp-cl ... 126489&w=2
But still this wasn't fixed from the dhclient-guys.

So this is more or less jut a cosmetic issue, because I get a connection with both solutions - to answer the question about to try out a new script with dhclient.

[quote2p4bq9af]1. + 2. So where, physically, is your DHCP server?[/quote2p4bq9af]
My AP is a all-in-one solution to go into internet it's a DSL-modem, AP and DHCP-Server in one box!

[quote2p4bq9af]because the ifconfig outputs of your Aug 26 05 post show that before the dhclient command your adapter does not have an IP address and after the dhclient command, it does have one. [/quote2p4bq9af]
Well, I thought things are going this way, aren't they? wink
Otherwise I needn't the dhclient/dhcpcd - commands...

So if I say I can reach "google", I can go into Internet. But Google unfortunately seems to be just a exeption - most of other sites fail when loading. I thought that this could have something to do with the amount of data to be transmitted?!?!?
Also, I'm unable to reach my FritzBox in WPA-mode...

[quote2p4bq9af]So ... would you be willing to try yet another patch in order to get information on this? [/quote2p4bq9af]
If I can help you / you can help me this way - of course!.
But I will do that tomorrow, today's already late in the evening.
As I can not reach my FritzBox any more later when switching to WPA-mode, it's a little time-consumting to get my FritzBox "back to life" with all these cables... wink

Thank you for your fast reply!!!

MadMax

11-09-2006 11:27:27

O.k. - here we go again,

I've downladed a fresh CVS-driver and applied the new patch (I hope I did it).

Vern

15-09-2006 03:58:07

Hi MadMax,

No solution yet, but I wanted to provide a short status report before you're left swaying in the breeze entirely too long.

The patch looks like it did exactly what it was intended to do.

What it shows is that the AP has sent two extra bytes of zeroes tacked on to the end of the WPA1 IE it sends as part of its beacon frame. Technically, it shouldn't be doing that, but, on the other hand, it doesn't seem to be doing any harm, and the rest of the content conforms to the standard. So the "Invalid WPA IE" hypothesis can be trashed alongside the "Corrupted EAPOL Data" hypothesis.

What I'm looking at now is along the lines of your references to graphics data in your previous posts. There's nothing special about graphics data per se, but there is often a lot of it. So I'm looking into how to see if there are any corner cases with respect to packet data size and send rate.

As soon as I have something ready to go, I'll upload it here, and ask you to test it if you're still interested.

Thanks for the hard work,

MadMax

15-09-2006 16:47:24

Hmm, bad luck for me! -(

I stay tuned and of course I'm willing to test other patches if ready - I want to have this fixed! ;-)

Thanks for your efforts!

Vern

15-09-2006 22:51:24

Hi MadMax,

Yet another patch - this time to see the effect of the large volumes of data implied by your references to graphics data in previous posts.

It is intended to show the format of transmit skbs as they are passed down to the driver, and the format of receive skbs as they are reported up the network stack, with the intent of finding out if any "nonlinear" skbs are ever used, and if so, the results.

I've uploaded it here as skbl.patch.gz. As before, the previous patch should be discarded, and this patch applied to a vanilla version of the latest CVS. The modified files are rtmp_data.c and rtmp_main.c

---------------------------------------------------------------------
rtmp_data.c
===========
RTMPHandleDecryptionDoneInterrupt()
Instrument to show skb configuration as sent up to netif_rx().

RTMPSendPacket()
Instrument to show total and paged data lengths when called.

rtmp_main.c
===========
RTMPSendPackets()
Instrument to show total and paged data lengths when called.
---------------------------------------------------------------------

If you're still game to continue, please post a log of your results here, and I'll take a look at it. (BTW, no need to wrap a single file inside a tarball; just the gzipped file itself is OK.)

Once again, thanks for slogging through all this,

MadMax

16-09-2006 14:58:13

3rd patch applied - see attachement.

[quotejwhbv25w]no need to wrap a single file inside a tarball; just the gzipped file itself is OK.[/quotejwhbv25w]
I know, but it's just a habbit to use GUI-programs instead of console as much as possible - therefore I use Krusader to GZIP and do all the file-copy-stuff. Unfortunately Krusader only knows .tar.gz or .tar.bz2 for compressing... -)

Hope you can spot the problem now....

What I did after establishing WPA-connection
1. http//www.google.de - o.k.
2. search for "testing ralink" o.k.
3. Try to reach the Web-Interface of my FRITZ!Box http//fritz.box/

After step 3.) there was the break-down of the network - as usual...

Vern

16-09-2006 18:47:24

Hi MadMax,

First, one observation On your post of Sat 9/9/06 you wrote
[quote1fqs16dy]With the new script-order and if I unload the driver (modprobe -r rt2500), reload it again, I now have to run the script twice to get a connection. With the old script I just had to run it once.[/quote1fqs16dy]
This may have been because you were still using a RT2500STA.dat file, which is read in as part of the "ifconfig ra0 up" processing. As long as that file is deleted, there should be no problem with the script I proposed. If it does exist, then the entire script (except the 'iwconfig ra0 up' part) should be repeated after issuing the ifup command.

The "ifconfig ra0 essid ..." command really does have to be the last one issued (cf. examples in iwpriv_usage.txt) because the driver starts the association process when it gets it. If you've previously issued - say - an authentication type command, and subsequently issue a command to set a key value, the association may be initiated with an inconsistent set of parameters. This may cause, as they say, indeterminate behavior.

In a previous post, I said I considered the fact that issuing the "iwconfig essid" command starts the association process to be a bug; but it turns out that the Ralink folks were just implementing the M$ NDIS spec. This conflicts with the iwconfig man page, which states that issuing "iwconfig <interface> ap <mac-addr>" causes the card to "register" to the AP. (The order of parameters in the RT2500STA.dat file doesn't matter, since the driver reads the whole thing before starting to do anything.) So the approach the driver takes by starting the association process on the receipt of either command is probably as good as any.

Looking at your latest log, there's not a particularly large amount of traffic, and the data items printed out by the patch look OK.

I have five questions

1. When the problem occurs, what is your procedure to be able to get to http//www.google.de/ again and also search for some things?

2. What are you trying to do at the AP? Do you get a window display on your browser?

3. What happens if you *never* try to access the web interface of your AP over you wireless link? Can you do everything else OK? For as long as you wish?

4. What happens if you try to access your AP's web interface over the Ethernet wire?

5. Have you tried accessing that AP using different wireless equipment? If so, what was the result?

MadMax

16-09-2006 19:39:28

[quote24vqd08l]This may have been because you were still using a RT2500STA.dat file[/quote24vqd08l]
No, as I wrote somewhere before, I've definetly deleted this file! Just have some backups when I tried out the RaConfig-Tool one time
[code24vqd08l]ls -la /etc/Wireless/RT2500STA
insgesamt 20
drwxr-xr-x 2 root root 4096 Aug 29 15:29 ./
drwxr-xr-x 3 root root 4096 Jun 11 11:47 ../
-rw-r--r-- 1 root root 412 Jun 11 12:52 RT2500STA.dat.SAV_WEP
-rw-r--r-- 1 root root 415 Jun 12 12:53 RT2500STA.dat.SAV_WPA
-rw-r--r-- 1 root root 736 Jun 11 12:52 RT2500STA.ui[/code24vqd08l]
[quote24vqd08l]As long as that file is deleted, there should be no problem with the script I proposed. [/quote24vqd08l]
As you can see, the file [b24vqd08l]RT2500STA.dat[/b24vqd08l] doesn't exist, and as posted before the script in new order doesn't work for me!!! This is why I kept the old one.
Look at my log-file
[code24vqd08l]Sep 16 16:48:01 MaxOffline kernel: rt2500: --> Error 2 opening /etc/Wireless/RT2500STA/RT2500STA.dat[/code24vqd08l]
I don't understand most of the log - but this means for me that your theory that the file is still there can't be correct.


And one more thing to mention - in the past I also got disconnected trying to reach the internet when using the RaConfig-Tool instead of my script!!!

[quote24vqd08l]1. When the problem occurs, what is your procedure to be able to get to http//www.google.de/ again and also search for some things?[/quote24vqd08l]
This is difficult to answer - sometimes it works, sometimes it doesn't. With the last log-file it didn't work - so no site was reachable anymore.

[quote24vqd08l]2. What are you trying to do at the AP? Do you get a window display on your browser? [/quote24vqd08l]
http//fritz.box is just the start-screen of the web-interface - and yes, I normaly should get a screen on my browser if I type in the adress.
I can configure the hole internet-things with it - encryption-type (open, WEP, WPA), setup of my provider-properties, open ports for file-sharing, etc...

[quote24vqd08l]3. What happens if you *never* try to access the web interface of your AP over you wireless link? Can you do everything else OK? For as long as you wish? [/quote24vqd08l]
No, as written somewhere above - I can not reach most of the internet-pages around - google is just one of a handfull of exeptions.

[quote24vqd08l]4. What happens if you try to access your AP's web interface over the Ethernet wire?[/quote24vqd08l]
This is how I get my AP back to life - and switch to WEP-encryption again. Everything works fine with eth1, also with WEP-encryption no problems!

[quote24vqd08l]5. Have you tried accessing that AP using different wireless equipment? If so, what was the result?[/quote24vqd08l]
I can not call too much hardware my own - I only have a WLAN-USB-adaptor which only runs with ndiswrapper. But this didn't work very well for me (system freezes from time to time) - and I never tried out WPA with this adaptor.
This is why I bought a PCI-card with rt2500-chip - because I thought I would have perfect support under Linux. -(

[quote24vqd08l]Looking at your latest log, there's not a particularly large amount of traffic,[/quote24vqd08l]
Maybe this is because there won't be much traffic because the transfer breaks!
I can wait minutes after minutes and don't get the start screen of the web-interface! And of cource the traffic produced from a web-interface shouldn't be so much... but it seems to be enough to blow my connection.

Vern

17-09-2006 17:43:34

Hi MadMax,

First, thanks for the answers.

After you use the Ethernet link to set up your AP for WEP, which link (Ethernet or Wireless) are you using when you try to set up WPA and TKIP?

MadMax

17-09-2006 19:49:37

[quote2u1op6jj]After you use the Ethernet link to set up your AP for WEP, which link (Ethernet or Wireless) are you using when you try to set up WPA and TKIP?[/quote2u1op6jj]
Hmm, I don't really understand your question.

Normally it shouldn't make a difference how to be connected to my DSL-modem. With my modem I have these options
* ethernet
* USB (not for Linux, because you need a driver for it which only exists for Windows)
* WLAN (no encryption, WEP, WPA, WPA2)

My computer has ethernet and I have the PCI-card with rt2500-chip. As written above, USB doesn't work under Linux.

So normally I choose WLAN with WEP, because WPA doesn't work for me in the moment. I'm writing these lines via WLAN and WEP-encryption over the rt2500-chipset.
With this it's also possible to switch to WPA-mode. After that of course I loose connection, because the computer is still set up for WEP.
If I would be able to establish a WPA-connection I also could switch back to WEP again via WLAN.
As this doesn't work for me, I plug-in an ethernet-cable, setup the network for it (just with a simple command dhcpcd eth1) and turn on WEP encryption again.

Then I am able to use WLAN again with WEP-encryption....


Is this what you wanted to know?

Vern

18-09-2006 00:49:04

Hi MadMax,

Almost. You wrote
[quote25gycgio]With this it's also possible to switch to WPA-mode. After that of course I loose connection, because the computer is still set up for WEP.[/quote25gycgio]
That's the "this" you're referring to? When you switch to WPA-mode, are you doing it over the RT2500-chip?

MadMax

18-09-2006 06:48:32

Hi MadMax,

Almost. You wrote
[quote3r4stb9d]With this it's also possible to switch to WPA-mode. After that of course I loose connection, because the computer is still set up for WEP.[/quote3r4stb9d]
That's the "this" you're referring to? When you switch to WPA-mode, are you doing it over the RT2500-chip?[/quote3r4stb9d]
Yes. I normally switch to WPA over WLAN. Why is this important for you?

Vern

19-09-2006 03:45:36

Hi MadMax,

The fact that you can communicate at all over your wireless link with your AP shows that an IEEE802.11 association has been established. Otherwise you would not see the AP's Web HTML page.

Two essential attributes of an association are the authentication scheme (how to prove you are who you say you are) and the encryption scheme (how to assure privacy of your data). The values of these attributes have to be agreed on in advance by the AP (your Fritz!Box) and the STA (your PC). They cannot be changed during an active association. When you try to do so, by changing from WEP authentication and encryption to PSK authentication and TKIP encryption, the AP disconnects you.

You might try accessing your AP in advance over the Ethernet link and configuring it for PSK authentication, TKIP encryption, and the value of the PSK key you intend to use. Then try your wireless link using the same authentication scheme, encryption scheme, and key value.

MadMax

19-09-2006 09:06:53

[quoteybmp78ng]The values of these attributes have to be agreed on in advance by the AP (your Fritz!Box) and the STA (your PC). They cannot be changed during an active association. When you try to do so, by changing from WEP authentication and encryption to PSK authentication and TKIP encryption, the AP disconnects you.[/quoteybmp78ng]
O.k. - tried what you wrote (alhtough I couldn't really believe it)

1. bring network down
2. connect to FritzBox via eth1
3. Switch FritzBox to WPA-mode
4. bring network down
5. connect to FritzBox via WLAN with my script

=> same behaviour as every time!

My FritzBox is able to store the informations about all WLAN-settings also if there is a loss of power. So even if I switch it off and on again to be 100% sure that there is no active WLAN-association anymore - it behaves all the same!

So your new theory can't be correct, either. If so, how could you explain that I can reach Google, but no other sites in WPA-mode?

And something more against your theory as I switch from WEP to WPA via WLAN-connection - the association can't be active anymore - I logically loose connection in that case, as I also wrote somewhere above.

Vern

22-09-2006 20:14:02

Hi MadMax,

Looking at the English versions of the WLAN and WLAN 7050 manuals, I see that they both support WPA security. The problem, I think, is that - as I read the manuals - while 802.1X WPA authentication is supported, WPA-PSK (pre-shared key) is not (cf. pp. 47 of WLAN Guidebook, pp. 56 of WLAN 7050 Guidebook - English versions "This key is regenerated at regular intervals.").

The legacy driver only supports WPA-PSK, and I'm not aware of plans to upgrade it. I think that if you absolutely need 802.1X-style WPA authentication, you need to use the rt2x00 driver. I believe that driver needs kernel 2.6.17. Maybe Ivo or Mark has more information.

Possibly you could contact AVM and see about WPA-PSK support.

MadMax

22-09-2006 21:41:26

[quote1n5xdg6u]The problem, I think, is that - as I read the manuals - while 802.1X WPA authentication is supported, WPA-PSK (pre-shared key) is not (cf. pp. 47 of WLAN Guidebook, pp. 56 of WLAN 7050 Guidebook - English versions "This key is regenerated at regular intervals."). [/quote1n5xdg6u]

Hmm, I don't understand much about WPA-encryption. I can only tell you that I have the following options for WPA with my FritzBox

[code1n5xdg6u]* TKIP (WPA)
* WPA-Key
* Group-Key-Intervall[/code1n5xdg6u]
or
[code1n5xdg6u]* AES (WPA2)
* WPA-Key
* Group-Key-Intervall[/code1n5xdg6u]

I don't really know what this [i1n5xdg6u]Group-Key-Intervall[/i1n5xdg6u] is for (it was set to [b1n5xdg6u]3600sec[/b1n5xdg6u] by default), and I also don't know if this is WPA-PSK or not.

Unfortunatelly I can't find further informations on the AVM-website or in my handbook.

Using driver rt2x00 instead is impossible for me in the moment, because Mandriva 2006 only has kernel 2.6.12

Are you sure about this PSK-thing?
Or could you explain what this Group-Key-Intervall is for?

Would it perhaps make sense to set this to a higher/lower amount and try again?

serialmonkey

23-09-2006 12:08:38

Group key interval is how often the group key is re-exchanged between the clients and AP.

It looks like your AP only support PSK - not 802.11x (otherwise it wouldn't ask you to enter a key). I assume there is nowhere on that page in your AP to setup something like a RADIUS server ?

MadMax

23-09-2006 15:05:28

Well, now I'm [b6eauah83]VERY[/b6eauah83] confused!

While Vern posted this
Looking at the English versions of the WLAN and WLAN 7050 manuals, I see that they both support WPA security. The problem, I think, is that - as I read the manuals - while 802.1X WPA authentication is supported, WPA-PSK (pre-shared key) is not [..] The legacy driver only supports WPA-PSK[/quote6eauah83]
you are now writing the opposite
It looks like your AP only support PSK - not 802.11x (otherwise it wouldn't ask you to enter a key).[/quote6eauah83]

What's correct now?

I actually don't know what my FritzBox does support, the manuals only say something about TKIP (WPA) and about the standards IEEE 802.11b and IEE 802.11g being supported.
But I contacted AVM yesterday to get further information about my FritzBox.

And now my question to you is - as I think you are not one with each other
[b6eauah83]Do I need an AP with WPA-PSK to get connected with my rt2500-chip with the currently used driver rt2500, or not?
[/b6eauah83]
Who of you guys is right?


I assume there is nowhere on that page in your AP to setup something like a RADIUS server ?[/quote6eauah83]
No, there isn't - what do you conclude about my FritzBox?

(otherwise it wouldn't ask you to enter a key).[/quote6eauah83]
Isn't it normal that I have to let the AP know about the WPA-key the wireless network should use? What exactly do you mean with this?

IvD

23-09-2006 15:18:29


I assume there is nowhere on that page in your AP to setup something like a RADIUS server ?[/quote28j20a6w]
No, there isn't - what do you conclude about my FritzBox?

(otherwise it wouldn't ask you to enter a key).[/quote28j20a6w]
Isn't it normal that I have to let the AP know about the WPA-key the wireless network should use? What exactly do you mean with this?[/quote28j20a6w]

PSK means Pre Shared Key, this means that you have to enter a encryption key in the AP as well as the client. During authentication stage the keys are basically compared (through various algorithms for safe comparison of keys without informing the world what the key is)
The fact that your AP has an option to enter a encryption key, means that it supports the Pre Shared Key method.

The 802.11i standard is about authentication without Pre Shared Keys and work (usually) with a radius server for authentication. Which works something like LDAP, users passwords are stored in database, upon authentication attempt the user with his password is verified.
If your AP does not have a option for a Radius server or 802.11i authentication is does not support 802.11i.

MadMax

23-09-2006 20:31:58

[quoteo3g9el2s]PSK means Pre Shared Key, this means that you have to enter a encryption key in the AP as well as the client.[/quoteo3g9el2s]
Yes, I have to enter a WPA key in my AP - so my FritzBox [io3g9el2s]does[/io3g9el2s] support WPA-PSK!!!

So that would mean that Vern was wrong again with his conclusion that my AP wouldn't support this.

And what does the rt2500-driver support? WPA-PSK I guess - right? Hopefully Vern was right with this information!?


So, to summarize it
I have an AP which supports WPA-PSK and a driver that should do the same thing.
But in fact WPA doesn't work for me since one year! I've posted several debug-traces - but what goes wrong here?

I'm told to change my startup-script, because this could cause the failure. I do so, but the script in new order doesn't work for me, so I keep the old one.
Next possible failing I was told is the file RT2500STA.dat which would still present in my system, but it's not, as also shows the debug-trace.
Then I'm told that I mustn't switch my AP to WPA via WLAN which would cause the error - but switching it over cable shows that this has no positive effect, also.
The last assumtion is that my AP doesn't support the WPA-mode needed to work with the driver - which seems to be wrong, also.
Switching to the rt2x00-driver is not possilbe for me, because of the kernel being used in my distro. Beside this in the past the rt2x00-driver didn't work with WPA, what is its status right now?

Any ideas how to proceed now?
Some more debug-traces?
Some more patches for bug-hunting?

Or is giving up the "best" solution right now?

serialmonkey

25-09-2006 14:13:43

There is a patch of Vern's going into CVS in the next day or two - you can wait and try that, otherwise you will need to wait for your distro to catch up with it's kernel updates and move to rt2x00

Vern

30-09-2006 18:55:36

Hi MadMax,

First, thanks for introducing me to dhcpcd. It is, in my view, a much better behaved facility than dhclient..

You wrote
[quote2w2fndv9]Do I need an AP with WPA-PSK to get connected with my rt2500-chip with the currently used driver rt2500, or not?[/quote2w2fndv9]
Yes, you do. You might refer to 802.11i pp. 14-17. You can download IEEE specs from

http//standards.ieee.org/getieee802/

Under the Hail, Mary! dept, you might do this

1. iptables-save (save results).
2. ifconfig (save results)
3. route -n (save resuilts)
4. Try to bring up air link (save results).
5. iptables-save (save results).
6. ifconfig (save results)
7. route -n (save results).

The intent of all this is to see if your NAT, routing, and firewall policies are tracking DHCP IP address assignments.

Post them all here, and I'll take a look.

MadMax

01-10-2006 08:41:44

[quote2l0civja]First, thanks for introducing me to dhcpcd. It is, in my view, a much better behaved facility than dhclient.. [/quote2l0civja]
Well, I've never felt there is a need for special hostnames, but it cought my eye when opening a console that the standard hostname "localhost" of my computer was suddenly called "noname" everytime I established successfully a connection to the internet.
Then I found out that it must have something to do with DHCP, played around with the two existing dhcp-clients and finaly I'm using dhcpcd now without problems.
As you can see in my debug-traces, my standard hostname now is "MaxOffline" and it will be set to "MaxWLAN" or "MaxCable" depending which connection I choose (when I use my distro's networking-skripts to bring up the network).
Like this I can see also in a simple console if everything works fine with my network! D

But back to your proposal now
[quote2l0civja]Under the Hail, Mary! dept, you might do this

1. iptables-save (save results).
2. ifconfig (save results)
3. route -n (save resuilts)
4. Try to bring up air link (save results).
5. iptables-save (save results).
6. ifconfig (save results)
7. route -n (save results).

The intent of all this is to see if your NAT, routing, and firewall policies are tracking DHCP IP address assignments.[/quote2l0civja]
I don't have "iptables" installed in my present configuration, so I don't really have a firewall set-up.
Should I install iptables now to provide you with the infos of "iptables-save", or is this misleading because you thought I would use a firewall?

Do I need the vanilla-driver for this?



Btw My FritzBox has a built-in Firewall to block access from outside...
As you have downloaded the manual you could take a look at it.

Vern

03-10-2006 03:49:08

No iptables? Omit steps 1 and 5.

What model of Fritz!Box do you have?

Can you post sreenshots of the dialog boxes (In English - if available. Otherwise, I'll try to guess German)?

MadMax

11-12-2006 16:26:19

Sorry for my late answer, but I was busy with other things a while.

I hope you are still willing to help me with my WPA-problem.

Meanwhile I've updated to today's CVS-version of rt2500-driver, but WPA still fails on my system!


Here are the results of your last requested steps to do

[bh0quegr1]1. ifconfig (save results)[/bh0quegr1]
[codeh0quegr1]# ifconfig[/codeh0quegr1]

[bh0quegr1]2. route -n (save resuilts)[/bh0quegr1]
[codeh0quegr1]# route -n
Kernel IP Routentabelle
Ziel Router Genmask Flags Metric Ref Use Iface[/codeh0quegr1]

[bh0quegr1]3. Try to bring up air link (save results).[/bh0quegr1]
Don't really know what I should save here, I just ran my old script to establish WPA-connection
[codeh0quegr1]#!/bin/bash
ifconfig ra0 down
iwconfig ra0 mode managed
iwpriv ra0 set AuthMode=WPAPSK
iwpriv ra0 set EncrypType=TKIP
iwconfig ra0 essid "Max-Box SL WLAN"
iwpriv ra0 set WPAPSK="DuKummstDaNedNei"
ifconfig ra0 up
sleep 5
dhcpcd -d ra0[/codeh0quegr1]

[bh0quegr1]4. ifconfig (save results)[/bh0quegr1]
[codeh0quegr1]# ifconfig
ra0 Link encap:Ethernet Hardware Adresse 00:0E:2E:57:85:27
inet Adresse:192.168.178.20 Bcast:192.168.178.255 Maske:255.255.255.0
UP BROADCAST NOTRAILERS RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7 errors:0 dropped:0 overruns:0 frame:0
TX packets:33 errors:2 dropped:2 overruns:0 carrier:0
Kollisionen:13 Sendewarteschlangenlänge:1000
RX bytes:2055 (2.0 KiB) TX bytes:5029 (4.9 KiB)
Interrupt:17[/codeh0quegr1]

[bh0quegr1]5. route -n (save results).[/bh0quegr1]
[codeh0quegr1]# route -n
Kernel IP Routentabelle
Ziel Router Genmask Flags Metric Ref Use Iface
192.168.178.0 0.0.0.0 255.255.255.0 U 0 0 0 ra0
0.0.0.0 192.168.178.1 0.0.0.0 UG 0 0 0 ra0[/codeh0quegr1]


Could this help you to spot the problem?

Vern

11-12-2006 18:43:26

Wow!

Debug log?

Also, there's a thread
[quote1xj6d6lj]http//rt2x00.serialmonkey.com/phpBB2/viewtopic.php?t=2430&highlight=fritzbox[/quote1xj6d6lj]
where the OP also has a Fritzbox & a similar problem, only with the RT2570 (USB) version of the driver.

Maybe that could provide some ideas. If it does, post the solution.

Anyway, send up a log captured during the procedures used in your most recent post, and I'll take a look at it.

MadMax

11-12-2006 21:23:02

[quote7j7xire2]Debug log? [/quote7j7xire2]

Debug log?
Once again?
Sure?

To answer me that question please read through the hole thread here first, I've provided you with so many debug-traces in the past.
Even with various patches applied to the vanilla-driver.

If you think I should do it once again because many things of the driver have been changed in the last 2 months - then I will do so.


Perhaps you remember me - I was the guy who could establish a WPA-connection, but failed to load most pages in the internet. One of a few exeptions was that I could reach google via WPA.
And it's all still the same - also with latest CVS-driver.

MadMax

12-12-2006 11:48:42

Btw. thank you for the link to the other thread. This made me playing around with scanning the AP

To do that I made the following script:
[code81cnwgeh]#!/bin/bash
ifconfig ra0 down
modprobe -r rt2500
sleep 2
modprobe rt2500
sleep 2
ifconfig ra0 up
sleep 2
iwlist ra0 scanning[/code81cnwgeh]

If I set the AP to [b81cnwgeh]WEP mode[/b81cnwgeh] and run the script, I get the following output
[code81cnwgeh]# ./RaLink_scan.sh
ra0 Scan completed :
Cell 01 - Address: 00:04:0E:43:8C:62
Mode:Managed
ESSID:"Max-Box SL WLAN"
Encryption key:on
Channel:6
Quality:0/100 Signal level:-28 dBm Noise level:-193 dBm[/code81cnwgeh]

If I set the AP to [b81cnwgeh]WPA mode[/b81cnwgeh] and run the script, I get the following output
[code81cnwgeh]# ./RaLink_scan.sh
ra0 No scan results[/code81cnwgeh]

Broadcasting the AP's ESSID was switched on in ALL cases!!!



Only if I have [b81cnwgeh]established a WPA-connection[/b81cnwgeh] with my script mentioned somewhere in this thread, I'm able to scan the AP
[code81cnwgeh]# ./RaLink_WPA.sh
dhcpcd: MAC address = 00:0e:2e:57:85:27
dhcpcd: your IP address = 192.168.178.20

# ./RaLink_scan.sh
ra0 Scan completed :
Cell 01 - Address: 00:04:0E:43:8C:62
Mode:Managed
ESSID:"Max-Box SL WLAN"
Encryption key:on
Channel:6
Quality:96/100 Signal level:-29 dBm Noise level:-195 dBm[/code81cnwgeh]


Is this behaviour normal, that the AP can't be found with "iwlist ra0 scanning" when the AP was set to WPA-mode and there was no connection established, yet but network is already up (up'ed with "ifconfig ra0 up")??

I thought this shouldn't matter! What's going wrong here??

Vern

12-12-2006 17:42:02

Yes, I do remember you.

I understand that generating all this debug info is - as they say - a royal PITA. However, you can rest assured that after doing so, and after you have sauntered off to suck down a German brewski, I will spend much more time analyzing that log than you will have spent generating it.

Two more questions
1. What is the exact model of your Fritzbox AP.
2. Does it - or does it not - support WPA with pre-shared key (WPA-PSK)? If you're not sure, please post a screen shot showing the AP's authentication menu.

MadMax

12-12-2006 23:22:32

[quote2qy5yph5]I understand that generating all this debug info is - as they say - a royal PITA.[/quote2qy5yph5]
O.k. - I will provide you with a debug-log tomorrow. *sigh*

[quote2qy5yph5]1. What is the exact model of your Fritzbox AP. [/quote2qy5yph5]
This one is easy - it's a [b2qy5yph5]FRITZ!Box SL WLAN[/b2qy5yph5]
http//www.avm.de/de/Produkte/FRITZBox/ ... index.html
Seems that for this model there is no English information available on avm's HP.

But you could choose the manual for FRITZ!Box Fon WLAN instead, which should be pretty much the same, aside from the additional VoiP-support which my model doesn't have.
http//www.avm.de/en/service/manuals/FR ... n_WLAN.pdf

[quote2qy5yph5]2. Does it - or does it not - support WPA with pre-shared key (WPA-PSK)?[/quote2qy5yph5]
Oh, I thought we already had clarified this - as you have to enter the WPA-key in the FritzBox => PSK.
Moreover I also asked the avm-support and they answered that the FritzBox uses WPA-PSK. So I would say this is sure for 100%.

MadMax

13-12-2006 10:45:57

Now I have debugs for allmost everything! D

The steps in short for [bo7qt6toy]RaLink_ifconfig_route.txt[/bo7qt6toy]
1. ifconfig
2. route -n
3. bring up network
4. ifconfig
5. route -n
6. try to reach http//www.google.de/ - o.k.
7. try to search for "testit" - o.k.
8. try to reach the web-interface of FritzBox - fails!!

FritzBox was set to WPA in this case.

The script to establish the WPA-connection is my good old one
[codeo7qt6toy]#!/bin/bash
ifconfig ra0 down
iwconfig ra0 mode managed
iwpriv ra0 set AuthMode=WPAPSK
iwpriv ra0 set EncrypType=TKIP
iwconfig ra0 essid "Max-Box SL WLAN"
iwpriv ra0 set WPAPSK="DuKummstDaNedNei"
ifconfig ra0 up
sleep 5
dhcpcd -d ra0[/codeo7qt6toy]





The steps for scanning the AP you can see in the following files
* [bo7qt6toy]RaLink_scan_WEP-output.txt[/bo7qt6toy]
* [bo7qt6toy]RaLink_scan_WPA-output.txt[/bo7qt6toy]

The script [bo7qt6toy]RaLink_scan.sh[/bo7qt6toy] used here looks like this
[codeo7qt6toy]#!/bin/bash
ifconfig ra0 down
modprobe -r rt2500
sleep 2
modprobe rt2500 debug=1
sleep 2
ifconfig ra0 up
sleep 2
iwlist ra0 scanning[/codeo7qt6toy]

As you can see in the "output"-files, I made several attempts to scan the AP with "iwlist scan" after running my initial script.

* With my FritzBox set to [bo7qt6toy]WEP[/bo7qt6toy], [uo7qt6toy]every[/uo7qt6toy] scan results in expected informations.

* With my FritzBox set to [bo7qt6toy]WPA[/bo7qt6toy], it's like this
- The first scan fails,
- the 2nd one fails, too,
- the 3nd scan results in normal informations,
- the 4th one again fails!

So the strange thing about scanning when AP is set to WPA is, that not every scan works for me.
In another test (which isn't in the log's) I had to do "iwlist scan" for 10 times!!! before I got normal scanning results. How do you explain that?

Vern

13-12-2006 20:40:02

Hi MadMax,

Well, I see in the log you successfully associate using WPAPSK authentication and TKIP encryption, which lasts for about a minute. Then the AP sends a deuthentication frame with reason code 1 ("Unspecified reason").

Somewhere along the line you provided a screenshot of the Fritzbox "WLAN Sicherheit" screen. I see there a text box entry for "Group Key Intervall". Is there anyway to disable that? i.e. have the interval last forever? Is there a pair key interval? If so, is there a way to disable that?

The reason I ask is that both pp. 57 of the WLAN Guidebook and pp. 56 of the WLAN 7050 Guidebook - English versions - state "This key is regenerated at regular intervals.". So it *may* be that the AP is trying to refresh the WPA key, even though WPAPSK is being used.

Do the folks at AVM support have anything to say about that? Anyway, could you see what happens if all the AP's key intervals are disabled - that is, made to last forever?

MadMax

13-12-2006 22:37:35

[quote2xojo9f6]you successfully associate using WPAPSK authentication and TKIP encryption, which lasts [u2xojo9f6]for about a minute[/u2xojo9f6].[/quote2xojo9f6]
Well, this Group Intervall is set to 3600sec's per default and I've never changed this setting.
3600sec = 1h, so this shouldn't harm the association in such a short time.

For me it looks like an intervall how often the temporary key (TKIP) will be replaced - isn't it?

Let me quote something from http//www.wi-fi.org/white_papers/white ... paforhome/[quote2xojo9f6]
TKIP takes the original [u2xojo9f6]master key[/u2xojo9f6] only as a starting point and derives its encryption keys mathematically from this master key. [u2xojo9f6]TKIP then regularly changes and rotates the encryption keys[/u2xojo9f6] so that the same encryption key is never used twice. This all happens in the background automatically, invisible to the user.[/quote2xojo9f6]
I don't know much about WPA, but this "master key" is the preshared key, and it would sound logical to me, if this "group key interall" would be the intervall how often the temporary key will be changed.

[quote2xojo9f6]Is there a pair key interval?[/quote2xojo9f6]
Don't know what this is, and no, there is not such an option.

[quote2xojo9f6]If so, is there a way to disable that?[/quote2xojo9f6]
It's impossible to deactivate the group key intervall, I only could set it to "0"sec's, but I'm in doubt that this would help, as it was set to 3600sec's and the disassosiation is much, much earlier.

[quote2xojo9f6]Do the folks at AVM support have anything to say about that?[/quote2xojo9f6]
I didn't ask for this, yet.


I think you'll have to search for this "unspecified reason". wink

Vern

15-12-2006 04:40:16

Hi MadMax,
[quote15p0hq92]I think you'll have to search for this "unspecified reason".[/quote15p0hq92]
That's the definition in the spec.

If the Fritzbox wants to update the PTK or GTK, we've got problems. I can understand the rationale for wanting to periodically update these items header information in upper layer protocol headers encapsulated in the MAC frame tends to be constant, or predictably varying, offering an opportunity for sniffers to derive a key value by repeated examination of packets when a particular key is used too long. However, it is the first AP out of the four or five different brands whose interaction with the driver I've observed by now that actually does so, at least when a PSK is used.

I suspect that as the industry matures, more AP product offerings will provide a periodic key update capability. This means that eventually, STA offerings - like the Ralink driver - will have to be upgraded.

While I applaud the Fritzbox folks' paranoia, in practical terms, you're basically hosed as long as you use the legacy driver.

Looking at the current legacy code, it seems that if the driver were to get a second EAPOL Key message from the AP, it would go ahead and step through the 4-way handshake again. Even though it uses a PSK, cranking it through a pseudo-random number generator should yield a different PTK each time. However, there's no indication in your log that a second EAPOL sequence is being initiated. Furthermore, I can see no explicit provisions in the driver for synchronizing a change of keys with the ongoing encrypted output stream.

In general, the 802.11i spec sets the default PMK Security Association lifetime to infinite unless certain steps are specifically taken. Having a non-infinite PMKSA lifetime when a PSK is used seems to be valid as far as the spec is concerned, but the AP offerings out there that I'm familiar with seem to be providing an infinite lifetime.

Do you know if the Fritzbox folks have any technical information as to what the key update profile (i.e. the actual messages exchanged) might be?

Under the "Hail, Mary" department, you might try CCMP encryption, but I'm not hopeful.

My understanding is the rt2x00 driver supports 802.1X. You might try that, but Mark or Ivo can comment on its capabilities and requirements more knowledgeably than I can.

In the worst case, you might have to consider looking for another brand of adapter. If you do (and since Fritzbox is still in business, I suspect they're available), make sure it supports periodically updating the PTK and GTK.

If you wish to proceed with the legacy driver, and investigate into what may be happening, I can provide a patch for it that may produce a little more information as to what is going on. The purpose of this exercise (through possibly more than one iteration) would be to gain enough information to get some idea of the scope of what would be required to implement a periodic key update capability. No guarantees. If I can't figure out the score, or if I think the effort to provide the capability is too great, I won't do it.

If you're game, respond in this thread.

MadMax

15-12-2006 12:22:30

Don't really understand what you're talking about:

GTK, PTK, STA, EAPOL, PMK, PMKSA, CCMP...
Wow - I'm just a simple user trying to get WPA-encryption working! shock

[quote3gm5nlcm]In the worst case, you might have to consider looking for another brand of adapter.[/quote3gm5nlcm]
No - in worst case I will stay with good old WEP-encryption. I use it now for 1,5y ears - as I have to. Maybe I'll get hacked someday by the neighbourhood, but there was never such an issue in the past. I've never reached another AP with "iwlist ra0 scan" then mine, so I assume there aren't many people around here with a computer. But maybe this is only because the rt2500-driver has scanning issues as well??

[b3gm5nlcm]Did you already had look for the scanning issue?[/b3gm5nlcm]

[quote3gm5nlcm]Do you know if the Fritzbox folks have any technical information as to what the key update profile (i.e. the actual messages exchanged) might be?[/quote3gm5nlcm]
Just ask them via Mail-Support - I did the same for the question PSK, and now I asked for "group key intervall" and I'm waiting for their reply.

[quote3gm5nlcm]I can provide a patch for it that may produce a little more information as to what is going on.[/quote3gm5nlcm]
Just do it.

MadMax

15-12-2006 18:18:08

Hello there,

today I got a reply from the avm-support.

It seems that they are willing to read through the logs and I gave them the link of this thread.

Hopefully the avm-support will contact you if they have further questions and/or informations for you.

Vern

16-12-2006 06:00:13

Great!

(Sorry about the alphabet soup. I'm much better, now - really.)

I've also contacted AVM via email using their German language support site - in English, of course. So we'll see what happens.

Thanks.

Vern

18-12-2006 05:01:54

Hi MadMax,

... in the meantime ...

The WPA stuff is kicked off by the type of info in the SNAP (Subnet Access Protocol) header. This patch prints those headers to the debug file.

If you like, apply it to the latest CVS for the legacy driver, then do your standard stuff until you observe the failing condition(s) and post the resulting debug log here.

Thanks.

Edit Use snap1.patch.gz, not snap.patch.gz.

MadMax

26-04-2008 20:22:40

Hello there!

Just wanted so say THANK YOU guys!!!!!!

Some weeks ago I switched to Mandriva 2008.1 and gave WPA with my rt2500-based WIFI-card a new try, as I got tired of applying all these patches with no luck.

It seems that you fixed this issue
I even did not have to use console to get it working - I just clicked through the Mandriva control-center - and IT WORKS!!!!

I don't know what you have changed meanwhile in that driver - but obviously you did it right. ;)

Once again
THANK YOU THANK YOU THANK YOU THANK YOU
D D D D D

Keep on your work!

Vern

26-04-2008 21:23:02

Hi MadMax,

Really glad to see you're on the air with WPA! I'll take lucky over good any day.

What kernel does Mandriva 2008 use? Maybe you're actually using the nextgen driver?

Anyway, congratulations again,

Starcrasher

27-04-2008 09:13:46

Hi guys,

Mandriva 2008.1 uses a 2.6.24.4 kernel with additional patches.
The default kernel only uses new rt2x00 drivers.
Another one, more experimental, called "tmb kernel" is available that have precompiled legacy drivers too.

Mandriva has really made a big effort on wireless side for 2008.1. Thanks to them. It's nice to see it has some effects. D

The only shadow remaining is when the adapter is listed in two drivers.(

MadMax

27-04-2008 09:16:42

[quote3j5hblmo]What kernel does Mandriva 2008 use? Maybe you're actually using the nextgen driver? [/quote3j5hblmo]
Yes, it's the rt2x00 - driver now

[code3j5hblmo]# modinfo rt2x00pci
filename: /lib/modules/2.6.24.4-desktop586-1mnb/kernel/drivers/net/wireless/rt2x00/rt2x00pci.ko.gz
license: GPL
description: rt2x00 library
version: 2.0.10
author: http://rt2x00.serialmonkey.com
srcversion: F870E2A8F7634CEF33C64C9
depends: rt2x00lib,mac80211
vermagic: 2.6.24.4-desktop586-1mnb SMP mod_unload 586[/code3j5hblmo]

[code3j5hblmo]# modinfo rt2500pci
filename: /lib/modules/2.6.24.4-desktop586-1mnb/kernel/drivers/net/wireless/rt2x00/rt2500pci.ko.gz
license: GPL
description: Ralink RT2500 PCI & PCMCIA Wireless LAN driver.
version: 2.0.10
author: http://rt2x00.serialmonkey.com
srcversion: DB2BF84365111437CD709C4
alias: pci:v00001814d00000201sv*sd*bc*sc*i*
depends: rt2x00pci,rt2x00lib,mac80211,eeprom_93cx6
vermagic: 2.6.24.4-desktop586-1mnb SMP mod_unload 586[/code3j5hblmo]

Some time ago I had massive problems, also with rt2x00 - driver
http//rt2x00.serialmonkey.com/phpBB2/v ... php?t=2663

Now it simply works.

daaliya

03-04-2009 05:39:06

How to set up a wireless network with Edimax Rooter and LAN cards? I have recently bought an edimax router and two lan usb cards for my two computers. they were previously networked with a router with wires called D-Link, but i want to set up a wireless. I have installed the router and both cards, and the computers recognise both, but I can only manage to get the internet on one computer, the other says that we are offline. Can anyone help?
_______________
yahoo keyword tool[/url3qnso8kt] ~ [url=http://www.keywordspy.com/overview/keyword.aspx?q=overture3qnso8kt]overture[/url3qnso8kt] ~ [url=http://www.keywordspy.com/overview/keyword.aspx?q=traffic%20estimator3qnso8kt]traffic estimator[/url3qnso8kt] ~ [url=http://www.keywordspy.com/overview/keyword.aspx?q=adwords%20traffic%20estimator3qnso8kt]adwords traffic estimator[/url3qnso8kt]

IvD

03-04-2009 08:06:24

daaliya

A) Please don't hijack the thread with replies to a completely different problem
B) IMPORTANT READ BEFORE POSTING!!![/urla5jbdix5]