rt2x00.serialmonkey.com

Now I have debugs for allmost everything!

The steps in short for RaLink_ifconfig_route.txt:
1. ifconfig
2. route -n
3. bring up network
4. ifconfig
5. route -n
6. try to reach http://www.google.de/ - o.k.
7. try to search for "testit" - o.k.
8. try to reach the web-interface of FritzBox - fails!!

FritzBox was set to WPA in this case.

The script to establish the WPA-connection is my good old one:






The steps for scanning the AP you can see in the following files:
* RaLink_scan_WEP-output.txt
* RaLink_scan_WPA-output.txt

The script RaLink_scan.sh used here looks like this:


As you can see in the "output"-files, I made several attempts to scan the AP with "iwlist scan" after running my initial script.

* With my FritzBox set to WEP, every scan results in expected informations.

* With my FritzBox set to WPA, it's like this:
- The first scan fails,
- the 2nd one fails, too,
- the 3nd scan results in normal informations,
- the 4th one again fails!

So the strange thing about scanning when AP is set to WPA is, that not every scan works for me.
In another test (which isn't in the log's) I had to do "iwlist scan" for 10 times!!! before I got normal scanning results. How do you explain that?

Hi MadMax,

Well, I see in the log you successfully associate using WPAPSK authentication and TKIP encryption, which lasts for about a minute. Then the AP sends a deuthentication frame with reason code 1 ("Unspecified reason").

Somewhere along the line you provided a screenshot of the Fritzbox "WLAN Sicherheit" screen. I see there a text box entry for "Group Key Intervall". Is there anyway to disable that? i.e. have the interval last forever? Is there a pair key interval? If so, is there a way to disable that?

The reason I ask is that both pp. 57 of the WLAN Guidebook and pp. 56 of the WLAN 7050 Guidebook - English versions - state "This key is regenerated at regular intervals.". So it *may* be that the AP is trying to refresh the WPA key, even though WPAPSK is being used.

Do the folks at AVM support have anything to say about that? Anyway, could you see what happens if all the AP's key intervals are disabled - that is, made to last forever?

Well, this Group Intervall is set to 3600sec's per default and I've never changed this setting.
3600sec = 1h, so this shouldn't harm the association in such a short time.

For me it looks like an intervall how often the temporary key (TKIP) will be replaced - isn't it?

Let me quote something from http://www.wi-fi.org/white_papers/white ... paforhome/
I don't know much about WPA, but this "master key" is the preshared key, and it would sound logical to me, if this "group key interall" would be the intervall how often the temporary key will be changed.


Don't know what this is, and no, there is not such an option.


It's impossible to deactivate the group key intervall, I only could set it to "0"sec's, but I'm in doubt that this would help, as it was set to 3600sec's and the disassosiation is much, much earlier.


I didn't ask for this, yet.


I think you'll have to search for this "unspecified reason".

Hi MadMax,

That's the definition in the spec.

If the Fritzbox wants to update the PTK or GTK, we've got problems. I can understand the rationale for wanting to periodically update these items: header information in upper layer protocol headers encapsulated in the MAC frame tends to be constant, or predictably varying, offering an opportunity for sniffers to derive a key value by repeated examination of packets when a particular key is used too long. However, it is the first AP out of the four or five different brands whose interaction with the driver I've observed by now that actually does so, at least when a PSK is used.

I suspect that as the industry matures, more AP product offerings will provide a periodic key update capability. This means that eventually, STA offerings - like the Ralink driver - will have to be upgraded.

While I applaud the Fritzbox folks' paranoia, in practical terms, you're basically hosed as long as you use the legacy driver.

Looking at the current legacy code, it seems that if the driver were to get a second EAPOL Key message from the AP, it would go ahead and step through the 4-way handshake again. Even though it uses a PSK, cranking it through a pseudo-random number generator should yield a different PTK each time. However, there's no indication in your log that a second EAPOL sequence is being initiated. Furthermore, I can see no explicit provisions in the driver for synchronizing a change of keys with the ongoing encrypted output stream.

In general, the 802.11i spec sets the default PMK Security Association lifetime to infinite unless certain steps are specifically taken. Having a non-infinite PMKSA lifetime when a PSK is used seems to be valid as far as the spec is concerned, but the AP offerings out there that I'm familiar with seem to be providing an infinite lifetime.

Do you know if the Fritzbox folks have any technical information as to what the key update profile (i.e. the actual messages exchanged) might be?

Under the "Hail, Mary" department, you might try CCMP encryption, but I'm not hopeful.

My understanding is the rt2x00 driver supports 802.1X. You might try that, but Mark or Ivo can comment on its capabilities and requirements more knowledgeably than I can.

In the worst case, you might have to consider looking for another brand of adapter. If you do (and since Fritzbox is still in business, I suspect they're available), make sure it supports periodically updating the PTK and GTK.

If you wish to proceed with the legacy driver, and investigate into what may be happening, I can provide a patch for it that may produce a little more information as to what is going on. The purpose of this exercise (through possibly more than one iteration) would be to gain enough information to get some idea of the scope of what would be required to implement a periodic key update capability. No guarantees. If I can't figure out the score, or if I think the effort to provide the capability is too great, I won't do it.

If you're game, respond in this thread.

Don't really understand what you're talking about:

GTK, PTK, STA, EAPOL, PMK, PMKSA, CCMP...
Wow - I'm just a simple user trying to get WPA-encryption working!


No - in worst case I will stay with good old WEP-encryption. I use it now for 1,5y ears - as I have to. Maybe I'll get hacked someday by the neighbourhood, but there was never such an issue in the past. I've never reached another AP with "iwlist ra0 scan" then mine, so I assume there aren't many people around here with a computer. But maybe this is only because the rt2500-driver has scanning issues as well??

Did you already had look for the scanning issue?


Just ask them via Mail-Support - I did the same for the question PSK, and now I asked for "group key intervall" and I'm waiting for their reply.


Just do it.

Hello there,

today I got a reply from the avm-support.

It seems that they are willing to read through the logs and I gave them the link of this thread.

Hopefully the avm-support will contact you if they have further questions and/or informations for you.

Great!

(Sorry about the alphabet soup. I'm much better, now - really.)

I've also contacted AVM via email using their German language support site - in English, of course. So we'll see what happens.

Thanks.

Hi MadMax,

... in the meantime ...

The WPA stuff is kicked off by the type of info in the SNAP (Subnet Access Protocol) header. This patch prints those headers to the debug file.

If you like, apply it to the latest CVS for the legacy driver, then do your standard stuff until you observe the failing condition(s) and post the resulting debug log here.

Thanks.

Edit: Use snap1.patch.gz, not snap.patch.gz.

Hello there!

Just wanted so say THANK YOU guys!!!!!!

Some weeks ago I switched to Mandriva 2008.1 and gave WPA with my rt2500-based WIFI-card a new try, as I got tired of applying all these patches with no luck.

It seems that you fixed this issue:
I even did not have to use console to get it working - I just clicked through the Mandriva control-center - and IT WORKS!!!!

I don't know what you have changed meanwhile in that driver - but obviously you did it right.

Once again:
THANK YOU THANK YOU THANK YOU THANK YOU


Keep on your work!

Hi MadMax,

Really glad to see you're on the air with WPA! I'll take lucky over good any day.

What kernel does Mandriva 2008 use? Maybe you're actually using the nextgen driver?

Anyway, congratulations again,

Hi guys,

Mandriva 2008.1 uses a 2.6.24.4 kernel with additional patches.
The default kernel only uses new rt2x00 drivers.
Another one, more experimental, called "tmb kernel" is available that have precompiled legacy drivers too.

Mandriva has really made a big effort on wireless side for 2008.1. Thanks to them. It's nice to see it has some effects.

The only shadow remaining is when the adapter is listed in two drivers.

Yes, it's the rt2x00 - driver now:





Some time ago I had massive problems, also with rt2x00 - driver:
http://rt2x00.serialmonkey.com/phpBB2/v ... php?t=2663

Now it simply works.

How to set up a wireless network with Edimax Rooter and LAN cards? I have recently bought an edimax router and two lan usb cards for my two computers. they were previously networked with a router with wires called D-Link, but i want to set up a wireless. I have installed the router and both cards, and the computers recognise both, but I can only manage to get the internet on one computer, the other says that we are offline. Can anyone help?
_______________
yahoo keyword tool ~ overture ~ traffic estimator ~ adwords traffic estimator

daaliya:

A) Please don't hijack the thread with replies to a completely different problem
B) IMPORTANT: READ BEFORE POSTING!!!

_________________
Regards,
Ivo van Doorn
Project Administrator
http://rt2x00.serialmonkey.com