# [solved] wpa_supplicant - No suitable network found

## tipp98

I'm trying to get wpa_supplicant to connect to an open network and it will not automatically associate with it.

```
Try to find WPA-enabled AP

0: 00:1e:2a:02:ed:84 ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x401

   skip - no WPA/RSN IE

1: 00:22:3f:04:d0:70 ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x521

   skip - SSID not known

Try to find non-WPA AP

0: 00:1e:2a:02:ed:84 ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x401

   skip - SSID mismatch

1: 00:22:3f:04:d0:70 ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x521

   skip - SSID not known

No suitable network found
```

It looks like it will not connect because it is not wpa, but the only documentation I find for connecting to such a network is to have it in your wpa_supplicant.conf....

```
network={

   priority=1

   ssid="cookies"

   key_mgmt=NONE

}

```

It will associate if I set the essid with iwconfig.

I don't know if I'm missing something, if this is a limitation of wpa_supplicant, or if it is not happy with the network setup(i.e. cookies is a virtual wlan on DD-WRT).Last edited by tipp98 on Mon Aug 20, 2012 4:00 pm; edited 1 time in total

----------

## khayyam

tipp98 ...

firstly, can you see the AP ...

```
# awk '{RS="Cell"}/cookies/' <(iwlist wlan0 scan)
```

If so, then you probably just need to have wpa_supplicant scan for the ESSID.

```
network={

   scan_ssid=1

   priority=1

   ssid="cookies"

   key_mgmt=NONE

}
```

HTH & best ... khay

----------

## sobhan

I all way get sick with configuring network why you dont use simply networkmanager?

----------

## tipp98

 *Quote:*   

> firstly, can you see the AP ...
> 
> Code:
> 
> # awk '{RS="Cell"}/cookies/' <(iwlist wlan0 scan)
> ...

 

No, not until I manually set it. A side note, a WinXP machine and this laptop running fedora w/ networkmanager have no problems finding it.

I noticed something different in DD-WRT, the MAC address for the virtual wlan says it is one higher than the physical device

```
Virtual Interfaces wl0.1 SSID [cookies] HWAddr [02:1E:2A:02:ED:85]
```

 *Quote:*   

> I all way get sick with configuring network why you dont use simply networkmanager?

 

1. I don't always boot into a gui.

2. NetowkManager isn't working any better.

I do plan on setting up a runlevel for networkmanager, but I'd first like to get something working that does not require me to load a gui to use wifi. I believe networkmanager can be set up to do this, but that is yet more manual configuration, and again, it doesn't work either.Last edited by tipp98 on Tue Aug 07, 2012 3:34 pm; edited 1 time in total

----------

## tipp98

Here is a fresh log of wpa_supplicant:

```
Initializing interface 'eth1' conf '/etc/wpa_supplicant/wpa_supplicant.conf' driver 'nl80211' ctrl_interface 'N/A' bridge 'N/A'

Configuration file '/etc/wpa_supplicant/wpa_supplicant.conf' -> '/etc/wpa_supplicant/wpa_supplicant.conf'

Reading configuration file '/etc/wpa_supplicant/wpa_supplicant.conf'

ctrl_interface_group='0'

ap_scan=1

ctrl_interface='/var/run/wpa_supplicant'

Priority group 10

   id=1 ssid='cookies'

Priority group 2

   id=2 ssid='milk'

Priority group 0

   id=0 ssid='dlink'

   id=3 ssid='TVFIRE'

netlink: Operstate: linkmode=1, operstate=5

nl80211: Register Action command failed: ret=-95 (Operation not supported)

nl80211: Register Action match - hexdump(len=1): 06

nl80211: Failed to register Action frame processing - ignore for now

wpa_driver_nl80211_set_key: ifindex=3 alg=0 addr=0x45bb09 key_idx=0 set_tx=0 seq_len=0 key_len=0

wpa_driver_nl80211_set_key: ifindex=3 alg=0 addr=0x45bb09 key_idx=1 set_tx=0 seq_len=0 key_len=0

wpa_driver_nl80211_set_key: ifindex=3 alg=0 addr=0x45bb09 key_idx=2 set_tx=0 seq_len=0 key_len=0

wpa_driver_nl80211_set_key: ifindex=3 alg=0 addr=0x45bb09 key_idx=3 set_tx=0 seq_len=0 key_len=0

RSN: flushing PMKID list in the driver

Setting scan request: 0 sec 100000 usec

EAPOL: SUPP_PAE entering state DISCONNECTED

EAPOL: Supplicant port status: Unauthorized

EAPOL: KEY_RX entering state NO_KEY_RECEIVE

EAPOL: SUPP_BE entering state INITIALIZE

EAP: EAP entering state DISABLED

EAPOL: Supplicant port status: Unauthorized

EAPOL: Supplicant port status: Unauthorized

ctrl_interface_group=0

Added interface eth1

RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])

RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added

State: DISCONNECTED -> SCANNING

Scan SSID - hexdump_ascii(len=7):

     63 6f 6f 6b 69 65 73                              cookies         

Starting AP scan for specific SSID(s)

Scan requested (ret=0) - scan timeout 10 seconds

nl80211: Event message available

nl80211: Scan trigger

EAPOL: disable timer tick

EAPOL: Supplicant port status: Unauthorized

nl80211: Event message available

nl80211: New scan results available

Received scan results (0 BSSes)

BSS: Start scan result update 1

New scan results available

Selecting BSS from priority group 10

Try to find WPA-enabled AP

Try to find non-WPA AP

Selecting BSS from priority group 2

Try to find WPA-enabled AP

Try to find non-WPA AP

Selecting BSS from priority group 0

Try to find WPA-enabled AP

Try to find non-WPA AP

No suitable network found

Setting scan request: 5 sec 0 usec

RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])

RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added

Starting AP scan for wildcard SSID

Scan requested (ret=0) - scan timeout 30 seconds

nl80211: Event message available

nl80211: Scan trigger

nl80211: Event message available

nl80211: New scan results available

Received scan results (2 BSSes)

BSS: Start scan result update 2

BSS: Add new id 0 BSSID 00:1e:2a:02:ed:84 SSID ''

BSS: Add new id 1 BSSID 00:22:3f:04:d0:70 SSID ''

New scan results available

Selecting BSS from priority group 10

Try to find WPA-enabled AP

0: 00:1e:2a:02:ed:84 ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x401

   skip - no WPA/RSN IE

1: 00:22:3f:04:d0:70 ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x521

   skip - SSID not known

Try to find non-WPA AP

0: 00:1e:2a:02:ed:84 ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x401

   skip - SSID mismatch

1: 00:22:3f:04:d0:70 ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x521

   skip - SSID not known

Selecting BSS from priority group 2

Try to find WPA-enabled AP

0: 00:1e:2a:02:ed:84 ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x401

   skip - no WPA/RSN IE

1: 00:22:3f:04:d0:70 ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x521

   skip - SSID not known

Try to find non-WPA AP

0: 00:1e:2a:02:ed:84 ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x401

   skip - SSID mismatch

1: 00:22:3f:04:d0:70 ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x521

   skip - SSID not known

Selecting BSS from priority group 0

Try to find WPA-enabled AP

0: 00:1e:2a:02:ed:84 ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x401

   skip - no WPA/RSN IE

1: 00:22:3f:04:d0:70 ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x521

   skip - SSID not known

Try to find non-WPA AP

0: 00:1e:2a:02:ed:84 ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x401

   skip - SSID mismatch

   skip - SSID mismatch

1: 00:22:3f:04:d0:70 ssid='' wpa_ie_len=0 rsn_ie_len=0 caps=0x521

   skip - SSID not known

No suitable network found

```

----------

## khayyam

tipp98 ...

please post the following:

/etc/wpa_supplicant/wpa_supplicant.conf (w/out psk=)

/etc/conf.d/net

emerge -pv wpa_supplicant

/etc/init.d/dbus status

uname -a

 *sobhan wrote:*   

> I all way get sick with configuring network why you dont use simply networkmanager?

 

sobhan ... there is no "simply" here ... unless you think udev/dbus/policykit/consolekit/etc are "simple" ... the fact is they are making the whole process of internetworking more complex, so much so that its nolonger an issue of "simply using ..." but "you must use". I personally get sick when I hear the word "NetworkManager".

best ... khay

----------

## tipp98

I've deleted those networks that are nowhere near. Also, I've removed milk from the router to prevent any conflict there. DD-WRT is functioning as a repeater-bridge.

/etc/wpa_supplicant/wpa_supplicant.conf

```
ctrl_interface_group=0

ap_scan=1

ctrl_interface=/var/run/wpa_supplicant

###### Security Configuration ######

network={

        scan_ssid=1

        priority=10

        ssid="cookies"

        key_mgmt=NONE

}

network={

        priority=2

        ssid="milk"

        key_mgmt=WPA-PSK

}
```

/etc/conf.d/net

```
#Generated by NetworkManager

###### Global Configuration ######

modules_eth1="wpa_supplicant"

###### Connection Configuration ######

#----------------------------------

preferred_aps="milk cookies"

associate_order_eth1="forcepreferred"

#   or hardcode the  SSID to "any" and let the driver find an Access Point

#ssid_eth1="any"

#----------------------------------

dhcpcd_wlan0="-t 1"

dhcp_wlan0="nodns nontp nonis"

#----------------------------------

gateways_milk="192.168.1.1"

routes_milk="default via 192.168.1.1"

config_milk="192.168.1.46/24"

#----------------------------------

gateways_cookies="192.168.1.1"

routes_cookies="default via 192.168.1.1"

config_cookies="192.168.1.46/24"

#----------------------------------

routes_eth0="default via 192.168.1.1"

dhcpcd_eth0="-t 1"

config_eth0="192.168.1.46/24"

dhcp_eth0="nodns nontp nonis"
```

emerge -pv wpa_supplicant

```
[ebuild   R    ] net-wireless/wpa_supplicant-0.7.3-r5  USE="dbus readline ssl -debug -eap-sim -fasteap -gnutls -madwifi (-ps3) -qt4 (-selinux) -wimax -wps" 1,600 kB
```

/etc/init.d/dbus status 

```
 * status: started

```

uname -a 

```
Linux tabby 3.2.12-gentoo #7 SMP PREEMPT Fri Aug 3 14:44:17 EST 2012 x86_64 AMD Turion(tm) X2 Ultra Dual-Core Mobile ZM-80 AuthenticAMD GNU/Linux

```

----------

## khayyam

tipp98 ...

OK, please try the following ...

/etc/wpa_supplicant/wpa_supplicant.conf

```
ctrl_interface=/var/run/wpa_supplicant group=0

network={

    scan_ssid=1

    bssid=02:1E:2A:02:ED:85

    ssid="cookies"

    key_mgmt=NONE

}
```

/etc/conf.d/net

```
modules_eth1="!plug wpa_supplicant"

wpa_supplicant_eth1="-Dnl80211,wext -c /etc/wpa_supplicant/wpa_supplicant.conf -i eth1"

config_cookies="192.168.1.46/24"

routes_cookies="default via 192.168.1.1"

dns_servers_cookies="YOUR_DNS_SERVER"
```

Stop any currently running wpa_supplicant/NetworkManager/DHCP service and start net.eth1. I'm not entirely sure this will fix things, as there is one, perhaps showstoping, 'fail' from the nl80211 driver. Anyhow, if it doesn't work post any relevant information ...

Also, do you have the same issues with > 3.2.12-gentoo?

best ... khay

----------

## tipp98

Ok, I just did a bunch more testing. In addition to this repeater/bridge connection, I enabled the SSID broadcast on the primary router and set up another DD-WRT router in AP mode with WPA2 authentication. this is what I found:

* It does not like me setting the bssid to the number I got from DD-WRT; using iwconfig to set the essid no long jump starts the connection. That number must be a DD-WRT bug.

* I can connect to connections that are not hidden or virtual. 

* Hidden networks behave the same as my virtual one, which does broadcast the SSID. I can connect if I set the essid manually, but using scan_ssid=1 does not cause it to connect. I also tried this with setting the physical bssid= for both types of network. 

* Sidebar, It is rather frustrating that wpa_supplicant does not honor priority when scan_ssid is used within one of the network blocks. Seriously, if it sees the network that I want it to connect to, why even try connecting to all of those that may not even exist?

It seems trivial to set the essid. Is wpa_supplicant trying to use nl80211 for this where iwconfig does not? I shall test the latest vanilla kernel tomorrow and report back. 

Thanks for helping me nail down the problem khay.

----------

## khayyam

tipp98 ...

Firstly, it should be possible to use the depreciated wext, does the same issue occur if using 'wpa_supplicant_eth1="-Dwext -c /etc/wpa_supplicant/wpa_supplicant.conf -i eth1"?

Do you have net-wireless/aircrack-ng installed and does the card support monitor mode? If you run the following what does the AP/virtual show? Does the ESSID/BSSID, channel, encryption/open, match those of the config?

```
# airmon-ng start eth1

# airodump-ng -i mon0
```

I'm inclined to think that DD-WRT is at issue, but I'm not that familiar with NL80211, and as it doesn't see the network with 'iwlist eth1 scan' then it may be some issue with the driver not being able to scan (which would explain why you need to set it manually).

As for 'hidden networks' ... well, there aren't any, having broadcast beacons disabled doesn't make any practical sense.

If no scan can take place then of course 'priority' won't be respected, as there is no list of available AP's to go on.

I believe wpa_supplicant will use nl80211 for nl80211 interfaces, though it should also support wext ... iwconfig on the other hand uses wext.

best ... khay

----------

## tipp98

There is no change with kernel 3.5.

Switching back to wext, it will connect to a hidden network automatically, but still not the virtual one that I need to connect to. That correlates with the SSID mismatch message.

I also tried updating to wpa_supplicant-1, but I can no longer manually connect to the vap via iwconfig.

 *Quote:*   

> I am inclined to think that DD-WRT is at issue, but I'm not that familiar with NL80211, and as it doesn't see the network with 'iwlist eth1 scan' then it may be some issue with the driver not being able to scan (which would explain why you need to set it manually). 
> 
> 

 

An issue yes. DD-WRT is running multiple networks on the same BSSID, is it doing it wrong? Well, this same hardware with the same driver sees and connects to it fine in fedora. The difference there is that wpa_supplicant is controlled by NetowrkManager through dbus. In addition, wpa_supplicant will connect here if I use iwconfig. Those differences point to wpa_supplicant as a place for improvement. On the other hand is the driver, wl.ko, Broadcom's proprietary driver. It looks like it is not performing the specific ESSID scan that wpa_supplicant is asking for. It does do a normal scan though. If I set up DD-WRT to be a simple AP, it will find and connect.

This driver says that it supports monitor mode, but I did what the README says, and it did not work as expected so I was not able to run airmon-ng.

Now that I've got a pretty good handle on what the problems are, I am going to create a bug report/feature request to add a "force_ssid" option to wpa_supplicant. I shall also send another email Broadcom's way. I do not think though, that if Broadcom's driver worked as wpa_supplicant expects, that it would then connect because I should not have to use ap_scan=1 as the ssid that I am trying to connect to is broadcast, and it seems that wpa_supplicant refuses to connect due to an SSID missmatch.

Thanks,

Kyle

----------

## khayyam

 *tipp98 wrote:*   

> An issue yes. DD-WRT is running multiple networks on the same BSSID, is it doing it wrong?

 

kyle ... not sure I understand the question, anyhow, have you read multiple BSSIDs using DD-WRT

 *tipp98 wrote:*   

> Well, this same hardware with the same driver sees and connects to it fine in fedora. The difference there is that wpa_supplicant is controlled by NetowrkManager through dbus. In addition, wpa_supplicant will connect here if I use iwconfig. Those differences point to wpa_supplicant as a place for improvement. On the other hand is the driver, wl.ko, Broadcom's proprietary driver. It looks like it is not performing the specific ESSID scan that wpa_supplicant is asking for. It does do a normal scan though. If I set up DD-WRT to be a simple AP, it will find and connect.

 

well, no, NetworkManager uses wpa_supplicant as its backend and dbus is just an IPC ... you can speculate at the possible cause but its just that, speculation. It may be caused by a combination of issues, something that is only triggered when a specific application/version is used in combination with a specific driver/version (or what-have-you). Specuation can only get you so far, its by being narrowing down via a by process of elimination that stands some chance of getting at the cause ... and a possible solution.  

 *tipp98 wrote:*   

> This driver says that it supports monitor mode, but I did what the README says, and it did not work as expected so I was not able to run airmon-ng.

 

airmon-ng is simply used to get the card into monitor mode, there are various reasons this can fail (like being in use, or 'up') so make sure nothing, like dhcp, is running, and if need be rmmod and modprobe the driver prior. If this doesn't work then post the output/error.

 *tipp98 wrote:*   

> Now that I've got a pretty good handle on what the problems are, I am going to create a bug report/feature request to add a "force_ssid" option to wpa_supplicant. I shall also send another email Broadcom's way. I do not think though, that if Broadcom's driver worked as wpa_supplicant expects, that it would then connect because I should not have to use ap_scan=1 as the ssid that I am trying to connect to is broadcast, and it seems that wpa_supplicant refuses to connect due to an SSID missmatch.

 

I would have thought that stipulating the BSSID and ESSID would have resolved the 'mismatch', but on some reflection BSSID will probably be the operative identification. Now, in the above we do see distinct BSSID's (02:1E:2A:02:ED:85 and 02:1E:2A:02:ED:84) and no ESSID associated with :84 (at least they are reported as empty) and so it would probably be helpfull to be able to scan the airwaves (via airodump-ng) and see what is actually being broadcast.

best ... khay

----------

## tipp98

ok, rmmod did the trick.

```
 CH -1 ][ Elapsed: 32 s ][ 2012-08-17 13:12                                    

                                                                               

 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID

                                                                               

 00:1E:2A:02:ED:84    2      318       42    1   6  54e  OPN              cooki

 00:22:3F:04:D0:70    2      226       18    0   6  54e. OPN              <leng

                                                                               

 BSSID              STATION            PWR   Rate    Lost  Packets  Probes     

                                                                               

 00:1E:2A:02:ED:84  00:12:F0:7E:96:A5    2    1e- 1e   223      209  cookies    

 00:22:3F:04:D0:70  00:1E:2A:02:ED:84   -1    1e- 0      0        2             
```

I agree that explicitly stating the BSSID along with the ESSID in the config file should provide sufficient information for wpa_supplicant to connect to a virtual, or even an SSID broadcast free network. I do not know if it is coded that way though, but I do not believe so, which is why I said wpa_supplicant has room for improvement.

 *Quote:*   

> kyle ... not sure I understand the question, anyhow, have you read multiple BSSIDs using DD-WRT

 

Never mind about that, I was just trying to explain that it works in Fedora, Windows, Android... and using process of elimination I have found that using wpa_supplicant alone, without any helpers, is the one area where it doesn't work. 

That writeup looks interesting. I do not see where the auxiliary BSSID's are created, which makes me think that it is broken on my build. The article is about creating a segregated network, not something I am trying to do, but something I wouldn't mind having. I'll give it a shot at some point.

Thanks,

Kyle

----------

## khayyam

 *tipp98 wrote:*   

> 
> 
> ```
>  CH -1 ][ Elapsed: 32 s ][ 2012-08-17 13:12                                    
> 
> ...

 

OK, this shows the ESSID for 'cookie' being broadcast, and a speperate BSSID from ' 00:22:3F:04:D0:70', the "<length: 0>" means there is no ESSID for the BSSID. The only thing odd about the above is that 'cookie' is a client connected to '00:22:3F:04:D0:70', but then I'm not familiar with virtual interfaces so this may be quite normal.

 *tipp98 wrote:*   

> I agree that explicitly stating the BSSID along with the ESSID in the config file should provide sufficient information for wpa_supplicant to connect to a virtual, or even an SSID broadcast free network. I do not know if it is coded that way though, but I do not believe so, which is why I said wpa_supplicant has room for improvement.

 

Which leaves you having to provide a reason why wpa_supplicant (which, again, is the backend for NetworkManager) works with Fedora. It also suggests that some other factor, or combination of factors, is at issue ... thats all I was really saying above.

 *tipp98 wrote:*   

> [...] I was just trying to explain that it works in Fedora, Windows, Android... and using process of elimination I have found that using wpa_supplicant alone, without any helpers, is the one area where it doesn't work.

 

yes, but why is wpa_supplicant at issue? In the case of Fedora it works ... wpa_supplicant does all the actual ASSOC ... NetworkManager is just an interface, and as I said, dbus is an IPC. Above and beyond these there is the kernel itself, patchset, firmware, etc, etc.

 *tipp98 wrote:*   

> That writeup looks interesting. I do not see where the auxiliary BSSID's are created, which makes me think that it is broken on my build. The article is about creating a segregated network, not something I am trying to do, but something I wouldn't mind having. I'll give it a shot at some point.

 

As I said, it may be some (small) combination of factors that create the exact circumstances for the issue to arrise, it could be something as simple as a delay which occurs with Fedora, but not Gentoo. Have you looked at the wireless configuration wiki, something like "sleep_scan_DEVICE" and/or "sleep_associate_DEVICE" might help here.

 *tipp98 wrote:*   

> Thanks

 

You welcome & best ... khay

----------

## tipp98

 *Quote:*   

> The only thing odd about the above is that 'cookie' is a client connected to '00:22:3F:04:D0:70', but then I'm not familiar with virtual interfaces so this may be quite normal. 

 

That is the bridge connection, which I assume is the other ESSID in the "mismatch"

I've got a less than ideal solution figured out... The reason I could no longer use iwconfig to connect after updating to v1 was not because of v1, but because of the use of bssid= in the config file. It did the same thing when going back to 0.7.3. After removing that line, ap_scan=2 works, as it sets the essid similar to iwconfig.

----------

