# wpa_supplicant and wpa2

## bugihush

hi everyone,

I've recently migrate my wireless network from wep to wpa2-personal on openwrt wrt54g. The AP wpa2 is set properly because I can connect to network from win7 system. The problems occurs on linux. I have working wifi card with broadcom-sta package (bcm4312). With wirelles-tools its able to connecto to wep network and with wpa_supplicant still. 

wpa_supplicant.conf

```
bugi bugi # cat /etc/wpa_supplicant/wpa_supplicant.conf 

ctrl_interface=/var/run/wpa_supplicant

ctrl_interface_group=0

ap_scan=1

network={

   ssid="forfiter"

   proto=WPA2

   key_mgmt=WPA-PSK

   pairwise=CCMP TKIP

   group=CCMP TKIP

   psk="12345678"

   priority=2

}

```

result of trying connecting 

```
bugi bugi # wpa_supplicant -ieth1 -c/etc/wpa_supplicant/wpa_supplicant.conf 

Trying to associate with 68:7f:74:3e:6a:c4 (SSID='forfiter' freq=2412 MHz)

ioctl[SIOCSIWAP]: Invalid argument

Association request to the driver failed

Authentication with 68:7f:74:3e:6a:c4 timed out.

ioctl[SIOCGIWSCAN]: Invalid argument

ioctl[SIOCGIWSCAN]: Invalid argument

ioctl[SIOCGIWSCAN]: Invalid argument

ioctl[SIOCGIWSCAN]: Invalid argument

ioctl[SIOCGIWSCAN]: Invalid argument

ioctl[SIOCGIWSCAN]: Invalid argument

^CCTRL-EVENT-TERMINATING - signal 2 received

```

well when Ive set AP with wep then wpa_supplicant with wep configurationg was able to connect but generate similiar errors about unable to scan and ioctl[SIOCGIWSCAN] messages. 

but after few days of trying I was noticed that when enter on terminal 

```

bugi # cat /etc/wpa_supplicant/wpa_supplicant.conf 
```

I see only errors but when in another terminal restart iface eth1 then I see 

```
bugi bugi # wpa_supplicant -ieth1 -c/etc/wpa_supplicant/wpa_supplicant.conf 

ioctl[SIOCGIWSCAN]: Invalid argument

ioctl[SIOCGIWSCAN]: Invalid argument

ioctl[SIOCGIWSCAN]: Resource temporarily unavailable

l2_packet_receive - recvfrom: Network is down

Trying to associate with 68:7f:74:3e:6a:c4 (SSID='forfiter' freq=2412 MHz)

ioctl[SIOCSIWAP]: Device or resource busy

Association request to the driver failed

l2_packet_receive - recvfrom: Network is down

Authentication with 68:7f:74:3e:6a:c4 timed out.

Associated with 68:7f:74:3e:6a:c4

CTRL-EVENT-CONNECTED - Connection to 68:7f:74:3e:6a:c4 completed (auth) [id=0 id_str=]

CTRL-EVENT-DISCONNECTED bssid=68:7f:74:3e:6a:c4 reason=0

Associated with 68:7f:74:3e:6a:c4

CTRL-EVENT-CONNECTED - Connection to 68:7f:74:3e:6a:c4 completed (reauth) [id=0 id_str=]

Trying to associate with 68:7f:74:3e:6a:c4 (SSID='forfiter' freq=2412 MHz)

ioctl[SIOCSIWAP]: Device or resource busy

Association request to the driver failed

Associated with 68:7f:74:3e:6a:c4

WPA: Key negotiation completed with 68:7f:74:3e:6a:c4 [PTK=CCMP GTK=CCMP]

CTRL-EVENT-CONNECTED - Connection to 68:7f:74:3e:6a:c4 completed (reauth) [id=1 id_str=]

```

then dhclient eth1 and I was able to ping router iface. 

How to solve this issue ? 

best regards,

Mariusz

----------

## BradN

Are you sure you don't need to specify a driver type to wpa_supplicant (on its command line options)?

----------

## bugihush

 *BradN wrote:*   

> Are you sure you don't need to specify a driver type to wpa_supplicant (on its command line options)?

 

The wpa driver was specified in /etc/conf/net

```

config_eth1=( "dhcp" )

modules=( "wpa_supplicant" )

wpa_supplicant_eth1="-Dwext"

```

----------

## cach0rr0

 *bugihush wrote:*   

>  *BradN wrote:*   Are you sure you don't need to specify a driver type to wpa_supplicant (on its command line options)? 
> 
> The wpa driver was specified in /etc/conf/net
> 
> ```
> ...

 

which isn't used when you run wpa_supplicant from the command-line. 

I don't know if it makes a difference here, though. I'm wondering if you aren't missing some key crypto pieces from your kernel (note that wireless-tools supports WEP only)

----------

## BradN

I don't think kernel crypto is used with wpa_supplicant, although I could be mistaken.

You could trim your config file down a bit - this should be sufficient (but may not protect against access point spoofing attacks as well):

ctrl_interface=/var/run/wpa_supplicant 

ctrl_interface_group=0 

ap_scan=1 

network={ 

   ssid="forfiter" 

   psk="12345678" 

} 

wpa_supplicant will determine the encryption type automatically (but therein lies the danger - one could spoof a less secure encryption and possibly reverse your key)

I think what's really happening here is wpa_supplicant is using the wrong interface to try to control the wireless parameters and perform scanning.

ioctl[SIOCSIWAP]: Invalid argument 

ioctl[SIOCGIWSCAN]: Invalid argument 

ioctl[SIOCGIWSCAN]: Invalid argument 

ioctl[SIOCGIWSCAN]: Invalid argument 

ioctl[SIOCGIWSCAN]: Invalid argument 

ioctl[SIOCGIWSCAN]: Invalid argument 

ioctl[SIOCGIWSCAN]: Invalid argument

----------

## dmpogo

 *BradN wrote:*   

> I don't think kernel crypto is used with wpa_supplicant, although I could be mistaken.
> 
> 

 

For WPA2 it is used, as far as I remember.

See here for example

http://madwifi-project.org/wiki/UserDocs/KernelConfig

----------

## bugihush

 *dmpogo wrote:*   

>  *BradN wrote:*   I don't think kernel crypto is used with wpa_supplicant, although I could be mistaken.
> 
>  
> 
> For WPA2 it is used, as far as I remember.
> ...

 

well my kernel configuration is set properly. 

BrandN how to set static eth1 for scanning ? I have specified in /etc/conf.d/net 

```
wpa_supplicant_eth1="-Dwext" 
```

----------

## BradN

I mean, not that it is using the wrong network interface, but it seems to be using the wrong commands to try to control it.

Try removing the -D option and see if it autodetects correctly.

----------

## bugihush

 *BradN wrote:*   

> I mean, not that it is using the wrong network interface, but it seems to be using the wrong commands to try to control it.
> 
> Try removing the -D option and see if it autodetects correctly.

 

still the same result

```

bugi log # iwlist eth1 scan

eth1      Failed to read scan data : Invalid argument

```

Only one way is to start 

```
/etc/init.d/wpa_supplicant
```

 and next restart iface eth1 and put ctrl^c while scanning .[/code]

```
bugi log # /etc/init.d/net.eth1 restart

net.eth1         | * Bringing up interface eth1

net.eth1         | *   Configuring wireless network for eth1

net.eth1         | *   Scanning for access points

^Cnet.eth1         | * net.eth1: caught SIGINT, aborting

bugi log # 

```

```

bugi log # iwconfig  eth1 

eth1      IEEE 802.11bg  ESSID:"forfiter"  Nickname:""

          Mode:Managed  Frequency:2.412 GHz  Access Point: 68:7F:74:3E:6A:C4   

          Bit Rate=54 Mb/s   Tx-Power:24 dBm   

          Retry min limit:7   RTS thr:off   Fragment thr:off

          Encryption key:off

          Power Managementmode:All packets received

          Link Quality=5/5  Signal level=-37 dBm  Noise level=-91 dBm

          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0

          Tx excessive retries:6  Invalid misc:0   Missed beacon:0

bugi log # 

```

```
bugi log # wpa_cli

wpa_cli v0.7.2

Copyright (c) 2004-2010, Jouni Malinen <j@w1.fi> and contributors

This program is free software. You can distribute it and/or modify it

under the terms of the GNU General Public License version 2.

Alternatively, this software may be distributed under the terms of the

BSD license. See README and COPYING for more details.

Selected interface 'eth1'

Interactive mode

> status

bssid=68:7f:74:3e:6a:c4

ssid=forfiter

id=1

mode=station

pairwise_cipher=CCMP

group_cipher=CCMP

key_mgmt=WPA2-PSK

wpa_state=COMPLETED

ip_address=192.168.1.152

```

anyone have idea ? 

best regards, 

Mariusz

----------

