# ath5k in-kernel and WPA2 stopped working [solved]

## Tariella

Hi,

this might be related to my new kernel-config (see this thread - kernel-config, old kernel-config). The kernel version is the same and I found no obvious errors/changes in the config.

My home network setup has not changed but my box is not able to connect any more.

I'm using the in-kernel atheros driver (ath5k) and wpa_supplicant. The ssid is hidden, encryption is WPA2-PSK.

It seems the it cannot set the key any more. When I try to check the key using 

```
iwlist wlan0 wpakeys
```

 I get the error message "Error reading wpa keys (SIOCGIWENCODEEXT): Operation not supported."

Since I messed around in the config when it first didn't work, I'm not sure any more if I should use wext or madwifi in connection with wpa_supplicant. I tried both but none works.

My /etc/conf.d/net (I messed around with commenting/uncommenting the different lines, no idea how it was set originally)

```
config_eth0=( "192.168.1.1" )

routes_wlan0=( "default via 192.168.2.1" )

config_wlan0=( "dhcp" )

#essid_wlan0=( "Valinor" )

modules_wlan0=( "wpa_supplicant" )

wpa_supplicant_wlan0=( "wext" )

#preferred_aps_wlan0=( "Valinor" )

#associate_order_wlan0=( "forcepreferred" )

#channel_wlan0=( "06" )
```

My /etc/wpa_supplicant/wpa_supplicant.conf (messed around here too) 

```
ctrl_interface=/var/run/wpa_supplicant

#ctrl_interface_group=0

eapol_version=1

ap_scan=2

fast_reauth=1

# This is a network block that connects to any unsecured access point.

# We give it a low priority so any defined blocks are preferred.

network={

  scan_ssid=1

  ssid="Valinor"

  proto=WPA2

  key_mgmt=WPA-PSK

  pairwise=CCMP

  group=TKIP

  psk="xxxxxxxxxx"

  priority=5

}
```

With ap-scan=0 or 1 it connects to some completely unrelated/unwanted apple network. Only ap-scan=2 finds at least the right AP.

Any ideas?Last edited by Tariella on Sat May 16, 2009 5:18 pm; edited 1 time in total

----------

## Tariella

Another one of my network devices stopped working with this wlan. This time it is my rt2500 (in-kernel) notebook. The configuration is the same as above with the ath5k chipset. It worked a while after the other network gave up, stopped working when I started it up this morning.

I already tried to restart my wlan router - no change. Could it be the router's fault? 

Why did the laptop work longer than the other box? And why is the vista box of my parents still able to connect?

This gets stranger with every second. 

Any ideas? Anyone with a working config like my setup, so I could compare the settings?

----------

## d2_racing

Hi, did you change your kernel yesterday ?

----------

## depontius

I have a laptop with an ath5k and 2.6.29, and just used it with an open access point this past weekend.  I also have WPA set up at home, but haven't used that lately.  I can check on this tonight, and at least give you relevant parts of my configuration.

In the meantime, I'll just add that wireless continues be something of a moving target.  It's entirely possible that you can't just enable the generic wireless stack, enable ath5k, and consider yourself configured.  I have a laptop with Intel wireless, and here's a brief excerpt:

```
CONFIG_WIRELESS=y

CONFIG_CFG80211=m

# CONFIG_CFG80211_REG_DEBUG is not set

CONFIG_NL80211=y

CONFIG_WIRELESS_OLD_REGULATORY=y

CONFIG_WIRELESS_EXT=y

CONFIG_WIRELESS_EXT_SYSFS=y

CONFIG_LIB80211=m

# CONFIG_LIB80211_DEBUG is not set

CONFIG_MAC80211=m

#

# Rate control algorithm selection

#

CONFIG_MAC80211_RC_MINSTREL=y

# CONFIG_MAC80211_RC_DEFAULT_PID is not set

CONFIG_MAC80211_RC_DEFAULT_MINSTREL=y

CONFIG_MAC80211_RC_DEFAULT="minstrel"

# CONFIG_MAC80211_MESH is not set

CONFIG_MAC80211_LEDS=y

# CONFIG_MAC80211_DEBUG_MENU is not set

# CONFIG_WIMAX is not set

CONFIG_RFKILL=m

CONFIG_RFKILL_INPUT=m

CONFIG_RFKILL_LEDS=y

# CONFIG_NET_9P is not set
```

To be honest, I'm not sure which driver I use, and can't tell from this excerpt.  (From modules.dep I think it might be "iwlagn".)  Hope this helps, at least a little.  I'll try to check more tonight on the machine with ath5k, if someone else hasn't solved your problem.

----------

## Tariella

Thanks for your answer!

On the notebook (the "new" problem), I didn't change a thing. The notebook's wlan connection was not always stable. Sometimes there were connection problems, after some time it worked again (without changing the configuration). I can't say if this was related to the other problem I'm encountering now, but it seems to be since it can't read/set the wpa key here either (atm). Anyways, the notebook's connection worked for some time after the htpc's connection had stopped working. 

The connection of the htpc had always worked flawlessly.

Is there something I can do to check what causes this?

----------

## depontius

Laptop with ath5k is downstairs, wpa-connected to my home access point.

Just for jollies:

```
localhost ~ # iwlist wlan0 wpakeys

wlan0     2 key sizes : 40, 104bits

          4 keys available :

Error reading wpa keys (SIOCGIWENCODEEXT): Operation not supported
```

So I have problems with iwlist also.  However, I AM connected, because I just ran that command via ssh - I'm wired upstairs and the laptop is wireless downstairs.

For 2 segments extracted out of the kernel config:

```
CONFIG_WIRELESS=y

CONFIG_CFG80211=m

CONFIG_NL80211=y

CONFIG_WIRELESS_OLD_REGULATORY=y

CONFIG_WIRELESS_EXT=y

CONFIG_WIRELESS_EXT_SYSFS=y

CONFIG_MAC80211=m

#

# Rate control algorithm selection

#

CONFIG_MAC80211_RC_PID=y

# CONFIG_MAC80211_RC_MINSTREL is not set

CONFIG_MAC80211_RC_DEFAULT_PID=y

# CONFIG_MAC80211_RC_DEFAULT_MINSTREL is not set

CONFIG_MAC80211_RC_DEFAULT="pid"

# CONFIG_MAC80211_MESH is not set

CONFIG_MAC80211_LEDS=y

# CONFIG_MAC80211_DEBUG_MENU is not set

# CONFIG_IEEE80211 is not set

CONFIG_RFKILL=m

# CONFIG_RFKILL_INPUT is not set

CONFIG_RFKILL_LEDS=y

# CONFIG_NET_9P is not set
```

and

```
#

# Wireless LAN

#

# CONFIG_WLAN_PRE80211 is not set

CONFIG_WLAN_80211=y

# CONFIG_PCMCIA_RAYCS is not set

# CONFIG_IPW2100 is not set

# CONFIG_IPW2200 is not set

# CONFIG_LIBERTAS is not set

# CONFIG_LIBERTAS_THINFIRM is not set

# CONFIG_AIRO is not set

# CONFIG_HERMES is not set

# CONFIG_ATMEL is not set

# CONFIG_AIRO_CS is not set

# CONFIG_PCMCIA_WL3501 is not set

# CONFIG_PRISM54 is not set

# CONFIG_USB_ZD1201 is not set

# CONFIG_USB_NET_RNDIS_WLAN is not set

# CONFIG_RTL8180 is not set

# CONFIG_RTL8187 is not set

# CONFIG_ADM8211 is not set

# CONFIG_MAC80211_HWSIM is not set

# CONFIG_P54_COMMON is not set

CONFIG_ATH5K=m

# CONFIG_ATH5K_DEBUG is not set

# CONFIG_ATH9K is not set

# CONFIG_IWLCORE is not set

# CONFIG_IWLWIFI_LEDS is not set

# CONFIG_IWLAGN is not set

# CONFIG_IWL3945 is not set

# CONFIG_HOSTAP is not set

# CONFIG_B43 is not set

# CONFIG_B43LEGACY is not set

# CONFIG_ZD1211RW is not set

# CONFIG_RT2X00 is not set
```

Finally, just in case it helps, an extract from /etc/wpa_supplicant/wpa_supplicant.conf:

```
# Only WPA-PSK is used. Any valid cipher combination is accepted.

network={

   ssid="ssssssss"

   scan_ssid=1

   proto=WPA

   key_mgmt=WPA-PSK

   pairwise=CCMP TKIP

   group=CCMP TKIP WEP104 WEP40

   psk="pppppppppppppppppppppppppppppppppppppppppppppppppppppppppppppp"

   priority=2

}
```

Hope this illuminates...

----------

## Tariella

Thanks for your answers and configs. I'll try some of this with my devices.

It's interesting to see that even with a working connection, iwlist won't be able to report about the keys.   :Shocked: 

So I might rule this "symptom" out.

Edit: Concerning my notebook:

I changed WPA2 to WPA and it works now (the router is set to both WPA/WPA2). Don't ask me why it works but I hope it stays this way.  :Wink: 

The other box still refuses to use a key.Last edited by Tariella on Tue May 05, 2009 7:45 pm; edited 1 time in total

----------

## Tariella

I tried all the different kernel configurations you all posted, but to no avail.

Here is the output of wpa_supplicant -dd:

```
Initializing interface 'wlan0' conf '/etc/wpa_supplicant/wpa_supplicant.conf' driver 'wext' ctrl_interface 'N/A' bridge 'N/A'

Configuration file '/etc/wpa_supplicant/wpa_supplicant.conf' -> '/etc/wpa_supplicant/wpa_supplicant.conf'

Reading configuration file '/etc/wpa_supplicant/wpa_supplicant.conf'

ctrl_interface='/var/run/wpa_supplicant'

eapol_version=2

ap_scan=2

fast_reauth=1

Line: 9 - start of a new network block

scan_ssid=1 (0x1)

ssid - hexdump_ascii(len=7):

     56 61 6c 69 6e 6f 72                              Valinor         

proto: 0x1

key_mgmt: 0x2

pairwise: 0x18

group: 0x1e

PSK - hexdump(len=32): [REMOVED]

priority=5 (0x5)

Priority group 5

   id=0 ssid='Valinor'

Initializing interface (2) 'wlan0'

Interface wlan0 set UP - waiting a second for the driver to complete initialization

SIOCGIWRANGE: WE(compiled)=22 WE(source)=21 enc_capa=0xf

  capabilities: key_mgmt 0xf enc 0xf flags 0x0

WEXT: Operstate: linkmode=1, operstate=5

Own MAC address: 00:1d:0f:d9:86:32

wpa_driver_wext_set_wpa

wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0

wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0

wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0

wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0

wpa_driver_wext_set_countermeasures

wpa_driver_wext_set_drop_unencrypted

RSN: flushing PMKID list in the driver

Setting scan request: 0 sec 100000 usec

EAPOL: SUPP_PAE entering state DISCONNECTED

EAPOL: KEY_RX entering state NO_KEY_RECEIVE

EAPOL: SUPP_BE entering state INITIALIZE

EAP: EAP entering state DISABLED

Added interface wlan0

Ignore event for foreign ifindex 4

RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])

RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added

RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])

RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added

Wireless event: cmd=0x8b06 len=12

State: DISCONNECTED -> SCANNING

Trying to associate with SSID 'Valinor'

Cancelling scan request

WPA: clearing own WPA/RSN IE

Automatic auth_alg selection: 0x1

WPA: No WPA/RSN IE available from association info

WPA: Set cipher suites based on configuration

WPA: Selected cipher suites: group 30 pairwise 24 key_mgmt 2 proto 1

WPA: clearing AP WPA IE

WPA: clearing AP RSN IE

WPA: using GTK CCMP

WPA: using PTK CCMP

WPA: using KEY_MGMT WPA-PSK

WPA: Set own WPA IE default - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50 f2 04 01 00 00 50 f2 04 01 00 00 50 f2 02

No keys have been configured - skip key clearing

wpa_driver_wext_set_drop_unencrypted

State: SCANNING -> ASSOCIATING

wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)

WEXT: Operstate: linkmode=-1, operstate=5

wpa_driver_wext_associate

wpa_driver_wext_set_psk

Setting authentication timeout: 60 sec 0 usec

EAPOL: External notification - EAP success=0

EAPOL: External notification - EAP fail=0

EAPOL: External notification - portControl=Auto

RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])

RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added

Wireless event: cmd=0x8b06 len=12

EAPOL: disable timer tick

CTRL-EVENT-TERMINATING - signal 2 received

Removing interface wlan0

State: ASSOCIATING -> DISCONNECTED

wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)

WEXT: Operstate: linkmode=-1, operstate=5

No keys have been configured - skip key clearing

EAPOL: External notification - portEnabled=0

EAPOL: External notification - portValid=0

wpa_driver_wext_set_wpa

wpa_driver_wext_set_drop_unencrypted

wpa_driver_wext_set_countermeasures

No keys have been configured - skip key clearing

Cancelling scan request

Cancelling authentication timeout

WEXT: Operstate: linkmode=0, operstate=6

```

Maybe someone finds a reason for the failure to connect in this output.

----------

## Tariella

So I tried the old kernel-version & config but no change. I also reset the router and even set it to another channel. Still no success. 

I don't know what to try anymore.   :Crying or Very sad: 

The networking card is new and worked fine until the problem came up.

Is there anything more I can try or any way to find out what exactly the problem is?

----------

## d2_racing

Right now, I have no idea  :Sad: 

----------

## Tariella

Well thanks for the answer anyways. I'm happy that I'm not talking all to myself here.  :Wink: 

If I don't get this to work soon, I'll have to try a full reinstall.

----------

## NeddySeagoon

Tariella,

```
I'm using the in-kernel atheros driver (ath5k) and wpa_supplicant. The ssid is hidden ...
```

You are not supposed to hide the ssid in your beacon messages. Thats against the wireless specification.

Some drivers work that way some don't. It also gives you a false sense of security as it does nothing to enhance security at all.

It does prevent your network appearing to a casual scanner but thats all.

A full reinstall won't help. Thats a Windows solution, not a Gentoo one.

As your device appears but won't connect, your kernel must be OK,

----------

## Tariella

With hidden SSID I meant that my router doesn't broadcast it.

Since this already works for my laptop and once worked with my ath5k box, I guess that should be ok.

Yesterday I tried to downgrade wpa_supplicant (because I found some bug reports that claimed it helped), but no success.

----------

## depontius

Hiding your SSID confers no additional security, and makes your router a bit of a pain to do legitimate setup for.

Anyone who knows what they're doing with wireless can ferret out the information you're trying to hide.  Hiding the SSID only stops the lowest of kiddies, and decent encryption setup will stop them, anyway.

Make life simpler, turn the SSID broadcast back on.

Make sure you're using WPA+, and have a really good key.

----------

## d2_racing

You should use WPA2 + CCMP encryption. It's the best that you can use right now.

----------

## Tariella

WPA2 is already enabled and detailed settings like CCMP are not available on my router.

Well, I'll set the router to broadcast the SSID but I don't think that this caused my problem.

----------

## Tariella

I set the router to broadcast the SSID. Still no change to my wlan problem.

EDIT:

I fixed it, heureka!

The error was one little option in wpa_supplicant.conf

```
ap_scan=2
```

After reading every detail about the driver and settings, I found a hint in one of the docs. The wext driver in wpa_supplicant doesn't like any other ap_scan value than 0.   :Shocked: 

The problem why I changed it to 2 was that it always connected the wrong ap even when I forced the right one in the /etc/conf.d/net config. I'm using "forcepreferredonly" now and it seems to work fine with ap_scan 0. 

 :Very Happy:   :Very Happy:   :Very Happy:   :Very Happy: 

----------

