# WPA-TTLS Eduroam

## hachi

Hi

  I've been looking for solution for 2 months right now and unfortunatly I could not find any. Honestly I've searched the net all the way.

  What my problem is that I cannot connect to my university wireless lan. I was trying NetworkManager with Knetworkmanager and NM-Applet, WiCD and just wpa_supplicant. I am using ~x86 gentoo, and my system is really up to date with kernel 2.6.31-gentoo-r4

Here is my wpa_supplicant.conf file:

```

update_config=1

ctrl_interface=/var/run/wpa_supplicant

ctrl_interface_group=0

ap_scan=1

eapol_version=1

fast_reauth=1

#opensc_engine_path=/usr/lib/opensc/engine_opensc.so

pkcs11_engine_path=/usr/lib/engines/engine_pkcs11.so

pkcs11_module_path=/usr/lib/pkcs11/opensc-pkcs11.so

network={

   ssid="eduroam"

   key_mgmt=WPA-EAP

   pairwise=TKIP

   group=TKIP

   eap=TTLS

   ca_cert="/etc/ssl/certs/rmskca.pem"

   ca_path="/etc/ssl/certs/"

   anonymous_identity="anonymous@stud.prz.edu.pl"

   identity="117661@stud.prz.edu.pl"

   password="asdf1234"

   phase2="auth=PAP"

}

network={

   ssid="kurwinet"

   key_mgmt=NONE

}

```

My home network - kurwinet - works flawlessly. It's just that stupid Radius server.

Here is what wpa_supplicant shows while trying to connect:

```

CTRL-EVENT-SCAN-RESULTS 

Trying to associate with 00:1c:f6:61:68:02 (SSID='eduroam' freq=2412 MHz)

Association request to the driver failed

Associated with 00:1c:f6:61:68:02

CTRL-EVENT-EAP-STARTED EAP authentication started

CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected

OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0)

CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully

CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys

Associated with 00:1c:f6:61:68:02

CTRL-EVENT-EAP-STARTED EAP authentication started

CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected

OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0)

CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully

CTRL-EVENT-SCAN-RESULTS 

CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys

Associated with 00:1c:f6:61:68:02

CTRL-EVENT-EAP-STARTED EAP authentication started

CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected

OpenSSL: tls_connection_handshake - Failed to read possible Application Data error:00000000:lib(0):func(0):reason(0)

CTRL-EVENT-EAP-SUCCESS EAP authentication completed successfully

CTRL-EVENT-SCAN-RESULTS 

CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys

CTRL-EVENT-TERMINATING - signal 2 received

```

On windows I use secureW2 which works very well.

I would really appreciate any help. Thanks in advande.

----------

## hachi

Bump.

----------

## hugommg

Same here. Can't connect to Eduroam.

It also happens on ubuntu so this isn't a gentoo exclusive.

----------

## Rexilion

```
network={

     ssid="eduroam"

     scan_ssid=1

     key_mgmt=WPA-EAP

     eap=TTLS

     anonymous_identity=”anonymous@stud.prz.edu.pl”

     # Phase1 / outer authentication

     identity="UvAnet-id@uva.nl" # substitute this with your username

     password="wachtwoord" # substitute this with your password

     # Phase 2 / inner authentication

     phase2="auth=PAP"

     ca_cert="/etc/ssl/certs/rmskca.pem"

     priority=2

}
```

Try this, it came from a manual on the university I was on, it worked flawlessly. Only substitute your username and password in this. If this doesn't work, try switching the scan_ssid=1 to scan_ssid=0.

----------

## hugommg

I guess my problem is a bit different. I can authenticate but connection just drops (deauthenticating from 00:01:f4:ec:02:d5 by local choice (reason=3)).

It works on windows, it works on a mac and it used to work on ubuntu too but now 9.10 gives exactly the same error.

Here is the relevant  /var/log/messages part:

```

Mar 16 14:30:04 jenny NetworkManager: <info>  Activation (wlan0) starting connection 'auto eduroam'

Mar 16 14:30:04 jenny NetworkManager: <info>  (wlan0): device state change: 3 -> 4 (reason 0)

Mar 16 14:30:04 jenny NetworkManager: <info>  Activation (wlan0) Stage 1 of 5 (Device Prepare) scheduled...

Mar 16 14:30:04 jenny NetworkManager: <info>  Activation (wlan0) Stage 1 of 5 (Device Prepare) started...

Mar 16 14:30:04 jenny NetworkManager: <info>  Activation (wlan0) Stage 2 of 5 (Device Configure) scheduled...

Mar 16 14:30:04 jenny NetworkManager: <info>  Activation (wlan0) Stage 1 of 5 (Device Prepare) complete.

Mar 16 14:30:04 jenny NetworkManager: <info>  Activation (wlan0) Stage 2 of 5 (Device Configure) starting...

Mar 16 14:30:04 jenny NetworkManager: <info>  (wlan0): device state change: 4 -> 5 (reason 0)

Mar 16 14:30:04 jenny NetworkManager: <info>  Activation (wlan0/wireless): connection 'auto eduroam' has security, and secrets exist.  No new secrets needed.

Mar 16 14:30:04 jenny NetworkManager: <info>  Config: added 'ssid' value 'eduroam'

Mar 16 14:30:04 jenny NetworkManager: <info>  Config: added 'scan_ssid' value '1'

Mar 16 14:30:04 jenny NetworkManager: <info>  Config: added 'key_mgmt' value 'IEEE8021X'

Mar 16 14:30:04 jenny NetworkManager: <info>  Config: added 'password' value '<omitted>'

Mar 16 14:30:04 jenny NetworkManager: <info>  Config: added 'eap' value 'TTLS'

Mar 16 14:30:04 jenny NetworkManager: <info>  Config: added 'fragment_size' value '1300'

Mar 16 14:30:04 jenny NetworkManager: <info>  Config: added 'phase2' value 'auth=PAP'

Mar 16 14:30:04 jenny NetworkManager: <info>  Config: added 'ca_cert' value '*********************'

Mar 16 14:30:04 jenny NetworkManager: <info>  Config: added 'identity' value '***********'

Mar 16 14:30:04 jenny NetworkManager: <info>  Config: added 'anonymous_identity' value '***********'

Mar 16 14:30:04 jenny NetworkManager: <info>  Activation (wlan0) Stage 2 of 5 (Device Configure) complete.

Mar 16 14:30:04 jenny NetworkManager: <info>  Config: set interface ap_scan to 1

Mar 16 14:30:04 jenny NetworkManager: <info>  (wlan0): supplicant connection state:  disconnected -> scanning

Mar 16 14:30:06 jenny NetworkManager: <info>  (wlan0): supplicant connection state:  scanning -> associating

Mar 16 14:30:06 jenny kernel: wlan0: direct probe to AP 00:01:f4:ec:02:d5 (try 1)

Mar 16 14:30:06 jenny kernel: wlan0: direct probe responded

Mar 16 14:30:06 jenny kernel: wlan0: authenticate with AP 00:01:f4:ec:02:d5 (try 1)

Mar 16 14:30:06 jenny kernel: wlan0: authenticated

Mar 16 14:30:06 jenny kernel: wlan0: associate with AP 00:01:f4:ec:02:d5 (try 1)

Mar 16 14:30:06 jenny kernel: wlan0: RX AssocResp from 00:01:f4:ec:02:d5 (capab=0x11 status=0 aid=9)

Mar 16 14:30:06 jenny kernel: wlan0: associated

Mar 16 14:30:06 jenny NetworkManager: <info>  (wlan0): supplicant connection state:  associating -> associated

Mar 16 14:30:09 jenny kernel: wlan0: deauthenticating from 00:01:f4:ec:02:d5 by local choice (reason=3)

Mar 16 14:30:09 jenny NetworkManager: <info>  (wlan0): supplicant connection state:  associated -> disconnected

Mar 16 14:30:09 jenny NetworkManager: <info>  (wlan0): supplicant connection state:  disconnected -> scanning

Mar 16 14:30:09 jenny NetworkManager: <info>  (wlan0): supplicant connection state:  scanning -> disconnected

Mar 16 14:30:11 jenny NetworkManager: <info>  (wlan0): supplicant connection state:  disconnected -> associating

...

```

----------

## Rexilion

Hmm, you could start by trying the same kernelversion that is used under Ubuntu. It's obvious it's a regression, the question is: Where?

----------

## hugommg

Same thing using 2.6.29-gentoo-r5, 2.6.33-zen1  :Sad: 

Doing an iw event command returns:

```

jenny ~ # iw event

wlan0 (phy #0): scan started

wlan0 (phy #0): scan finished: 2412 2417 2422 2427 2432 2437 2442 2447 2452 2457 2462 2467 2472 5170 5180 5190 5200 5210 5220 5230 5240 5260 5280 5300 5320 5500 5520 5540 5560 5580 5600 5620 5640 5660 5680 5700, "e-U"

wlan0 (phy #0): auth 00:01:f4:ec:02:d5 -> 00:13:02:0a:87:7e status: 0: Successful

wlan0 (phy #0): assoc 00:01:f4:ec:02:d5 -> 00:13:02:0a:87:7e status: 0: Successful

wlan0 (phy #0): connected to 00:01:f4:ec:02:d5

wlan0 (phy #0): deauth 00:13:02:0a:87:7e -> 00:01:f4:ec:02:d5 reason 3: Deauthenticated because sending station is leaving (or has left) the IBSS or ESS

wlan0 (phy #0): disconnected (local request)

wlan0 (phy #0): scan started

wlan0 (phy #0): scan finished: 2412 2417 2422 2427 2432 2437 2442 2447 2452 2457 2462 2467 2472 5170 5180 5190 5200 5210 5220 5230 5240 5260 5280 5300 5320 5500 5520 5540 5560 5580 5600 5620 5640 5660 5680 5700, ""

wlan0 (phy #0): auth 00:01:f4:ec:02:d5 -> 00:13:02:0a:87:7e status: 0: Successful

wlan0 (phy #0): assoc 00:01:f4:ec:02:d5 -> 00:13:02:0a:87:7e status: 0: Successful

wlan0 (phy #0): connected to 00:01:f4:ec:02:d5

wlan0 (phy #0): deauth 00:13:02:0a:87:7e -> 00:01:f4:ec:02:d5 reason 3: Deauthenticated because sending station is leaving (or has left) the IBSS or ESS

wlan0 (phy #0): disconnected (local request)

```

----------

