# WPA2 on Atheros (madwifi) with hostapd

## pomaranca

Hello!

I have set my wireless access point using madwifi driver for my Atheros AR5212 chipset. It works fine with WEP encryption provided by driver, but now i would like to set up WPA2 encryption. I am using hostapd as recommended by madwifi.org howto (http://madwifi.org/wiki/UserDocs/WPA_PSK_on_Both_Ends). I am connecting to AP with wpa_supplicant using Intel PRO/Wireless 2915ABG. After i execute this two commands:

on server: 

```
hostapd -dd /etc/hostapd/hostapd.conf
```

on laptop: 

```
wpa_supplicant -D wext -i luft -c /etc/wpa_supplicant/wpa_supplicant.conf
```

interfaces seem to be associated for some time but then hostapd returns:

```
Wireless event: cmd=0x8c03 len=20

ath0: STA 00:13:ce:73:f5:a2 IEEE 802.11: associated

  New STA

No WPA/RSN information element for station!?

Wireless event: cmd=0x8c04 len=20

ath0: STA 00:13:ce:73:f5:a2 IEEE 802.11: disassociated
```

and wpa_supplicant returns:

```
Trying to associate with 00:19:e0:83:0c:ed (SSID='pinky' freq=2422 MHz)

Associated with 00:19:e0:83:0c:ed

Authentication with 00:19:e0:83:0c:ed timed out.

CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
```

My configuration files:

hostapd.conf

```

interface=ath0

driver=madwifi

logger_syslog=-1

logger_syslog_level=2

logger_stdout=-1

logger_stdout_level=2

debug=0

dump_file=/tmp/hostapd.dump

ctrl_interface=/var/run/hostapd

ctrl_interface_group=0

ssid=pinky

macaddr_acl=1

accept_mac_file=/etc/hostapd/hostapd.accept

auth_algs=3

eapol_key_index_workaround=0

eap_server=0

wpa=3

wpa_psk=b780b8fb6a988b8501b96f58155de5e83725bc860849b80a2aa8db1d7a2e8d6b

wpa_key_mgmt=WPA-PSK

wpa_pairwise=TKIP CCMP

```

wpa_supplicant.conf

```

network={

        ssid="pinky"

        #psk="mojglupipassword"

        psk=b780b8fb6a988b8501b96f58155de5e83725bc860849b80a2aa8db1d7a2e8d6b

        key_mgmt=WPA-PSK

        proto=RSN

}

```

I guess the problem is within the line No WPA/RSN information element for station!? , but i really don't know what to do about it, i also haven't found anything usefull googling the web. I'm new in network cryptography so i may have confused some configurations. Please help!

----------

## jpl888

You have specified a MAC accept list in your config?

Is there anything actually in "/etc/hostapd/hostapd.accept" and does it correspond to the MAC address of the Intel card?

I am going to take a wild stab and say that is your problem, though I am quite possibly wrong.

----------

## Paczesiowa

maybe try wpa=1 or wpa=2 to get just one of these working. you can also try my cfg. if you get same error with my cfg then it's most likely client fault. I had that error with few versions of ndiswrapper but it worked after downgrade.

my working hostapd.conf for wpa-psk:

```
server ~ # cat hostapd.conf.wpa-psk

bridge=br0

interface=ath0

driver=madwifi

logger_syslog=-1

logger_syslog_level=2

logger_stdout=-1

logger_stdout_level=2

debug=3

ctrl_interface_group=0

macaddr_acl=0

ctrl_interface_group=0

ctrl_interface=/var/run/hostapd

deny_mac_file=/etc/hostapd/hostapd.deny

auth_algs=3

eapol_key_index_workaround=0

eap_server=0

eapol_version=2

own_ip_addr=127.0.0.1

dump_file=/tmp/hostapd.dump

ssid=DOM

wpa=1

wpa_passphrase=BxT3M3CBcQaiSwxmlNg6QwZfVjFO5we8aVS7ADCTnlaLogcJ4wOyuR5qAG1EA43

wpa_key_mgmt=WPA-PSK

wpa_pairwise=TKIP
```

----------

## pomaranca

I'm sorry for late reply...i had problems with kernel

After many times of configuring and compiling new kernel i reemerged madwifi-ng and hostapd, i had some more problems with madwifi, now i have to load modules manually and in correct sequence if i want it to work...but it works.

jpl888: your guess was wrong, it didn't work with inserting mac address of intel card into /etc/hostapd/hostapd.accept, i still get the same message:

```
Wireless event: cmd=0x8b19 len=8

Wireless event: cmd=0x8c03 len=20

ath0: STA 00:13:ce:73:f5:a2 IEEE 802.11: associated

  New STA

No WPA/RSN information element for station!?
```

I have tried with wpa=1 and wpa=2 and i always get the same message. With Paczesiowa's configuration file i get the same error. Here i noticed that with this config devices get associated for few seconds even if the passphrases don't match, but the same message again. I also noticed hostapd's configuration files are very sensitive to whitespaces. 

Do i need to have a bridge defined? My NAT works with Shorewall...

----------

## jpl888

You don't need a bridge but it can make firewalling setup simpler assuming the wireless is supposed to be part of you LAN.

It definitely looks like a configuration issue. Somebody else who had the same error on linuxquestions.org fixed it by having his config like this:-

```
bridge=br0

# Enable this for standard bridging, leave disabled for netfilter firewalls

interface=ath0

driver=madwifi

logger_syslog=-1

logger_syslog_level=2

logger_stdout=-1

logger_stdout_level=2

debug=0

ctrl_interface_group=0

macaddr_acl=0

deny_mac_file=/etc/hostapd.deny

auth_algs=3

#eapol_key_index_workaround=0

#eap_server=0

#dump_file=/tmp/hostapd.dump

ssid=edman007

wpa=1

##psk="password"

wpa_psk=0ddb70b8d4dec9f8d9922b45d0e3d5f6195d4851f51c669e7c05bd7fdf0b618e

wpa_key_mgmt=WPA-PSK

wpa_pairwise=CCMP
```

So at a glance disable "macaddr_acl" remove the "eap" stuff, change "wpa" to 1 and change "wpa_pairwise" to just "CCMP" and see what that does.

Here is the linuxquestions post http://www.linuxquestions.org/questions/showthread.php?t=480453

----------

## gekkoman

I have WPA2 working with madwifi and wpa_supplicant

Took a bit of research and trying to get it to work.

My wpa_supplicant.conf  is

network={

        key_mgmt=NONE

        priority=-9999999

}

ctrl_interface=/var/run/wpa_supplicant

ctrl_interface_group=0

ap_scan=1

network={

        scan_ssid=1

        ssid="<enter your ssid here>"

        proto=WPA2

        key_mgmt=WPA-PSK

        pairwise=CCMP

        group=CCMP

        psk="<enter your psk here>"

        priority=5

}

Am using dhcpd...my /etc/conf.d/net is

modules=("wpa_supplicant")

wpa_supplicant_ath0="-Dmadwifi"

wpa_timeout_ath0=120

This connects to a billion ADSL router/AP/PSTN 7404VGO reliably

----------

## pomaranca

gekkoman: this problem is more or less about how to set WPA/WPA2 on AP and not on client.

My laptop wifi card is already working with WPA on some other network. But the problem is i cant get it work with hostapd and atheros on my AP.

Someone suggested that: 

WPA/RSN information element is the field of WLAN frame header telling the others about protection methods enabled in the AP or station.

Such message (No WPA/RSN information element for station!?) suggests that WPA is not enabled and the card works in open or WEP mode.

Is there some special way to put atheros wifi cards into WPA mode with madwifi driver? I just loaded all the modules provided by the driver.

----------

## pomaranca

ooops...the problem was just in supplicant's configuration

with wpa_supplicant.conf:

```

ctrl_interface=/var/run/wpa_supplicant

ctrl_interface_group=0

ap_scan=2

fast_reauth=1

network={

                ssid="test"

                proto=WPA

                key_mgmt=WPA-PSK

                pairwise=TKIP

                group=TKIP

                psk=***

}

```

it works

----------

## tbart

Hi there!

This problem does not seem to be solved for anyone here when you read the config files thoroughly.

The initial problem was:

1) Have an Atheros card as an AP (AR5212 in my case)

2) Run hostapd on it

3) use WPA2 (so whenever we see proto=WPA on client side or wpa=1 on hostapd side, we do *NOT* talk about WPA2)

4) Have a client that does not really seem to matter hardware-wise

Does anyone have a solution to exactly this problem, i.e. has anyon got a configuration/information on what to do for a WPA2-only solution (which means wpa=2 in hostapd.conf and proto=RSN or proto=WPA2 in wpa_supplicant.conf)?

I did not find anyone until now, so I'm asking for your help here. WPA(1) works flawlessly for me as I am writing this.

th

----------

