You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There appears to be a regression caused by the recent [[https://github.com/openwrt/openwrt/commit/eefed841b05c3cd4c65a78b50ce0934d879e6acf|hostapd upgrade]].
I have a Linksys E8450 (mt7622) AP that was working well before the hostapd version upgrade (I bisected to confirm) but now my Apple devices fail to authenticate via WPA2 EAP-TLS. A Chromebook can authenticate and connect with no issues, and WPA2-PSK works fine for all devices.
Notably there are no issues when connecting to an ath10k AP when running the same revision, so it seems like this issue may be specific to the combination of WPA2 Enterprise, mt76, and Apple clients. Log snippet below, the key error appears to be "received EAPOL-Key 2/4 Pairwise with unexpected replay counter".
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx IEEE 802.1X: decapsulated EAP packet (code=3 id=133 len=4) from RADIUS server: EAP Success
hostapd: wlan1: CTRL-EVENT-EAP-SUCCESS2 6a:dd:0a:xx:xx:xx
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx IEEE 802.1X: Sending EAP Packet (identifier 133)
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: sending 1/4 msg of 4-Way Handshake
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: EAPOL-Key timeout
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: sending 1/4 msg of 4-Way Handshake
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: EAPOL-Key timeout
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: sending 1/4 msg of 4-Way Handshake
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: received EAPOL-Key frame (2/4 Pairwise)
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: sending 3/4 msg of 4-Way Handshake
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: Process SNonce update from STA based on retransmitted EAPOL-Key 1/4
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: received EAPOL-Key frame (2/4 Pairwise)
hostapd: wlan0: STA 7a:dd:0a:xx:xx:xx WPA: sending 3/4 msg of 4-Way Handshake
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: received EAPOL-Key 2/4 Pairwise with unexpected replay counter
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: EAPOL-Key timeout
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: sending 3/4 msg of 4-Way Handshake
The text was updated successfully, but these errors were encountered:
titanous:
There appears to be a regression caused by the recent [[https://github.com/openwrt/openwrt/commit/eefed841b05c3cd4c65a78b50ce0934d879e6acf|hostapd upgrade]].
I have a Linksys E8450 (mt7622) AP that was working well before the hostapd version upgrade (I bisected to confirm) but now my Apple devices fail to authenticate via WPA2 EAP-TLS. A Chromebook can authenticate and connect with no issues, and WPA2-PSK works fine for all devices.
Notably there are no issues when connecting to an ath10k AP when running the same revision, so it seems like this issue may be specific to the combination of WPA2 Enterprise, mt76, and Apple clients. Log snippet below, the key error appears to be "received EAPOL-Key 2/4 Pairwise with unexpected replay counter".
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx IEEE 802.1X: decapsulated EAP packet (code=3 id=133 len=4) from RADIUS server: EAP Success
hostapd: wlan1: CTRL-EVENT-EAP-SUCCESS2 6a:dd:0a:xx:xx:xx
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx IEEE 802.1X: Sending EAP Packet (identifier 133)
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: sending 1/4 msg of 4-Way Handshake
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: EAPOL-Key timeout
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: sending 1/4 msg of 4-Way Handshake
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: EAPOL-Key timeout
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: sending 1/4 msg of 4-Way Handshake
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: received EAPOL-Key frame (2/4 Pairwise)
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: sending 3/4 msg of 4-Way Handshake
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: Process SNonce update from STA based on retransmitted EAPOL-Key 1/4
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: received EAPOL-Key frame (2/4 Pairwise)
hostapd: wlan0: STA 7a:dd:0a:xx:xx:xx WPA: sending 3/4 msg of 4-Way Handshake
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: received EAPOL-Key 2/4 Pairwise with unexpected replay counter
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: EAPOL-Key timeout
hostapd: wlan0: STA 6a:dd:0a:xx:xx:xx WPA: sending 3/4 msg of 4-Way Handshake
The text was updated successfully, but these errors were encountered: