Reading configuration file 'ttls-pap-roaming.txt' Line: 1 - start of a new network block ssid - hexdump_ascii(len=7): 65 64 75 72 6f 61 6d eduroam key_mgmt: 0x8 eap methods - hexdump(len=16): 00 00 00 00 15 00 00 00 00 00 00 00 00 00 00 00 pairwise: 0x8 phase2 - hexdump_ascii(len=8): 61 75 74 68 3d 50 41 50 auth=PAP identity - hexdump_ascii(len=19): 65 64 75 72 6f 61 6d 40 72 6e 70 74 65 73 74 65 eduroam@rnpteste 2e 62 72 .br password - hexdump_ascii(len=7): 65 64 75 72 6f 61 6d eduroam Line 10: removed CCMP from group cipher list since it was not allowed for pairwise cipher Priority group 0 id=0 ssid='eduroam' Authentication server 127.0.0.1:1812 RADIUS local address: 127.0.0.1:49487 ENGINE: Loading dynamic engine ENGINE: Loading dynamic engine EAPOL: SUPP_PAE entering state DISCONNECTED EAPOL: KEY_RX entering state NO_KEY_RECEIVE EAPOL: SUPP_BE entering state INITIALIZE EAP: EAP entering state DISABLED EAPOL: External notification - portValid=0 EAPOL: External notification - portEnabled=1 EAPOL: SUPP_PAE entering state CONNECTING EAPOL: SUPP_BE entering state IDLE EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE Sending fake EAP-Request-Identity EAPOL: Received EAP-Packet frame EAPOL: SUPP_PAE entering state RESTART EAP: EAP entering state INITIALIZE EAP: EAP entering state IDLE EAPOL: SUPP_PAE entering state AUTHENTICATING EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=0 method=1 vendor=0 vendorMethod=0 EAP: EAP entering state IDENTITY CTRL-EVENT-EAP-STARTED EAP authentication started EAP: Status notification: started (param=) EAP: EAP-Request Identity data - hexdump_ascii(len=0): EAP: using real identity - hexdump_ascii(len=19): 65 64 75 72 6f 61 6d 40 72 6e 70 74 65 73 74 65 eduroam@rnpteste 2e 62 72 .br EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=24) TX EAP -> RADIUS - hexdump(len=24): 02 00 00 18 01 65 64 75 72 6f 61 6d 40 72 6e 70 74 65 73 74 65 2e 62 72 Encapsulating EAP message into a RADIUS packet Learned identity from EAP-Response-Identity - hexdump(len=19): 65 64 75 72 6f 61 6d 40 72 6e 70 74 65 73 74 65 2e 62 72 Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=0 length=152 Attribute 1 (User-Name) length=21 Value: 'eduroam@rnpteste.br' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 6 (Service-Type) length=6 Value: 2 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=26 Value: 0200001801656475726f616d40726e7074657374652e6272 Attribute 80 (Message-Authenticator) length=18 Value: 425dab3569ba0abc75b3ed0250beb9bd Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 80 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=0 length=80 Attribute 79 (EAP-Message) length=24 Value: 010100160410104ff67bbf7ef4852235f519ee2b3e17 Attribute 80 (Message-Authenticator) length=18 Value: cf5acc1af9f4dd509070c87d82d9e16a Attribute 24 (State) length=18 Value: 161759b416165db0f3b4952e04b41a4d STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.10 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=1 len=22) from RADIUS server: EAP-Request-MD5 (4) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=1 method=4 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD EAP: configuration does not allow: vendor 0 method 4 EAP: vendor 0 method 4 not allowed CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=4 -> NAK EAP: Status notification: refuse proposed method (param=MD5) EAP: Building EAP-Nak (requested type 4 vendor=0 method=0 not allowed) EAP: allowed methods - hexdump(len=1): 15 EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=6) TX EAP -> RADIUS - hexdump(len=6): 02 01 00 06 03 15 Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=1 length=152 Attribute 1 (User-Name) length=21 Value: 'eduroam@rnpteste.br' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 6 (Service-Type) length=6 Value: 2 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=8 Value: 020100060315 Attribute 24 (State) length=18 Value: 161759b416165db0f3b4952e04b41a4d Attribute 80 (Message-Authenticator) length=18 Value: f8039e5b4c04b57df13e32ca8b33427c Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE Received 64 bytes from RADIUS server Received RADIUS message RADIUS message: code=11 (Access-Challenge) identifier=1 length=64 Attribute 79 (EAP-Message) length=8 Value: 010200061520 Attribute 80 (Message-Authenticator) length=18 Value: 2ec67f08f1d43987d71e57f05cb2ce8e Attribute 24 (State) length=18 Value: 161759b417154cb0f3b4952e04b41a4d STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 0.03 sec RADIUS packet matching with station decapsulated EAP packet (code=1 id=2 len=6) from RADIUS server: EAP-Request-TTLS (21) EAPOL: Received EAP-Packet frame EAPOL: SUPP_BE entering state REQUEST EAPOL: getSuppRsp EAP: EAP entering state RECEIVED EAP: Received EAP-Request id=2 method=21 vendor=0 vendorMethod=0 EAP: EAP entering state GET_METHOD CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=21 EAP: Status notification: accept proposed method (param=TTLS) EAP: Initialize selected EAP method: vendor 0 method 21 (TTLS) EAP-TTLS: Phase2 type: PAP TLS: using phase1 config options CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected EAP: EAP entering state METHOD SSL: Received packet(len=6) - Flags 0x20 EAP-TTLS: Start (server ver=0, own ver=0) SSL: (where=0x10 ret=0x1) SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:before/connect initialization OpenSSL: TX ver=0x303 content_type=256 (TLS header info/) OpenSSL: Message - hexdump(len=5): 16 03 01 01 28 OpenSSL: TX ver=0x303 content_type=22 (handshake/client hello) OpenSSL: Message - hexdump(len=296): 01 00 01 24 03 03 d2 f5 ee a4 fd be 3d 97 82 7f 69 57 9c e6 62 56 22 8d 29 85 da fc c7 13 33 fe 57 a0 d6 2f e0 61 00 00 aa c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36 00 88 00 87 00 86 00 85 c0 32 c0 2e c0 2a c0 26 c0 0f c0 05 00 9d 00 3d 00 35 00 84 c0 2f c0 2b c0 27 c0 23 c0 13 c0 09 00 a4 00 a2 00 a0 00 9e 00 67 00 40 00 3f 00 3e 00 33 00 32 00 31 00 30 00 9a 00 99 00 98 00 97 00 45 00 44 00 43 00 42 c0 31 c0 2d c0 29 c0 25 c0 0e c0 04 00 9c 00 3c 00 2f 00 96 00 41 c0 11 c0 07 c0 0c c0 02 00 05 00 04 c0 12 c0 08 00 16 00 13 00 10 00 0d c0 0d c0 03 00 0a 00 ff 01 00 00 51 00 0b 00 04 03 00 01 02 00 0a 00 1c 00 1a 00 17 00 19 00 1c 00 1b 00 18 00 1a 00 16 00 0e 00 0d 00 0b 00 0c 00 09 00 0a 00 0d 00 20 00 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 0f 00 01 01 SSL: (where=0x1001 ret=0x1) SSL: SSL_connect:SSLv2/v3 write client hello A SSL: (where=0x1002 ret=0xffffffff) SSL: SSL_connect:error in SSLv2/v3 read server hello A SSL: SSL_connect - want more data SSL: 301 bytes pending from ssl_out SSL: 301 bytes left to be sent out (of total 301 bytes) EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL eapRespData=0x10c5950 EAP: EAP entering state SEND_RESPONSE EAP: EAP entering state IDLE EAPOL: SUPP_BE entering state RESPONSE EAPOL: txSuppRsp WPA: eapol_test_eapol_send(type=0 len=307) TX EAP -> RADIUS - hexdump(len=307): 02 02 01 33 15 00 16 03 01 01 28 01 00 01 24 03 03 d2 f5 ee a4 fd be 3d 97 82 7f 69 57 9c e6 62 56 22 8d 29 85 da fc c7 13 33 fe 57 a0 d6 2f e0 61 00 00 aa c0 30 c0 2c c0 28 c0 24 c0 14 c0 0a 00 a5 00 a3 00 a1 00 9f 00 6b 00 6a 00 69 00 68 00 39 00 38 00 37 00 36 00 88 00 87 00 86 00 85 c0 32 c0 2e c0 2a c0 26 c0 0f c0 05 00 9d 00 3d 00 35 00 84 c0 2f c0 2b c0 27 c0 23 c0 13 c0 09 00 a4 00 a2 00 a0 00 9e 00 67 00 40 00 3f 00 3e 00 33 00 32 00 31 00 30 00 9a 00 99 00 98 00 97 00 45 00 44 00 43 00 42 c0 31 c0 2d c0 29 c0 25 c0 0e c0 04 00 9c 00 3c 00 2f 00 96 00 41 c0 11 c0 07 c0 0c c0 02 00 05 00 04 c0 12 c0 08 00 16 00 13 00 10 00 0d c0 0d c0 03 00 0a 00 ff 01 00 00 51 00 0b 00 04 03 00 01 02 00 0a 00 1c 00 1a 00 17 00 19 00 1c 00 1b 00 18 00 1a 00 16 00 0e 00 0d 00 0b 00 0c 00 09 00 0a 00 0d 00 20 00 1e 06 01 06 02 06 03 05 01 05 02 05 03 04 01 04 02 04 03 03 01 03 02 03 03 02 01 02 02 02 03 00 0f 00 01 01 Encapsulating EAP message into a RADIUS packet Copied RADIUS State Attribute Sending RADIUS message to authentication server RADIUS message: code=1 (Access-Request) identifier=2 length=455 Attribute 1 (User-Name) length=21 Value: 'eduroam@rnpteste.br' Attribute 4 (NAS-IP-Address) length=6 Value: 127.0.0.1 Attribute 31 (Calling-Station-Id) length=19 Value: '02-00-00-00-00-01' Attribute 12 (Framed-MTU) length=6 Value: 1400 Attribute 61 (NAS-Port-Type) length=6 Value: 19 Attribute 6 (Service-Type) length=6 Value: 2 Attribute 77 (Connect-Info) length=24 Value: 'CONNECT 11Mbps 802.11b' Attribute 79 (EAP-Message) length=255 Value: 0202013315001603010128010001240303d2f5eea4fdbe3d97827f69579ce66256228d2985dafcc71333fe57a0d62fe0610000aac030c02cc028c024c014c00a00a500a300a1009f006b006a0069006800390038003700360088008700860085c032c02ec02ac026c00fc005009d003d00350084c02fc02bc027c023c013c00900a400a200a0009e00670040003f003e0033003200310030009a0099009800970045004400430042c031c02dc029c025c00ec004009c003c002f00960041c011c007c00cc00200050004c012c008001600130010000dc00dc003000a00ff01000051000b000403000102000a001c001a00170019001c001b0018001a00 Attribute 79 (EAP-Message) length=56 Value: 16000e000d000b000c0009000a000d0020001e060106020603050105020503040104020403030103020303020102020203000f000101 Attribute 24 (State) length=18 Value: 161759b417154cb0f3b4952e04b41a4d Attribute 80 (Message-Authenticator) length=18 Value: 67ecbe0e885a25686f87da3397222a19 Next RADIUS client retransmit in 3 seconds EAPOL: SUPP_BE entering state RECEIVE EAPOL: startWhen --> 0 STA 02:00:00:00:00:01: Resending RADIUS message (id=2) Next RADIUS client retransmit in 6 seconds Received 20 bytes from RADIUS server Received RADIUS message RADIUS message: code=3 (Access-Reject) identifier=2 length=20 STA 02:00:00:00:00:01: Received RADIUS packet matched with a pending request, round trip time 2.10 sec Allowing RADIUS Access-Reject without Message-Authenticator since it does not include EAP-Message RADIUS packet matching with station could not extract EAP-Message from RADIUS message EAPOL: EAP key not available EAPOL: EAP Session-Id not available WPA: Clear old PMK and PTK EAP: deinitialize previously used EAP method (21, TTLS) at EAP deinit ENGINE: engine deinit MPPE keys OK: 0 mismatch: 1 FAILURE