Hello all,
I
am using EAP-TTLS/EAP-MSCHAPv2 to authenticate clients with a FR 2.1.10 backend
AAA server. Requests go over an Access Point (playing the role of the NAS),
then get forwarded to a Proxy AAA FR 2.1.10 server and finally get routed to my
backend server. My client is using wpa_supplicant with “EAP=TTLS”
and “Phase2=”autheap=mschapv2”” options in the
configuration file.
The
problem I am having is that when the FR sends the final Accept-Accept to the
client, I end up having two MS-MPPE-Send-Key and MS-MPPE-Recv-Key keys of
different length, one added by the mschap module and one added by the eap
module, as seen here :
Sending Access-Accept of id 52 to 2001:db95::100 port
1814
Reply-Message =
"Hello, bob-mr1"
MS-MPPE-Encryption-Policy
= 0x00000001
MS-MPPE-Encryption-Types =
0x00000006
MS-MPPE-Send-Key =
0x8566119a6066e8eb7c1663dea8d1629b
MS-MPPE-Recv-Key =
0xc1f99bac753248c48db73fd5585bf810
Message-Authenticator =
0x00000000000000000000000000000000
User-Name =
"bob-mr1"
MS-MPPE-Recv-Key = 0x2eb89da2ac20179cb2b99391f94ca2bddf1701c67c524badad98ce56f09873dc
MS-MPPE-Send-Key = 0x0cf013411cfcea14ae9dee56baaf5467e55caed80fa83ffbbdf0f5998ce7fe62
EAP-Message = 0x03cf0004
Proxy-State = 0x3130
(if
someone wants a full debug output of the server it is posted here : http://pastebin.com/aXFMXXbT )
Having
two MS-MPPE key pairs is wrong and does not allow the end-client to properly finish
its key exchange with the Access Point, but restarts the EAP-TTLS communication.
I figured out that I could remove one pair of keys, by either doing this at
the end of my post-auth section of my inner-tunnel :
update reply {
MS-MPPE-Send-Key
!* 0x00
MS-MPPE-Recv-Key
!* 0x00
}
..or
if I set “use_mppe=no” to the mschap module although this means
that I will be loosing the MS-MPPE-Encryption-Policy and MS-MPPE-Encryption-Types
attributes as well. Which one do you think is the best approach and has less
impact for other authentication methods (e.g. straightforward mschapv2 or
others)?
By
the way, I also tried using PEAP and mschapv2 for phase 2 but it didn’t
have the above problem (it had just one pair of MS-MPPE keys). Isn’t that
weird since mschapv2 in PEAP is also eap-mschapv2 so it would expect to get exactly
the same phase 2 with EAP-TTLS.. What am I missing here?
Thanks
a lot in advance,
Panos