slow and delayed connection
Pelusa Vali
pelusitavali at postmaster.co.uk
Tue Mar 28 17:09:29 CEST 2006
hi list, well, finally my linux based ap works with wpa-eap, i use debian etch, madwifi-ng-r1475, freeradius 1.1.0 and hostapd 0.5.2. my ap can authenticate users and they can connect to wlan, everything ok. but now result they cann't surf internet because connection is very slow, they cann't inclusive access google or yahoo, connection is too slow and requests are never completed or delays among 35-120 seconds. i'm just performing tests, so ap and clients are in same room.
and when clients authenticating get lots of messages like this:
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 BE_AUTH entering state IDLE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
IEEE 802.1X: 00:0f:66:11:c1:96 REAUTH_TIMER entering state INITIALIZE
WPA: 00:0f:66:11:c1:96 WPA_PTK entering state INITPMK
WPA: PMK from EAPOL state machine (len=32)
WPA: 00:0f:66:11:c1:96 WPA_PTK entering state PTKSTART
ath0: STA 00:0f:66:11:c1:96 WPA: sending 1/4 msg of 4-Way Handshake
WPA: Send EAPOL(secure=0 mic=0 ack=1 install=0 pairwise=1 ie_len=0 gtk_len=0 key idx=0 encr=0)
TX EAPOL - hexdump(len=113): 00 0f 66 11 c1 96 00 0f 66 11 c1 97 88 8e 02 03 00 5f fe 00 89 00 20 00 00 00 00 00 00 00 01 bb a5 40 06 72 ff 43 57 37 d3 d3 67 f1 5c 13 3f 6c 48 d1 fb 14 5a 31 ce b2 ce 47 a9 96 20 a5 20 00 00 00 00 00 00 00 0 0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
and authentication delays 2 minutes, is it normal??
using ethereal to monitor wlan get a lot (but really many) of messages like this:
SOURCE DESTINATION PROTOCOL INFO
Cisco-Li_11:c1:96 192.168.50.1 MDS HEADER [Malformed Packet]
where 192.168.50.1 is ap's ip direction.
these are my configuration files:
MADWIFI:
rmmod ath_pci
modprobe ath_pci autocreate=ap
ifconfig ath0 up
iwpriv ath0 mode 3
iwconfig ath0 essid MYWLAN
iwconfig ath0 channel auto
iwconfig ath0 bitrate 54M
echo 1 > /proc/sys/net/ipv4/ip_forward
/etc/init.d/networking restart
IPTABLES=/sbin/iptables
$IPTABLES -F -t nat
$IPTABLES -A POSTROUTING -t nat -o eth0 -j MASQUERADE
/etc/init.d/dhcp restart
HOSTAPD:
interface=ath0
driver=madwifi
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=1
debug=4
dump_file=/tmp/hostapd.dump
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=MYWLAN
macaddr_acl=0
auth_algs=1
ieee8021x=1
eap_server=0
own_ip_addr=127.0.0.1
nas_identifier=www.srvw1.com
auth_server_addr=127.0.0.1
auth_server_port=1812
auth_server_shared_secret=mywlan
acct_server_addr=127.0.0.1
acct_server_port=1813
acct_server_shared_secret=mywlan
wpa=1
wpa_key_mgmt=WPA-EAP
wpa_pairwise=TKIP
wpa_group_rekey=300
wpa_gmk_rekey=640
I think it's behavior is related to freeradius because i tested using only hostapd with psk and without securities and everything was right, speed connection and everything fine, but activating freeradius speed connection is very poor.
so is in freeradius any parameter i should activate or change to avoid this problem??
these are freeradius configuration files:
USERS:
"User1"
DEFAULT Auth-Type = EAP
Fall-Through = 1
CLIENTS:
client 192.168.50.0/24 {
secret = mywlan
shortname = MYWLAN
}
EAP:
eap {
default_eap_type = tls
timer_expire = 60
ignore_unknown_eap_types = no
cisco_accounting_username_bug = no
md5 {
}
leap {
}
tls {
private_key_file = ${raddbdir}/certs/www.srvw1.com.pem
certificate_file = /home/admin/test/www.srvw1.com.pem
CA_file = /home/admin/test/cacert.pem
dh_file = /home/admin/test/dh
random_file = /home/admin/test/random
fragment_size = 1024
include_length = yes
}
}
RADDB:
max_request_time = 30
delete_blocked_requests = no
cleanup_delay = 5
max_requests = 1024
bind_address = *
port = 0
hostname_lookups = no
allow_core_dumps = no
regular_expressions = yes
extended_expressions = yes
log_stripped_names = no
log_auth = no
log_auth_badpass = no
log_auth_goodpass = no
usercollide = no
security {
max_attributes = 200
reject_delay = 1
status_server = no
}
thread pool {
start_servers = 5
max_servers = 32
min_spare_servers = 3
max_spare_servers = 10
max_requests_per_server = 0
}
acct_unique {
key = "User-Name, Acct-Session-Id, NAS-IP-Address, Client-IP-Address, NAS-Port"
}
authenticate {
eap
}
_______________________________________________________________
Where can you observe the highest tides in the world?
postmaster.co.uk
http://www.postmaster.co.uk/cgi-bin/meme/quiz.pl?id=158
More information about the Freeradius-Users
mailing list