I can report successfully getting on the UIC wireless using FreeBSD 6.0-RC1 and wpa_supplicant 0.3.9 (and some evil little commands to workaround flaws that exist either in wpa_supplicant or the atheros driver in freebsd6.
Without further delay, here's the information I used for getting it going. wpa_supplicant.conf: ctrl_interface=/var/run/wpa_supplicant eapol_version=2 ap_scan=1 network={
ssid="UIC-Wireless"
scan_ssid=1
mode=0
key_mgmt=IEEE8021X
eap=TTLS
identity="YOURNETID"
password="YOURPASSWORD"
anonymous_identity="anonymous"
ca_cert="thawte.pem"
phase2="auth=PAP"
}
Getting the ca_cert file is a matter of exporting the thawte key from internet explorer or go to Addendum 1
Lines starting with a # are commands I've typed (in case anyone misses that).
The wep module in freebsd is not loaded by default. # kldload wlan_wep # wpa_supplicant -d -K -iath0 -cwpa_supplicant.conf
some background:
-d debugging -K print keys in debug output -i device to use (ath0 is the device name of my wireless card in FreeBSD) -c configuration file to use
In the output of wpa_supplicant, you'll see two sections with hex keys (right before it says EAPOL: SUPP_PAE entering state AUTHENTICATED) that look like this:
RX EAPOL from 00:12:00:d7:0e:00 EAPOL: Received EAPOL-Key frame EAPOL: KEY_RX entering state KEY_RECEIVE EAPOL: processKey EAPOL: RX IEEE 802.1X ver=1 type=3 len=57 EAPOL-Key: type=1 key_length=13 key_index=0×1 EAPOL: EAPOL-Key key signature verified EAPOL: Decrypted(RC4) key - hexdump(len=13): 0a 25 02 5d f5 5e 15 14 10 a3 3f 44 87 EAPOL: Setting dynamic WEP key: broadcast keyidx 1 len 13 wpa_driver_bsd_set_key: alg=WEP addr=ff:ff:ff:ff:ff:ff key_idx=1 set_tx=0 seq_len=0 key_len=13 WPA: EAPOL frame too short, len 61, expecting at least 99 RX EAPOL from 00:12:00:d7:0e:00 EAPOL: Received EAPOL-Key frame EAPOL: KEY_RX entering state KEY_RECEIVE EAPOL: processKey EAPOL: RX IEEE 802.1X ver=1 type=3 len=44 EAPOL-Key: type=1 key_length=13 key_index=0×83 EAPOL: EAPOL-Key key signature verified EAPOL: using part of EAP keying material data encryption key - hexdump(len=13): 58 de d1 50 54 95 54 ec 35 bb 8d d4 77 EAPOL: Setting dynamic WEP key: unicast keyidx 3 len 13 wpa_driver_bsd_set_key: alg=WEP addr=00:12:00:d7:0e:00 key_idx=3 set_tx=128 seq_len=0 key_len=13 EAPOL: all required EAPOL-Key frames received
These change from execution to execution (and I believe while you are connected, given enough time). By manually entering that second key into the right keyid, and using that key for transmitting, I can actually exchange IP traffic. # ifconfig ath0 wepkey 4:0x58ded150549554ec35bb8dd477 weptxkey 4 On FreeBSD, the key id's go from 1-4, instead of 0-3. # dhclient ath0
DHCPDISCOVER on ath0 to 255.255.255.255 port 67 interval 5 DHCPOFFER from 131.193.41.1 DHCPREQUEST on ath0 to 255.255.255.255 port 67 DHCPACK from 131.193.41.1 bound to 131.193.41.145 – renewal in 450 seconds.
The next trick of course, is to get wpa_supplicant to automatically enter the information instead, which would be ideal (because I could easily do this then), but I'll suffer a bit for now.
It seems to be true that when the key is not a 'group' key, that the index is being allocated separately. I made a modification to your patch, which oddly works.
All the lines in the file below that start with ”-” sould be deleted and replaced with the lines that start with ” ”
Index: driver_freebsd.c
RCS file: /usr/ncvs/src/usr.sbin/wpa/wpa_supplicant/driver_freebsd.c,v retrieving revision 1.8 diff -u -r1.8 driver_freebsd.c — driver_freebsd.c 30 Aug 2005 15:59:49 -0000 1.8
driver_freebsd.c 26 Oct 2005 06:30:33 -0000
@@ -311,10 311,11 @@
if (bcmp(addr, "\xff\xff\xff\xff\xff\xff", IEEE80211_ADDR_LEN) == 0) {
wk.ik_flags |= IEEE80211_KEY_GROUP;
wk.ik_keyix = key_idx;
- if (set_tx) - wk.ik_flags |= IEEE80211_KEY_DEFAULT; - } else - wk.ik_keyix = IEEE80211_KEYIX_NONE;
} else {
wk.ik_keyix = (key_idx == 0 ? IEEE80211_KEYIX_NONE : key_idx);
}
if (wk.ik_keyix != IEEE80211_KEYIX_NONE