Hostapd error connecting to wifi for WPA2-EAP

althost2 · February 14, 2025, 2:08pm

I am trying to setup WPA2-EAP for wifi on my WRT3200ACM to help with some parental controls for time usage. The radius server is on a pfsense box, the authentication between openwrt and radius is working (radtest shows all good). I attempt to attach an iphone to the access point, it connects asks for user/password, is served a certificate from the radius server, then disconnects. The openwrt log shows an error: NL80211_ATTR_STA_VLAN (addr=a2:2e:a6:73:37:b2 ifname=phy2-ap1 vlan_id=0) failed: -95 (Not supported)

Same thing happens when connecting a linux laptop as well.

Any ideas what to do to fix this or troubleshoot?

Thanks!

Thu Feb 13 09:40:14 2025 daemon.info hostapd: phy2-ap1: STA a2:2e:a6:73:37:b2 IEEE 802.11: associated
Thu Feb 13 09:40:14 2025 daemon.notice hostapd: phy2-ap1: CTRL-EVENT-EAP-STARTED a2:2e:a6:73:37:b2
Thu Feb 13 09:40:14 2025 daemon.notice hostapd: phy2-ap1: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Thu Feb 13 09:40:17 2025 daemon.notice hostapd: phy2-ap1: CTRL-EVENT-EAP-RETRANSMIT2 a2:2e:a6:73:37:b2
Thu Feb 13 09:40:23 2025 daemon.notice hostapd: phy2-ap1: CTRL-EVENT-EAP-RETRANSMIT2 a2:2e:a6:73:37:b2
Thu Feb 13 09:40:26 2025 daemon.err hostapd: nl80211: NL80211_ATTR_STA_VLAN (addr=a2:2e:a6:73:37:b2 ifname=phy2-ap1 vlan_id=0) failed: -95 (Not supported)
Thu Feb 13 09:40:29 2025 daemon.notice hostapd: phy2-ap1: CTRL-EVENT-EAP-RETRANSMIT2 a2:2e:a6:73:37:b2
Thu Feb 13 09:40:35 2025 daemon.notice hostapd: phy2-ap1: CTRL-EVENT-EAP-RETRANSMIT2 a2:2e:a6:73:37:b2
Thu Feb 13 09:40:37 2025 daemon.info hostapd: phy2-ap1: STA a2:2e:a6:73:37:b2 IEEE 802.11: disassociated

althost2 · February 14, 2025, 10:28pm

I figured out the issue -- looks like it is related to the radio choice on the WRT3200ACM. Everything works fine on radio0, radio1 -- but fails on radio2, not sure why this would be the case but there have been past issues with the third radio.

Thanks

Fri Feb 14 17:17:29 2025 daemon.info hostapd: phy1-ap2: STA 82:b2:09:c5:bd:c5 IEEE 802.11: associated (aid 1)
Fri Feb 14 17:17:29 2025 daemon.notice hostapd: phy1-ap2: CTRL-EVENT-EAP-STARTED 82:b2:09:c5:bd:c5
Fri Feb 14 17:17:29 2025 daemon.notice hostapd: phy1-ap2: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
Fri Feb 14 17:17:30 2025 daemon.info hostapd: phy1-ap2: STA 82:b2:09:c5:bd:c5 IEEE 802.11: authenticated
Fri Feb 14 17:17:32 2025 daemon.notice hostapd: phy1-ap2: CTRL-EVENT-EAP-SUCCESS2 82:b2:09:c5:bd:c5
Fri Feb 14 17:17:32 2025 daemon.info hostapd: phy1-ap2: STA 82:b2:09:c5:bd:c5 WPA: pairwise key handshake completed (RSN)
Fri Feb 14 17:17:32 2025 daemon.notice hostapd: phy1-ap2: EAPOL-4WAY-HS-COMPLETED 82:b2:09:c5:bd:c5
Fri Feb 14 17:17:32 2025 daemon.notice hostapd: phy1-ap2: AP-STA-CONNECTED 82:b2:09:c5:bd:c5 auth_alg=open
Fri Feb 14 17:17:32 2025 daemon.info hostapd: phy1-ap2: STA 82:b2:09:c5:bd:c5 RADIUS: starting accounting session EA9A77F729B6FF33
Fri Feb 14 17:17:32 2025 daemon.info hostapd: phy1-ap2: STA 82:b2:09:c5:bd:c5 IEEE 802.1X: authenticated - EAP type: 25 (PEAP)
Fri Feb 14 17:17:37 2025 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-pfsense) 82:b2:09:c5:bd:c5
Fri Feb 14 17:17:37 2025 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-pfsense) 192.168.3.196 82:b2:09:c5:bd:c5
Fri Feb 14 17:17:37 2025 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-pfsense) 82:b2:09:c5:bd:c5
Fri Feb 14 17:17:37 2025 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-pfsense) 192.168.3.196 82:b2:09:c5:bd:c5
Fri Feb 14 17:17:38 2025 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-pfsense) 192.168.3.196 82:b2:09:c5:bd:c5
Fri Feb 14 17:17:38 2025 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-pfsense) 192.168.3.196 82:b2:09:c5:bd:c5 iPhone

patrakov · February 15, 2025, 1:00am

Which wpad package variant are you using? Try switching to a different one. It absolutely must not contain the word "basic" in its name, and both the openssl and mbedtls variants should work.

I.e., try wpad-mbedtls, and, if it still doesn't work, wpad-openssl.

althost2 · February 15, 2025, 1:32am

Understood, I originally thought it was a wpad version issue, I tried wpad, wpad-mbedtls and wpad-openssl. Had the same issue with all the packages I think it is something with the 3rd radio on the WRT3200ACM. I got it work with the wpad -- now that it is working will try the others.

Thank you for the assistance.

Marcelo.Barros · February 15, 2025, 1:34am

hi....
Have you see this?

github.com/kaloz/mwlwifi

ESP8266/Embedded devices unable to connect to 2.4Ghz Radio

opened 09:21AM - 03 Mar 18 UTC

iganeshk

I am trying to setup the wireless camera over 2.4ghz access point on 3200ACM run…ning openwrt r6302/r6365 using the latest driver on 3200ACM with all the possible encryption and channels but it just fails after authentication and hence dhcp is unable to detect and allocate an IP to it. Here are the logs that I observed on various settings. ``` Fri Mar 2 14:07:05 2018 daemon.info hostapd: wlan1: STA 88:83:5d:XX:XX:XX IEEE 802.11: associated (aid 4) Fri Mar 2 14:07:06 2018 daemon.notice hostapd: wlan1: AP-STA-CONNECTED 88:83:5d:XX:XX:XX Fri Mar 2 14:07:06 2018 daemon.info hostapd: wlan1: STA 88:83:5d:XX:XX:XX WPA: pairwise key handshake completed (RSN) Fri Mar 2 14:07:17 2018 daemon.info hostapd: wlan1: STA 88:83:5d:XX:XX:XX IEEE 802.11: authenticated Fri Mar 2 14:07:51 2018 daemon.notice hostapd: wlan1: AP-STA-DISCONNECTED 88:83:5d:XX:XX:XX Fri Mar 2 14:07:51 2018 kern.debug kernel: [43300.431211] ieee80211 phy1: staid 4 deleted ``` ``` Sat Mar 3 02:53:37 2018 kern.debug kernel: [43405.708782] ieee80211 phy1: staid 4 deleted Sat Mar 3 02:53:40 2018 daemon.info hostapd: wlan1: STA 88:83:5d:xx:xx:xx IEEE 802.11: deauthenticated due to local deauth request Sat Mar 3 02:53:41 2018 daemon.notice hostapd: handle_auth_cb: STA 88:83:5d:xx:xx:xx not found Sat Mar 3 02:53:41 2018 daemon.notice hostapd: handle_auth_cb: STA 88:83:5d:xx:xx:xx not found Sat Mar 3 02:53:41 2018 daemon.notice hostapd: handle_auth_cb: STA 88:83:5d:xx:xx:xx not found Sat Mar 3 02:53:43 2018 daemon.info hostapd: wlan1: STA 88:83:5d:xx:xx:xx IEEE 802.11: associated (aid 4) Sat Mar 3 02:53:43 2018 daemon.notice hostapd: wlan1: AP-STA-POSSIBLE-PSK-MISMATCH 88:83:5d:xx:xx:xx Sat Mar 3 02:53:44 2018 daemon.notice hostapd: wlan1: AP-STA-POSSIBLE-PSK-MISMATCH 88:83:5d:xx:xx:xx Sat Mar 3 02:53:45 2018 daemon.notice hostapd: wlan1: AP-STA-POSSIBLE-PSK-MISMATCH 88:83:5d:xx:xx:xx ``` After allocating static ip: ``` Fri Mar 2 14:10:22 2018 daemon.info hostapd: wlan1-1: STA 88:83:5d:XX:XX:XX IEEE 802.11: associated (aid 1) Fri Mar 2 14:10:23 2018 daemon.notice hostapd: wlan1-1: AP-STA-CONNECTED 88:83:5d:XX:XX:XX Fri Mar 2 14:10:23 2018 daemon.info hostapd: wlan1-1: STA 88:83:5d:XX:XX:XX WPA: pairwise key handshake completed (WPA) Fri Mar 2 14:10:23 2018 daemon.info hostapd: wlan1-1: STA 88:83:5d:XX:XX:XX WPA: group key handshake completed (WPA) Fri Mar 2 14:10:27 2018 daemon.warn dnsmasq-dhcp[3775]: DHCP packet received on wlan1-1 which has no address Fri Mar 2 14:10:30 2018 daemon.warn dnsmasq-dhcp[3775]: DHCP packet received on wlan1-1 which has no address Fri Mar 2 14:10:33 2018 daemon.warn dnsmasq-dhcp[3775]: DHCP packet received on wlan1-1 which has no address Fri Mar 2 14:10:37 2018 daemon.warn dnsmasq-dhcp[3775]: DHCP packet received on wlan1-1 which has no address Fri Mar 2 14:10:40 2018 daemon.warn dnsmasq-dhcp[3775]: DHCP packet received on wlan1-1 which has no address Fri Mar 2 14:10:43 2018 daemon.warn dnsmasq-dhcp[3775]: DHCP packet received on wlan1-1 which has no address Fri Mar 2 14:10:43 2018 daemon.info hostapd: wlan1-1: STA 88:83:5d:XX:XX:XX IEEE 802.11: authenticated Fri Mar 2 14:10:48 2018 daemon.warn dnsmasq-dhcp[3775]: DHCP packet received on wlan1-1 which has no address Fri Mar 2 14:10:51 2018 daemon.warn dnsmasq-dhcp[3775]: DHCP packet received on wlan1-1 which has no address Fri Mar 2 14:10:54 2018 daemon.warn dnsmasq-dhcp[3775]: DHCP packet received on wlan1-1 which has no address Fri Mar 2 14:10:59 2018 daemon.warn dnsmasq-dhcp[3775]: DHCP packet received on wlan1-1 which has no address Fri Mar 2 14:11:02 2018 daemon.warn dnsmasq-dhcp[3775]: DHCP packet received on wlan1-1 which has no address Fri Mar 2 14:11:05 2018 daemon.warn dnsmasq-dhcp[3775]: DHCP packet received on wlan1-1 which has no address Fri Mar 2 14:11:08 2018 daemon.notice hostapd: wlan1-1: AP-STA-DISCONNECTED 88:83:5d:XX:XX:XX ``` At first I though it was an issue with dnsmasq, but then I was able to connect the camera with radio2 over 2.4ghz.

Radio 2 is not mwlwifi.
Can you use the same version to test DHCP and static IP? Please get the log for me.
Don't use WEP or TKIP.

althost2 · February 15, 2025, 2:06am

Have not had an issue using radio2 with other security than EAP (radio2 does seem to be less stable, but I attributed that to me using it for playing around with). I did have some issues with a version mismatch installing wpad on a lower openwrt firmware version (none of the radios would turn on). Flashed the most recent firmware and that went away.

Log for radio2 with WPA-PSK when interface is in static address mode, device is getting ip from interface dhcp.

Fri Feb 14 20:51:02 2025 daemon.info hostapd: phy2-ap0: STA 1e:44:33:1d:45:4d IEEE 802.11: associated
Fri Feb 14 20:51:02 2025 daemon.notice hostapd: phy2-ap0: AP-STA-CONNECTED 1e:44:33:1d:45:4d auth_alg=open
Fri Feb 14 20:51:02 2025 daemon.info hostapd: phy2-ap0: STA 1e:44:33:1d:45:4d RADIUS: starting accounting session 4890B748670820DE
Fri Feb 14 20:51:02 2025 daemon.info hostapd: phy2-ap0: STA 1e:44:33:1d:45:4d WPA: pairwise key handshake completed (RSN)
Fri Feb 14 20:51:02 2025 daemon.notice hostapd: phy2-ap0: EAPOL-4WAY-HS-COMPLETED 1e:44:33:1d:45:4d
Fri Feb 14 20:51:02 2025 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-server) 192.168.1.100 1e:44:33:1d:45:4d
Fri Feb 14 20:51:02 2025 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-server) 192.168.1.100 1e:44:33:1d:45:4d iPhone

staic ip on the attached device:
Fri Feb 14 20:59:01 2025 daemon.info hostapd: phy2-ap0: STA 1e:44:33:1d:45:4d IEEE 802.11: associated
Fri Feb 14 20:59:01 2025 daemon.notice hostapd: phy2-ap0: AP-STA-CONNECTED 1e:44:33:1d:45:4d auth_alg=open
Fri Feb 14 20:59:01 2025 daemon.info hostapd: phy2-ap0: STA 1e:44:33:1d:45:4d RADIUS: starting accounting session A4EC9685FF7AED25
Fri Feb 14 20:59:01 2025 daemon.info hostapd: phy2-ap0: STA 1e:44:33:1d:45:4d WPA: pairwise key handshake completed (RSN)
Fri Feb 14 20:59:01 2025 daemon.notice hostapd: phy2-ap0: EAPOL-4WAY-HS-COMPLETED 1e:44:33:1d:45:4d

Marcelo.Barros · February 17, 2025, 12:23pm

This is happen... when the device is close of the WRT? or the "iphone" say... strong signal? Doing a speedtest (sample) at iphone, using the 3d radio.. Drops the connections? (when the iphone is side-by-side of the WRT?

althost2 · February 20, 2025, 4:20pm

All devices are right next to each other.