Openvswitch with wireless authentication not working

Has anyone had success configuring openvswitch with wlan and WPA/WPA2 authentication?

OVS with wlan0 and "No encryption" works fine, but I would like to use WPA/WPA2.

Here are the log messages I see:

Thu Jun  8 17:29:32 2017 daemon.debug hostapd: wlan0: STA 80:86:f2:72:61:b8 IEEE 802.11: authentication OK (open system)
Thu Jun  8 17:29:32 2017 daemon.debug hostapd: wlan0: STA 80:86:f2:72:61:b8 MLME: MLME-AUTHENTICATE.indication(80:86:f2:72:61:b8, OPEN_SYSTEM)
Thu Jun  8 17:29:32 2017 daemon.debug hostapd: wlan0: STA 80:86:f2:72:61:b8 MLME: MLME-DELETEKEYS.request(80:86:f2:72:61:b8)
Thu Jun  8 17:29:32 2017 daemon.info hostapd: wlan0: STA 80:86:f2:72:61:b8 IEEE 802.11: authenticated
Thu Jun  8 17:29:32 2017 daemon.debug hostapd: wlan0: STA 80:86:f2:72:61:b8 IEEE 802.11: association OK (aid 1)
Thu Jun  8 17:29:32 2017 daemon.info hostapd: wlan0: STA 80:86:f2:72:61:b8 IEEE 802.11: associated (aid 1)
Thu Jun  8 17:29:32 2017 daemon.debug hostapd: wlan0: STA 80:86:f2:72:61:b8 MLME: MLME-ASSOCIATE.indication(80:86:f2:72:61:b8)
Thu Jun  8 17:29:32 2017 daemon.debug hostapd: wlan0: STA 80:86:f2:72:61:b8 MLME: MLME-DELETEKEYS.request(80:86:f2:72:61:b8)
Thu Jun  8 17:29:32 2017 daemon.debug hostapd: wlan0: STA 80:86:f2:72:61:b8 IEEE 802.11: binding station to interface 'wlan0'
Thu Jun  8 17:29:32 2017 daemon.debug hostapd: wlan0: STA 80:86:f2:72:61:b8 WPA: event 1 notification
Thu Jun  8 17:29:32 2017 daemon.debug hostapd: wlan0: STA 80:86:f2:72:61:b8 WPA: start authentication
Thu Jun  8 17:29:32 2017 daemon.debug hostapd: wlan0: STA 80:86:f2:72:61:b8 IEEE 802.1X: unauthorizing port
Thu Jun  8 17:29:32 2017 daemon.debug hostapd: wlan0: STA 80:86:f2:72:61:b8 WPA: sending 1/4 msg of 4-Way Handshake
Thu Jun  8 17:29:33 2017 daemon.debug hostapd: wlan0: STA 80:86:f2:72:61:b8 WPA: EAPOL-Key timeout
Thu Jun  8 17:29:33 2017 daemon.debug hostapd: wlan0: STA 80:86:f2:72:61:b8 WPA: sending 1/4 msg of 4-Way Handshake
Thu Jun  8 17:29:34 2017 daemon.debug hostapd: wlan0: STA 80:86:f2:72:61:b8 WPA: EAPOL-Key timeout
Thu Jun  8 17:29:34 2017 daemon.debug hostapd: wlan0: STA 80:86:f2:72:61:b8 WPA: sending 1/4 msg of 4-Way Handshake
Thu Jun  8 17:29:35 2017 daemon.debug hostapd: wlan0: STA 80:86:f2:72:61:b8 WPA: EAPOL-Key timeout
Thu Jun  8 17:29:35 2017 daemon.debug hostapd: wlan0: STA 80:86:f2:72:61:b8 WPA: sending 1/4 msg of 4-Way Handshake
Thu Jun  8 17:29:36 2017 daemon.debug hostapd: wlan0: STA 80:86:f2:72:61:b8 WPA: EAPOL-Key timeout
Thu Jun  8 17:29:36 2017 daemon.debug hostapd: wlan0: STA 80:86:f2:72:61:b8 WPA: PTKSTART: Retry limit 4 reached
Thu Jun  8 17:29:36 2017 daemon.debug hostapd: wlan0: STA 80:86:f2:72:61:b8 WPA: event 3 notification
Thu Jun  8 17:29:36 2017 daemon.debug hostapd: wlan0: STA 80:86:f2:72:61:b8 IEEE 802.1X: unauthorizing port
Thu Jun  8 17:29:36 2017 daemon.debug hostapd: wlan0: STA 80:86:f2:72:61:b8 MLME: MLME-DEAUTHENTICATE.indication(80:86:f2:72:61:b8, 2)
Thu Jun  8 17:29:36 2017 daemon.debug hostapd: wlan0: STA 80:86:f2:72:61:b8 MLME: MLME-DELETEKEYS.request(80:86:f2:72:61:b8)

My config files:

/etc/config/wireless:

config wifi-device 'radio0'
	option type 'mac80211'
	option channel '36'
	option hwmode '11a'
	option path 'pci0000:01/0000:01:00.0'
	option htmode 'VHT80'
	option country 'US'
	option log_level '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'LEDE-A'
	option key '********'
	option encryption 'psk2'

config wifi-device 'radio1'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option path 'platform/qca955x_wmac'
	option htmode 'HT20'
	option disabled '1'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'LEDE'
	option encryption 'none'

/etc/config/network:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd4b:0b29:346b::/48'

config interface 'lan'
#	option type 'bridge'
	option ifname 'ovsbr'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.2.1'

config interface 'eth1'
	option ifname 'eth1'
	option proto 'none'

config interface 'wan'
	option ifname 'eth0'
	option proto 'dhcp'

config interface 'wan6'
	option ifname 'eth0'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '2 3 4 5 0'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '1 6'

And my OVS config:

root@LEDE:/etc/config# ovs-vsctl show 
673c9187-c2e2-4893-8ecc-747b53c95237
    Bridge ovsbr
        Port "wlan0"
            Interface "wlan0"
        Port ovsbr
            Interface ovsbr
                type: internal

root@LEDE:/etc/config# ovs-ofctl show ovsbr
OFPT_FEATURES_REPLY (xid=0x2): dpid:0000f4f26dfc2fc4
n_tables:254, n_buffers:256
capabilities: FLOW_STATS TABLE_STATS PORT_STATS QUEUE_STATS ARP_MATCH_IP
actions: output enqueue set_vlan_vid set_vlan_pcp strip_vlan mod_dl_src mod_dl_dst mod_nw_src mod_nw_dst mod_nw_tos mod_tp_src mod_tp_dst
 2(wlan0): addr:f4:f2:6d:fc:2f:c4
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
 LOCAL(ovsbr): addr:f4:f2:6d:fc:2f:c4
     config:     0
     state:      0
     speed: 0 Mbps now, 0 Mbps max
OFPT_GET_CONFIG_REPLY (xid=0x4): frags=normal miss_send_len=0

@rkaminsk were you able to find a solution for this?. I have encountered a similar error.

It seems you need to patch hostapd according to this post from the old forum:

https://forum.openwrt.org/viewtopic.php?id=59129

Patch referenced in thread above.

https://github.com/hschaa/hostapd/commit/c89daaeca4ee90c8bc158e37acb1b679c823d7ab#diff-165dd5a1681d9394993972f6923fddf8R153

1 Like

@mikma thanks it worked