1 (edited by walterav 2013-04-09 20:01:46)

Topic: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

Howto: WRT54GL v1.1 wired IEEE 802.1x client TTLS PAP:(surfnet / eduroam / securew2 wpa_supplicant, EAPOL TX RX)

!!!Update!!! 2011-10-23
Guide simplified, no external packages needed anymore! Since the "roboswitch driver" is now included by default in "wpa_supplicant" of the "Backfire" releases , although wpa_supplicant must and can be easily installed by the packet manager! The roboswitch driver of wpa_supplicant can push the EAP packages pass the internal WRT54GL switch and makes wired authentication working. This will probably be the last update to this guide since I have no subscription to surfnet anymore to test it... So use the final release of Backfire instead of the rc5 version I described.

1 flash your router with OpenWrt Backfire 10.03.1-rc5 firmware:
http://downloads.openwrt.org/backfire/10.03.1-rc5/brcm-2.4/openwrt-brcm-2.4-squashfs.trx #incase you already run a version of OpenWrt
http://downloads.openwrt.org/backfire/10.03.1-rc5/brcm-2.4/ #incase you run Linksys/Tomato/DD-wrt/etc firmware, reset to defaults and read instructions of your router howto upgrade firmware/OpenWrt!

2 login with telnet into the router:

telnet root@192.168.1.1
passwd #it will ask you to change router root password
reboot #it will reboot the router, not your pc, if you are in the right shell tongue

3 login with ssh into the router and install following software:

ssh root@192.168.1.1 #type yes to accept ssh-key and type password to complete login!
opkg update #this command updates the software package list of your router!
opkg install nano #this command installs text editor called nano
opkg install ntpclient #idem adjusts time of router
opkg install wpa-supplicant #the package that does the actual authentication

#if router is not connected to a working Internet connection on the (Internet port) these steps fail!
#instead learn howto "scp" (secure copy) these packages http://downloads.openwrt.org/backfire/10.03.1-rc5/brcm-2.4/packages/
from your local PC to the router and install them manually, don't forget the dependencies!
#if "scp" is too difficult, go to a friend with a working internet connection and connect your router to his/her and continue this guide(just make sure your router which uses 192.168.1.1 does not route the same range as the router of your friend, otherwise you still might not have a working connection)

4 make a wpa-supplicant conf file which contains username and password to authenticate:
#assumes you are still logged into the router with ssh

nano /etc/config/wpa.conf #opens text editor so you can copy paste this code in it(without the word Code: offcourse ;-p !)

ctrl_interface=/var/run/wpa_supplicant
ap_scan=0
network={
key_mgmt=IEEE8021X
eap=TTLS
identity="s0xxxxxx@1x"
anonymous_identity="s0xxxxxx@1x"
password="xxxxxxxxx"
phase2="auth=PAP"
}

#identity is just a example for Surfnet, Leiden Universiteit, Lijbrandt
#identity for University of Tromsø see https://forum.openwrt.org/viewtopic.php?pid=113223#p113223

#on your keyboard press the following two keys:
CTRL+x  #save yes and exit the texteditor "nano"

5 test authentication: your Internet connection / Authentication server must be connected to the routers WAN(internet) port:
#assumes you are still logged into the router with ssh

wpa_supplicant -i eth0.1 -D roboswitch -p multicast_only=1 -c /etc/config/wpa.conf
#if it says something like successful after a while(allot of other messages), press ctrl-c to quit
#try getting a ip-address from the Internet Provider
udhcpc -i eth0.1
#if successfull, you'll be able to internet :-)

#if authentication fails perform the wpa_supplicant command with -d or -dd for more verbose information

6 create startup deamon, so you don't have to type all of this in case of the routers power fails or it restarts:
#assumes you are still logged into the router with ssh

nano /etc/init.d/signinwpa #opens text editor copy paste code in it

#!/bin/sh /etc/rc.common
# Example script
# Copyright (C) 2007 OpenWrt.org
START=99

start() {
echo start
# commands to launch application
wpa_supplicant -i eth0.1 -D roboswitch -p multicast_only=1 -B -c /etc/config/wpa.conf  
sleep 15
#udhcpc -i eth0.1
}

CTRL+x #press these two keys on the keyboard and save yes and exit 'nano'
chmod 755 /etc/init.d/signinwpa #change the permission mode so the deamon can access it.
/etc/init.d/signinwpa enable #enables the sign in script for the init deamon
reboot

7 finished, setup Wifi/Access-Point wpa2 encryption etc, can be done in web-interface!
If you are not finished because you don't understand step 2 telnet and step 3 ssh, it might be because you have to type these commands into a "shell". For Mac OS X go to Utilities>Terminal for Ubuntu Linux go to Accessories>Terminal for Windows install putty.
I suggest Windows users to download a LiveCD like Ubuntu burn it, boot PC from the LiveCD and perform these steps... it might make more sense...

PS:
Date and time in router must be set to keep authentication working, otherwise certificates etc can not be detected as valid because of a big time difference, day of firmware got created. Therefor ntpclient is installed. It just sets the router to UTC, although there might be time difference with your region xxx hours, its ok. Feel free to adjust it to work okay with your timezone... it was to much work for me...
To read more about the parameters of the roboswitch driver in wpa-supplicant read this topic.
http://forum.openwrt.org/viewtopic.php?pid=86778#p86778

Different hardware capable of running OpenWrt:
If you have a other "router" that is also capable of running "OpenWrt", and if it doesn't use the same kind of "managed hardware switch" thats on the WRT54GL than you might be lucky with the current stable release of 8.09.2 or newer just follow the new howto at top of this page but use following changes at the next steps:
@step1
choose a correct firmware to flash for your hardware
@step 5/6
change to
wpa_supplicant -i eth0.1 -D wired -c /etc/config/wpa.conf

Tip:
Bridge interfaces if you can! Clients from the WRT54GL may get almost unlimited IP address directly from the radius service provider, therefor your router will not be bugged by heavy NAT/FIREWALL traffic, and will stay stable! Torrents can crash router easy, but when bridged it is no problem big_smile!
See this thread for howto bridge internet to internal LAN or even WIFI:
http://forum.openwrt.org/viewtopic.php?id=19540

Thanks:
Thanks to OpenWrt and Jouke Witteveen and all other people not mentioned making this possible. I only put this howto together but others figured it out! Whole project got started when stumbled on the following link, which was the other way around connecting the wifi site of the wrt54gl to a radius server hotspot/AP:
http://blog.jozjan.net/2008/12/wrt54gl-as-8021x-client-aka.html

2 (edited by walterav 2010-03-30 22:40:16)

Re: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

Improvements are welcome!

Re: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

Dear Walterav.

Thank you for your guide, i have studied it for a while now and will try this very soon.
However, if you have a WRT54GL (as mentioned in your guide here), is it possible to get the allready compiled firmware? This could spare me hours of compiling myself wink

And to other users reading this thread, are there any newer or easier ways to achieve this at this time considering the guide was last edited 2009-04-28 13:23:49?

Thanks in advance for any information and/or replies!

-zeM

Re: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

Bump!

Is there any easier way to fix this? or any precompiled firmwares out there for 54gl ?

Thanks in advance for any repsons concerning this issue.

5 (edited by walterav 2010-03-30 22:00:45)

Re: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

Hi zem,

The first post has been updated...

6 (edited by Solsoi 2010-03-26 22:33:18)

Re: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

Hey Walter and Zem,

half a year has passed. Are both of your Wlans running?

Back in my room with Surfnet access, I would have to buy the Router and do the setup from scratch. So I wonder what possiblities I have bridging vs doing the authentification within the router.

1.) Does the internal authentification allow diverse mutlimedia devices to access via wpa?

2.) At this point I am indifferent as of what router to purchase. I assume that the best way to go at this point is to flash with openWRT (for example the wrt54g)? I was a bit confused reading the notes about the managed hardware switch.

I would like to add that I do not yet have experience using neither telnet nor linux in general. I don't mind changing it but compiling may be reaching a bit far.

Thank you guys already. Greeting,

Solsoi

7 (edited by walterav 2010-03-30 22:43:30)

Re: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

Solsoi wrote:

half a year has passed. Are both of your Wlans running?

So I wonder what possiblities I have bridging vs doing the authentification within the router.

1.) Does the internal authentification allow diverse mutlimedia devices to access via wpa?

2.) At this point I am indifferent as of what router to purchase. I assume that the best way to go at this point is to flash with openWRT (for example the wrt54g)? I was a bit confused reading the notes about the managed hardware switch.
Solsoi

Could you explain what you mean with both Wlans running?

In case of the wrt54g series bridging for authentication will not/never work because the EAPOL packets cannot get through the 'managed switch'! So authentication will always need to happen on the router with the method described in first post.

But other routers, cheap ones, even ones that are not able to run OpenWrt, will probably not have a  'managed switch that blocks EAPOL packets' and might therefor bridge/pass the authentication on to your local pc, but If the pc that did the authentication powers-off, other devices on the router will stop working after a moment of time, unless they authenticate themselves.

1
I can connect multiple devices wired, or wireless from desktops/laptops to iphones etc. The authentication happens on the router, so you don't have to think at all... just plug-in/connect devices and they'll get their dhcp-lease.

2
I can't help you decide, but the wrt54gl v1.1 works its just outdated and 'slow'.
With the wrt54gl v.1.1 you can get about 2 MB's download rate via wireless, around 5MB's behind the wired LAN ports 'NAT' and if you bridge the WAN and LAN wired ports you can get around 11MB's of download speed on the LAN ports. The managed switch story is only a problem with the broadcom chipsets inside the wrt54g series router.

So if you plan buying a other router and put OpenWrt in there, it will only get easier!
Because you don't have to download and install the custom 'wpa-supplicant_0.6.9-2_mipsel.ipk' but just type 'opkg install wpa-supplicant'. You do have the follow the other steps...
If you buy a router which cannot run OpenWrt, just disable the 'DHCP server' and put the surfnet cable direct in one of the LAN ports and you have a bridged setup.

Re: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

walterav,

I'm just seeing your post, great. I will have to look and think about what you said more later, it will help. Thank you.

@"both Wlans running", Well I am wondering if at this moment, you are still running a wlan/wifi with eg. a wrt54gl? just one i mean, that would be sufficient wink

So far I have not decided on a router. Since you may be in the matter, do you have a specific suggestion? I think a used wrt54gl will do the trick for me, since as I understand what I will be doing is not bridging but rather having authentification within the router. Your setup seems perfect, the speed limitations you mentioned would be hardly limiting to my Rotterdam Surfnet, by the way wink

On the wrt support site I saw the version numbers of wrt54gl, the custom ipk you mentioned will work only on v1.1?

Re: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

Solsoi wrote:

walterav,

I'm just seeing your post, great. I will have to look and think about what you said more later, it will help. Thank you.

@"both Wlans running", Well I am wondering if at this moment, you are still running a wlan/wifi with eg. a wrt54gl? just one i mean, that would be sufficient wink

So far I have not decided on a router. Since you may be in the matter, do you have a specific suggestion? I think a used wrt54gl will do the trick for me, since as I understand what I will be doing is not bridging but rather having authentification within the router. Your setup seems perfect, the speed limitations you mentioned would be hardly limiting to my Rotterdam Surfnet, by the way wink

On the wrt support site I saw the version numbers of wrt54gl, the custom ipk you mentioned will work only on v1.1?

All interfaces either 'wired 4 LAN PORTS at the back' or 'wireless' work in this setup and will connect you without a problem to the 'internet / wan'. Multiple devices to wired or wireless all at the same time.

If I'm not mistaken the custom wpa ipk package was created on a wrt54g with 32mb ram, so no gl version... so I doubt it will not run on others wrt54...

BTW if you want to test this setup without buying the router first, try to boot from a "ubuntu 9.10 liveCD" and look if you are able to connect to surfnet via the "Network Manager Applet". As you can manage the authentication via the 'GUI' when selecting TTLS and PAP and your username/password. Than you are good to go and buy the router, which needs to be setup via CLI instead of GUI...

10 (edited by walterav 2010-04-12 11:57:36)

Re: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

Solsoi wrote:

Solsoi

WRT54GL 55,- euro's
On offer at Computerland, they seem to have a store in Rotterdam at the Jonker Fransstraat 134.

http://www.computerland.nl/Information.aspx?pid=1352 #link to online folder

11 (edited by Solsoi 2010-04-16 09:46:16)

Re: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

ok. I do not want to bridge it (hence not an option to use one of the lan ports of a basic router) but instead I will use a router with open wrt to do the log in with surfnet. Is this correct?

What I need is a a wireless connection to 4 devices, non of them will be constantly on (not for eg the registration with surfnet). only one at a time will use torrent and skype the others for surfing and emails. I woul like to furthermore have a Wireless Lan running between the divices and support for a wlan-printer. The priority is on the wirless connection of the devices, the rest should be straight forward i think. I have little knowledge as to what sort of router <50€ handles this?

I would prefer to use the simplest way to set this up. From what you have said I suppose it is using openWRT. I will be checking out the openWRT site which affordable routers are supported.

I will boot ubuntu to try that tomorrow. An essential question: I never had to register with a username and password to use my connection, but it is definitely a Kennisglas connection using Surfnet in my Student home. Does this mean anything?

I am sorry for moving slow, I must bore you. When I'm through this, I will have learned a ton of new stuff. Thanks a ton already, walter!

Edit
i found the tunneld tls with pap, but am clueless about what my username and password would be as I have never used them. Is that normal in your city, Leiden, too?

12 (edited by walterav 2010-04-16 14:08:49)

Re: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

Solsoi wrote:

I will boot ubuntu to try that tomorrow. An essential question: I never had to register with a username and password to use my connection, but it is definitely a Kennisglas connection using Surfnet in my Student home. Does this mean anything?

Edit
i found the tunneld tls with pap, but am clueless about what my username and password would be as I have never used them. Is that normal in your city, Leiden, too?

Do you have internet in Ubuntu, without doing anything, just clicking the firefox button? If so...
Are you really sure that you have a kennisglas connection which needs authentication? Do you need to install securew2 in Windows to get your internet connection working or did it just work?

We have to sign in with the our Student number which we also use for Blackboard and University mail...

If you don't need authentication, you can buy just any router... Keep in mind that torrents with allot of open connections, will crash allot of routers unless, they are bridged... Even wrt54gl will crash with torrents, so therefor I bridged the connection, which is all possible with the wrt54gl. So authentication done by the router and bridging wan/lan/wifi does work together...

ps:
If I'm not mistaken, it could be that the authentication is removed in some cities, I read that a long time ago on  www.tweakers.net forum

13 (edited by Solsoi 2010-04-18 19:08:39)

Re: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

I am afraid we really start to go off-topic regarding the thread title, on the other hand it may be relevant for people actually getting here.

walterav wrote:

Do you have internet in Ubuntu, without doing anything, just clicking the firefox button? If so...
Are you really sure that you have a kennisglas connection which needs authentication? Do you need to install securew2 in Windows to get your internet connection working or did it just work?

For both, windows and ubuntu, no securew2 needed. Plug-in cord and it is fine. Sorry, I did not know that is relevant information.

walterav wrote:

If you don't need authentication, you can buy just any router... Keep in mind that torrents with allot of open connections, will crash allot of routers unless, they are bridged... Even wrt54gl will crash with torrents, so therefor I bridged the connection, which is all possible with the wrt54gl. So authentication done by the router and bridging wan/lan/wifi does work together...

Well I have been puzzled by this, myself. Using a regular router is what I did a while back when I had a simple sitecom router via Wan port, regular setup. I did not get it to work with my limited experience. That is what got me here. According to the information I was given, yes I signed a contract which included kenninsglas terms, a whole lot of them. They have possibly given me a username and password, I will be able to look that up in a week. I will see if I can get my way through to a responsible person or at least knowledgable person about this topic.



walterav wrote:

ps:
If I'm not mistaken, it could be that the authentication is removed in some cities, I read that a long time ago on  www.tweakers.net forum

But is the authentification the entire problem or is it the entire communication, like wifi calls it handshake and whatnot else??

Edit:
Wait, so that means that bridging via one of the Lan ports would solve my problem either way, right? I will google right now to see if I understand how it works, otherwise I will get back to you about it.

Edit2:
With bridging, do you mean, my OS runs the Network bridge (Ethernet cable into pc and wirless to router)?

14 (edited by walterav 2010-04-18 21:09:37)

Re: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

Don't worry about thread hijacking... Just don't open another one, because I will be only monitoring this thread. We can always startover tongue

Solsoi wrote:

For both, windows and ubuntu, no securew2 needed. Plug-in cord and it is fine. Sorry, I did not know that is relevant information.

Unplug and replug cord also works in ubuntu? So that by accident the connection could not have been authorized in Windows, and after reboot to ubuntu its still working, because Windows authorized the connection.


Solsoi wrote:

Edit:
Wait, so that means that bridging via one of the Lan ports would solve my problem either way, right? I will google right now to see if I understand how it works, otherwise I will get back to you about it.

Edit2:
With bridging, do you mean, my OS runs the Network bridge (Ethernet cable into pc and wirless to router)?

edit/2:
Login into the web interface of the cheap sitecom router "if you still own it", disable the dhcp server and save settings, plug the cable from the wall with internet not in the wan port of the sitecom router "normal operation" but one of the lan ports of the router "bridging". The kennisglas provider will find your pc through the built in switch of the cheap router and probably assign a ip address to your pc, and maybe other devices on the other wired lan ports and or wireless if you have wireless on the sitecom. So the routers dhcp server you just disabled won't assing a ip-address to you pc, but the kennisglas dhcp server does, though the sitecom router...That is bridging.

Bridging can also be done in Windows, when 2 network interfaces get directly connected to each other via software. Onboard ethernet to a other ethernet or wifi adapter that are both in your pc at that moment. But by bridging I mean the process in the router.

Mac Address:
Are you able to connect other devices directly than your pc, like another pc or notebook or gameconsole, directly to the internet socket that comes from the wall without! a router or your pc connected. Do these devices have internet directly or not?

The only other thing I can think of if you are not able to connect other devices from routers to 'other' pc's notebooks gameconsoles etc... Is that the Authentication works on basis of Mac Address. Mac address is unique for each network adapter on this planet. Your sitecom router will have a other Mac address than your pc that works with the kennisglas connection.

In that situation the solution will be contacting kennisglas and give the mac address of the router to them. Or buy a wrt54gl and perform Macspoof.

15 (edited by Solsoi 2010-04-19 20:20:56)

Re: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

Great! Well when I had the sitecom I clearly did not try to bridge it. I can try with an old wired fritzbox next week before I get a wirless router.

walterav wrote:

Mac Address:
Are you able to connect other devices directly than your pc, like another pc or notebook or gameconsole, directly to the internet socket that comes from the wall without! a router or your pc connected. Do these devices have internet directly or not?
.

No mac address problem. I can pull the cable right out of the laptop with internet, put it into the netbook. It also works with ipconfig /release, switch cable into netbook and instant internet after about 10sec.

So, well, If the bridging will work, I hope you are not disappointed haha. I am very thankful either way!

Edit:
I was a bit confused a minute ago, remembering that we have static ip addresses. So I checked my internet IP via "whatsmyip.com" or sth. I switched the cable to another device, different IP. switched cable back, again first IP. Does surfnet make a list of the mac adresses and reserve static IP's?

Edit/2:
OK, I totally missed this information. That securew2 i likely to be removed in my connection!
http://gathering.tweakers.net/forum/list_messages/1162224/5
I was already a bit confused as to why there were so many wlans running after I came back from abroad hehe.

16 (edited by walterav 2010-04-20 18:19:54)

Re: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

Solsoi wrote:

Great! Well when I had the sitecom I clearly did not try to bridge it. I can try with an old wired fritzbox next week before I get a wirless router.

It's a simple test to use the old wired fritzbox and disable its dhcp-server via the web-interface, after that its bridged if you connect all the cable including the internet connection to the lan-ports of the router. I hope you have enough UTP cables to connect multiple devices at the same time to the sitecom and see if they all get their own ip lease from the surfnet dhcp-server. If it works you can probably buy any other router.

Solsoi wrote:

No mac address problem. I can pull the cable right out of the laptop with internet, put it into the netbook. It also works with ipconfig /release, switch cable into netbook and instant internet after about 10sec.
So, well, If the bridging will work, I hope you are not disappointed haha. I am very thankful either way!
Edit:
I was a bit confused a minute ago, remembering that we have static ip addresses. So I checked my internet IP via "whatsmyip.com" or sth. I switched the cable to another device, different IP. switched cable back, again first IP. Does surfnet make a list of the mac adresses and reserve static IP's?

Good to hear they don't use Mac Address Authentication.
If you pull out the cable, the dhcp-server 'on surfnet's site' did not receive a release signal from the dhcp-client 'from your pc'. So for a period of time the dhcp-server stores the Mac address and the assigned ip address to that Mac Address. If you shutdown the pc or the network connection the 'right' way instead of pulling the cable, it gives back the ip-address to the server, and the ip will probably be available to someone else in a matter of time. You can have the same address for days, or weeks, but most of the time it changes.

Solsoi wrote:

Edit/2:
OK, I totally missed this information. That securew2 i likely to be removed in my connection!
http://gathering.tweakers.net/forum/list_messages/1162224/5
I was already a bit confused as to why there were so many wlans running after I came back from abroad hehe.

Good you found the thread on tweakers.net forum.

PS: If you bridge other routers and don't disable the dhcp-server on that router, you !interfere! with the kennisglas network router, because 2 parties at that moment will be assigning ip address on the network, including you. The fastest device will win. So if your neighbors stop having internet, or the whole building, or multiple buildings, or block. If their computers get a Internal ip address range from from your router... you probably know the answer...
Also keep in mind that other people might enter your router via its webinterface, because they are on the same network if the router is bridged, so change to default admin password of the router!

17

Re: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

Thank you very much for your guide Walter!
Seems like its working now!

Thanks again!

18 (edited by Solsoi 2010-05-20 18:33:07)

Re: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

Walter,

Thanks a ton also from me. The thing about Stadswonen in Rotterdam(work with BBnet) is, no more Secure2W or whatsoever. It works just plugging cable into WAN, it works with my wrt54gl on dd-wrt, DHCP server ON.

Sorry to disppoint you after all this, but without this thread I'd never tried! haha

Whenever you are in town for a beer, pm this way wink

Thanks for clarifying the mac administration. So far I have not had trouble running a torrent on one computer and using the other for surfing. Furthermore skype, vpn, all perfect.

Another nice effect. I used to have the problem that when waking up my computer from standby, I would not get an IP from the kennisglas network router. That would happen in maybe 60% of the cases, probably because of what you said, no signing off, network router puts mac-address in idle status? Restart therefore always helps.
NOW, the problem has disappeared.

Thank you, again!

Re: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

I have followed your  guide, using the same firmware also, even though there are newer. But I get this error message:

CTRL-EVENT-EAP-STARTED EAP authentication started
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
CTRL-EVENT-EAP-FAILURE EAP authentication failed

Anybody who knows what I do wrong?

With -dd it says:

Initializing interface 'eth0.1' conf '/etc/config/wpa.conf' driver 'roboswitch' ctrl_interface 'N/A' bridge 'N/A'
Configuration file '/etc/config/wpa.conf' -> '/etc/config/wpa.conf'
Reading configuration file '/etc/config/wpa.conf'
ctrl_interface='/var/run/wpa_supplicant'
ap_scan=0
Line: 3 - start of a new network block
key_mgmt: 0x8
eap methods - hexdump(len=16): 00 00 00 00 15 00 00 00 00 00 00 00 00 00 00 00
identity - hexdump_ascii(len=13):
     63 6d 61 30 31 32 40 75 69 74 2e 6e 6f            cma013@uit.no   
anonymous_identity - hexdump_ascii(len=13):
     63 6d 61 30 31 32 40 75 69 74 2e 6e 6f            cma013@uit.no   
password - hexdump_ascii(len=8): [REMOVED]
phase2 - hexdump_ascii(len=8):
     61 75 74 68 3d 50 41 50                           auth=PAP       
Priority group 0
   id=0 ssid=''
Initializing interface (2) 'eth0.1'
wpa_driver_roboswitch_init: Added PAE group address to RoboSwitch ARL
wpa_driver_roboswitch_set_param: Ignoring unicast frames
Driver interface replaced interface name with 'eth0'
Own MAC address: 68:7f:74:16:33:9a
RSN: flushing PMKID list in the driver
Setting scan request: 0 sec 100000 usec
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
Added interface eth0
EAPOL: External notification - EAP success=0
EAPOL: External notification - EAP fail=0
EAPOL: External notification - portControl=Auto
Already associated with a configured network - generating associated event
Association info event
State: DISCONNECTED -> ASSOCIATED
Associated to a new BSS: BSSID=01:80:c2:00:00:03
No keys have been configured - skip key clearing
Select network based on association information
Network configuration found for the current AP
WPA: clearing AP WPA IE
WPA: clearing AP RSN IE
WPA: clearing own WPA/RSN IE
EAPOL: External notification - EAP success=0
EAPOL: External notification - EAP fail=0
EAPOL: External notification - portControl=Auto
Associated with 01:80:c2:00:00:03
WPA: Association event - clear replay counter
WPA: Clear old PTK
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
Cancelling scan request
EAPOL: startWhen --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
TX EAPOL: dst=01:80:c2:00:00:03
TX EAPOL - hexdump(len=4): 01 01 00 00
RX EAPOL from 00:0d:65:f2:b4:01
RX EAPOL - hexdump(len=46): 01 00 00 05 01 0e 00 05 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_PAE entering state RESTART
EAP: EAP entering state INITIALIZE
EAP: EAP entering state IDLE
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=14 method=1 vendor=0 vendorMethod=0
EAP: EAP entering state IDENTITY
CTRL-EVENT-EAP-STARTED EAP authentication started
EAP: EAP-Request Identity data - hexdump_ascii(len=0):
EAP: using anonymous identity - hexdump_ascii(len=13):
     63 6d 61 30 31 32 40 75 69 74 2e 6e 6f            cma013@uit.no   
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=01:80:c2:00:00:03
TX EAPOL - hexdump(len=22): 01 00 00 12 02 0e 00 12 01 63 6d 61 30 31 32 40 75 69 74 2e 6e 6f
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:0d:65:f2:b4:01
RX EAPOL - hexdump(len=46): 01 00 00 06 01 0f 00 06 0d 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=15 method=13 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: configuration does not allow: vendor 0 method 13
EAP: vendor 0 method 13 not allowed
EAP: Building EAP-Nak (requested type 13 vendor=0 method=0 not allowed)
EAP: allowed methods - hexdump(len=1): 15
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=01:80:c2:00:00:03
TX EAPOL - hexdump(len=10): 01 00 00 06 02 0f 00 06 03 15
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:0d:65:f2:b4:01
RX EAPOL - hexdump(len=46): 01 00 00 06 01 10 00 06 15 20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=16 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state GET_METHOD
EAP: Initialize selected EAP method: vendor 0 method 21 (TTLS)
EAP-TTLS: Phase2 type: PAP
CTRL-EVENT-EAP-METHOD EAP vendor 0 method 21 (TTLS) selected
EAP: EAP entering state METHOD
SSL: Received packet(len=6) - Flags 0x20
EAP-TTLS: Start (server ver=0, own ver=0)
TLS: using phase1 config options
EAP-TTLS: Start
TLS: tls_connection_handshake(in_data=0x4a57d8 in_len=0)
TLSv1: Send ClientHello
TLSv1: client_random - hexdump(len=32): 4c 3d e3 52 e7 43 84 e3 63 f9 9e 2c 6e 97 03 8f a6 68 bd 5f 1a 2a 41 10 d5 4c d9 a2 13 85 f3 b5
SSL: 56 bytes left to be sent out (of total 56 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=01:80:c2:00:00:03
TX EAPOL - hexdump(len=66): [[removed]]
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:0d:65:f2:b4:01
RX EAPOL - hexdump(len=1028): [[removed]]
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=17 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1024) - Flags 0xc0
SSL: TLS Message Length: 2374
SSL: Need 1360 bytes more input data
SSL: Building ACK (type=21 id=17 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=01:80:c2:00:00:03
TX EAPOL - hexdump(len=10): 01 00 00 06 02 11 00 06 15 00
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:0d:65:f2:b4:01
RX EAPOL - hexdump(len=1028): 01 00 04 00 01 12 04 00 15 c0 00 00 09 46 94 a2 68 50 ac b2 79 6e a5 7f 67 88 57 00 3c ae 0e b1 5e e5 10 e9 63 3d b0 74 2a e2 40 69 57 c4 62 6c cc 6a 5e 15 6e 17 2e 83 ec 6b 9e c2 a5 71 dc 1d 76 1b 7c 75 8f d4 92 83 1f 30 eb c7 f7 53 cc 60 90 42 d9 88 98 b5 46 19 51 21 f8 1c 0e 90 4e 90 42 fa 51 fb 41 df 4e d7 d1 01 7f 0c 19 2f f7 c5 9a 8a 62 9f 46 d0 9f 64 05 fa d6 f7 3f 5a 9f 45 f1 e4 e4 47 34 9b d1 d9 8a 41 f5 84 16 3c c1 9b 42 98 e6 8e 35 ce 13 1a c3 a3 72 ab 9d 51 cd 64 e5 23 c3 fd eb 87 17 56 02 45 f8 09 94 21 06 bd dc c0 ae f9 28 d0 f8 b4 67 92 22 19 3e f1 21 7f cc a7 0c 0c 3f 64 92 ea ec 14 31 b4 c1 1c 4f 88 aa 4b be fb 8a 92 ad 1d 3a 17 ae 27 66 c5 ad bf 8f 78 3d 66 f5 1b 6d 65 bf 12 87 9f 87 a3 ce 54 01 a8 0c 6f 00 96 02 f2 71 0f 4b 80 c1 d3 80 77 5a 29 0a c2 4e e0 c5 1a 1c 7e d1 91 00 04 46 30 82 04 42 30 82 03 ab a0 03 02 01 02 02 04 04 00 03 fb 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 75 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 18 30 16 06 03 55 04 0a 13 0f 47 54 45 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 27 30 25 06 03 55 04 0b 13 1e 47 54 45 20 43 79 62 65 72 54 72 75 73 74 20 53 6f 6c 75 74 69 6f 6e 73 2c 20 49 6e 63 2e 31 23 30 21 06 03 55 04 03 13 1a 47 54 45 20 43 79 62 65 72 54 72 75 73 74 20 47 6c 6f 62 61 6c 20 52 6f 6f 74 30 1e 17 0d 30 36 30 33 31 34 32 30 33 30 30 30 5a 17 0d 31 33 30 33 31 34 32 33 35 39 30 30 5a 30 5f 31 0b 30 09 06 03 55 04 06 13 02 42 45 31 13 30 11 06 03 55 04 0a 13 0a 43 79 62 65 72 74 72 75 73 74 31 17 30 15 06 03 55 04 0b 13 0e 45 64 75 63 61 74 69 6f 6e 61 6c 20 43 41 31 22 30 20 06 03 55 04 03 13 19 43 79 62 65 72 74 72 75 73 74 20 45 64 75 63 61 74 69 6f 6e 61 6c 20 43 41 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 95 22 a1 10 1d 4a 46 60 6e 05 91 9b df 83 c2 ed 12 b2 5a 7c f8 ab e1 f8 50 5c 28 2c 7e 7e 00 38 93 b0 8b 4a f1 c2 4c 3c 10 2c 3c ef b0 ec a1 69 2f b9 fc cc 08 14 6b 8d 4f 18 f3 83 d2 fa a9 37 08 20 aa 5c aa 80 60 a2 d5 a5 22 00 cf 5a e5 b4 97 df ba 1e be 5c 8e 17 19 66 fd af 9f 7c 7b 89 b2 0e 24 d8 c7 ab 63 c4 95 32 8d 48 e6 63 59 7d 04 b8 33 a8 bd d7 5d 64 bc 63 b5 f7 4d 28 fd f9 06 72 31 5c ba 45 94 65 a3 d2 b4 58 ec 3b 61 58 44 a3 2f 62 b3 9b 80 b4 82 fd d5 c7 cc 51 25 e5 95 3f 47 2f 30 7b ac c8 78 6e e2 e1 6d 27 eb 3d cc 01 82 e8 35 77 8d ab 58 bb 55 d1 d5 a4 81 56 8d 1c d0 14 b1 b0 06 de a0 91 22 f3 f0 a8 34 17 47 c6 e0 3e f6 0c 5a ac 7e 50 4b cd e1 69 6e 06 fc 06 7e 6a 4d b4 95 99 a0 59 5c 35 66 ec d9 49 d4 17 e0 60 b0 5d a5 d7 1a e2 2a 6e 66 f2 af 1d 02 03 01 00 01 a3 82 01 6f 30 82 01 6b 30 45 06 03 55 1d 1f 04 3e 30 3c 30 3a a0 38 a0 36 86 34 68 74 74 70 3a 2f 2f 77 77 77 2e 70 75 62 6c 69 63 2d 74 72 75 73 74 2e 63 6f 6d 2f 63 67 69 2d 62 69 6e 2f 43 52 4c 2f 32 30 31 38 2f 63 64 70 2e 63 72 6c 30 1d 06 03 55 1d 0e 04 16 04 14 65 65 a3 3d d7 3b 11 a3 0a 07 25 37 c9 42 4a 5b 76 77 50 e1 30 53 06 03 55 1d 20 04 4c 30 4a 30 48 06 09 2b 06 01 04 01 b1 3e 01 00 30 3b 30 39 06 08 2b 06 01 05 05 07 02 01 16 2d 68 74 74 70 3a 2f 2f 77 77 77 2e 70 75 62 6c 69 63 2d 74 72 75 73 74 2e 63 6f 6d 2f 43 50 53
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=18 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=1024) - Flags 0xc0
SSL: TLS Message Length: 2374
SSL: Need 346 bytes more input data
SSL: Building ACK (type=21 id=18 ver=0)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=01:80:c2:00:00:03
TX EAPOL - hexdump(len=10): 01 00 00 06 02 12 00 06 15 00
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:0d:65:f2:b4:01
RX EAPOL - hexdump(len=360): 01 00 01 64 01 13 01 64 15 80 00 00 09 46 2f 4f 6d 6e 69 52 6f 6f 74 2e 68 74 6d 6c 30 81 89 06 03 55 1d 23 04 81 81 30 7f a1 79 a4 77 30 75 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 18 30 16 06 03 55 04 0a 13 0f 47 54 45 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 27 30 25 06 03 55 04 0b 13 1e 47 54 45 20 43 79 62 65 72 54 72 75 73 74 20 53 6f 6c 75 74 69 6f 6e 73 2c 20 49 6e 63 2e 31 23 30 21 06 03 55 04 03 13 1a 47 54 45 20 43 79 62 65 72 54 72 75 73 74 20 47 6c 6f 62 61 6c 20 52 6f 6f 74 82 02 01 a5 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 06 30 12 06 03 55 1d 13 01 01 ff 04 08 30 06 01 01 ff 02 01 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 43 b3 45 83 54 71 c4 1f dc b2 3c 6b 4e bf 26 f2 4e f2 ad 9a 5b fa 86 37 88 e8 14 6c 41 18 42 5f ef 65 3e eb 03 77 a0 b7 9e 75 7a 51 7c bb 15 5b b8 af 91 a0 34 92 53 ed 7f 2a 49 84 ac b9 80 4b b5 c7 b2 23 22 fb eb d8 fb 6e c9 3c f3 d2 d1 bb be c9 1c ff 6d 01 db 69 80 0e 99 a5 ea 9e 7b 97 98 8f b7 cf 22 9c b3 b8 5d e5 a9 33 17 74 c6 97 37 0f b4 e9 26 82 5f 61 0b 3f 1e 3d 64 e9 2b 9b 16 03 01 00 04 0e 00 00 00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=19 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=356) - Flags 0x80
SSL: TLS Message Length: 2374
TLS: tls_connection_handshake(in_data=0x4a6948 in_len=2374)
TLSv1: Record Layer - Received - hexdump(len=2374): 16 03 01 00 2a 02 00 00 26 03 01 4c 3d e3 51 e0 3c a8 13 c2 51 77 46 28 f6 3e a2 49 a0 47 32 d4 9a b1 00 2a cb 69 88 96 eb c5 2a 00 00 2f 00 16 03 01 09 09 0b 00 09 05 00 09 02 00 04 b6 30 82 04 b2 30 82 03 9a a0 03 02 01 02 02 0b 01 00 00 00 00 01 1e 1b 56 47 e5 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 5f 31 0b 30 09 06 03 55 04 06 13 02 42 45 31 13 30 11 06 03 55 04 0a 13 0a 43 79 62 65 72 74 72 75 73 74 31 17 30 15 06 03 55 04 0b 13 0e 45 64 75 63 61 74 69 6f 6e 61 6c 20 43 41 31 22 30 20 06 03 55 04 03 13 19 43 79 62 65 72 74 72 75 73 74 20 45 64 75 63 61 74 69 6f 6e 61 6c 20 43 41 30 1e 17 0d 30 38 31 32 30 39 30 39 34 37 33 37 5a 17 0d 31 31 31 32 30 39 30 39 34 37 33 37 5a 30 5f 31 0b 30 09 06 03 55 04 06 13 02 6e 6f 31 20 30 1e 06 03 55 04 0a 0c 17 55 6e 69 76 65 72 73 69 74 65 74 65 74 20 69 20 54 72 6f 6d 73 c3 b8 31 15 30 13 06 03 55 04 0b 13 0c 49 54 2d 61 76 64 65 6c 69 6e 67 61 31 17 30 15 06 03 55 04 03 13 0e 72 61 64 69 75 73 31 2e 75 69 74 2e 6e 6f 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 d7 da 7c b1 83 c9 c9 aa b6 79 d2 eb af 87 be 33 8b 58 7c 87 d3 51 7f f0 22 e8 27 08 3d b7 9b e6 a6 d6 d0 f7 5a d2 75 c2 63 f4 6b 72 0c cd a4 08 07 04 e3 94 5c b5 3f 1c 18 2f 3a c5 a9 6b 53 d0 ad 70 c8 75 35 12 8f 64 01 5a 2f 9f 97 ab 86 47 b2 13 1c 38 0c 39 a8 a3 d9 bc be bd 92 bb 62 38 4d 7e 97 e4 df 7f 54 b5 bf f6 fe 5c f5 bc 93 99 8b 3d 53 a3 6b 10 e0 6c 12 b5 64 4c 95 34 ef 07 ee 53 e6 2b 80 65 47 c8 30 e3 d3 52 bc 8d 43 2a e2 6e ff c1 7c a3 ad 71 30 14 e3 62 62 b8 31 32 4e c1 b3 8a e0 4f 1f 67 d7 39 3f 4d 3e 0c c2 2a a6 99 6b bd e2 6d 30 cc 89 d8 a8 fd df 89 5f ca c4 bb e2 a9 c8 86 a0 13 55 21 61 63 86 ec 95 fe aa ad 7a 62 8d f0 86 5e 0e 31 38 1f 5d 1c 67 ce 33 3d 22 5b ef 01 4f 8b 2e 66 6b fa cc 20 8d b5 dd c4 42 7c ba b5 99 ba 58 3c ad 4c 8d 15 78 27 02 03 01 00 01 a3 82 01 6d 30 82 01 69 30 50 06 03 55 1d 20 04 49 30 47 30 45 06 07 2a 86 48 b1 3e 01 00 30 3a 30 38 06 08 2b 06 01 05 05 07 02 01 16 2c 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6c 6f 62 61 6c 73 69 67 6e 2e 6e 65 74 2f 72 65 70 6f 73 69 74 6f 72 79 2f 63 70 73 2e 63 66 6d 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 05 a0 30 1f 06 03 55 1d 23 04 18 30 16 80 14 65 65 a3 3d d7 3b 11 a3 0a 07 25 37 c9 42 4a 5b 76 77 50 e1 30 1d 06 03 55 1d 0e 04 16 04 14 56 69 f3 91 bc 39 0e 03 21 f8 65 82 6e b3 56 fb 82 26 de 11 30 3a 06 03 55 1d 1f 04 33 30 31 30 2f a0 2d a0 2b 86 29 68 74 74 70 3a 2f 2f 63 72 6c 2e 67 6c 6f 62 61 6c 73 69 67 6e 2e 6e 65 74 2f 65 64 75 63 61 74 69 6f 6e 61 6c 2e 63 72 6c 30 4f 06 08 2b 06 01 05 05 07 01 01 04 43 30 41 30 3f 06 08 2b 06 01 05 05 07 30 02 86 33 68 74 74 70 3a 2f 2f 73 65 63 75 72 65 2e 67 6c 6f 62 61 6c 73 69 67 6e 2e 6e 65 74 2f 63 61 63 65 72 74 2f 65 64 75 63 61 74 69 6f 6e 61 6c 2e 63 72 74 30 1d 06 03 55 1d 25 04 16 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02 30 19 06 03 55 1d 11 04 12 30 10 82 0e 72 61 64 69 75 73 31 2e 75 69 74 2e 6e 6f 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 82 01 01 00 01 58 94 a2 68 50 ac b2 79 6e a5 7f 67 88 57 00 3c ae 0e b1 5e e5 10 e9 63 3d b0 74 2a e2 40 69 57 c4 62 6c cc 6a 5e 15 6e 17 2e 83 ec 6b 9e c2 a5 71 dc 1d 76 1b 7c 75 8f d4 92 83 1f 30 eb c7 f7 53 cc 60 90 42 d9 88 98 b5 46 19 51 21 f8 1c 0e 90 4e 90 42 fa 51 fb 41 df 4e d7 d1 01 7f 0c 19 2f f7 c5 9a 8a 62 9f 46 d0 9f 64 05 fa d6 f7 3f 5a 9f 45 f1 e4 e4 47 34 9b d1 d9 8a 41 f5 84 16 3c c1 9b 42 98 e6 8e 35 ce 13 1a c3 a3 72 ab 9d 51 cd 64 e5 23 c3 fd eb 87 17 56 02 45 f8 09 94 21 06 bd dc c0 ae f9 28 d0 f8 b4 67 92 22 19 3e f1 21 7f cc a7 0c 0c 3f 64 92 ea ec 14 31 b4 c1 1c 4f 88 aa 4b be fb 8a 92 ad 1d 3a 17 ae 27 66 c5 ad bf 8f 78 3d 66 f5 1b 6d 65 bf 12 87 9f 87 a3 ce 54 01 a8 0c 6f 00 96 02 f2 71 0f 4b 80 c1 d3 80 77 5a 29 0a c2 4e e0 c5 1a 1c 7e d1 91 00 04 46 30 82 04 42 30 82 03 ab a0 03 02 01 02 02 04 04 00 03 fb 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 30 75 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 18 30 16 06 03 55 04 0a 13 0f 47 54 45 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 27 30 25 06 03 55 04 0b 13 1e 47 54 45 20 43 79 62 65 72 54 72 75 73 74 20 53 6f 6c 75 74 69 6f 6e 73 2c 20 49 6e 63 2e 31 23 30 21 06 03 55 04 03 13 1a 47 54 45 20 43 79 62 65 72 54 72 75 73 74 20 47 6c 6f 62 61 6c 20 52 6f 6f 74 30 1e 17 0d 30 36 30 33 31 34 32 30 33 30 30 30 5a 17 0d 31 33 30 33 31 34 32 33 35 39 30 30 5a 30 5f 31 0b 30 09 06 03 55 04 06 13 02 42 45 31 13 30 11 06 03 55 04 0a 13 0a 43 79 62 65 72 74 72 75 73 74 31 17 30 15 06 03 55 04 0b 13 0e 45 64 75 63 61 74 69 6f 6e 61 6c 20 43 41 31 22 30 20 06 03 55 04 03 13 19 43 79 62 65 72 74 72 75 73 74 20 45 64 75 63 61 74 69 6f 6e 61 6c 20 43 41 30 82 01 22 30 0d 06 09 2a 86 48 86 f7 0d 01 01 01 05 00 03 82 01 0f 00 30 82 01 0a 02 82 01 01 00 95 22 a1 10 1d 4a 46 60 6e 05 91 9b df 83 c2 ed 12 b2 5a 7c f8 ab e1 f8 50 5c 28 2c 7e 7e 00 38 93 b0 8b 4a f1 c2 4c 3c 10 2c 3c ef b0 ec a1 69 2f b9 fc cc 08 14 6b 8d 4f 18 f3 83 d2 fa a9 37 08 20 aa 5c aa 80 60 a2 d5 a5 22 00 cf 5a e5 b4 97 df ba 1e be 5c 8e 17 19 66 fd af 9f 7c 7b 89 b2 0e 24 d8 c7 ab 63 c4 95 32 8d 48 e6 63 59 7d 04 b8 33 a8 bd d7 5d 64 bc 63 b5 f7 4d 28 fd f9 06 72 31 5c ba 45 94 65 a3 d2 b4 58 ec 3b 61 58 44 a3 2f 62 b3 9b 80 b4 82 fd d5 c7 cc 51 25 e5 95 3f 47 2f 30 7b ac c8 78 6e e2 e1 6d 27 eb 3d cc 01 82 e8 35 77 8d ab 58 bb 55 d1 d5 a4 81 56 8d 1c d0 14 b1 b0 06 de a0 91 22 f3 f0 a8 34 17 47 c6 e0 3e f6 0c 5a ac 7e 50 4b cd e1 69 6e 06 fc 06 7e 6a 4d b4 95 99 a0 59 5c 35 66 ec d9 49 d4 17 e0 60 b0 5d a5 d7 1a e2 2a 6e 66 f2 af 1d 02 03 01 00 01 a3 82 01 6f 30 82 01 6b 30 45 06 03 55 1d 1f 04 3e 30 3c 30 3a a0 38 a0 36 86 34 68 74 74 70 3a 2f 2f 77 77 77 2e 70 75 62 6c 69 63 2d 74 72 75 73 74 2e 63 6f 6d 2f 63 67 69 2d 62 69 6e 2f 43 52 4c 2f 32 30 31 38 2f 63 64 70 2e 63 72 6c 30 1d 06 03 55 1d 0e 04 16 04 14 65 65 a3 3d d7 3b 11 a3 0a 07 25 37 c9 42 4a 5b 76 77 50 e1 30 53 06 03 55 1d 20 04 4c 30 4a 30 48 06 09 2b 06 01 04 01 b1 3e 01 00 30 3b 30 39 06 08 2b 06 01 05 05 07 02 01 16 2d 68 74 74 70 3a 2f 2f 77 77 77 2e 70 75 62 6c 69 63 2d 74 72 75 73 74 2e 63 6f 6d 2f 43 50 53 2f 4f 6d 6e 69 52 6f 6f 74 2e 68 74 6d 6c 30 81 89 06 03 55 1d 23 04 81 81 30 7f a1 79 a4 77 30 75 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 18 30 16 06 03 55 04 0a 13 0f 47 54 45 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 27 30 25 06 03 55 04 0b 13 1e 47 54 45 20 43 79 62 65 72 54 72 75 73 74 20 53 6f 6c 75 74 69 6f 6e 73 2c 20 49 6e 63 2e 31 23 30 21 06 03 55 04 03 13 1a 47 54 45 20 43 79 62 65 72 54 72 75 73 74 20 47 6c 6f 62 61 6c 20 52 6f 6f 74 82 02 01 a5 30 0e 06 03 55 1d 0f 01 01 ff 04 04 03 02 01 06 30 12 06 03 55 1d 13 01 01 ff 04 08 30 06 01 01 ff 02 01 00 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 43 b3 45 83 54 71 c4 1f dc b2 3c 6b 4e bf 26 f2 4e f2 ad 9a 5b fa 86 37 88 e8 14 6c 41 18 42 5f ef 65 3e eb 03 77 a0 b7 9e 75 7a 51 7c bb 15 5b b8 af 91 a0 34 92 53 ed 7f 2a 49 84 ac b9 80 4b b5 c7 b2 23 22 fb eb d8 fb 6e c9 3c f3 d2 d1 bb be c9 1c ff 6d 01 db 69 80 0e 99 a5 ea 9e 7b 97 98 8f b7 cf 22 9c b3 b8 5d e5 a9 33 17 74 c6 97 37 0f b4 e9 26 82 5f 61 0b 3f 1e 3d 64 e9 2b 9b 16 03 01 00 04 0e 00 00 00
TLSv1: Received content type 22 version 3.1 length 42
TLSv1: Received ServerHello
TLSv1: ServerHello - hexdump(len=38): 03 01 4c 3d e3 51 e0 3c a8 13 c2 51 77 46 28 f6 3e a2 49 a0 47 32 d4 9a b1 00 2a cb 69 88 96 eb c5 2a 00 00 2f 00
TLSv1: server_random - hexdump(len=32): 4c 3d e3 51 e0 3c a8 13 c2 51 77 46 28 f6 3e a2 49 a0 47 32 d4 9a b1 00 2a cb 69 88 96 eb c5 2a
TLSv1: session_id - hexdump(len=0):
TLSv1: Selected cipher suite: 0x002f
TLSv1: Record Layer - Received - hexdump(len=2327): [[removed]]
TLSv1: Received content type 22 version 3.1 length 2313
TLSv1: Received Certificate (certificate_list len 2309)
TLSv1: Certificate 0 (len 1206)
TLSv1: Parse ASN.1 DER certificate - hexdump(len=1206): [[removed]]
X509: Version X.509v3
X509: serialNumber 458639333
X509: issuer C=BE, O=Cybertrust, OU=Educational CA, CN=Cybertrust Educational CA,
X509: Validity: notBefore: 1228816057 notAfter: 1323424057
X509: subject C=no, O=Universitetet i Tromsø, OU=IT-avdelinga, CN=radius1.uit.no,
X509: subjectPublicKey - hexdump(len=270): [[removed]]
X509: Extension: extnID=2.5.29.32 critical=0
X509: extnValue - hexdump(len=73):[[removed]]
ASN.1: Extended tag data: 0x04
X509: Extension: extnID=2.5.29.15 critical=255
X509: extnValue - hexdump(len=4): 03 02 05 a0
X509: KeyUsage 0x5
X509: Extension: extnID=2.5.29.35 critical=0
X509: extnValue - hexdump(len=24): 30 16 80 14 65 65 a3 3d d7 3b 11 a3 0a 07 25 37 c9 42 4a 5b 76 77 50 e1
X509: Extension: extnID=2.5.29.14 critical=0
X509: extnValue - hexdump(len=22): 04 14 56 69 f3 91 bc 39 0e 03 21 f8 65 82 6e b3 56 fb 82 26 de 11
X509: Extension: extnID=2.5.29.31 critical=0
X509: extnValue - hexdump(len=51): 30 31 30 2f a0 2d a0 2b 86 29 68 74 74 70 3a 2f 2f 63 72 6c 2e 67 6c 6f 62 61 6c 73 69 67 6e 2e 6e 65 74 2f 65 64 75 63 61 74 69 6f 6e 61 6c 2e 63 72 6c
X509: Extension: extnID=1.3.6.1.5.5.7.1.1 critical=0
X509: extnValue - hexdump(len=67): 30 41 30 3f 06 08 2b 06 01 05 05 07 30 02 86 33 68 74 74 70 3a 2f 2f 73 65 63 75 72 65 2e 67 6c 6f 62 61 6c 73 69 67 6e 2e 6e 65 74 2f 63 61 63 65 72 74 2f 65 64 75 63 61 74 69 6f 6e 61 6c 2e 63 72 74
X509: Extension: extnID=2.5.29.37 critical=0
X509: extnValue - hexdump(len=22): 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02
X509: Extension: extnID=2.5.29.17 critical=0
X509: extnValue - hexdump(len=18): 30 10 82 0e 72 61 64 69 75 73 31 2e 75 69 74 2e 6e 6f
X509: signature - hexdump(len=256): 01 58 94 a2 68 50 ac b2 79 6e a5 7f 67 88 57 00 3c ae 0e b1 5e e5 10 e9 63 3d b0 74 2a e2 40 69 57 c4 62 6c cc 6a 5e 15 6e 17 2e 83 ec 6b 9e c2 a5 71 dc 1d 76 1b 7c 75 8f d4 92 83 1f 30 eb c7 f7 53 cc 60 90 42 d9 88 98 b5 46 19 51 21 f8 1c 0e 90 4e 90 42 fa 51 fb 41 df 4e d7 d1 01 7f 0c 19 2f f7 c5 9a 8a 62 9f 46 d0 9f 64 05 fa d6 f7 3f 5a 9f 45 f1 e4 e4 47 34 9b d1 d9 8a 41 f5 84 16 3c c1 9b 42 98 e6 8e 35 ce 13 1a c3 a3 72 ab 9d 51 cd 64 e5 23 c3 fd eb 87 17 56 02 45 f8 09 94 21 06 bd dc c0 ae f9 28 d0 f8 b4 67 92 22 19 3e f1 21 7f cc a7 0c 0c 3f 64 92 ea ec 14 31 b4 c1 1c 4f 88 aa 4b be fb 8a 92 ad 1d 3a 17 ae 27 66 c5 ad bf 8f 78 3d 66 f5 1b 6d 65 bf 12 87 9f 87 a3 ce 54 01 a8 0c 6f 00 96 02 f2 71 0f 4b 80 c1 d3 80 77 5a 29 0a c2 4e e0 c5 1a 1c 7e d1 91
X509: Version X.509v3
X509: serialNumber 458639333
X509: issuer C=BE, O=Cybertrust, OU=Educational CA, CN=Cybertrust Educational CA,
X509: Validity: notBefore: 1228816057 notAfter: 1323424057
X509: subject C=no, O=Universitetet i Tromsø, OU=IT-avdelinga, CN=radius1.uit.no,
X509: subjectPublicKey - hexdump(len=270): 30 82 01 0a 02 82 01 01 00 d7 da 7c b1 83 c9 c9 aa b6 79 d2 eb af 87 be 33 8b 58 7c 87 d3 51 7f f0 22 e8 27 08 3d b7 9b e6 a6 d6 d0 f7 5a d2 75 c2 63 f4 6b 72 0c cd a4 08 07 04 e3 94 5c b5 3f 1c 18 2f 3a c5 a9 6b 53 d0 ad 70 c8 75 35 12 8f 64 01 5a 2f 9f 97 ab 86 47 b2 13 1c 38 0c 39 a8 a3 d9 bc be bd 92 bb 62 38 4d 7e 97 e4 df 7f 54 b5 bf f6 fe 5c f5 bc 93 99 8b 3d 53 a3 6b 10 e0 6c 12 b5 64 4c 95 34 ef 07 ee 53 e6 2b 80 65 47 c8 30 e3 d3 52 bc 8d 43 2a e2 6e ff c1 7c a3 ad 71 30 14 e3 62 62 b8 31 32 4e c1 b3 8a e0 4f 1f 67 d7 39 3f 4d 3e 0c c2 2a a6 99 6b bd e2 6d 30 cc 89 d8 a8 fd df 89 5f ca c4 bb e2 a9 c8 86 a0 13 55 21 61 63 86 ec 95 fe aa ad 7a 62 8d f0 86 5e 0e 31 38 1f 5d 1c 67 ce 33 3d 22 5b ef 01 4f 8b 2e 66 6b fa cc 20 8d b5 dd c4 42 7c ba b5 99 ba 58 3c ad 4c 8d 15 78 27 02 03 01 00 01
X509: Extension: extnID=2.5.29.32 critical=0
X509: extnValue - hexdump(len=73): 30 47 30 45 06 07 2a 86 48 b1 3e 01 00 30 3a 30 38 06 08 2b 06 01 05 05 07 02 01 16 2c 68 74 74 70 3a 2f 2f 77 77 77 2e 67 6c 6f 62 61 6c 73 69 67 6e 2e 6e 65 74 2f 72 65 70 6f 73 69 74 6f 72 79 2f 63 70 73 2e 63 66 6d
ASN.1: Extended tag data: 0x04
X509: Extension: extnID=2.5.29.15 critical=255
X509: extnValue - hexdump(len=4): 03 02 05 a0
X509: KeyUsage 0x5
X509: Extension: extnID=2.5.29.35 critical=0
X509: extnValue - hexdump(len=24): 30 16 80 14 65 65 a3 3d d7 3b 11 a3 0a 07 25 37 c9 42 4a 5b 76 77 50 e1
X509: Extension: extnID=2.5.29.14 critical=0
X509: extnValue - hexdump(len=22): 04 14 56 69 f3 91 bc 39 0e 03 21 f8 65 82 6e b3 56 fb 82 26 de 11
X509: Extension: extnID=2.5.29.31 critical=0
X509: extnValue - hexdump(len=51): 30 31 30 2f a0 2d a0 2b 86 29 68 74 74 70 3a 2f 2f 63 72 6c 2e 67 6c 6f 62 61 6c 73 69 67 6e 2e 6e 65 74 2f 65 64 75 63 61 74 69 6f 6e 61 6c 2e 63 72 6c
X509: Extension: extnID=1.3.6.1.5.5.7.1.1 critical=0
X509: extnValue - hexdump(len=67): 30 41 30 3f 06 08 2b 06 01 05 05 07 30 02 86 33 68 74 74 70 3a 2f 2f 73 65 63 75 72 65 2e 67 6c 6f 62 61 6c 73 69 67 6e 2e 6e 65 74 2f 63 61 63 65 72 74 2f 65 64 75 63 61 74 69 6f 6e 61 6c 2e 63 72 74
X509: Extension: extnID=2.5.29.37 critical=0
X509: extnValue - hexdump(len=22): 30 14 06 08 2b 06 01 05 05 07 03 01 06 08 2b 06 01 05 05 07 03 02
X509: Extension: extnID=2.5.29.17 critical=0
X509: extnValue - hexdump(len=18): 30 10 82 0e 72 61 64 69 75 73 31 2e 75 69 74 2e 6e 6f
X509: signature - hexdump(len=256): 01 58 94 a2 68 50 ac b2 79 6e a5 7f 67 88 57 00 3c ae 0e b1 5e e5 10 e9 63 3d b0 74 2a e2 40 69 57 c4 62 6c cc 6a 5e 15 6e 17 2e 83 ec 6b 9e c2 a5 71 dc 1d 76 1b 7c 75 8f d4 92 83 1f 30 eb c7 f7 53 cc 60 90 42 d9 88 98 b5 46 19 51 21 f8 1c 0e 90 4e 90 42 fa 51 fb 41 df 4e d7 d1 01 7f 0c 19 2f f7 c5 9a 8a 62 9f 46 d0 9f 64 05 fa d6 f7 3f 5a 9f 45 f1 e4 e4 47 34 9b d1 d9 8a 41 f5 84 16 3c c1 9b 42 98 e6 8e 35 ce 13 1a c3 a3 72 ab 9d 51 cd 64 e5 23 c3 fd eb 87 17 56 02 45 f8 09 94 21 06 bd dc c0 ae f9 28 d0 f8 b4 67 92 22 19 3e f1 21 7f cc a7 0c 0c 3f 64 92 ea ec 14 31 b4 c1 1c 4f 88 aa 4b be fb 8a 92 ad 1d 3a 17 ae 27 66 c5 ad bf 8f 78 3d 66 f5 1b 6d 65 bf 12 87 9f 87 a3 ce 54 01 a8 0c 6f 00 96 02 f2 71 0f 4b 80 c1 d3 80 77 5a 29 0a c2 4e e0 c5 1a 1c 7e d1 91
TLSv1: Certificate 1 (len 1094)
X509: Version X.509v3
X509: serialNumber 67109883
X509: issuer C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root,
X509: Validity: notBefore: 1142368200 notAfter: 1363305540
X509: subject C=BE, O=Cybertrust, OU=Educational CA, CN=Cybertrust Educational CA,
X509: subjectPublicKey - hexdump(len=270): 30 82 01 0a 02 82 01 01 00 95 22 a1 10 1d 4a 46 60 6e 05 91 9b df 83 c2 ed 12 b2 5a 7c f8 ab e1 f8 50 5c 28 2c 7e 7e 00 38 93 b0 8b 4a f1 c2 4c 3c 10 2c 3c ef b0 ec a1 69 2f b9 fc cc 08 14 6b 8d 4f 18 f3 83 d2 fa a9 37 08 20 aa 5c aa 80 60 a2 d5 a5 22 00 cf 5a e5 b4 97 df ba 1e be 5c 8e 17 19 66 fd af 9f 7c 7b 89 b2 0e 24 d8 c7 ab 63 c4 95 32 8d 48 e6 63 59 7d 04 b8 33 a8 bd d7 5d 64 bc 63 b5 f7 4d 28 fd f9 06 72 31 5c ba 45 94 65 a3 d2 b4 58 ec 3b 61 58 44 a3 2f 62 b3 9b 80 b4 82 fd d5 c7 cc 51 25 e5 95 3f 47 2f 30 7b ac c8 78 6e e2 e1 6d 27 eb 3d cc 01 82 e8 35 77 8d ab 58 bb 55 d1 d5 a4 81 56 8d 1c d0 14 b1 b0 06 de a0 91 22 f3 f0 a8 34 17 47 c6 e0 3e f6 0c 5a ac 7e 50 4b cd e1 69 6e 06 fc 06 7e 6a 4d b4 95 99 a0 59 5c 35 66 ec d9 49 d4 17 e0 60 b0 5d a5 d7 1a e2 2a 6e 66 f2 af 1d 02 03 01 00 01
X509: Extension: extnID=2.5.29.31 critical=0
X509: extnValue - hexdump(len=62): 30 3c 30 3a a0 38 a0 36 86 34 68 74 74 70 3a 2f 2f 77 77 77 2e 70 75 62 6c 69 63 2d 74 72 75 73 74 2e 63 6f 6d 2f 63 67 69 2d 62 69 6e 2f 43 52 4c 2f 32 30 31 38 2f 63 64 70 2e 63 72 6c
X509: Extension: extnID=2.5.29.14 critical=0
X509: extnValue - hexdump(len=22): 04 14 65 65 a3 3d d7 3b 11 a3 0a 07 25 37 c9 42 4a 5b 76 77 50 e1
X509: Extension: extnID=2.5.29.32 critical=0
X509: extnValue - hexdump(len=76): 30 4a 30 48 06 09 2b 06 01 04 01 b1 3e 01 00 30 3b 30 39 06 08 2b 06 01 05 05 07 02 01 16 2d 68 74 74 70 3a 2f 2f 77 77 77 2e 70 75 62 6c 69 63 2d 74 72 75 73 74 2e 63 6f 6d 2f 43 50 53 2f 4f 6d 6e 69 52 6f 6f 74 2e 68 74 6d 6c
X509: Extension: extnID=2.5.29.35 critical=0
X509: extnValue - hexdump(len=129): 30 7f a1 79 a4 77 30 75 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 18 30 16 06 03 55 04 0a 13 0f 47 54 45 20 43 6f 72 70 6f 72 61 74 69 6f 6e 31 27 30 25 06 03 55 04 0b 13 1e 47 54 45 20 43 79 62 65 72 54 72 75 73 74 20 53 6f 6c 75 74 69 6f 6e 73 2c 20 49 6e 63 2e 31 23 30 21 06 03 55 04 03 13 1a 47 54 45 20 43 79 62 65 72 54 72 75 73 74 20 47 6c 6f 62 61 6c 20 52 6f 6f 74 82 02 01 a5
ASN.1: Extended tag data: 0x04
X509: Extension: extnID=2.5.29.15 critical=255
X509: extnValue - hexdump(len=4): 03 02 01 06
X509: KeyUsage 0x60
ASN.1: Extended tag data: 0x04
X509: Extension: extnID=2.5.29.19 critical=255
X509: extnValue - hexdump(len=8): 30 06 01 01 ff 02 01 00
X509: BasicConstraints - cA=255 pathLenConstraint=0
X509: signature - hexdump(len=128): 43 b3 45 83 54 71 c4 1f dc b2 3c 6b 4e bf 26 f2 4e f2 ad 9a 5b fa 86 37 88 e8 14 6c 41 18 42 5f ef 65 3e eb 03 77 a0 b7 9e 75 7a 51 7c bb 15 5b b8 af 91 a0 34 92 53 ed 7f 2a 49 84 ac b9 80 4b b5 c7 b2 23 22 fb eb d8 fb 6e c9 3c f3 d2 d1 bb be c9 1c ff 6d 01 db 69 80 0e 99 a5 ea 9e 7b 97 98 8f b7 cf 22 9c b3 b8 5d e5 a9 33 17 74 c6 97 37 0f b4 e9 26 82 5f 61 0b 3f 1e 3d 64 e9 2b 9b
X509: Validate certificate chain
X509: 0: C=no, O=Universitetet i Tromsø, OU=IT-avdelinga, CN=radius1.uit.no,
X509: Signature data D - hexdump(len=35): 30 21 30 09 06 05 2b 0e 03 02 1a 05 00 04 14 17 05 a6 bc 8c fa 60 d5 1c 5d 2c 1c d6 78 90 fb 0e 79 ea e6
X509: Decrypted Digest - hexdump(len=20): 17 05 a6 bc 8c fa 60 d5 1c 5d 2c 1c d6 78 90 fb 0e 79 ea e6
X509: Certificate hash (SHA1) - hexdump(len=20): 17 05 a6 bc 8c fa 60 d5 1c 5d 2c 1c d6 78 90 fb 0e 79 ea e6
X509: Certificate Digest matches with calculated tbsCertificate hash
X509: 1: C=BE, O=Cybertrust, OU=Educational CA, CN=Cybertrust Educational CA,
X509: Did not find any of the issuers from the list of trusted certificates
X509: Certificate chain validation disabled - ignore unknown CA issue
X509: Certificate chain valid
TLSv1: Record Layer - Received - hexdump(len=9): 16 03 01 00 04 0e 00 00 00
TLSv1: Received content type 22 version 3.1 length 4
TLSv1: Received ServerHelloDone
TLSv1: Send ClientKeyExchange
TLSv1: pre_master_secret - hexdump(len=48): [REMOVED]
TLSv1: master_secret - hexdump(len=48): [REMOVED]
TLSv1: key_block - hexdump(len=104): [REMOVED]
TLSv1: Encrypted pre_master_secret - hexdump(len=256): 1b a0 be 77 2b dd 43 b0 c7 d9 8e 63 18 39 7c 5c 32 34 bd ab 8d fe 48 64 17 bf 83 fc 4e 6a ea d4 cb 10 6b 21 98 35 90 99 00 14 19 ac 9b 1a 0c 43 6b 4b 95 dd 48 2f 11 48 30 bf 8f 1b e4 55 a5 19 d1 95 7f f1 d9 60 25 8f 55 80 c5 5a 02 88 22 e5 6d 8a ee b6 0b dd f9 e9 cd 47 04 52 21 2d 26 0f 3e 9d 76 d5 b4 e3 ba 59 6a ac 9a 30 4b 8e f8 b4 c0 1b d0 fd 67 0c 8e b6 a9 c7 5e 68 a5 89 9f e0 fc 42 9e f3 99 50 77 fc 75 e4 a1 c5 75 17 e0 46 3d 43 7a 64 51 36 c5 e9 81 ad be f3 c9 5b 1f ac 83 fc 80 81 32 5d 69 aa 15 b7 d8 9b 88 5b a6 43 dd 27 1f bc 6a d4 98 91 7c 3e db 56 50 a8 a4 88 96 b2 be 54 e0 09 e1 84 82 b6 4c ff 6a c6 7e 67 b6 61 f7 36 86 95 46 0f 3c d0 66 44 54 7c e0 eb 04 eb e7 14 fd 34 6b 19 f3 5b ad 1c 12 4f e4 17 6b c1 71 a4 7c a3 f0 31 2d 17 90 48 ff 2f 45 92
TLSv1: Send ChangeCipherSpec
TLSv1: Record Layer - New write cipher suite 0x002f
TLSv1: Send Finished
TLSv1: verify_data (client) - hexdump(len=12): [REMOVED]
TLSv1: Record Layer - Write HMAC - hexdump(len=20): 87 19 8b f3 8f da 7e eb 43 61 09 54 f8 6d 40 94 cb f9 8a e7
SSL: 326 bytes left to be sent out (of total 326 bytes)
EAP: method process -> ignore=FALSE methodState=MAY_CONT decision=FAIL
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=01:80:c2:00:00:03
TX EAPOL - hexdump(len=336): 01 00 01 4c 02 13 01 4c 15 00 16 03 01 01 06 10 00 01 02 01 00 1b a0 be 77 2b dd 43 b0 c7 d9 8e 63 18 39 7c 5c 32 34 bd ab 8d fe 48 64 17 bf 83 fc 4e 6a ea d4 cb 10 6b 21 98 35 90 99 00 14 19 ac 9b 1a 0c 43 6b 4b 95 dd 48 2f 11 48 30 bf 8f 1b e4 55 a5 19 d1 95 7f f1 d9 60 25 8f 55 80 c5 5a 02 88 22 e5 6d 8a ee b6 0b dd f9 e9 cd 47 04 52 21 2d 26 0f 3e 9d 76 d5 b4 e3 ba 59 6a ac 9a 30 4b 8e f8 b4 c0 1b d0 fd 67 0c 8e b6 a9 c7 5e 68 a5 89 9f e0 fc 42 9e f3 99 50 77 fc 75 e4 a1 c5 75 17 e0 46 3d 43 7a 64 51 36 c5 e9 81 ad be f3 c9 5b 1f ac 83 fc 80 81 32 5d 69 aa 15 b7 d8 9b 88 5b a6 43 dd 27 1f bc 6a d4 98 91 7c 3e db 56 50 a8 a4 88 96 b2 be 54 e0 09 e1 84 82 b6 4c ff 6a c6 7e 67 b6 61 f7 36 86 95 46 0f 3c d0 66 44 54 7c e0 eb 04 eb e7 14 fd 34 6b 19 f3 5b ad 1c 12 4f e4 17 6b c1 71 a4 7c a3 f0 31 2d 17 90 48 ff 2f 45 92 14 03 01 00 01 01 16 03 01 00 30 30 c5 82 c1 42 1e 96 8c 2f 32 24 71 85 fe 56 c0 1c 92 7e 0f 3e 28 ac 62 96 4e 94 22 bc 00 5f ec f1 0f c9 34 9f dd 9b cc c6 39 15 b3 88 71 c0 51
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:0d:65:f2:b4:01
RX EAPOL - hexdump(len=73): 01 00 00 45 01 14 00 45 15 80 00 00 00 3b 14 03 01 00 01 01 16 03 01 00 30 32 13 96 51 28 c3 63 42 1e ff 58 be db 9b 35 95 e7 b6 db 5f bf 1b fa 75 77 72 36 32 1f 88 e1 7c dd 66 b1 13 9f 34 1b 9f 9b 98 7b b1 70 57 05 cc
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Request id=20 method=21 vendor=0 vendorMethod=0
EAP: EAP entering state METHOD
SSL: Received packet(len=69) - Flags 0x80
SSL: TLS Message Length: 59
TLS: tls_connection_handshake(in_data=0x4a57f8 in_len=59)
TLSv1: Record Layer - Received - hexdump(len=59): 14 03 01 00 01 01 16 03 01 00 30 32 13 96 51 28 c3 63 42 1e ff 58 be db 9b 35 95 e7 b6 db 5f bf 1b fa 75 77 72 36 32 1f 88 e1 7c dd 66 b1 13 9f 34 1b 9f 9b 98 7b b1 70 57 05 cc
TLSv1: Received content type 20 version 3.1 length 1
TLSv1: Received ChangeCipherSpec
TLSv1: Record Layer - New read cipher suite 0x002f
TLSv1: Record Layer - Received - hexdump(len=53): 16 03 01 00 30 32 13 96 51 28 c3 63 42 1e ff 58 be db 9b 35 95 e7 b6 db 5f bf 1b fa 75 77 72 36 32 1f 88 e1 7c dd 66 b1 13 9f 34 1b 9f 9b 98 7b b1 70 57 05 cc
TLSv1: Received content type 22 version 3.1 length 48
TLSv1: Record Layer - Decrypted data - hexdump(len=48): 14 00 00 0c 93 57 f6 80 a3 67 7d a0 47 a7 54 54 09 2a 58 5c 59 1e 59 a8 c5 5c cd 75 a2 fd 1a a2 8f 6e cc 0e 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b 0b
TLSv1: verify_data in Finished - hexdump(len=12): 93 57 f6 80 a3 67 7d a0 47 a7 54 54
TLSv1: verify_data (server) - hexdump(len=12): [REMOVED]
TLSv1: Received Finished
TLSv1: Handshake completed successfully
SSL: No data to be sent out
EAP-TTLS: TLS done, proceed to Phase 2
EAP-TTLS: Derived key - hexdump(len=64): [REMOVED]
EAP-TTLS: received 0 bytes encrypted data for Phase 2
EAP-TTLS: empty data in beginning of Phase 2 - use fake EAP-Request Identity
EAP-TTLS: Phase 2 PAP Request
EAP-TTLS: Encrypting Phase 2 data - hexdump(len=48): [REMOVED]
TLSv1: Plaintext AppData - hexdump(len=48): [REMOVED]
TLSv1: Record Layer - Write HMAC - hexdump(len=20): 92 65 4f 98 af df 6c 31 44 d5 27 c1 39 8c 6d 95 ec 74 c5 2b
SSL: 85 bytes left to be sent out (of total 85 bytes)
EAP-TTLS: Authentication completed successfully
EAP: method process -> ignore=FALSE methodState=DONE decision=COND_SUCC
EAP: EAP entering state SEND_RESPONSE
EAP: EAP entering state IDLE
EAPOL: SUPP_BE entering state RESPONSE
EAPOL: txSuppRsp
TX EAPOL: dst=01:80:c2:00:00:03
TX EAPOL - hexdump(len=95): 01 00 00 5b 02 14 00 5b 15 00 17 03 01 00 50 d5 05 c7 b7 67 8e b3 c0 d8 ce 19 b5 38 07 d4 e5 7c 1f ec 66 f2 e5 28 f5 e8 b7 c8 a5 a5 d8 16 0f a4 b8 56 ff 92 4e f3 38 8d 3d d2 40 fb a9 86 8f d0 09 69 c6 47 54 e8 a2 08 19 84 a3 45 0e e8 e4 db 08 73 bd 58 97 28 d6 14 0b b8 02 91 96 ad 03
EAPOL: SUPP_BE entering state RECEIVE
RX EAPOL from 00:0d:65:f2:b4:01
RX EAPOL - hexdump(len=46): 01 00 00 04 04 14 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
EAPOL: Received EAP-Packet frame
EAPOL: SUPP_BE entering state REQUEST
EAPOL: getSuppRsp
EAP: EAP entering state RECEIVED
EAP: Received EAP-Failure
EAP: EAP entering state FAILURE
CTRL-EVENT-EAP-FAILURE EAP authentication failed
EAPOL: SUPP_PAE entering state HELD
EAPOL: SUPP_BE entering state RECEIVE
EAPOL: SUPP_BE entering state FAIL
EAPOL: SUPP_BE entering state IDLE
EAPOL authentication completed unsuccessfully
EAPOL: startWhen --> 0
EAPOL: authWhile --> 0
CTRL-EVENT-TERMINATING - signal 2 received
Removing interface eth0
State: ASSOCIATED -> DISCONNECTED
No keys have been configured - skip key clearing
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portValid=0
No keys have been configured - skip key clearing
EAP: deinitialize previously used EAP method (21, TTLS) at EAP deinit
TLSv1: Selected cipher suite: 0x0000
TLSv1: Record Layer - New write cipher suite 0x0000
TLSv1: Record Layer - New read cipher suite 0x0000
Cancelling scan request
Cancelling authentication timeout

Re: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

Trouble was wrong authentification-method. UIT in norway uses this WPA.conf:

WRT54GL on wired 802.1x at UiT (University of Tromsø) wrote:

ctrl_interface=/var/run/wpa_supplicant
ap_scan=0
network={
        key_mgmt=IEEE8021X
        eap=PEAP
        identity="******@uit.no"
        anonymous_identity="*****@uit.no"
        password="**********"
        phase2="auth=MSCHAPV2"
}

Re: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

Hi,

I'm currently using a TP-link WR741ND router (AR71xx Atheros chipset), and I can succesfully connect to the university's network. However, if I use my pc as a router (which I did for almost 2 years now) my downloadspeed is around 80-90 Mbit/s. If I use my TP-link to connect, I only get a downloadspeed of 8-9 Mbit/s, and a ping around 500 ms. So something is slowing it down. Is it due the authentication? And why doesn't my server has any lag at all?

Re: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

Hi,
first of all thank you for this tutorial. It gave me the first look into the topic regarding eduroam connections with a WRT54G. I got the authentication working (at least it seems so) with a slightly modified version of your config-file but when I now start the udhcpc command on interface wlan0 I only see three lines of "Sending discover" and that's all... sad Any ideas ?

This is, what I get after the wpa_supplicant launch:
ioctl[SIOCSIWENCODEEXT]: Invalid argument
ioctl[SIOCSIWENCODEEXT]: Invalid argument
Trying to associate with... (SSID='eduroam' freq=2412MHz)
Associated with...
CTRL-EVENT-EAP-STARTED EAP Authentication started
...
CTRL-EVENT-CONNECTED - Connection to xx:xx:xx:xx:xx completed (auth) [id=0 id_str=]

Greetings,
Daniel

Re: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

JarodRussell wrote:

when I now start the udhcpc command on interface wlan0 I only see three lines of "Sending discover" and that's all...

Are you trying to connect the WRT54GL with its wlan0 interface to a wireless eduroam access-point instead of wired one?
In that situation you don't need the special wpa_supplicant version or "-roboswitch" parameter because it was only needed to get the authentication packets across the internal managed wired bridge. Look at the wpa_supplicant settings from the following link to authenticate on a wireless hotspot:

http://blog.jozjan.net/2008/12/wrt54gl-as-8021x-client-aka.html

To check in a more comfortable way if the parameters you supply for wpa_suplicant are correct, I suggest using a linux live distro on a notebook like ubuntu or linuxmint with "network-manager-applet", if that works correctly you can continue from the command line with wpa_supplicant and after that try the same settings on the router. Otherwise it may take to much time detecting the problem.

Re: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

Similar guide for the WRT160NL
https://forum.openwrt.org/viewtopic.php?pid=127677

Re: WRT54GL wired 8021x TTLS PAP surfnet/eduroam/securew2 wpa_supplicant

great guide

TP Link WR1043ND 10.03.1
kuddos to OPENWRT for their great work