OpenWrt Forum Archive

Topic: WNDR3700 + Backfire 10.03.1-rc4 + ip camera + encryption = fail

The content of this topic has been archived on 12 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.

Post #1
Thermopyle
23 Jan 2011, 22:30

Router: WNDR3700
OpenWrt: Backfire 10.03.1-rc4
Client with problems:  Wireless B/G IP camera

Problem description:
If I set OpenWRT to use WPA2-PSK encryption, the camera doesn't stay connected and the system log fills with lines like these:

Jan 23 15:27:10 OpenWrt daemon.info hostapd: wlan0: STA 00:0d:f0:5b:81:52 IEEE 802.11: authenticated
Jan 23 15:27:10 OpenWrt daemon.info hostapd: wlan0: STA 00:0d:f0:5b:81:52 IEEE 802.11: associated (aid 2)
Jan 23 15:27:10 OpenWrt daemon.info hostapd: wlan0: STA 00:0d:f0:5b:81:52 IEEE 802.11: associated (aid 2)
Jan 23 15:27:10 OpenWrt daemon.info hostapd: wlan0: STA 00:0d:f0:5b:81:52 WPA: received EAPOL-Key 2/4 Pairwise with unexpected replay counter
Jan 23 15:27:13 OpenWrt daemon.info hostapd: wlan0: STA 00:0d:f0:5b:81:52 IEEE 802.11: deauthenticated due to local deauth request
Jan 23 15:27:18 OpenWrt daemon.info hostapd: wlan0: STA 00:0d:f0:5b:81:52 IEEE 802.11: authenticated
Jan 23 15:27:18 OpenWrt daemon.info hostapd: wlan0: STA 00:0d:f0:5b:81:52 IEEE 802.11: associated (aid 2)
Jan 23 15:27:21 OpenWrt daemon.info hostapd: wlan0: STA 00:0d:f0:5b:81:52 IEEE 802.11: deauthenticated due to local deauth request
Jan 23 15:27:26 OpenWrt daemon.info hostapd: wlan0: STA 00:0d:f0:5b:81:52 IEEE 802.11: authenticated
Jan 23 15:27:26 OpenWrt daemon.info hostapd: wlan0: STA 00:0d:f0:5b:81:52 IEEE 802.11: associated (aid 2)
Jan 23 15:27:29 OpenWrt daemon.info hostapd: wlan0: STA 00:0d:f0:5b:81:52 IEEE 802.11: deauthenticated due to local deauth request
Jan 23 15:27:34 OpenWrt daemon.info hostapd: wlan0: STA 00:0d:f0:5b:81:52 IEEE 802.11: authenticated
Jan 23 15:27:34 OpenWrt daemon.info hostapd: wlan0: STA 00:0d:f0:5b:81:52 IEEE 802.11: associated (aid 2)
Jan 23 15:27:34 OpenWrt daemon.info hostapd: wlan0: STA 00:0d:f0:5b:81:52 IEEE 802.11: associated (aid 2)
Jan 23 15:27:34 OpenWrt daemon.info hostapd: wlan0: STA 00:0d:f0:5b:81:52 WPA: received EAPOL-Key 2/4 Pairwise with unexpected replay counter
Jan 23 15:27:34 OpenWrt daemon.info hostapd: wlan0: STA 00:0d:f0:5b:81:52 WPA: received EAPOL-Key 2/4 Pairwise with unexpected replay counter
Jan 23 15:27:37 OpenWrt daemon.info hostapd: wlan0: STA 00:0d:f0:5b:81:52 IEEE 802.11: deauthenticated due to local deauth request

WPA-PSK, WEP, and no encryption all work correctly.  The WNDR3700 stock firmware works with this camera and WPA2-PSK.

Let me know if more information is required.

Post #2
dromero
20 Mar 2011, 22:27

Same problem here, D-LINK DSC-2120
using WPA-PSK on a Linksys WRT160NL
Linksys WRT54GL with same OpenWRT version works OK.

Mar 20 18:24:20 OpenWrt daemon.info hostapd: wlan0: STA 00:1c:f0:79:08:e6 IEEE 802.11: associated (aid 1)
Mar 20 18:24:23 OpenWrt daemon.info hostapd: wlan0: STA 00:1c:f0:79:08:e6 IEEE 802.11: deauthenticated due to local deauth request
Mar 20 18:24:24 OpenWrt daemon.info hostapd: wlan0: STA 00:1c:f0:79:08:e6 IEEE 802.11: authenticated
Mar 20 18:24:24 OpenWrt daemon.info hostapd: wlan0: STA 00:1c:f0:79:08:e6 IEEE 802.11: associated (aid 1)
Mar 20 18:24:27 OpenWrt daemon.info hostapd: wlan0: STA 00:1c:f0:79:08:e6 IEEE 802.11: deauthenticated due to local deauth request
Mar 20 18:24:28 OpenWrt daemon.info hostapd: wlan0: STA 00:1c:f0:79:08:e6 IEEE 802.11: authenticated
Mar 20 18:24:28 OpenWrt daemon.info hostapd: wlan0: STA 00:1c:f0:79:08:e6 IEEE 802.11: associated (aid 1)

Post #3
sophana
11 May 2011, 22:30

Same with wgt634u (madwifi) psk2
openwrt svn backfire branch r26800

May 11 20:44:11 OpenWrt daemon.info hostapd: ath1: STA 94:0c:6d:be:ee:be IEEE 802.11: associated
May 11 20:44:12 OpenWrt daemon.info hostapd: ath1: STA 94:0c:6d:be:ee:be WPA: received EAPOL-Key 2/4 Pairwise with unexpected replay counter
May 11 20:44:15 OpenWrt daemon.info hostapd: ath1: STA 94:0c:6d:be:ee:be IEEE 802.11: deauthenticated due to local deauth request
May 11 20:44:15 OpenWrt daemon.info hostapd: ath1: STA 94:0c:6d:be:ee:be IEEE 802.11: disassociated
May 11 20:44:16 OpenWrt daemon.info hostapd: ath1: STA 94:0c:6d:be:ee:be IEEE 802.11: associated
May 11 20:44:17 OpenWrt daemon.info hostapd: ath1: STA 94:0c:6d:be:ee:be WPA: received EAPOL-Key 2/4 Pairwise with unexpected replay counter
May 11 20:44:20 OpenWrt daemon.info hostapd: ath1: STA 94:0c:6d:be:ee:be IEEE 802.11: deauthenticated due to local deauth request
May 11 20:44:20 OpenWrt daemon.info hostapd: ath1: STA 94:0c:6d:be:ee:be IEEE 802.11: disassociated
May 11 20:44:21 OpenWrt daemon.info hostapd: ath1: STA 94:0c:6d:be:ee:be IEEE 802.11: associated
May 11 20:44:21 OpenWrt daemon.info hostapd: ath1: STA 94:0c:6d:be:ee:be WPA: received EAPOL-Key 2/4 Pairwise with unexpected replay counter
May 11 20:44:24 OpenWrt daemon.info hostapd: ath1: STA 94:0c:6d:be:ee:be IEEE 802.11: deauthenticated due to local deauth request
May 11 20:44:24 OpenWrt daemon.info hostapd: ath1: STA 94:0c:6d:be:ee:be IEEE 802.11: disassociated
May 11 20:44:25 OpenWrt daemon.info hostapd: ath1: STA 94:0c:6d:be:ee:be IEEE 802.11: associated
May 11 20:44:26 OpenWrt daemon.info hostapd: ath1: STA 94:0c:6d:be:ee:be WPA: received EAPOL-Key 2/4 Pairwise with unexpected replay counter
May 11 20:44:29 OpenWrt daemon.info hostapd: ath1: STA 94:0c:6d:be:ee:be IEEE 802.11: deauthenticated due to local deauth request
May 11 20:44:29 OpenWrt daemon.info hostapd: ath1: STA 94:0c:6d:be:ee:be IEEE 802.11: disassociated
May 11 20:44:30 OpenWrt daemon.info hostapd: ath1: STA 94:0c:6d:be:ee:be IEEE 802.11: associated

After 1 or 2 days, no wifi client can connect (htc desire + a tp-link wifi N laptop).
After a reboot, there are still this messages, but after several tries, clients connect.

Google show that this bug does not seem to be related to openwrt. The problem is seen with net-bsd, pfsense, ubiquiti.
They all have atheros wifi (and hostapd)

Post #4
Stolz
29 May 2011, 20:59

Same problem here with a fonera.

I can connect form Windows or Android, but not from Linux.

My laptio log
wlan0: authenticate with MAC_ADDRESS (try 1)
wlan0: authenticated
wlan0: associate with MAC_ADDRESS (try 1)
wlan0: RX AssocResp from MAC_ADDRESS (capab=0x431 status=0 aid=2)
wlan0: associated
wlan0: deauthenticated from MAC_ADDRESS (Reason: 2)
(repeated forever)

Tha AP log
ath0: STA AP_MAC_ADDRESS:0d IEEE 802.11: associated
ath0: STA AP_MAC_ADDRESS:0d IEEE 802.11: deauthenticated due to local deauth request
ath0: STA AP_MAC_ADDRESS:0d IEEE 802.11: disassociated
(repeated forever)

Post #5
gkloepfer
7 Jul 2011, 18:40

I've been dealing with an issue with an old IP video camera that apparently has a "slow" WPA2 response time to some of the key negotiation packets from hostapd (linked to wpad on OpenWrt).  I get "WPA: received EAPOL-Key 4/4 Pairwise with unexpected replay counter" messages, and this is apparently happening to several people on the 'net.

The problem is that, for some reason, the slow response by the device (the camera in my case too) seems to cause the key negotiation packets to get resent by hostapd, which confuses the camera and the WPA2 association never completes successfully.  There was a post on the hostapd forums and an associated fix that was supposed to increase the timeout from 100ms to 1000ms in this case, but the code doesn't appear to work (I need to contact upstream yet, and since I am new, I need to figure out how).

I was able to fix my problem by recompiling hostapd with the following mod:  in file src/ap/wpa_auth.c, I changed eapol_key_timeout_first from 100 to 300 (making the initial timeout 300ms instead of 100ms).

The reason I don't think this fix is entirely correct is because I don't know how the initial 100ms timeout was derived (from the WPA2 spec, or just experience), and why there isn't a way for the timeout to be more gracefully renegotiated.  I don't want to step on anyone's toes or waste developer time when I don't have a better understanding of the code.

Anyway, this may work for you...

The discussion might have continued from here.