Hi all, I've got some problems running an OpenBSD access point with a wireless card in host ap mode and WPA.
First, let me describe the symptoms. I can connect with clients and traffic passes through without problems, but the encryption seems to be dodgy. In the log of the client (Linux machine with Intel card) I get lots of messages CCMP: received packet without ExtIV flag from xx:xx:xx:xx:xx:xx where xx:xx:xx:xx:xx:xx is the MAC address of the access point. As far as I can tell, the traffic is encrypted though. This happens regardless of whether I use CCMP or TKIP, just the log message is different. The client machine can connect to other access points with WPA and CCMP or TKIP without messages like this. I'm guessing that the problem might be the WPA group cipher, as the volume of the log messages about packets with ExtIV flag is particularly high when other clients in the network cause heavy traffic -- this is a complete shot in the dark though. The other problem I've encountered is that the access point occasionally drops the connection. The clients are not deauthenticated, existing network connections are not dropped, there's just no traffic going in or out anymore. After about a minute or so everything is back to normal. This happens at irregular intervals regardless of what's going on on the access point box (i.e. both under low and high system load). The really curious thing is that I've bridged the wireless interface and a wired interface together and connections from a machine on the wireless to a machine on the wired network are *not* affected -- the traffic continues to flow normally. That is, the problem seems to be not with the wireless interface itself. I'm running OpenBSD 4.4 with a GENERIC i386 kernel on the access point machine, checked out from CVS on September 7th. Userland is also self-compiled from CVS on September 8th. The wireless interface is a Sparklan WMIR-215GN card (RT2860 chipset) using the ral driver. In dmesg it shows up as ral0 at pci0 dev 21 function 0 "Ralink RT2860" rev 0x00: irq 11, address xx:xx:xx:xx:xx:xx ral0: MAC/BBP RT2860 (rev 0x0101), RF RT2820 (2T3R) I've had the same problem with a Wistron CM9 card (AR5213 chipset). The WPA error messages showing up in the log of the client were of the form TKIP: replay detected: STA=xx:xx:xx:xx:xx:xx previous TSC 0000000001de received TSC 000000000177 The dropped-connection symptoms were exactly the same. For the wired-to-wireless bridge I've assigned a static IP address to the wireless interface (ral0), bring up the wired interface and add both to the bridge before bringing it up. I have packet filter enabled, but mostly for the external interface (which is completely separate); the only rule affecting those interfaces directly is "pass in quick" for all of them (that is, both physical interfaces and the bridge interface). Any pointers what to do about this are appreciated -- I've been playing around with it for a while now but have no idea what the cause might be. Thanks, Lars
