Problems with WPA2/AES and Broadcom BCM4318 (AirForce One 54g)

Tue Jul 10 22:14:06 UTC 2007

Good evening folks,

On Sun, 08 Jul 2007, Robert Scheck wrote:
> Looks like proto "WPA2" isn't supported which seems to be the reason that
> my WPA2/AES setup doesn't work. Using Windows XP the stuff works...so does
> anybody of you have an idea to get WPA2/AES working at Fedora, too?
>
> Oh and WLAN without any encryption works, of course.

it's me again - I got rid of the problem...thank you to Pete and Alexander.
You've helped me a lot, even if you didn't know it yet ;-)

Now since the stuff works, I've got to say, that WPA2/AES together with
Ndiswrapper is just a horrible mystery. My access point (integrated into
the AVM Fritz!Box 3070) is configured to WPA2/AES and a Microsoft Windows
XP SP2 system is only able to login successfully with WPA2-PSK with AES.

Using Fedora it looks IMHO very strange: I had to configure WPA2 with AES
(CCMP) and (!) WPA with TKIP. Just configuring WPA2 with AES (CCMP) does
not work. And a standalone WPA with TKIP configuration only works, if I
downgrade my access point configuration to WPA/TKIP also. The same Windows
system is then able only to connect with WPA/TKIP configured.

Please notice, that I got these results with using wpa_supplicant, but
having NetworkManager and NetworkManagerDispatch disabled.

Let me say, that when NetworkManager and NetworkManagerDispatch are
enabled, I'm able to connect by the help of KNetworkManager with WPA/TKIP
(if the access point also has WPA/TKIP configured). WPA2/AES (CCMP) did
never work for me. Please note, that KNetworkManager delivered with Fedora
7 is heavily broken and often crashes.

As I wanted to set up WLAN with WPA2/AES (CCMP) and without NetworkManager
including the further unstable software mentioned above, I had to configure
wpa_supplicant as follows:

--- Start /etc/wpa_supplicant/wpa_supplicant.conf ---
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
eapol_version=1
ap_scan=0
fast_reauth=0

network={
        scan_ssid=0
        ssid="WLAN"
        key_mgmt=WPA-PSK
        proto=WPA2 WPA
        pairwise=CCMP TKIP
        group=CCMP TKIP
        psk="..."
        priority=2
}
--- End /etc/wpa_supplicant/wpa_supplicant.conf ---

--- Start /etc/sysconfig/wpa_supplicant ---
# wlan0 and wifi0
# INTERFACES="-iwlan0 -iwifi0"
INTERFACES="-iwlan0"
# ndiswrapper and prism
# DRIVERS="-Dndiswrapper -Dprism"
DRIVERS="-Dwext"
--- End /etc/sysconfig/wpa_supplicant ---

After a reboot, WLAN with connect to the access point came up, but
connecting via IP wasn't possible...I had to do a network restart. So I
just put the following

--- Start ---
/etc/init.d/network stop
sleep 2
/etc/init.d/network start
sleep 2
/etc/init.d/ntpd restart
--- End ---

at the end of /etc/rc.local to get this automatically work. As ntpd in
Fedora 7 seems to dislike a network restart somehow, I also had to restart
it. Please notice, the sleeps are required, otherwise stuff will fail and
you need another and another restart of these services.

Finally there was another problem, but this seems more general: I was
forced to turn on SSID broadcasting at the access point otherwise no
connect to the WLAN was possible. It looks like the software is only able
to handle responses from SSID broadcast requests. Strange is, when SSID
broadcasting is disabled it works when using KNetworkManager. Hum? Okay,
I'll ignore this so far. Just enabled SSID broadcasting and reduced the
signal strength.

Ush. It took me hours to get WLAN working with a secure setup at Fedora -
it took me minutes to get the equivalent secure setup working at a Windows
system...something goes wrong here. And you can be sure, the next guy
telling me "You just have to do XYZ to get your WLAN working" will get
slapped personally until he cries :)

Greetings,
  Robert