Open jasonsansone opened 6 months ago
jasonsansone
commented
6 months ago Update:
I upgraded to 23.09.1 and changed to using the method detailed here. However, wpa_cli status reports "connecting" and "unauthorized". The exact same hardware and certs authenticate fine on 22.05 using the old pfatt wpa_supplicant script. Any recommendations?
jasonsansone
commented
6 months ago Here is the syslog output:
Dec 23 08:38:29 pfsense pfatt[63277]: starting wpa_supplicant... Dec 23 08:38:29 pfsense wpa_supplicant[63663]: Successfully initialized wpa_supplicant Dec 23 08:38:33 pfsense pfatt[71584]: wpa_supplicant running on PID 70876... Dec 23 08:38:33 pfsense pfatt[72244]: setting wpa_supplicant network configuration... Dec 23 08:38:33 pfsense wpa_supplicant[70876]: igb0: Associated with 01:80:c2:00:00:03 Dec 23 08:38:33 pfsense wpa_supplicant[70876]: igb0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0 Dec 23 08:39:34 pfsense wpa_supplicant[70876]: igb0: CTRL-EVENT-EAP-FAILURE EAP authentication failed Dec 23 08:39:48 pfsense wpa_supplicant[70876]: igb0: CTRL-EVENT-EAP-STARTED EAP authentication started
And here is the output from wpa_cli status:
`wpa_cli status Selected interface 'igb0' bssid=01:80:c2:00:00:03 freq=0 ssid= id=0 mode=station pairwise_cipher=NONE group_cipher=NONE key_mgmt=IEEE 802.1X (no WPA) wpa_state=ASSOCIATED address=74:8a:0d:5f:be:21 Supplicant PAE state=CONNECTING suppPortStatus=Unauthorized EAP state=IDLE uuid=666db3f9-54bb-5d96-8859-3fd4bbaa9546
wpa_cli status Selected interface 'igb0' bssid=01:80:c2:00:00:03 freq=0 ssid= id=0 mode=station pairwise_cipher=NONE group_cipher=NONE key_mgmt=IEEE 802.1X (no WPA) wpa_state=ASSOCIATED address=74:8a:0d:5f:be:21 Supplicant PAE state=HELD suppPortStatus=Unauthorized EAP state=FAILURE uuid=666db3f9-54bb-5d96-8859-3fd4bbaa9546`
I have never been able to update past 22.05, but previously didn't have the time to extensively debug the issue. I am also starting to care more as I don't want to be running an unpatched, insecure system indefinitely. I am using the supplicant method which works great on 22.05. Certs are extracted from my BGW210, not purchased. Here is what happens if I execute the script manually in 23.01.
pfatt 59368 - - starting pfatt... pfatt 59524 - - resetting netgraph... pfatt 60893 - - creating vlan node and ngeth0 interface... pfatt 61867 - - enabling promisc for igb0... pfatt 63602 - - starting wpa_supplicant... pfatt 63884 - - terminating existing wpa_supplicant on PID 42344... pfatt 76978 - - wpa_supplicant running on PID 76616... pfatt 77163 - - setting wpa_supplicant network configuration... pfatt 87692 - - waiting for EAP authorization... pfatt 17137 - - EAP authorization completed... pfatt 17614 - - no IP address assigned, force restarting DHCP... dhclient not running? (check /var/run/dhclient/dhclient.ngeth0.pid). DHCPREQUEST on ngeth0 to 255.255.255.255 port 67 DHCPREQUEST on ngeth0 to 255.255.255.255 port 67 DHCPDISCOVER on ngeth0 to 255.255.255.255 port 67 interval 6 DHCPDISCOVER on ngeth0 to 255.255.255.255 port 67 interval 13 My address (104.62.redacted) was re-added DHCPDISCOVER on ngeth0 to 255.255.255.255 port 67 interval 12 My address (104.62.redacted) was deleted, dhclient exiting pfatt 67484 - - IP address is ... pfatt 67576 - - ngeth0 should now be available to configure as your WAN... pfatt 74890 - - set mac address on ngeth0...I never get an IP and the WAN remains down. Does anyone have any thoughts? My pfatt script is attached. pfatt.txt