EAP-TLS example not working

[gubertoli]

I think this issue is the same as #420

Hi,

I am testing the mininet-wifi eap-tls example (mn version 2.6 in a Ubuntu 22.04 VM with wpa_cli and hostapd_cli v2.11-devel), but the current example is not running as expected by the example README.md:

Then run as follows

sudo -E python eap-tls-auth.py

Try the following experiments
       mininet-wifi> sta1 ping sta2 

If the ping succeeded you're in good shape.

The current output:

~/mininet-wifi$ sudo -E python examples/eap-tls/eap-tls-auth.py 
*** Creating nodes
*** Configuring nodes
*** Associating Stations
*** Starting network
*** Adding openflow wireless rule : 
*** Try the following at the CLI 
sta1 ping sta2 
/tmp/debug*.txt and /tmp/hostapd.txt contain logs 
cat /var/log/syslog | grep hostapd shows you if the authentication succeeded
*** Starting CLI:
mininet-wifi> sta1 ping sta2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
From 10.0.0.1 icmp_seq=1 Destination Host Unreachable
From 10.0.0.1 icmp_seq=2 Destination Host Unreachable
From 10.0.0.1 icmp_seq=3 Destination Host Unreachable
From 10.0.0.1 icmp_seq=4 Destination Host Unreachable
^C

Only the /tmp/hostapd.txt is being generated, there is no /tmp/debug*.txt, also no entries for hostap in the /var/log/syslog. I tried the changes related to this PR #268, it fixes the problem of requiring to run from mininet-wifi root folder. But the behavior is the same.

What I tried:

• to create a digital certificate for each client (instead of using the same for sta1 and sta2), but it also did not solve the problem.
• changed identity to the specific commonName of certificates
• changed eap_users file to the specific identity of sta1 and sta2
• changed client_isolation=True to client_isolation=False for ap1
• removed eapol_version=2, eapol_version, and eap_message

Please, any other ideas?

[ramonfontes]

https://github.com/intrig-unicamp/mininet-wifi/commit/98ff896b28843659e7e0adbf61f8f375227e21eb fixes the issue. Please note that you have to generate the certs with https://github.com/intrig-unicamp/mininet-wifi/blob/master/examples/eap-tls/CA/gencerts.sh.

[gubertoli]

Thanks @ramonfontes, with those changes it is working now - stations ping each other.

Just an additional comment, based on https://github.com/intrig-unicamp/mininet-wifi/commit/98ff896b28843659e7e0adbf61f8f375227e21eb, the /tmp/debug*.txt files are not being generated.

I tested with the following change from PR #268, and it also works for generating those files:

From:

wpasup_flags='-dd > /tmp/debug1.txt',
wpasup_flags='-dd > /tmp/debug2.txt',

To:

wpasup_flags='-dd -f /tmp/debug1.txt',
wpasup_flags='-dd -f /tmp/debug2.txt',

[ramonfontes]

https://github.com/intrig-unicamp/mininet-wifi/commit/336d8ba0787a46360c97d6540497438be2fef6f3 fixes that! Thank you :)

Btw, please feel free to submit PRs.