problems with corporate WPA2 encrypted network

[jllocutus]

thanks a lot for the driver. Unfortunately I can not connect with it to an wpa2 encrypted network. AP is seen and authorization worked, but connection is not established (OS: Ubuntu 13.04)

[yzhernand]

Funny: I can connect to a corporate WPA2 network, but the connection seems to flake a bit every minute or so. Network traffic stops for around 10 seconds or so before it resumes.

Maybe these issues are related?

Edit: I am on Ubuntu 12.10, 64-bit

[lwfinger]

Is that corporate network WPA2 Enterprise, or is it WPA2-PSK?

As you probably know, I have no access to any RTL8723AU devices. As a result, I will need detailed diagnostics before I would be able to make any fixes. Any info found in the output of the dmesg command would be a start.

Another driver that is derived from the same general code base is for the RTL8192DU. It connects with WPA2-PSK, and stays connected for hours.

[jllocutus]

@yzhernand : maybe, what kind of encryption you are using 802.1? with TLIP or AES or? @lwfinger: we use WPA2 with AES128 and RADIUS Authentification. Which detailed diagnostics data do you need and how could I get them? On connection try, no message was written to /var/log/dmesg on Ubuntu 13.04. in the /var/log/syslog I found: NetworkManager ... 4-way handshake complete IW_SCAN_THIS_ESSID, ssid=..., len=7 wlan0: Association request to the driver failed Where can I find the driver of the RTL8192DU?

[yzhernand]

@lwfinger For me, Network Manager sees it as "WPA2 Enterprise".

@jllocutus I'm using PEAP with MSCHAPv2 for inner authentication. I've got the output for my log and it looks like a different problem than yours. I can open a new bug report to avoid hijacking this one.

[lwfinger]

@jllocutus The RTL8192DU driver is at http://github.com/lwfinger/rtl8192du.git.. There are two of us active in development of that driver. Whatever changes and/or bug fixes that are applicable to the 8723 are made to that driver as well.

I have not set up a RADIUS server and all testing on similar drivers is with WPA2-PSK. That does test the encryption code; however, the handshaking is certainly different.

[jllocutus]

Do we have the chance to make the driver work with enterprise WPA2? which information do you need from which log files/commands?

[jllocutus]

with colleagues from WLAN we found, that the authentication gives always an error. Username and password are correct, so that I assume that the device driver does not support the AES encryption of the users password. If I tail -f the /var/log/syslog on ubuntu 13.04 there are many "kernel: [..] RTL8723AU...-messages

[lwfinger]

You need to post those "many" messages somewhere in a pastebin. In addition, I would change the startup so that both NetworkManager and wpa-supplicant run with maximum debugging and also post those logs.

I just got a new version of the driver from Realtek, and I am currently applying the differences to the one at GitHub. I have no idea if that will make a difference.

[jllocutus]

is the new version already available for download? How should I chnage the debugging for NetworkManager and wpa-supplicant?

[tmclaugh]

Just a heads up that I'm using WPA2 enterprise with PEAP and MSCHAPV2 here at work. Connected just fine. I have no root CA setup for this connection if that makes any sort of difference. Let me know if there's more I can provide.

May 22 10:29:48 tomcat kernel: [ 1998.334520] RTL8723AU: rtl8723a_FirmwareDownload accquire FW from embedded image May 22 10:29:48 tomcat kernel: [ 1998.334524] RTL8723AU: rtl8723a_FirmwareDownload: fw_ver=30 fw_subver=0 sig=0x2302 May 22 10:29:48 tomcat kernel: [ 1998.363494] RTL8723AU: rtl8723a_FirmwareDownload Exit rtw_mfree pFirmware ! May 22 10:29:48 tomcat kernel: [ 1998.363499] RTL8723AU: rtl8723a_FirmwareDownload Exit rtw_mfree pBTFirmware ! May 22 10:29:48 tomcat kernel: [ 1998.363500] RTL8723AU: fw download ok! May 22 10:29:48 tomcat kernel: [ 1998.363502] RTL8723AU: Set RF Chip ID to RF_6052 and RF type to 1T1R. May 22 10:29:49 tomcat kernel: [ 1998.694401] RTL8723AU: pdmpriv->TxPowerTrackControl = 1 May 22 10:29:49 tomcat kernel: [ 1998.699018] RTL8723AU: rtl8723au_hal_init in 435ms May 22 10:29:49 tomcat kernel: [ 1998.699212] RTL8723AU: pHalData->IntrMask = 0x0000 May 22 10:29:49 tomcat kernel: [ 1998.699532] RTL8723AU: <=== rtw_ips_pwr_up.............. in 436ms May 22 10:29:49 tomcat kernel: [ 1998.699537] RTL8723AU: ERROR nolinked power save leave May 22 10:29:49 tomcat kernel: [ 1998.699643] RTL8723AU: ==> ips_leave.....LED(0x00e28282)... May 22 10:29:49 tomcat NetworkManager[594]: (enp0s26u1u4i2): supplicant interface state: inactive -> scanning May 22 10:29:50 tomcat kernel: [ 2000.058584] RTL8723AU: survey done event(23) May 22 10:29:50 tomcat kernel: [ 2000.061563] RTL8723AU: wpa_set_auth_algs, AUTH_ALG_OPEN_SYSTEM May 22 10:29:50 tomcat kernel: [ 2000.061577] RTL8723AU: set_mode = IW_MODE_INFRA May 22 10:29:50 tomcat kernel: [ 2000.061606] RTL8723AU: May 22 10:29:50 tomcat kernel: [ 2000.061606] wpa_ie(length:22): May 22 10:29:50 tomcat kernel: [ 2000.061613] RTL8723AU: 0x30 0x14 0x01 0x00 0x00 0x0f 0xac 0x04 May 22 10:29:50 tomcat kernel: [ 2000.061617] RTL8723AU: 0x01 0x00 0x00 0x0f 0xac 0x04 0x01 0x00 May 22 10:29:50 tomcat kernel: [ 2000.061621] RTL8723AU: 0x00 0x0f 0xac 0x01 0x00 0x00 0x00 0x00 May 22 10:29:50 tomcat kernel: [ 2000.061644] RTL8723AU: =>rtw_wx_set_essid May 22 10:29:50 tomcat kernel: [ 2000.061648] RTL8723AU: ssid=HS-BOS-Corp, len=11 May 22 10:29:50 tomcat kernel: [ 2000.061655] RTL8723AU: ERROR set ssid [HS-BOS-Corp] fw_state = 0x00000008 May 22 10:29:50 tomcat kernel: [ 2000.061658] RTL8723AU: Set SSID under fw_state = 0x00000008 May 22 10:29:50 tomcat kernel: [ 2000.061666] RTL8723AU: [by_bssid:0][assoc_ssid:HS-BOS-Corp][to_roaming:0] new candidate: HS-BOS-Corp(cc:d5:39:88:bb:10) rssi:-62 May 22 10:29:50 tomcat kernel: [ 2000.061675] RTL8723AU: rtw_select_and_join_from_scanned_queue: candidate: HS-BOS-Corp(cc:d5:39:88:bb:10) May 22 10:29:50 tomcat kernel: [ 2000.061686] RTL8723AU: link to Cisco AP May 22 10:29:50 tomcat kernel: [ 2000.061691] RTL8723AU: <=rtw_wx_set_essid, ret 0 May 22 10:29:50 tomcat kernel: [ 2000.061703] RTL8723AU: ERROR set bssid:68:86:a7:30:43:80 May 22 10:29:50 tomcat kernel: [ 2000.061706] RTL8723AU: Set BSSID under fw_state = 0x00000088 May 22 10:29:50 tomcat kernel: [ 2000.064345] RTL8723AU: update_mgnt_tx_rate(): rate = 2 May 22 10:29:50 tomcat NetworkManager[594]: (enp0s26u1u4i2): supplicant interface state: scanning -> associating May 22 10:29:50 tomcat kernel: [ 2000.103779] RTL8723AU: link to Cisco AP May 22 10:29:50 tomcat kernel: [ 2000.103818] RTL8723AU: issue_deauth to cc:d5:39:88:bb:10 May 22 10:29:50 tomcat kernel: [ 2000.103836] RTL8723AU: ERROR start auth May 22 10:29:50 tomcat kernel: [ 2000.103844] RTL8723AU: issue_auth May 22 10:29:50 tomcat kernel: [ 2000.134910] RTL8723AU: OnAuthClient May 22 10:29:50 tomcat kernel: [ 2000.134949] RTL8723AU: ERROR auth success, start assoc May 22 10:29:50 tomcat kernel: [ 2000.134974] RTL8723AU: network.SupportedRates[0]=12 May 22 10:29:50 tomcat kernel: [ 2000.134983] RTL8723AU: network.SupportedRates[1]=96 May 22 10:29:50 tomcat kernel: [ 2000.134990] RTL8723AU: network.SupportedRates[2]=18 May 22 10:29:50 tomcat kernel: [ 2000.135004] RTL8723AU: network.SupportedRates[3]=24 May 22 10:29:50 tomcat kernel: [ 2000.135011] RTL8723AU: network.SupportedRates[4]=30 May 22 10:29:50 tomcat kernel: [ 2000.135017] RTL8723AU: network.SupportedRates[5]=48 May 22 10:29:50 tomcat kernel: [ 2000.135025] RTL8723AU: network.SupportedRates[6]=60 May 22 10:29:50 tomcat kernel: [ 2000.135033] RTL8723AU: network.SupportedRates[7]=6C May 22 10:29:50 tomcat kernel: [ 2000.135041] RTL8723AU: bssrate_len = 8 May 22 10:29:50 tomcat kernel: [ 2000.142991] RTL8723AU: OnAssocRsp May 22 10:29:50 tomcat kernel: [ 2000.143043] RTL8723AU: report_join_res(13) May 22 10:29:50 tomcat kernel: [ 2000.143053] RTL8723AU: rtw_joinbss_update_network May 22 10:29:50 tomcat kernel: [ 2000.143063] RTL8723AU: +rtw_update_ht_cap() May 22 10:29:50 tomcat kernel: [ 2000.143077] RTL8723AU: rtw_joinbss_updatestainfo May 22 10:29:50 tomcat kernel: [ 2000.143084] RTL8723AU: Set STA(0) info May 22 10:29:50 tomcat kernel: [ 2000.143096] RTL8723AU: ERROR assoc success May 22 10:29:50 tomcat kernel: [ 2000.143185] RTL8723AU: HW_VAR_BASIC_RATE: BrateCfg(0x14d) May 22 10:29:50 tomcat kernel: [ 2000.145086] RTL8723AU: WMM(0): 0, a42b May 22 10:29:50 tomcat kernel: [ 2000.145205] RTL8723AU: WMM(1): 0, a44f May 22 10:29:50 tomcat kernel: [ 2000.145327] RTL8723AU: WMM(2): 0, 5e4322 May 22 10:29:50 tomcat kernel: [ 2000.145458] RTL8723AU: WMM(3): 0, 2f3222 May 22 10:29:50 tomcat kernel: [ 2000.145469] RTL8723AU: wmm_para_seq(0): 0 May 22 10:29:50 tomcat kernel: [ 2000.145478] RTL8723AU: wmm_para_seq(1): 1 May 22 10:29:50 tomcat kernel: [ 2000.145486] RTL8723AU: wmm_para_seq(2): 2 May 22 10:29:50 tomcat kernel: [ 2000.145494] RTL8723AU: wmm_para_seq(3): 3 May 22 10:29:50 tomcat kernel: [ 2000.145500] RTL8723AU: HTOnAssocRsp May 22 10:29:50 tomcat kernel: [ 2000.145778] RTL8723AU: ERROR send eapol packet May 22 10:29:50 tomcat NetworkManager[594]: (enp0s26u1u4i2): supplicant interface state: associating -> associated May 22 10:29:50 tomcat kernel: [ 2000.151071] UpdateHalRAMask8192CUsb => mac_id:0, networkType:0x0b, mask:0x000fffe8 May 22 10:29:50 tomcat kernel: [ 2000.151071] ==> rssi_level:0, rate_bitmap:0x000ff005 May 22 10:29:50 tomcat kernel: [ 2000.152549] RTL8723AU: rtl8723a_set_FwJoinBssReport_cmd mstatus(1) May 22 10:29:50 tomcat kernel: [ 2000.153297] RTL8723AU: SetFwRsvdPagePkt May 22 10:29:50 tomcat kernel: [ 2000.153317] RTL8723AU: SetFwRsvdPagePkt: Set RSVD page location to Fw May 22 10:29:50 tomcat kernel: [ 2000.154683] RTL8723AU: =>mlmeext_joinbss_event_callback May 22 10:29:50 tomcat kernel: [ 2000.155029] RTL8723AU: ERROR send eapol packet May 22 10:29:50 tomcat kernel: [ 2000.166642] RTL8723AU: ERROR send eapol packet May 22 10:29:50 tomcat kernel: [ 2000.188436] RTL8723AU: ERROR send eapol packet May 22 10:29:50 tomcat kernel: [ 2000.225481] RTL8723AU: ERROR send eapol packet May 22 10:29:50 tomcat kernel: [ 2000.370952] RTL8723AU: ERROR send eapol packet May 22 10:29:50 tomcat kernel: [ 2000.381793] RTL8723AU: ERROR send eapol packet May 22 10:29:50 tomcat kernel: [ 2000.398317] RTL8723AU: ERROR send eapol packet May 22 10:29:50 tomcat kernel: [ 2000.407044] RTL8723AU: ERROR send eapol packet May 22 10:29:50 tomcat kernel: [ 2000.420588] RTL8723AU: ERROR send eapol packet May 22 10:29:50 tomcat kernel: [ 2000.427141] RTL8723AU: ERROR send eapol packet May 22 10:29:51 tomcat kernel: [ 2000.436453] RTL8723AU: ERROR send eapol packet May 22 10:29:51 tomcat kernel: [ 2000.461196] RTL8723AU: [rtw_wx_set_pmkid] IW_PMKSA_ADD! May 22 10:29:51 tomcat kernel: [ 2000.461214] RTL8723AU: [rtw_wx_set_pmkid] Use the new entry index = 0 for this PMKID. May 22 10:29:51 tomcat kernel: [ 2000.463484] RTL8723AU: ERROR send eapol packet May 22 10:29:51 tomcat NetworkManager[594]: (enp0s26u1u4i2): supplicant interface state: associated -> 4-way handshake May 22 10:29:51 tomcat kernel: [ 2000.500977] RTL8723AU: ERROR send eapol packet May 22 10:29:51 tomcat kernel: [ 2000.501044] RTL8723AU: ~~~~set sta key:unicastkey May 22 10:29:51 tomcat kernel: [ 2000.501082] RTL8723AU: ERROR set pairwise key to hw: alg:4(WEP40-1 WEP104-5 TKIP-2 AES-4) camid:4 May 22 10:29:51 tomcat kernel: [ 2000.501226] RTL8723AU: ~~~~set sta key:groupkey May 22 10:29:51 tomcat kernel: [ 2000.501236] RTL8723AU: ==> rtw_set_key algorithm(4), keyid(1), key_mask(2) May 22 10:29:51 tomcat kernel: [ 2000.503539] RTL8723AU: ERROR set group key to hw: alg:4(WEP40-1 WEP104-5 TKIP-2 AES-4) keyid:1 May 22 10:29:51 tomcat NetworkManager[594]: (enp0s26u1u4i2): supplicant interface state: 4-way handshake -> completed May 22 10:29:51 tomcat NetworkManager[594]: Activation (enp0s26u1u4i2/wireless) Stage 2 of 5 (Device Configure) successful. Connected to wireless network 'HS-BOS-Corp'.

[lwfinger]

@jllocutus: I got the new driver from Realtek's private web site. It is not publicly available. I am partway through making the changes to the code and will push it when I'm done and it compiles. Changing the debugging level for NM and wpa-supplicant depends on how your distro sets it up.

@tmclaugh: Thanks for the posting. I wonder about all those " ERROR send eapol packet" messages, but at least it did connect.

[jllocutus]

@lwfinger I uploaded the syslog from ubuntu 13.04 to http://pastebin.com/WPHMhkbf Do you have a tipp for NetworkManager and wpa-supplicant debugging on ubuntu 13.04?

[lwfinger]

@jllocutus Your system is looking for a local certificate and not finding it. Should one be required? Check with your network people. I am not an Ubuntu user and I cannot advise on your distro.

[jllocutus]

@lwfinger on other hardware, ubuntu systems work without the certificate, so I assume, that is not the core problem with the Yoga WLAN driver. Do you see more problems in the log? I will check for debugging NetworkManager and wpa-supplican on ubuntu.

[jllocutus]

@lwfinger I did the step from https://wiki.ubuntu.com/DebuggingNetworkManager to debig nm and wpa-s and found in the log "secret request error: (6) no agents wre available for this request. Does this help anyhow?

[lwfinger]

I just committed the update to v4.1.6_7336.20130426. The commit message is as follows:

commit 3d016617aff190212aa81db9c594dc3e2d1f5728 Author: Larry Finger Larry.Finger@lwfinger.net Date: Mon May 27 15:24:29 2013 -0500

rtl8723au: Upgrade to driver version v4.1.6_7336.20130426

This update replaces the entire source and should be tested. If it fails,
report it and do a "git checkout 4682dce" to return to the previous
version.

Signed-off-by: Larry Finger <Larry.Finger@lwfinger.net>

This version may connect to WPA2-ENTERPRISE networks. If it fails to work at all, note the way to return to the previous source.

Larry

[jllocutus]

@lwfinger unfortunately the new driver does not work in our environment. In the syslog on the ubuntu 12.04 I found: _rtw_join_timeout_handler, fw_state=8 kernel: [ 287.603515] RTL8723AU: ERROR indicate disassoc wpa_supplicant[1003]: wlan0: CTRL-EVENT-DISCONNECTED bssid=00:00:00:00:00:00 reason=0 rtl8723a_set_FwJoinBssReport_cmd mstatus(0) RTL8723AU: ==>rtw_ps_processor .fw_state(8) RTL8723AU: ==>ips_enter cnts:7 RTL8723AU: ERROR nolinked power save enter RTL8723AU: ===> rtw_ips_pwr_down................... RTL8723AU: ====> rtw_ips_dev_unload... [...] Rtl8723_FwUMCBCutImageArrayWithBT for RTL8723A B CUT RTL8723AU: rtl8723a_FirmwareDownload accquire FW from embedded image RTL8723AU: rtl8723a_FirmwareDownload: fw_ver=33 fw_subver=0 sig=0x2302 RTL8723AU: rtl8723a_FirmwareDownload Exit rtw_mfree pFirmware ! RTL8723AU: rtl8723a_FirmwareDownload Exit rtw_mfree pBTFirmware ! RTL8723AU: fw download ok! RTL8723AU: Set RF Chip ID to RF_6052 and RF type to 1T1R. RTL8723AU: pdmpriv->TxPowerTrackControl = 1 RTL8723AU: rtl8723au_hal_init in 464ms RTL8723AU: pHalData->IntrMask = 0x0000 RTL8723AU: <=== rtw_ips_pwr_up.............. in 464ms RTL8723AU: ERROR nolinked power save leave

[tmclaugh]

Updated to latest commit and no issues connecting to company network using WPA2.

[lwfinger]

@jllocutus - I have no idea why your system fails. In addition, I have no idea what is different between your case and that of tmclaugh. To me it appears as if both of you are using WPA2 PEAP with MSCHAPV2. Why one works, and the other does not is a question. Perhaps the RADIUS server logs might offer a clue. Could you have your IT department check them after a failed attempt? In the meantime, I will set up a RADIUS server for testing. Of course, I don't have an RTL8723AU, but the driver for RTL8188EU is similar.

[jllocutus]

@lwfinger I will try to get the information from the network colleagues and come back. A difference to tmclaugh maybe is the AES128 encryption for the RADIUS authentication, but I am not familiar with all these technologies.

[jllocutus]

@lwfinger it is working now. I traced the problem with someone from network and he only saw the reason "no cert for authentication". So also if my other testsystems didn't need a cert for this WLAN, I tried it with a cert and it works. Thank you for your perfect support!