Hi,
We're experiencing a couple of strange problems getting a Linksys WRT54G 802.11g AP (latest firmware, have also tried previous) working in WPA mode (WPA certified device) against FreeRADIUS (currently an 8.3 Snapshot release). The authentication mode in use is EAP-TLS and the supplicant is a Windows XP machine, latest service packs etc, set to WPA w/ TKIP mode.
The RADIUS debug output showed that FreeRADIUS complained about an incorrectly configured shared secret, but it only did this for each second Access-Request packet received during one authentication attempt - the first packet passed the corresponding check.
We reconfigured the Linksys AP to use a Windows 2000 server running Microsoft IAS RADIUS server. We installed another client certificate on the supplicant machine and authentication succeeded in WPA w/ TKIP mode.
As a next step, we patched the FreeRADIUS source code and disabled the check for the validity of the secret/message authenticator and tried again.
This time the conversation did not stop after the 2nd Access-Request packet but went further, but did not complete (was finally rejected) as well.
We then took traces with Ethereal and compared every single parameter of the trace taken during authentication against the W2K server with the trace taken when authenticating against FreeRADIUS. What we found was a difference in the TLS session initialisation between the supplicant and the client. When authenticating against the FreeRADIUS server, the 2nd Access-Request packet contained a "SSL Record Layer: Client Hello", which is a backward compatibility option in TLS, but according to the EAP-TLS specification not allowed and therefore not accepted by the FreeRADIUS server. The corresponding packet in the authentication attempt against the W2K server contains a "TLS Record: Client Hello". Note "TLS", not "SSL" with Win2K.
The only differences between the two authentication attempts are: - different certificates (from different CAs) used on the supplicant - Access-Point authenticating against a FreeRADIUS server vs. a W2K server
Please see the two ascii-exported Ethereal traces at the end of this message.
In summary, we have two issues with the Linksys:
1. The weird behaviour with the invalid shared secret for the 2nd packet sent from the AP to the FreeRADIUS server.
2. If FreeRADIUS is configured to ignore the first issue, we get a wrong SSL Record instead of the corresponding TLS Record client hello. The supplicant which fails to authenticate via the Linksys can authenticate fine through another (e.g. SMC, although not "WPA certified") AP, which points to the same RADIUS server as the Linksys.
We don't really understand why a supplicant should try to use the SSL option against one RADIUS server (FreeRADIUS), and the correct TLS option against another (Win2K). It's possible that the packet is being modified somewhere in transit (although both successful and non-successful APs are one NAT segment away from the RADIUS server so we've ruled NAT out as a cause), but we can't really understand where this might happen.
Does anyone have any ideas what could cause this, or has anyone see similar behaviour with FreeRADIUS?
Thanks in advance for any help you can offer,
Best wishes,
Sam
Appendices:
1. WinXP supplicant WPA/TKIP, Linksys WRT54G AP, FreeRADIUS Ethereal trace
2. WinXP supplicatn WPA/TKIP, Linksys WRT54G AP, Win2K RADIUS Ethereal trace
*** Begin FreeRADIUS Ethereal Trace ***
No. Time Source Destination Protocol Info
1 0.000000 10.0.0.6 213.133.110.66 RADIUS Access Request(1) (id=0, l=151)
Frame 1 (193 bytes on wire, 193 bytes captured)
Arrival Time: Jun 17, 2004 15:25:36.226168000
Time delta from previous packet: 0.000000000 seconds
Time since reference or first frame: 0.000000000 seconds
Frame Number: 1
Packet Length: 193 bytes
Capture Length: 193 bytes
Ethernet II, Src: 00:06:25:ea:5a:b3, Dst: 00:90:d0:32:57:46
Destination: 00:90:d0:32:57:46 (ThomsonB_32:57:46)
Source: 00:06:25:ea:5a:b3 (LinksysG_ea:5a:b3)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.0.0.6 (10.0.0.6), Dst Addr: 213.133.110.66 (213.133.110.66)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 179
Identification: 0xee38 (60984)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xfe33 (correct)
Source: 10.0.0.6 (10.0.0.6)
Destination: 213.133.110.66 (213.133.110.66)
User Datagram Protocol, Src Port: 4364 (4364), Dst Port: radius (1812)
Source port: 4364 (4364)
Destination port: radius (1812)
Length: 159
Checksum: 0xefd5 (correct)
Radius Protocol
Code: Access Request (1)
Packet identifier: 0x0 (0)
Length: 151
Authenticator: 0xDC3F28A8000000000000000000000000
Attribute value pairs
t:User Name(1) l:21, Value:"[EMAIL PROTECTED]"
t:NAS IP Address(4) l:6, Value:10.0.0.6
t:Called Station Id(30) l:14, Value:"000625e8452e"
t:Calling Station Id(31) l:14, Value:"000423774ceb"
t:NAS identifier(32) l:14, Value:"000625e8452e"
t:NAS Port(5) l:6, Value:208
t:Framed MTU(12) l:6, Value:1400
t:NAS Port Type(61) l:6, Value:Wireless IEEE 802.11(19)
t:EAP Message(79) l:26
Extensible Authentication Protocol
Code: Response (2)
Id: 0
Length: 24
Type: Identity [RFC2284] (1)
Identity (19 bytes): [EMAIL PROTECTED]
t:Message Authenticator(80) l:18, Value:3475ADB411817C907526774CE0BAF903
No. Time Source Destination Protocol Info
2 0.036862 213.133.110.66 10.0.0.6 RADIUS Access challenge(11) (id=0, l=64)
Frame 2 (106 bytes on wire, 106 bytes captured)
Arrival Time: Jun 17, 2004 15:25:36.263030000
Time delta from previous packet: 0.036862000 seconds
Time since reference or first frame: 0.036862000 seconds
Frame Number: 2
Packet Length: 106 bytes
Capture Length: 106 bytes
Ethernet II, Src: 00:90:d0:32:57:46, Dst: 00:06:25:ea:5a:b3
Destination: 00:06:25:ea:5a:b3 (LinksysG_ea:5a:b3)
Source: 00:90:d0:32:57:46 (ThomsonB_32:57:46)
Type: IP (0x0800)
Internet Protocol, Src Addr: 213.133.110.66 (213.133.110.66), Dst Addr: 10.0.0.6 (10.0.0.6)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 92
Identification: 0x0000 (0)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 53
Protocol: UDP (0x11)
Header checksum: 0xf7c3 (correct)
Source: 213.133.110.66 (213.133.110.66)
Destination: 10.0.0.6 (10.0.0.6)
User Datagram Protocol, Src Port: radius (1812), Dst Port: 4364 (4364)
Source port: radius (1812)
Destination port: 4364 (4364)
Length: 72
Checksum: 0x6499 (correct)
Radius Protocol
Code: Access challenge (11)
Packet identifier: 0x0 (0)
Length: 64
Authenticator: 0xD4104CB388C69804379DD050BC2D0318
Attribute value pairs
t:EAP Message(79) l:8
Extensible Authentication Protocol
Code: Request (1)
Id: 1
Length: 6
Type: EAP-TLS [RFC2716] [Aboba] (13)
Flags(0x20): Start
t:Message Authenticator(80) l:18, Value:36AFCFF63A273D244DDA3FF03A5CB41B
t:State(24) l:18, Value:CF397D01CFDDF9397AB0420AF4D49A69
No. Time Source Destination Protocol Info
3 0.178265 10.0.0.6 213.133.110.66 RADIUS Access Request(1) (id=0, l=225)
Frame 3 (267 bytes on wire, 267 bytes captured)
Arrival Time: Jun 17, 2004 15:25:36.404433000
Time delta from previous packet: 0.141403000 seconds
Time since reference or first frame: 0.178265000 seconds
Frame Number: 3
Packet Length: 267 bytes
Capture Length: 267 bytes
Ethernet II, Src: 00:06:25:ea:5a:b3, Dst: 00:90:d0:32:57:46
Destination: 00:90:d0:32:57:46 (ThomsonB_32:57:46)
Source: 00:06:25:ea:5a:b3 (LinksysG_ea:5a:b3)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.0.0.6 (10.0.0.6), Dst Addr: 213.133.110.66 (213.133.110.66)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 253
Identification: 0xee39 (60985)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xfde8 (correct)
Source: 10.0.0.6 (10.0.0.6)
Destination: 213.133.110.66 (213.133.110.66)
User Datagram Protocol, Src Port: 4364 (4364), Dst Port: radius (1812)
Source port: 4364 (4364)
Destination port: radius (1812)
Length: 233
Checksum: 0xb89c (correct)
Radius Protocol
Code: Access Request (1)
Packet identifier: 0x0 (0)
Length: 225
Authenticator: 0x31191DD9000000000000000000000000
Attribute value pairs
t:User Name(1) l:21, Value:"[EMAIL PROTECTED]"
t:NAS IP Address(4) l:6, Value:10.0.0.6
t:Called Station Id(30) l:14, Value:"000625e8452e"
t:Calling Station Id(31) l:14, Value:"000423774ceb"
t:NAS identifier(32) l:14, Value:"000625e8452e"
t:NAS Port(5) l:6, Value:208
t:Framed MTU(12) l:6, Value:1400
t:State(24) l:18, Value:CF397D01CFDDF9397AB0420AF4D49A69
t:NAS Port Type(61) l:6, Value:Wireless IEEE 802.11(19)
t:EAP Message(79) l:82
Extensible Authentication Protocol
Code: Response (2)
Id: 1
Length: 80
Type: EAP-TLS [RFC2716] [Aboba] (13)
Flags(0x80): Length
Length: 70
Secure Socket Layer
SSL Record Layer: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 65
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 61
Version: TLS 1.0 (0x0301)
Random.gmt_unix_time: Jun 17, 2004 15:19:48.000000000
Random.bytes
Session ID Length: 0
Cipher Suites Length: 22
Cipher Suites (11 suites)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_RC4_56_SHA (0x0064)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x0062)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x0006)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)
Cipher Suite: TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA (0x0063)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
t:Message Authenticator(80) l:18, Value:12A0437E75E2AD6F530190A585A543B0
*** End FreeRADIUS Ethereal Trace ***
*** Begin Win2K RADIUS Ethereal Trace ***
No. Time Source Destination Protocol Info
1 0.000000 10.0.0.32 10.0.0.16 RADIUS Access Request(1) (id=0, l=147)
Frame 1 (189 bytes on wire, 189 bytes captured)
Arrival Time: Jun 17, 2004 15:56:03.675186000
Time delta from previous packet: 0.000000000 seconds
Time since reference or first frame: 0.000000000 seconds
Frame Number: 1
Packet Length: 189 bytes
Capture Length: 189 bytes
Ethernet II, Src: 00:04:e2:af:9d:c1, Dst: 00:0a:e6:2d:96:54
Destination: 00:0a:e6:2d:96:54 (Elitegro_2d:96:54)
Source: 00:04:e2:af:9d:c1 (SmcNetwo_af:9d:c1)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.0.0.32 (10.0.0.32), Dst Addr: 10.0.0.16 (10.0.0.16)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 175
Identification: 0x34bb (13499)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 63
Protocol: UDP (0x11)
Header checksum: 0xf253 (correct)
Source: 10.0.0.32 (10.0.0.32)
Destination: 10.0.0.16 (10.0.0.16)
User Datagram Protocol, Src Port: 4399 (4399), Dst Port: radius (1812)
Source port: 4399 (4399)
Destination port: radius (1812)
Length: 155
Checksum: 0xfdb4 (correct)
Radius Protocol
Code: Access Request (1)
Packet identifier: 0x0 (0)
Length: 147
Authenticator: 0x69BA6E37000000000000000000000000
Attribute value pairs
t:User Name(1) l:19, Value:"[EMAIL PROTECTED]"
t:NAS IP Address(4) l:6, Value:192.168.3.151
t:Called Station Id(30) l:14, Value:"000625e8452e"
t:Calling Station Id(31) l:14, Value:"000423774ceb"
t:NAS identifier(32) l:14, Value:"000625e8452e"
t:NAS Port(5) l:6, Value:208
t:Framed MTU(12) l:6, Value:1400
t:NAS Port Type(61) l:6, Value:Wireless IEEE 802.11(19)
t:EAP Message(79) l:24
Extensible Authentication Protocol
Code: Response (2)
Id: 0
Length: 22
Type: Identity [RFC2284] (1)
Identity (17 bytes): [EMAIL PROTECTED]
t:Message Authenticator(80) l:18, Value:8C22676D8C6FA9A57E8D860A5D3EEE33
No. Time Source Destination Protocol Info
2 0.205513 10.0.0.16 10.0.0.32 RADIUS Access challenge(11) (id=0, l=76)
Frame 2 (118 bytes on wire, 118 bytes captured)
Arrival Time: Jun 17, 2004 15:56:03.880699000
Time delta from previous packet: 0.205513000 seconds
Time since reference or first frame: 0.205513000 seconds
Frame Number: 2
Packet Length: 118 bytes
Capture Length: 118 bytes
Ethernet II, Src: 00:0a:e6:2d:96:54, Dst: 00:04:e2:af:9d:c1
Destination: 00:04:e2:af:9d:c1 (SmcNetwo_af:9d:c1)
Source: 00:0a:e6:2d:96:54 (Elitegro_2d:96:54)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.0.0.16 (10.0.0.16), Dst Addr: 10.0.0.32 (10.0.0.32)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 104
Identification: 0x500e (20494)
Flags: 0x00
0... = Reserved bit: Not set
.0.. = Don't fragment: Not set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: UDP (0x11)
Header checksum: 0xd647 (correct)
Source: 10.0.0.16 (10.0.0.16)
Destination: 10.0.0.32 (10.0.0.32)
User Datagram Protocol, Src Port: radius (1812), Dst Port: 4399 (4399)
Source port: radius (1812)
Destination port: 4399 (4399)
Length: 84
Checksum: 0x415b (correct)
Radius Protocol
Code: Access challenge (11)
Packet identifier: 0x0 (0)
Length: 76
Authenticator: 0x07088A8C1DC6F7899DBCBBF807EAF2E7
Attribute value pairs
t:Session Timeout(27) l:6, Value:30
t:EAP Message(79) l:8
Extensible Authentication Protocol
Code: Request (1)
Id: 1
Length: 6
Type: EAP-TLS [RFC2716] [Aboba] (13)
Flags(0x20): Start
t:State(24) l:24, Value:047B00570000013700010A0000100000000200000001
t:Message Authenticator(80) l:18, Value:51BE0B28682132CBD792708367E1F25A
No. Time Source Destination Protocol Info
3 0.254093 10.0.0.32 10.0.0.16 RADIUS Access Request(1) (id=0, l=229)
Frame 3 (271 bytes on wire, 271 bytes captured)
Arrival Time: Jun 17, 2004 15:56:03.929279000
Time delta from previous packet: 0.048580000 seconds
Time since reference or first frame: 0.254093000 seconds
Frame Number: 3
Packet Length: 271 bytes
Capture Length: 271 bytes
Ethernet II, Src: 00:04:e2:af:9d:c1, Dst: 00:0a:e6:2d:96:54
Destination: 00:0a:e6:2d:96:54 (Elitegro_2d:96:54)
Source: 00:04:e2:af:9d:c1 (SmcNetwo_af:9d:c1)
Type: IP (0x0800)
Internet Protocol, Src Addr: 10.0.0.32 (10.0.0.32), Dst Addr: 10.0.0.16 (10.0.0.16)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 257
Identification: 0x34bc (13500)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 64
Protocol: UDP (0x11)
Header checksum: 0xf100 (correct)
Source: 10.0.0.32 (10.0.0.32)
Destination: 10.0.0.16 (10.0.0.16)
User Datagram Protocol, Src Port: 4399 (4399), Dst Port: radius (1812)
Source port: 4399 (4399)
Destination port: radius (1812)
Length: 237
Checksum: 0x8a98 (correct)
Radius Protocol
Code: Access Request (1)
Packet identifier: 0x0 (0)
Length: 229
Authenticator: 0xD60D171B000000000000000000000000
Attribute value pairs
t:User Name(1) l:19, Value:"[EMAIL PROTECTED]"
t:NAS IP Address(4) l:6, Value:192.168.3.151
t:Called Station Id(30) l:14, Value:"000625e8452e"
t:Calling Station Id(31) l:14, Value:"000423774ceb"
t:NAS identifier(32) l:14, Value:"000625e8452e"
t:NAS Port(5) l:6, Value:208
t:Framed MTU(12) l:6, Value:1400
t:State(24) l:24, Value:047B00570000013700010A0000100000000200000001
t:NAS Port Type(61) l:6, Value:Wireless IEEE 802.11(19)
t:EAP Message(79) l:82
Extensible Authentication Protocol
Code: Response (2)
Id: 1
Length: 80
Type: EAP-TLS [RFC2716] [Aboba] (13)
Flags(0x80): Length
Length: 70
Secure Socket Layer
TLS Record Layer: Client Hello
Content Type: Handshake (22)
Version: TLS 1.0 (0x0301)
Length: 65
Handshake Protocol: Client Hello
Handshake Type: Client Hello (1)
Length: 61
Version: TLS 1.0 (0x0301)
Random.gmt_unix_time: Jun 17, 2004 15:50:16.000000000
Random.bytes
Session ID Length: 0
Cipher Suites Length: 22
Cipher Suites (11 suites)
Cipher Suite: TLS_RSA_WITH_RC4_128_MD5 (0x0004)
Cipher Suite: TLS_RSA_WITH_RC4_128_SHA (0x0005)
Cipher Suite: TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000a)
Cipher Suite: TLS_RSA_WITH_DES_CBC_SHA (0x0009)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_RC4_56_SHA (0x0064)
Cipher Suite: TLS_RSA_EXPORT1024_WITH_DES_CBC_SHA (0x0062)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC4_40_MD5 (0x0003)
Cipher Suite: TLS_RSA_EXPORT_WITH_RC2_CBC_40_MD5 (0x0006)
Cipher Suite: TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA (0x0013)
Cipher Suite: TLS_DHE_DSS_WITH_DES_CBC_SHA (0x0012)
Cipher Suite: TLS_DHE_DSS_EXPORT1024_WITH_DES_CBC_SHA (0x0063)
Compression Methods Length: 1
Compression Methods (1 method)
Compression Method: null (0)
t:Message Authenticator(80) l:18, Value:29A2228E9EE5A23836D447876C57E669
*** End Win2K RADIUS Ethereal Trace ***
-- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
