Bug 128496

Summary:	WPA encription not working with Centrino ipw2100
Product:	[openSUSE] SUSE LINUX 10.0	Reporter:	Juergen Mell <juergen.mell>
Component:	Network	Assignee:	Joachim Gleissner <joachim.gleissner>
Status:	VERIFIED FIXED	QA Contact:	E-mail List <qa-bugs>
Severity:	Normal
Priority:	P5 - None	CC:	bon, robert.simai, sabourin.gilles, the.cars.support
Version:	Final
Target Milestone:	---
Hardware:	i686
OS:	Other
Whiteboard:
Found By:	Other	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---
Attachments:	diff for /etc/sysconfig/network/scripts/ifup-wireless

Description Juergen Mell 2005-10-14 18:34:01 UTC

On my ASUS M2400 N notebook the WPA encription is not working with the built-in
Centrino module (the 'old' one which is controlled by the ipw2100 driver). There
is no accesspoint found. WEP is ok.
The problem is in the file /etc/sysconfig/network/scripts/ifup-wireless, where
WIRELESS_AP_SCANMODE is set to "2", which should be "1". After changing this,
everything is working fine.

Comment 1 Juergen Mell 2005-10-14 18:35:04 UTC

Created attachment 54160 [details]
diff for /etc/sysconfig/network/scripts/ifup-wireless

Comment 2 Joachim Gleissner 2005-10-17 14:50:18 UTC

It's intentionally set to "2" for this driver, as I experienced problems when using "1". But it seems to depend on the environment, so we have bad luck here I guess. Maybe a newer wpa_supplicant can fix this. Btw, there's no need to modify ifup-wireless, just add WIRELESS_AP_SCANMODE="1" to your /etc/sysconfig/network/ifcfg-wlan-* file.

Comment 3 Robert Simai 2005-11-15 10:14:02 UTC

Reopened since I don't think that it is feasible for regular users to edit the ifcfg-file. My laptop was also affected (IBM Thinkpad T41p).

Isn't it possible to make YaST to add the line if a ipw2100 is used? And if yes, what would be the timeframe for it? Thanks.

Comment 4 Joachim Gleissner 2005-11-15 11:01:09 UTC

Let YaST add this line is no solution. As I wrote in comment 2, it seems there is no general setting that fits all needs. But there is a newer wpa_supplicant now. Jürgen, are you willing to give it a try?

Comment 5 Robert Simai 2005-11-15 11:18:39 UTC

Concerning YaST, well, you're right, of course.
If you can provide me with a newer wpa_supplicant I'm also willing to test.

Comment 7 Juergen Mell 2005-11-15 17:25:59 UTC

Give me time until the weekend. I will try the new wpa_supplicant and come back to you on Monday.

Comment 8 Juergen Mell 2005-11-15 19:02:52 UTC

Well today must be Monday...
Anyway, I downloaded wpa_supplicant-0.4.6, compiled it (I used most of the options from the defconfig file, changed only to include IPW2100 driver). Unfortunately, the result is the same as before: the program works if WIRELESS_AP_SCANMODE is set to "1" but NOT if it is set to "2". Of course I cannot say whether it now works with "1" for configurations where "2" was required before.
Seems to need another round to go...

Comment 9 Robert Simai 2005-11-15 19:58:03 UTC

Tried with wpa_supplicant-0.4.6-2.1 with no success, result is the same. 

Having WIRELESS_AP_SCANMODE='1' works but omitting the parameter I find ap_scan=2 in /var/run/wpa_supplicant-wlan0.conf and the connection does not work.

If you have some other suggestions or ideas how to debug this I'd be happy to assist.

Comment 10 Joachim Gleissner 2005-11-17 18:23:23 UTC

Robert: What kind of WLAN card are you using?

Jürgen and Robert: Are you using WPA-PSK or WPA-EAP?

Comment 11 Juergen Mell 2005-11-17 18:59:28 UTC

I am using WPA-PSK.

Comment 12 Robert Simai 2005-11-18 08:14:27 UTC

I also use WPA-PSK. 

As I said in comment #3 it's a IBM T41p with centrino chipset where the wlan is built in. lspci shows this:

02:02.0 Network controller: Intel Corporation PRO/Wireless LAN 2100 3B Mini PCI Adapter (rev 04)

Comment 13 Joachim Gleissner 2005-11-18 09:35:05 UTC

Sorry, oversaw this. I've did some tests again with ipw2100 on 10.0, and came to following result: On my system, all tested configurations worked fine with scanmode=2 but failed with scanmode=1, with one exception: A network with open auth, no WEP, and SSID broadcast. Interestingly scanmode=1 always worked after one successful association with scanmode=2. So it really seems to depend on the situation, but we can not fix it to a configuration, as you've expected the problem in a totally different configuration. So regardless what we set the default scanmode to, it will affect users.

Btw, are you using SSID broadcast?

Comment 14 Robert Simai 2005-11-18 09:46:43 UTC

No. For security reasons I do not broadcast the SSID of my network.

Comment 16 Juergen Mell 2005-11-18 13:17:08 UTC

I have my SSID broadcasted but access to the router (accesspoint) is limited to the MAC address of my card.
By the way: What does the ap_scan parameter do or affect? The symptom of the problem is that no accesspoint is found and ap_scan looks like a way to influence the searching for accesspoints. But happens in the background? I could not find any explanation yet.

Comment 17 Joachim Gleissner 2005-11-18 15:04:54 UTC

There is a small description in 'man ifcfg-wireless'. The difference between mode 1 and 2 is that the configured security policy is take into account.

Comment 18 Robert Simai 2005-11-23 10:54:06 UTC

Last time I tried it does not work when having WIRELESS_AP_SCANMODE=1 initially after a boot. I had to try with the default "2" first and after the first attempt I was able to get a connection with changing to "1". This means that just working around this thing by editing the ifcfg-file is not an option. 

Juergen, is it the same for you?

Comment 19 Juergen Mell 2005-11-23 18:37:52 UTC

No, for me it works only with WIRELESS_AP_SCANMODE=1 and never if it is set to '2'. From what I found in the man-page, for the settings '0' and '2' "the driver does the scanning" while with '1' "wpa-supplicant does the scanning". Unfortunately I do not know enough about this matter to understand what this really means :-(

Comment 20 Gilles Sabourin 2006-02-15 11:22:49 UTC

Whenever you use WIRELESS_AP_SCANMODE=2, YOU SHOULD ALSO ADD "proto" ARGUMENT in network section of wpa_supplicant configuration file.

Here's my /var/run/wpa_supplicant-wlan0.conf file :

ap_scan=2
network={
  scan_ssid=1
  ssid="Gilles-17-Leclerc"
  proto=WPA
  key_mgmt=WPA-PSK
  psk="my secret key"
}

I have to use ap_scan=2 for all my wireless cards, not only for Centrino ipw2100 because I have disabled my SSID broadcast for security reasons.

I have also patched /etc/sysconfig/network/scripts/ifup-wireless
Using sysconfig-0.40.6 as my reference, I propose to you this patch :

--- ifup-wireless-org   2005-09-09 18:15:17.000000000 +0200
+++ ifup-wireless       2006-02-15 12:08:48.000000000 +0100
@@ -511,6 +511,7 @@
        echo "  auth_alg=SHARED"
        ;;
     *psk|*PSK)
+       echo "  proto=WPA"
        echo "  key_mgmt=WPA-PSK"
        L="`eval echo \$WIRELESS_WPA_PSK$SUFFIX`"
         if [ ${#L} = 64 ]; then

Comment 21 Joachim Gleissner 2006-02-15 13:41:59 UTC

*** Bug 151033 has been marked as a duplicate of this bug. ***

Comment 22 Joachim Gleissner 2006-03-10 16:34:11 UTC

10.1 will use scanmode=1 as default and offer ifcfg variables for protocol and cipher settings, so scanmode=2 will be usable as well.

Comment 23 Uwe Bonnes 2006-05-08 16:08:52 UTC

I wasted nearly a day to pinpoint that bug with suse10.0, ipw2100 and wpa. As of today (2006-05-08), /etc/sysconfig/network/scripts/ifup-wireless still explicit sets
            ipw2100)
                WPA_DRIVER=wext
		test -z "$WIRELESS_AP_SCANMODE" && WIRELESS_AP_SCANMODE="2"
                ;;
what makes WPA on a IPW2100 non functional. 
Changing to 

            ipw2100)
                WPA_DRIVER=wext
		test -z "$WIRELESS_AP_SCANMODE" && WIRELESS_AP_SCANMODE="1"
                ;;
made the card work as expected.

Isn't this something for a Yast YOU update?

Comment 24 Forgotten User ZhJd0F0L3x 2006-05-08 17:19:52 UTC

please see comment #2.

Comment 25 Uwe Bonnes 2006-05-08 17:41:06 UTC

Is this "hint" entered in the SDB?

How should an ordinary user find it?

Comment 26 Joachim Gleissner 2006-05-09 06:21:37 UTC

The problem is that ipw2100 does not support scanmode 1 with hidden ssid, therefore the scanmode is 2 by default. The drawback of scanmode 2 is that wpa_supplicant can not automatically set the appropriate WPA protocol and ciphers to use, it needs to be provided by the user. If you did not set those, ifup-wireless will fill in defaults, which may be wrong for you. You can either set the correct values or, in case your access point does broadcast its SSID, just set WIRELESS_AP_SCANMODE="1" (both in your ifcfg-file). See /etc/sysconfig/network/ifcfg.template for all available variables and their meanings. And I agree that an article on opensuse.org or something may be a good idea. I'll take care of this.