Bugzilla – Bug 128496
WPA encription not working with Centrino ipw2100
Last modified: 2007-06-05 10:05:11 UTC
On my ASUS M2400 N notebook the WPA encription is not working with the built-in Centrino module (the 'old' one which is controlled by the ipw2100 driver). There is no accesspoint found. WEP is ok. The problem is in the file /etc/sysconfig/network/scripts/ifup-wireless, where WIRELESS_AP_SCANMODE is set to "2", which should be "1". After changing this, everything is working fine.
Created attachment 54160 [details] diff for /etc/sysconfig/network/scripts/ifup-wireless
It's intentionally set to "2" for this driver, as I experienced problems when using "1". But it seems to depend on the environment, so we have bad luck here I guess. Maybe a newer wpa_supplicant can fix this. Btw, there's no need to modify ifup-wireless, just add WIRELESS_AP_SCANMODE="1" to your /etc/sysconfig/network/ifcfg-wlan-* file.
Reopened since I don't think that it is feasible for regular users to edit the ifcfg-file. My laptop was also affected (IBM Thinkpad T41p). Isn't it possible to make YaST to add the line if a ipw2100 is used? And if yes, what would be the timeframe for it? Thanks.
Let YaST add this line is no solution. As I wrote in comment 2, it seems there is no general setting that fits all needs. But there is a newer wpa_supplicant now. Jürgen, are you willing to give it a try?
Concerning YaST, well, you're right, of course. If you can provide me with a newer wpa_supplicant I'm also willing to test.
Give me time until the weekend. I will try the new wpa_supplicant and come back to you on Monday.
Well today must be Monday... Anyway, I downloaded wpa_supplicant-0.4.6, compiled it (I used most of the options from the defconfig file, changed only to include IPW2100 driver). Unfortunately, the result is the same as before: the program works if WIRELESS_AP_SCANMODE is set to "1" but NOT if it is set to "2". Of course I cannot say whether it now works with "1" for configurations where "2" was required before. Seems to need another round to go...
Tried with wpa_supplicant-0.4.6-2.1 with no success, result is the same. Having WIRELESS_AP_SCANMODE='1' works but omitting the parameter I find ap_scan=2 in /var/run/wpa_supplicant-wlan0.conf and the connection does not work. If you have some other suggestions or ideas how to debug this I'd be happy to assist.
Robert: What kind of WLAN card are you using? Jürgen and Robert: Are you using WPA-PSK or WPA-EAP?
I am using WPA-PSK.
I also use WPA-PSK. As I said in comment #3 it's a IBM T41p with centrino chipset where the wlan is built in. lspci shows this: 02:02.0 Network controller: Intel Corporation PRO/Wireless LAN 2100 3B Mini PCI Adapter (rev 04)
Sorry, oversaw this. I've did some tests again with ipw2100 on 10.0, and came to following result: On my system, all tested configurations worked fine with scanmode=2 but failed with scanmode=1, with one exception: A network with open auth, no WEP, and SSID broadcast. Interestingly scanmode=1 always worked after one successful association with scanmode=2. So it really seems to depend on the situation, but we can not fix it to a configuration, as you've expected the problem in a totally different configuration. So regardless what we set the default scanmode to, it will affect users. Btw, are you using SSID broadcast?
No. For security reasons I do not broadcast the SSID of my network.
I have my SSID broadcasted but access to the router (accesspoint) is limited to the MAC address of my card. By the way: What does the ap_scan parameter do or affect? The symptom of the problem is that no accesspoint is found and ap_scan looks like a way to influence the searching for accesspoints. But happens in the background? I could not find any explanation yet.
There is a small description in 'man ifcfg-wireless'. The difference between mode 1 and 2 is that the configured security policy is take into account.
Last time I tried it does not work when having WIRELESS_AP_SCANMODE=1 initially after a boot. I had to try with the default "2" first and after the first attempt I was able to get a connection with changing to "1". This means that just working around this thing by editing the ifcfg-file is not an option. Juergen, is it the same for you?
No, for me it works only with WIRELESS_AP_SCANMODE=1 and never if it is set to '2'. From what I found in the man-page, for the settings '0' and '2' "the driver does the scanning" while with '1' "wpa-supplicant does the scanning". Unfortunately I do not know enough about this matter to understand what this really means :-(
Whenever you use WIRELESS_AP_SCANMODE=2, YOU SHOULD ALSO ADD "proto" ARGUMENT in network section of wpa_supplicant configuration file. Here's my /var/run/wpa_supplicant-wlan0.conf file : ap_scan=2 network={ scan_ssid=1 ssid="Gilles-17-Leclerc" proto=WPA key_mgmt=WPA-PSK psk="my secret key" } I have to use ap_scan=2 for all my wireless cards, not only for Centrino ipw2100 because I have disabled my SSID broadcast for security reasons. I have also patched /etc/sysconfig/network/scripts/ifup-wireless Using sysconfig-0.40.6 as my reference, I propose to you this patch : --- ifup-wireless-org 2005-09-09 18:15:17.000000000 +0200 +++ ifup-wireless 2006-02-15 12:08:48.000000000 +0100 @@ -511,6 +511,7 @@ echo " auth_alg=SHARED" ;; *psk|*PSK) + echo " proto=WPA" echo " key_mgmt=WPA-PSK" L="`eval echo \$WIRELESS_WPA_PSK$SUFFIX`" if [ ${#L} = 64 ]; then
*** Bug 151033 has been marked as a duplicate of this bug. ***
10.1 will use scanmode=1 as default and offer ifcfg variables for protocol and cipher settings, so scanmode=2 will be usable as well.
I wasted nearly a day to pinpoint that bug with suse10.0, ipw2100 and wpa. As of today (2006-05-08), /etc/sysconfig/network/scripts/ifup-wireless still explicit sets ipw2100) WPA_DRIVER=wext test -z "$WIRELESS_AP_SCANMODE" && WIRELESS_AP_SCANMODE="2" ;; what makes WPA on a IPW2100 non functional. Changing to ipw2100) WPA_DRIVER=wext test -z "$WIRELESS_AP_SCANMODE" && WIRELESS_AP_SCANMODE="1" ;; made the card work as expected. Isn't this something for a Yast YOU update?
please see comment #2.
Is this "hint" entered in the SDB? How should an ordinary user find it?
The problem is that ipw2100 does not support scanmode 1 with hidden ssid, therefore the scanmode is 2 by default. The drawback of scanmode 2 is that wpa_supplicant can not automatically set the appropriate WPA protocol and ciphers to use, it needs to be provided by the user. If you did not set those, ifup-wireless will fill in defaults, which may be wrong for you. You can either set the correct values or, in case your access point does broadcast its SSID, just set WIRELESS_AP_SCANMODE="1" (both in your ifcfg-file). See /etc/sysconfig/network/ifcfg.template for all available variables and their meanings. And I agree that an article on opensuse.org or something may be a good idea. I'll take care of this.