[CentOS-es] Configuración de seguridad de mi conexión wireles con WPA

Cartman trujillo.carlos en gmail.com
Lun Nov 12 22:59:22 UTC 2007


Muy buenas tardes, he pasado un buen rato tratando de configurar mi
dispositivo wireles intel 3945abg y he logrado hacerlo funcionar descargando
los paquetes necesarios.. pero ahora necesito que esa conexión sea segura,
para lo cual el access point esta configurado con wpa-psk con encripcion
tkip, trato de realizar la configuración en el archivo
/etc/wpa_supplicant/wpa_supplicant.conf

/*************************************************************************/
wpa_supplicant.conf
/*************************************************************************/
ctrl_interface=/var/run/wpa_supplicant
ctrl_interface_group=wheel
network={
    scan_ssid=1
    ssid="cartman-network"
    key_mgmt=WPA-PSK
    proto=WPA
    psk=8e0de13fd65abcaf4e5ba959612e95739709cf41df23a7067fc51b3adf990a8d
}
/*************************************************************************/
El valor para psk lo genere mediante el comando wpa_passphrase

Luego de esto intento activar mi interfaz de red que se encuentra
configurada de la siguiente forma:

/*************************************************************************/
ifcfg-eth1
/*************************************************************************/
# Please read /usr/share/doc/initscripts-*/sysconfig.txt
# for the documentation of these parameters.
TYPE=Wireless
DEVICE=eth1
HWADDR=00:19:d2:8a:1c:30
BOOTPROTO=dhcp
NETMASK=
DHCP_HOSTNAME=
IPADDR=
DOMAIN=
ONBOOT=yes
USERCTL=no
IPV6INIT=no
PEERDNS=yes
AP=00:19:5B:E7:03:30
MODE=Auto
ESSID=cartman-network
CHANNEL=6
RATE='54 Mb/s'
DEFAULTKEY=1
KEY=8e0de13fd65abcaf4e5ba959612e95739709cf41df23a7067fc51b3adf990a8d
SECURITYMODE=on
/*************************************************************************/

se presenta esto en la consola

/*************************************************************************/
Activando interfaz eth1:
Determinando la información IP para eth1...PING 205.205.205.5 (205.205.205.5)
from 205.205.205.1 eth1: 56(84) bytes of data.

--- 205.205.205.5 ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2999ms
, pipe 3
 falló.
                                                           [FALLÓ]
[root en centos5-cartman ~]#
/*************************************************************************/

y se muestra el siguiente log en el /var/log/messages

/*************************************************************************/
Nov 12 12:48:24 centos5-cartman kernel: ADDRCONF(NETDEV_UP): eth1: link is
not ready
Nov 12 12:48:25 centos5-cartman kernel: ADDRCONF(NETDEV_CHANGE): eth1: link
becomes ready
Nov 12 12:48:25 centos5-cartman dhclient: DHCPREQUEST on eth1 to
255.255.255.255 port 67
Nov 12 12:48:27 centos5-cartman avahi-daemon[2914]: New relevant interface
eth1.IPv6 for mDNS.
Nov 12 12:48:27 centos5-cartman avahi-daemon[2914]: Joining mDNS multicast
group on interface eth1.IPv6 with address fe80::219:d2ff:fe8a:1c30.
Nov 12 12:48:27 centos5-cartman avahi-daemon[2914]: Registering new address
record for fe80::219:d2ff:fe8a:1c30 on eth1.
Nov 12 12:48:32 centos5-cartman dhclient: DHCPREQUEST on eth1 to
255.255.255.255 port 67
Nov 12 12:48:41 centos5-cartman dhclient: DHCPDISCOVER on eth1 to
255.255.255.255 port 67 interval 7
Nov 12 12:48:48 centos5-cartman dhclient: DHCPDISCOVER on eth1 to
255.255.255.255 port 67 interval 9
Nov 12 12:48:57 centos5-cartman dhclient: DHCPDISCOVER on eth1 to
255.255.255.255 port 67 interval 11
Nov 12 12:49:08 centos5-cartman dhclient: DHCPDISCOVER on eth1 to
255.255.255.255 port 67 interval 19
Nov 12 12:49:27 centos5-cartman dhclient: DHCPDISCOVER on eth1 to
255.255.255.255 port 67 interval 11
Nov 12 12:49:38 centos5-cartman dhclient: DHCPDISCOVER on eth1 to
255.255.255.255 port 67 interval 4
Nov 12 12:49:42 centos5-cartman dhclient: No DHCPOFFERS received.
Nov 12 12:49:42 centos5-cartman dhclient: Trying recorded lease
205.205.205.1
Nov 12 12:49:42 centos5-cartman avahi-daemon[2914]: New relevant interface
eth1.IPv4 for mDNS.
Nov 12 12:49:42 centos5-cartman avahi-daemon[2914]: Joining mDNS multicast
group on interface eth1.IPv4 with address 205.205.205.1.
Nov 12 12:49:42 centos5-cartman avahi-daemon[2914]: Registering new address
record for 205.205.205.1 on eth1.
Nov 12 12:49:42 centos5-cartman avahi-daemon[2914]: Withdrawing address
record for 205.205.205.1 on eth1.
Nov 12 12:49:42 centos5-cartman avahi-daemon[2914]: Leaving mDNS multicast
group on interface eth1.IPv4 with address 205.205.205.1.
Nov 12 12:49:42 centos5-cartman avahi-daemon[2914]: iface.c:
interface_mdns_mcast_join() called but no local address available.
Nov 12 12:49:42 centos5-cartman avahi-daemon[2914]: Interface eth1.IPv4 no
longer relevant for mDNS.
Nov 12 12:49:42 centos5-cartman avahi-daemon[2914]: New relevant interface
eth1.IPv4 for mDNS.
Nov 12 12:49:42 centos5-cartman avahi-daemon[2914]: Joining mDNS multicast
group on interface eth1.IPv4 with address 205.205.205.1.
Nov 12 12:49:42 centos5-cartman avahi-daemon[2914]: Registering new address
record for 205.205.205.1 on eth1.
Nov 12 12:49:45 centos5-cartman avahi-daemon[2914]: Withdrawing address
record for 205.205.205.1 on eth1.
Nov 12 12:49:45 centos5-cartman avahi-daemon[2914]: Leaving mDNS multicast
group on interface eth1.IPv4 with address 205.205.205.1.
Nov 12 12:49:45 centos5-cartman avahi-daemon[2914]: iface.c:
interface_mdns_mcast_join() called but no local address available.
Nov 12 12:49:45 centos5-cartman avahi-daemon[2914]: Interface eth1.IPv4 no
longer relevant for mDNS.
Nov 12 12:49:45 centos5-cartman avahi-daemon[2914]: Interface eth1.IPv6 no
longer relevant for mDNS.
Nov 12 12:49:45 centos5-cartman avahi-daemon[2914]: Leaving mDNS multicast
group on interface eth1.IPv6 with address fe80::219:d2ff:fe8a:1c30.
Nov 12 12:49:45 centos5-cartman avahi-daemon[2914]: Withdrawing address
record for fe80::219:d2ff:fe8a:1c30 on eth1.
/*************************************************************************/

entonces ejecuto el siguiente comando para probar la conectividad del
wpa_supplicant

wpa_supplicant -c/etc/wpa_supplicant/wpa_supplicant.conf -ieth1 -d

se muestra lo siguiente:
/*************************************************************************/
Initializing interface 'eth1' conf '/etc/wpa_supplicant/wpa_supplicant.conf'
driver 'default' ctrl_interface 'N/A'
Configuration file '/etc/wpa_supplicant/wpa_supplicant.conf' ->
'/etc/wpa_supplicant/wpa_supplicant.conf'
Reading configuration file '/etc/wpa_supplicant/wpa_supplicant.conf'
ctrl_interface='/var/run/wpa_supplicant'
ctrl_interface_group=10 (from group name 'wheel')
Priority group 0
   id=0 ssid='cartman-network'
Initializing interface (2) 'eth1'
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
SIOCGIWRANGE: WE(compiled)=20 WE(source)=16 enc_capa=0xf
  capabilities: key_mgmt 0xf enc 0xf
Own MAC address: 00:19:d2:8a:1c:30
wpa_driver_hostap_set_wpa: enabled=1
wpa_driver_hostap_set_key: alg=none key_idx=0 set_tx=0 seq_len=0 key_len=0
Failed to set encryption.
wpa_driver_hostap_set_key: alg=none key_idx=1 set_tx=0 seq_len=0 key_len=0
Failed to set encryption.
wpa_driver_hostap_set_key: alg=none key_idx=2 set_tx=0 seq_len=0 key_len=0
Failed to set encryption.
wpa_driver_hostap_set_key: alg=none key_idx=3 set_tx=0 seq_len=0 key_len=0
Failed to set encryption.
wpa_driver_hostap_set_countermeasures: enabled=0
wpa_driver_hostap_set_drop_unencrypted: enabled=1
Setting scan request: 0 sec 100000 usec
Added interface eth1
Wireless event: cmd=0x8b06 len=8
RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added
RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added
State: DISCONNECTED -> SCANNING
Starting AP scan (specific SSID)
Scan SSID - hexdump_ascii(len=15):
     63 61 72 74 6d 61 6e 2d 6e 65 74 77 6f 72 6b      cartman-network
Failed to initiate AP scan.
Setting scan request: 10 sec 0 usec
RTM_NEWLINK, IFLA_IFNAME: Interface 'eth1' added
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:19:5b:e7:03:30
State: SCANNING -> ASSOCIATED
Associated to a new BSS: BSSID=00:19:5b:e7:03:30
No keys have been configured - skip key clearing
Network configuration found for the current AP
WPA: No WPA/RSN IE available from association info
WPA: Set cipher suites based on configuration
WPA: Selected cipher suites: group 30 pairwise 24 key_mgmt 2
WPA: clearing AP WPA IE
WPA: clearing AP RSN IE
WPA: using GTK CCMP
WPA: using PTK CCMP
WPA: using KEY_MGMT WPA-PSK
WPA: Set own WPA IE default - hexdump(len=24): dd 16 00 50 f2 01 01 00 00 50
f2 04 01 00 00 50 f2 04 01 00 00 50 f2 02
EAPOL: External notification - EAP success=0
EAPOL: External notification - EAP fail=0
EAPOL: External notification - portControl=Auto
Associated with 00:19:5b:e7:03:30
WPA: Association event - clear replay counter
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - EAP success=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: SUPP_BE entering state IDLE
Setting authentication timeout: 10 sec 0 usec
RX EAPOL from 00:19:5b:e7:03:30
Setting authentication timeout: 10 sec 0 usec
IEEE 802.1X RX: version=1 type=3 length=95
  EAPOL-Key type=254
WPA: ignoring 8 bytes after the IEEE 802.1X data
WPA: CCMP is used, but EAPOL-Key descriptor version (1) is not 2.
EAPOL: startWhen --> 0
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: txStart
WPA: drop TX EAPOL in non-IEEE 802.1X mode (type=1 len=0)
Scan timeout - try to get results
Received 261 bytes of scan results (1 BSSes)
Scan results: 1
Selecting BSS from priority group 0
0: 00:19:5b:e7:03:30 ssid='cartman-network' wpa_ie_len=24 rsn_ie_len=0
caps=0x11
   selected based on WPA IE
Already associated with the selected AP.
Wireless event: cmd=0x8b15 len=20
Wireless event: new AP: 00:00:00:00:00:00
Setting scan request: 0 sec 100000 usec
Added BSSID 00:19:5b:e7:03:30 into blacklist
State: ASSOCIATED -> DISCONNECTED
EAPOL: External notification - portEnabled=0
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: SUPP_BE entering state INITIALIZE
EAPOL: External notification - portValid=0
EAPOL: External notification - EAP success=0
.......
/*************************************************************************/

De lo cual puedo observar la linea

No keys have been configured - skip key clearing

Al parecer la llave no esta bien configurada.. donde esta el errror?

Gracias.


-- 
Gracias.
Atentamente,
Carlos Arturo Trujillo Silva
Ingeniero de Sistemas
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: http://lists.centos.org/pipermail/centos-es/attachments/20071112/af051fd5/attachment.htm


Más información sobre la lista de distribución CentOS-es