• State Not Answered
  • Replies 23 replies
  • Subscribers 75 subscribers
  • Views 2284 views
  • Users 0 members are here
Attachments (2) Download All
Nordic Case Info
  • Case ID: 346173
Options

Can't get WPA2 Enterprise (EAP-TLS) to connect to wifi AP using nrf5340/nrf7002/NCS2.9.0

BrianW

I am trying to get the wifi stack to connect to a wifi AP using WAP2 Enterprise (initially just with identity and eap_password, later with full ca_certificate check and client certificate).

We have a custom PCB with nrf5340, nrf7002, and an application built with NCS2.9.0.

The code will connect ok when using WPA2-PSK and WPA3-SAE, but doesn't manage to connect using WPA2-EAP-TLS?

To try to determine why, I have enabled WPA2-Enterprise connection in the wifi-sta sample but this doesn't connect either.

wifi-sta prj.conf file:

4300.prj.conf

The connection setup code is like this:

static int __wifi_params_wpa2eap(struct wifi_connect_req_params *params)
{

    params->timeout =  CONFIG_STA_CONN_TIMEOUT_SEC * MSEC_PER_SEC;

    if (params->timeout == 0) {
        params->timeout = SYS_FOREVER_MS;
    }

    /* Defaults */
    params->band = WIFI_FREQ_BAND_UNKNOWN;
    params->channel = WIFI_CHANNEL_ANY;
    params->security = WIFI_SECURITY_TYPE_NONE;
    params->mfp = WIFI_MFP_OPTIONAL;

    /* SSID */
    params->ssid =STA_SSID;
    params->ssid_length = strlen(params->ssid);

    params->security = WIFI_SECURITY_TYPE_EAP_TLS;
    params->eap_identity = STA_IDENTITY;        //"cc2-004a";
    params->eap_id_length = strlen(params->eap_identity);
    params->eap_password = STA_PASSWORD;
    params->eap_passwd_length = strlen(params->eap_password);

    return 0;
}
Is this correct to set up a WPA2 EAP-TLS connection?
btw my wifi AP is a HP 505H using an internal database for EAP user lookup.
The debug output from wpa_supplient during the connection attempt:
[00:00:00.470,855] <inf> sta: Starting cc2v1 with CPU frequency: 64 MHz
[00:00:00.471,038] <dbg> wpa_supp: wpa_printf_impl: wpa_supplicant v2.11-devel
[00:00:00.471,252] <inf> wifi_supplicant: wpa_supplicant initialized
[00:00:00.471,618] <dbg> wifi_supplicant: add_interface: Adding interface wlan0 [1] (0x200019b8)
[00:00:00.471,710] <dbg> wpa_supp: wpa_printf_impl: Calling wpa_cli: interface_add, argc: 5
[00:00:00.471,771] <dbg> wpa_supp: wpa_printf_impl: argv[0]: interface_add
[00:00:00.471,832] <dbg> wpa_supp: wpa_printf_impl: argv[1]: wlan0
[00:00:00.471,862] <dbg> wpa_supp: wpa_printf_impl: argv[2]: zephyr
[00:00:00.471,893] <dbg> wpa_supp: wpa_printf_impl: argv[3]: zephyr
[00:00:00.471,954] <dbg> wpa_supp: wpa_printf_impl: argv[4]: zephyr
[00:00:00.472,320] <dbg> wpa_supp: wpa_printf_impl: RX global ctrl_iface - hexdump_ascii(len=71):
[00:00:00.472,351] <dbg> wpa_supp: _wpa_hexdump_ascii:
49 4e 54 45 52 46 41 43 45 5f 41 44 44 20 77 6c |INTERFAC E_ADD wl
61 6e 30 09 7a 65 70 68 79 72 09 7a 65 70 68 79 |an0.zeph yr.zephy
72 09 7a 65 70 68 79 72 09 09 09 09 20 77 6c 61 |r.zephyr .... wla
6e 30 20 7a 65 70 68 79 72 20 7a 65 70 68 79 72 |n0 zephy r zephyr
20 7a 65 70 68 79 72 | zephyr
[00:00:00.472,412] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE GLOBAL INTERFACE_ADD 'wlan0 zephyr zephyr zephyr wlan0 zephyr zephyr zephyr'
[00:00:00.472,534] <dbg> wpa_supp: wpa_printf_impl: Initializing interface 'wlan0' conf 'zephyr' driver 'zephyr' ctrl_interface 'zephyr' bridge 'N/A'
[00:00:00.474,517] <dbg> wpa_supp: wpa_printf_impl: Add interface wlan0 to a new radio N/A
[00:00:00.477,966] <dbg> wpa_supp: wpa_printf_impl: wpa_supp: Added 802.11b mode based on 802.11g information
[00:00:00.478,179] <dbg> wpa_supp: wpa_printf_impl: l2_packet_init: iface wlan0 ifindex 1
[00:00:00.478,332] <dbg> wpa_supp: wpa_printf_impl: wlan0: Own MAC address: f0:ce:37:00:00:4a
[00:00:00.478,485] <dbg> wpa_supp: wpa_printf_impl: _wpa_drv_zep_set_key: priv:0x2000a450 alg 0 addr 0x0 key_idx 0 set_tx 0 seq 0x0 seq_len 0 key 0x0 key_len 0 key_flag 10
[00:00:00.482,025] <dbg> wpa_supp: wpa_printf_impl: _wpa_drv_zep_set_key: priv:0x2000a450 alg 0 addr 0x0 key_idx 1 set_tx 0 seq 0x0 seq_len 0 key 0x0 key_len 0 key_flag 10
[00:00:00.484,344] <dbg> wpa_supp: wpa_printf_impl: _wpa_drv_zep_set_key: priv:0x2000a450 alg 0 addr 0x0 key_idx 2 set_tx 0 seq 0x0 seq_len 0 key 0x0 key_len 0 key_flag 10
[00:00:00.486,663] <dbg> wpa_supp: wpa_printf_impl: _wpa_drv_zep_set_key: priv:0x2000a450 alg 0 addr 0x0 key_idx 3 set_tx 0 seq 0x0 seq_len 0 key 0x0 key_len 0 key_flag 10
[00:00:00.488,983] <dbg> wpa_supp: wpa_printf_impl: _wpa_drv_zep_set_key: priv:0x2000a450 alg 0 addr 0x0 key_idx 4 set_tx 0 seq 0x0 seq_len 0 key 0x0 key_len 0 key_flag 10
[00:00:00.492,675] <dbg> wpa_supp: wpa_printf_impl: _wpa_drv_zep_set_key: priv:0x2000a450 alg 0 addr 0x0 key_idx 5 set_tx 0 seq 0x0 seq_len 0 key 0x0 key_len 0 key_flag 10
[00:00:00.494,964] <dbg> wpa_supp: wpa_printf_impl: wlan0: RSN: flushing PMKID list in the driver
[00:00:00.495,086] <dbg> wpa_supp: wpa_printf_impl: wlan0: State: DISCONNECTED -> INACTIVE
[00:00:00.557,220] <dbg> wpa_supp: wpa_printf_impl: EAPOL: SUPP_PAE entering state DISCONNECTED
[00:00:00.557,281] <dbg> wpa_supp: wpa_printf_impl: EAPOL: Supplicant port status: Unauthorized
[00:00:00.567,687] <dbg> wpa_supp: wpa_printf_impl: EAPOL: KEY_RX entering state NO_KEY_RECEIVE
[00:00:00.567,749] <dbg> wpa_supp: wpa_printf_impl: EAPOL: SUPP_BE entering state INITIALIZE
[00:00:00.567,779] <dbg> wpa_supp: wpa_printf_impl: EAP: EAP entering state DISABLED
[00:00:00.568,145] <dbg> wpa_supp: wpa_printf_impl: wlan0: Added interface wlan0
[00:00:00.568,267] <dbg> wpa_supp: wpa_printf_impl: wlan0: State: INACTIVE -> DISCONNECTED
[00:00:01.471,008] <dbg> wpa_supp: wpa_printf_impl: Calling wpa_cli: remove_network, argc: 2
[00:00:01.471,069] <dbg> wpa_supp: wpa_printf_impl: argv[0]: remove_network
[00:00:01.471,099] <dbg> wpa_supp: wpa_printf_impl: argv[1]: all
[00:00:01.471,466] <dbg> wpa_supp: wpa_printf_impl: wlan0: Control interface command 'REMOVE_NETWORK all'
[00:00:01.471,557] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: REMOVE_NETWORK all
[00:00:01.472,076] <dbg> wpa_supp: wpa_printf_impl: wlan0: Control interface command 'ADD_NETWORK'
[00:00:01.472,167] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: ADD_NETWORK
[00:00:01.472,656] <dbg> wpa_supp: wpa_printf_impl: Received len: 26, msg_len:26 - CTRL-EVENT-NETWORK-ADDED 0->END
[00:00:01.473,022] <dbg> wpa_supp: wpa_printf_impl: NET added: 0
[00:00:01.473,114] <dbg> wpa_supp: wpa_printf_impl: Calling wpa_cli: set_network, argc: 4
[00:00:01.473,175] <dbg> wpa_supp: wpa_printf_impl: argv[0]: set_network
[00:00:01.473,205] <dbg> wpa_supp: wpa_printf_impl: argv[1]: 0
[00:00:01.473,266] <dbg> wpa_supp: wpa_printf_impl: argv[2]: ssid
[00:00:01.473,297] <dbg> wpa_supp: wpa_printf_impl: argv[3]: "kiosk_wpa2_ent"
[00:00:01.473,693] <dbg> wpa_supp: wpa_printf_impl: wlan0: Control interface command 'SET_NETWORK [REMOVED]'
[00:00:01.473,815] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: SET_NETWORK id=0 name='ssid'
[00:00:01.473,876] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: value - hexdump_ascii(len=16): [REMOVED]
[00:00:01.473,968] <dbg> wpa_supp: wpa_printf_impl: ssid - hexdump_ascii(len=14):
[00:00:01.473,999] <dbg> wpa_supp: _wpa_hexdump_ascii:
6b 69 6f 73 6b 5f 77 70 61 32 5f 65 6e 74 |kiosk_wp a2_ent
[00:00:01.474,273] <dbg> wpa_supp: wpa_printf_impl: Calling wpa_cli: set_network, argc: 4
[00:00:01.474,304] <dbg> wpa_supp: wpa_printf_impl: argv[0]: set_network
[00:00:01.474,365] <dbg> wpa_supp: wpa_printf_impl: argv[1]: 0
[00:00:01.474,395] <dbg> wpa_supp: wpa_printf_impl: argv[2]: scan_ssid
[00:00:01.474,456] <dbg> wpa_supp: wpa_printf_impl: argv[3]: 1
[00:00:01.474,822] <dbg> wpa_supp: wpa_printf_impl: wlan0: Control interface command 'SET_NETWORK [REMOVED]'
[00:00:01.474,975] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: SET_NETWORK id=0 name='scan_ssid'
[00:00:01.475,036] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: value - hexdump_ascii(len=1): [REMOVED]
[00:00:01.475,097] <dbg> wpa_supp: wpa_printf_impl: scan_ssid=1 (0x1)
[00:00:01.475,372] <dbg> wpa_supp: wpa_printf_impl: Calling wpa_cli: set_network, argc: 4
[00:00:01.475,402] <dbg> wpa_supp: wpa_printf_impl: argv[0]: set_network
[00:00:01.475,463] <dbg> wpa_supp: wpa_printf_impl: argv[1]: 0
[00:00:01.475,494] <dbg> wpa_supp: wpa_printf_impl: argv[2]: key_mgmt
[00:00:01.475,524] <dbg> wpa_supp: wpa_printf_impl: argv[3]: NONE
[00:00:01.475,921] <dbg> wpa_supp: wpa_printf_impl: wlan0: Control interface command 'SET_NETWORK [REMOVED]'
[00:00:01.476,043] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: SET_NETWORK id=0 name='key_mgmt'
[00:00:01.476,104] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: value - hexdump_ascii(len=4): [REMOVED]
[00:00:01.476,196] <dbg> wpa_supp: wpa_printf_impl: key_mgmt: 0x4
[00:00:01.476,501] <dbg> wpa_supp: wpa_printf_impl: Calling wpa_cli: set_network, argc: 4
[00:00:01.476,531] <dbg> wpa_supp: wpa_printf_impl: argv[0]: set_network
[00:00:01.476,593] <dbg> wpa_supp: wpa_printf_impl: argv[1]: 0
[00:00:01.476,623] <dbg> wpa_supp: wpa_printf_impl: argv[2]: ieee80211w
[00:00:01.476,654] <dbg> wpa_supp: wpa_printf_impl: argv[3]: 0
[00:00:01.477,050] <dbg> wpa_supp: wpa_printf_impl: wlan0: Control interface command 'SET_NETWORK [REMOVED]'
[00:00:01.477,172] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: SET_NETWORK id=0 name='ieee80211w'
[00:00:01.477,233] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: value - hexdump_ascii(len=1): [REMOVED]
[00:00:01.477,386] <dbg> wpa_supp: wpa_printf_impl: ieee80211w=0 (0x0)
[00:00:01.477,661] <dbg> wpa_supp: wpa_printf_impl: Calling wpa_cli: set_network, argc: 4
[00:00:01.477,722] <dbg> wpa_supp: wpa_printf_impl: argv[0]: set_network
[00:00:01.477,752] <dbg> wpa_supp: wpa_printf_impl: argv[1]: 0
[00:00:01.477,813] <dbg> wpa_supp: wpa_printf_impl: argv[2]: proto
[00:00:01.477,844] <dbg> wpa_supp: wpa_printf_impl: argv[3]: RSN
[00:00:01.478,210] <dbg> wpa_supp: wpa_printf_impl: wlan0: Control interface command 'SET_NETWORK [REMOVED]'
[00:00:01.478,363] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: SET_NETWORK id=0 name='proto'
[00:00:01.478,424] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: value - hexdump_ascii(len=3): [REMOVED]
[00:00:01.478,485] <dbg> wpa_supp: wpa_printf_impl: proto: 0x2
[00:00:01.478,790] <dbg> wpa_supp: wpa_printf_impl: Calling wpa_cli: set_network, argc: 4
[00:00:01.478,820] <dbg> wpa_supp: wpa_printf_impl: argv[0]: set_network
[00:00:01.478,881] <dbg> wpa_supp: wpa_printf_impl: argv[1]: 0
[00:00:01.478,912] <dbg> wpa_supp: wpa_printf_impl: argv[2]: key_mgmt
[00:00:01.478,973] <dbg> wpa_supp: wpa_printf_impl: argv[3]: WPA-EAP
[00:00:01.479,339] <dbg> wpa_supp: wpa_printf_impl: wlan0: Control interface command 'SET_NETWORK [REMOVED]'
[00:00:01.479,492] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: SET_NETWORK id=0 name='key_mgmt'
[00:00:01.479,553] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: value - hexdump_ascii(len=7): [REMOVED]
[00:00:01.479,644] <dbg> wpa_supp: wpa_printf_impl: key_mgmt: 0x1
[00:00:01.479,919] <dbg> wpa_supp: wpa_printf_impl: Calling wpa_cli: set, argc: 3
[00:00:01.479,949] <dbg> wpa_supp: wpa_printf_impl: argv[0]: set
[00:00:01.480,010] <dbg> wpa_supp: wpa_printf_impl: argv[1]: openssl_ciphers
[00:00:01.480,041] <dbg> wpa_supp: wpa_printf_impl: argv[2]: "DEFAULT:!EXP:!LOW"
[00:00:01.480,438] <dbg> wpa_supp: wpa_printf_impl: wlan0: Control interface command 'SET openssl_ciphers "DEFAULT:!EXP:!LOW"'
[00:00:01.480,529] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE SET 'openssl_ciphers'='"DEFAULT:!EXP:!LOW"'
[00:00:01.480,651] <dbg> wpa_supp: wpa_printf_impl: openssl_ciphers='"DEFAULT:!EXP:!LOW"'
[00:00:01.480,926] <dbg> wpa_supp: wpa_printf_impl: Calling wpa_cli: set_network, argc: 4
[00:00:01.480,987] <dbg> wpa_supp: wpa_printf_impl: argv[0]: set_network
[00:00:01.481,018] <dbg> wpa_supp: wpa_printf_impl: argv[1]: 0
[00:00:01.481,048] <dbg> wpa_supp: wpa_printf_impl: argv[2]: group
[00:00:01.481,109] <dbg> wpa_supp: wpa_printf_impl: argv[3]: CCMP
[00:00:01.481,475] <dbg> wpa_supp: wpa_printf_impl: wlan0: Control interface command 'SET_NETWORK [REMOVED]'
[00:00:01.481,628] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: SET_NETWORK id=0 name='group'
[00:00:01.481,689] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: value - hexdump_ascii(len=4): [REMOVED]
[00:00:01.481,781] <dbg> wpa_supp: wpa_printf_impl: group: 0x10
[00:00:01.482,055] <dbg> wpa_supp: wpa_printf_impl: Calling wpa_cli: set_network, argc: 4
[00:00:01.482,116] <dbg> wpa_supp: wpa_printf_impl: argv[0]: set_network
[00:00:01.482,147] <dbg> wpa_supp: wpa_printf_impl: argv[1]: 0
[00:00:01.482,177] <dbg> wpa_supp: wpa_printf_impl: argv[2]: pairwise
[00:00:01.482,238] <dbg> wpa_supp: wpa_printf_impl: argv[3]: CCMP
[00:00:01.482,604] <dbg> wpa_supp: wpa_printf_impl: wlan0: Control interface command 'SET_NETWORK [REMOVED]'
[00:00:01.482,757] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: SET_NETWORK id=0 name='pairwise'
[00:00:01.482,818] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: value - hexdump_ascii(len=4): [REMOVED]
[00:00:01.482,910] <dbg> wpa_supp: wpa_printf_impl: pairwise: 0x10
[00:00:01.483,184] <dbg> wpa_supp: wpa_printf_impl: Calling wpa_cli: set_network, argc: 4
[00:00:01.483,245] <dbg> wpa_supp: wpa_printf_impl: argv[0]: set_network
[00:00:01.483,276] <dbg> wpa_supp: wpa_printf_impl: argv[1]: 0
[00:00:01.483,306] <dbg> wpa_supp: wpa_printf_impl: argv[2]: group_mgmt
[00:00:01.483,367] <dbg> wpa_supp: wpa_printf_impl: argv[3]: AES-128-CMAC
[00:00:01.483,734] <dbg> wpa_supp: wpa_printf_impl: wlan0: Control interface command 'SET_NETWORK [REMOVED]'
[00:00:01.483,917] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: SET_NETWORK id=0 name='group_mgmt'
[00:00:01.483,978] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: value - hexdump_ascii(len=12): [REMOVED]
[00:00:01.484,069] <dbg> wpa_supp: wpa_printf_impl: group_mgmt: 0x20
[00:00:01.484,375] <dbg> wpa_supp: wpa_printf_impl: Calling wpa_cli: set_network, argc: 4
[00:00:01.484,405] <dbg> wpa_supp: wpa_printf_impl: argv[0]: set_network
[00:00:01.484,466] <dbg> wpa_supp: wpa_printf_impl: argv[1]: 0
[00:00:01.484,497] <dbg> wpa_supp: wpa_printf_impl: argv[2]: proto
[00:00:01.484,527] <dbg> wpa_supp: wpa_printf_impl: argv[3]: RSN
[00:00:01.484,924] <dbg> wpa_supp: wpa_printf_impl: wlan0: Control interface command 'SET_NETWORK [REMOVED]'
[00:00:01.485,076] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: SET_NETWORK id=0 name='proto'
[00:00:01.485,137] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: value - hexdump_ascii(len=3): [REMOVED]
[00:00:01.485,443] <dbg> wpa_supp: wpa_printf_impl: Calling wpa_cli: set_network, argc: 4
[00:00:01.485,504] <dbg> wpa_supp: wpa_printf_impl: argv[0]: set_network
[00:00:01.485,534] <dbg> wpa_supp: wpa_printf_impl: argv[1]: 0
[00:00:01.485,565] <dbg> wpa_supp: wpa_printf_impl: argv[2]: eap
[00:00:01.485,626] <dbg> wpa_supp: wpa_printf_impl: argv[3]: TLS
[00:00:01.486,022] <dbg> wpa_supp: wpa_printf_impl: wlan0: Control interface command 'SET_NETWORK [REMOVED]'
[00:00:01.486,145] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: SET_NETWORK id=0 name='eap'
[00:00:01.486,206] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: value - hexdump_ascii(len=3): [REMOVED]
[00:00:01.486,511] <dbg> wpa_supp: wpa_printf_impl: eap methods - hexdump(len=16): 00 00 00 00 0d 00 00 00 00 00 00 00 00 00 00 00
[00:00:01.486,846] <dbg> wpa_supp: wpa_printf_impl: Calling wpa_cli: set_network, argc: 4
[00:00:01.486,877] <dbg> wpa_supp: wpa_printf_impl: argv[0]: set_network
[00:00:01.486,938] <dbg> wpa_supp: wpa_printf_impl: argv[1]: 0
[00:00:01.486,968] <dbg> wpa_supp: wpa_printf_impl: argv[2]: identity
[00:00:01.486,999] <dbg> wpa_supp: wpa_printf_impl: argv[3]: "cc2-004a"
[00:00:01.487,396] <dbg> wpa_supp: wpa_printf_impl: wlan0: Control interface command 'SET_NETWORK [REMOVED]'
[00:00:01.487,548] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: SET_NETWORK id=0 name='identity'
[00:00:01.487,609] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: value - hexdump_ascii(len=10): [REMOVED]
[00:00:01.487,701] <dbg> wpa_supp: wpa_printf_impl: identity - hexdump_ascii(len=8):
[00:00:01.487,731] <dbg> wpa_supp: _wpa_hexdump_ascii:
63 63 32 2d 30 30 34 61 |cc2-004a
[00:00:01.488,037] <dbg> wpa_supp: wpa_printf_impl: Calling wpa_cli: set_network, argc: 4
[00:00:01.488,067] <dbg> wpa_supp: wpa_printf_impl: argv[0]: set_network
[00:00:01.488,128] <dbg> wpa_supp: wpa_printf_impl: argv[1]: 0
[00:00:01.488,159] <dbg> wpa_supp: wpa_printf_impl: argv[2]: password
[00:00:01.488,220] <dbg> wpa_supp: wpa_printf_impl: argv[3]: "infrafon-2022"
[00:00:01.488,616] <dbg> wpa_supp: wpa_printf_impl: wlan0: Control interface command 'SET_NETWORK [REMOVED]'
[00:00:01.488,739] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: SET_NETWORK id=0 name='password'
[00:00:01.488,800] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: value - hexdump_ascii(len=15): [REMOVED]
[00:00:01.488,922] <dbg> wpa_supp: wpa_printf_impl: password - hexdump_ascii(len=13): [REMOVED]
[00:00:01.489,227] <dbg> wpa_supp: wpa_printf_impl: Calling wpa_cli: set_network, argc: 4
[00:00:01.489,257] <dbg> wpa_supp: wpa_printf_impl: argv[0]: set_network
[00:00:01.489,318] <dbg> wpa_supp: wpa_printf_impl: argv[1]: 0
[00:00:01.489,349] <dbg> wpa_supp: wpa_printf_impl: argv[2]: anonymous_identity
[00:00:01.489,410] <dbg> wpa_supp: wpa_printf_impl: argv[3]: "(null)"
[00:00:01.489,776] <dbg> wpa_supp: wpa_printf_impl: wlan0: Control interface command 'SET_NETWORK [REMOVED]'
[00:00:01.489,929] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: SET_NETWORK id=0 name='anonymous_identity'
[00:00:01.489,990] <dbg> wpa_supp: wpa_printf_impl: CTRL_IFACE: value - hexdump_ascii(len=8): [REMOVED]
[00:00:01.490,081] <dbg> wpa_supp: wpa_printf_impl: anonymous_identity - hexdump_ascii(len=6):
[00:00:01.490,112] <dbg> wpa_supp: _wpa_hexdump_ascii:
28 6e 75 6c 6c 29 |(null)
[00:00:01.490,356] <inf> sta: Connection requested
[00:00:01.490,417] <inf> sta: ==================
[00:00:01.490,447] <inf> sta: State: DISCONNECTED
[00:00:01.568,054] <dbg> wpa_supp: wpa_printf_impl: EAPOL: disable timer tick
[00:00:01.790,557] <inf> sta: ==================
What else should my code do to get this to work?
Thanks!
Parents
  • 0

    Hi,

    I recommend updating to nRF Connect SDK v3.0.0 or later, as that version has some improvements regarding Wi-Fi enterprise.

    Additionally, Wi-Fi enterprise requires X.509 certificates. If you are not providing this, it might explain why it does not work. I recommend taking a look at Wi-Fi Enterprise test: X.509 Certificate management in our documentation. Please note that run time certificates are only supported in v3.0.0 and later.

    Did you enable Wi-Fi enterprise mode in prj.conf?

    CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE=y

    I recommend testing the Wi-Fi shell sample with enterprise mode, as described in Build the nRF70 Series DK for Shell sample with Enterprise mode, to verify that you can get enterprise mode to work with your AP and board.

    Best regards,
    Marte

  • 0 in reply to Marte Myrvold
    Marte Myrvold said:
    I recommend updating to nRF Connect SDK v3.0.0 or later, as that version has some improvements regarding Wi-Fi enterprise.

    Ok, but that update broke my WPA-PSK operation... 

     Update to NCS3.0.0 broke wifi WPA2-PSK connect? 

    Maybe you can shed some light on that?

    Marte Myrvold said:

    Did you enable Wi-Fi enterprise mode in prj.conf?

    Fullscreen
    1
    CONFIG_WIFI_NM_WPA_SUPPLICANT_CRYPTO_ENTERPRISE=y
    XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

    I recommend testing the Wi-Fi shell sample with enterprise mode, as described in Build the nRF70 Series DK for Shell sample with Enterprise mode, to verify that you can get enterprise mode to work with your AP and board.

    Yes, thats exactly what I was trying to do but using the (simpler) wifi sta sample, see prj.conf as included above.

    BrianW said:

    wifi-sta prj.conf file:

    4300.prj.conf

    Marte Myrvold said:
    Additionally, Wi-Fi enterprise requires X.509 certificates. If you are not providing this, it might explain why it does not work. I recommend taking a look at Wi-Fi Enterprise test: X.509 Certificate management in our documentation. Please note that run time certificates are only supported in v3.0.0 and later.

    Ok... I see the wifi shell example, but its all using command lines to setup the connection. Do you have a C code connection params setup example (like my setup code above, but that does the certificate setup as well?)

    thanks

  • 0 in reply to BrianW

    Hi,

    It seems that your client is unauthorized to access the network. You specified security type to be NONE using params->security = WIFI_SECURITY_TYPE_NONE. What happens if you change security type to params->security = WIFI_SECURITY_TYPE_EAP_TLS?
    You can find security types in wifi_security_type.

    Best regards,
    Dejan

  • 0 in reply to dejans
    dejans said:
    It seems that your client is unauthorized to access the network. You specified security type to be NONE using params->security = WIFI_SECURITY_TYPE_NONE.

    Ah, no, the code (line 18 in the above code samples) has:

    ctx->cnx_params.security = WIFI_SECURITY_TYPE_EAP_TLS; // ==WIFI_SECURITY_TYPE_EAP ie WPA2-Enterprise with EAP_TLS authentication

    Where do you see it being set to NONE?

  • 0 in reply to BrianW

    Hi,

    I saw it here at line 4.

    /* Defaults */
    params->band = WIFI_FREQ_BAND_UNKNOWN;
    params->channel = WIFI_CHANNEL_ANY;
    params->security = WIFI_SECURITY_TYPE_NONE;
    params->mfp = WIFI_MFP_OPTIONAL;

/* SSID */
    params->ssid =STA_SSID;
    params->ssid_length = strlen(params->ssid);

    params->security = WIFI_SECURITY_TYPE_EAP_TLS;
    params->eap_identity = STA_IDENTITY;  //"cc2-004a";
    params->eap_id_length = strlen(params->eap_identity);
    params->eap_password = STA_PASSWORD;
    params->eap_passwd_length = strlen(params->eap_password);

    Best regards,
    Dejan

  • 0 in reply to dejans

    but then it gets set correctly at line 11.... 

  • 0 in reply to BrianW

    Hi,

    BrianW said:
    it gets set correctly at line 11

    Can you try to remove it and retest?

    BrianW said:
    I meant more the role of these parameters in the WPA2 exchange with the AP. For example, if I am connecting using a client certificate and private key, do I also need to set an anonymous identity? or rather should I be passing the 'eap_identity' field with the client user name from the certificate? When is the eap_password used?

    wifi_conn_req_param structure basically holds the connection parameters as passed by the user (in case of shell) or an application. It is used to configure supplicant that takes care of connection negotiation. eap_identity and eap_password are applicable for EAP methods which employ a second phase tunnel eg., EAP-TTLS and EAP-PEAP. In case of EAP-TLS, passing anonymous identity is optional. You can find additional details (enhanced documentation) in this commit.

    Best regards,
    Dejan

Reply
  • 0 in reply to BrianW

    Hi,

    BrianW said:
    it gets set correctly at line 11

    Can you try to remove it and retest?

    BrianW said:
    I meant more the role of these parameters in the WPA2 exchange with the AP. For example, if I am connecting using a client certificate and private key, do I also need to set an anonymous identity? or rather should I be passing the 'eap_identity' field with the client user name from the certificate? When is the eap_password used?

    wifi_conn_req_param structure basically holds the connection parameters as passed by the user (in case of shell) or an application. It is used to configure supplicant that takes care of connection negotiation. eap_identity and eap_password are applicable for EAP methods which employ a second phase tunnel eg., EAP-TTLS and EAP-PEAP. In case of EAP-TLS, passing anonymous identity is optional. You can find additional details (enhanced documentation) in this commit.

    Best regards,
    Dejan

Children
No Data
Related
Terms of service