TechQA.

Hostapd: Client re-authenticates regularly without appearing to have been deauthenticated

3.5k views Asked by At

I run Hostapd v1.0 on a Rasbian Raspberry Pi with a AWUS036NH adapter as AP (chipset Ralink RT3070). It works fine and fast except one problem:

My Android phone using VOIP (Media5-fone app, but not making any call) reconnects itself every Nx10 minutes without appearing to have been deauthenticated by the server. Here how the logs look like :

> Sep 17 07:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: authenticated
Sep 17 07:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: associated (aid 1)
Sep 17 07:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx RADIUS: starting accounting session 59BE12E5-00000001
Sep 17 07:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: pairwise key handshake completed (RSN)
> Sep 17 07:55:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: authenticated
Sep 17 07:55:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: associated (aid 1)
Sep 17 07:55:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx RADIUS: starting accounting session 59BE12E5-00000002
Sep 17 07:55:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: pairwise key handshake completed (RSN)
> Sep 17 08:05:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: authenticated
Sep 17 08:05:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: associated (aid 1)
Sep 17 08:05:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx RADIUS: starting accounting session 59BE12E5-00000003
Sep 17 08:05:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: pairwise key handshake completed (RSN)
Sep 17 08:15:04 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 08:25:03 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 08:35:01 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 08:45:01 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
> Sep 17 08:55:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: authenticated
Sep 17 08:55:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: associated (aid 1)
Sep 17 08:55:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx RADIUS: starting accounting session 59BE12E5-00000004
Sep 17 08:55:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: pairwise key handshake completed (RSN)
Sep 17 09:05:01 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 09:15:02 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 09:25:01 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 09:35:03 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
> Sep 17 09:45:07 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: authenticated
Sep 17 09:45:07 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: associated (aid 1)
Sep 17 09:45:07 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx RADIUS: starting accounting session 59BE12E5-00000005
Sep 17 09:45:07 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: pairwise key handshake completed (RSN)
Sep 17 09:55:02 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 10:05:04 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 10:15:04 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 10:25:02 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
> Sep 17 10:35:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: authenticated
Sep 17 10:35:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: associated (aid 1)
Sep 17 10:35:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx RADIUS: starting accounting session 59BE12E5-00000006
Sep 17 10:35:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: pairwise key handshake completed (RSN)
> Sep 17 10:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: authenticated
Sep 17 10:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: associated (aid 1)
Sep 17 10:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx RADIUS: starting accounting session 59BE12E5-00000007
Sep 17 10:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: pairwise key handshake completed (RSN)
Sep 17 10:55:02 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 11:05:03 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 11:15:03 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 11:25:04 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 11:35:02 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 11:45:03 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 11:55:03 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 12:05:02 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 12:15:02 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 12:25:04 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 12:35:03 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
> Sep 17 12:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: authenticated
Sep 17 12:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: associated (aid 1)
Sep 17 12:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx RADIUS: starting accounting session 59BE12E5-00000008
Sep 17 12:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: pairwise key handshake completed (RSN)
Sep 17 12:55:04 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)

My hostapd.conf:

interface=wlan0
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=TheWifiNetworkName
country_code=US
hw_mode=g
channel=3
beacon_int=100
dtim_period=2
max_num_sta=10
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wmm_enabled=1
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0
ap_max_inactivity=1800
eapol_key_index_workaround=0
eap_server=0
own_ip_addr=127.0.0.1
wpa=2
wpa_passphrase=ThePassword
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
ap_table_max_size=100
ap_table_expiration_time=1800

So since it always happens in multiples of 10 minutes I started to look at any configuration variable that is a multiple of 600 seconds, which leads us to:

ap_max_inactivity=1800
ap_table_expiration_time=1800

But that doesn't explain why 10 minutes... Is that a client thing (Android) ? All I know is that this does NOT happen when the Android VOIP is connected to another WIFI network.

And I would like to add a bonus question: do you see anything not so smart in my configuration? (it's the first time I setup a hostapd)

Thanks!

android wifi raspbian access-point hostapd
Original Q&A
1

There are 1 answers

0
Roman Mindlin On BEST ANSWER

You should set wpa_group_rekey parameter in your /etc/hostapd/hostapd.conf file.

This defaults to 86400 seconds (once per day) when using CCMP/GCMP as the group cipher and 600 seconds (once per 10 minutes) when using TKIP as the group cipher.

The Group Key (Group Transient Key) is a shared key among all Supplicants connected to the same AP, and is used to secure multicast/broadcast traffic. It is not used for normal unicast traffic. A Pairwise Transient Key secures the unicast traffic.

Group Key Renewal controls how often the Group Transient Key is changed. The Group Key Renewal does not control the update period for the Pairwise Transient Key. The Pairwise Transient Key is changed each time the Supplicant authenticates, or re-authenticates.

WPA uses pre-shared keys that authenticate a device to a protected network. WPA automatically changes secret keys after a certain period of time. The group rekey interval is the period of time in between automatic changes of the group key, which all devices on the network share.

Read this about known vulnerability related to GTK, but as it mentioned in this text, hostapd is not vulnerable.

In view of this, you can decide which value you should set to your wpa_group_rekey parameter. Keep in mind security requirements to your network environment.

Related Questions in ANDROID

Related Questions in WIFI

Related Questions in RASPBIAN

Related Questions in ACCESS-POINT

Related Questions in HOSTAPD

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions