Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

EAP-TLS example not working #556

Closed
gubertoli opened this issue Nov 27, 2024 · 3 comments
Closed

EAP-TLS example not working #556

gubertoli opened this issue Nov 27, 2024 · 3 comments

Comments

@gubertoli
Copy link

I think this issue is the same as #420

Hi,

I am testing the mininet-wifi eap-tls example (mn version 2.6 in a Ubuntu 22.04 VM with wpa_cli and hostapd_cli v2.11-devel), but the current example is not running as expected by the example README.md:

Then run as follows

sudo -E python eap-tls-auth.py

Try the following experiments
       mininet-wifi> sta1 ping sta2 

If the ping succeeded you're in good shape.

The current output:

~/mininet-wifi$ sudo -E python examples/eap-tls/eap-tls-auth.py 
*** Creating nodes
*** Configuring nodes
*** Associating Stations
*** Starting network
*** Adding openflow wireless rule : 
*** Try the following at the CLI 
sta1 ping sta2 
/tmp/debug*.txt and /tmp/hostapd.txt contain logs 
cat /var/log/syslog | grep hostapd shows you if the authentication succeeded
*** Starting CLI:
mininet-wifi> sta1 ping sta2
PING 10.0.0.2 (10.0.0.2) 56(84) bytes of data.
From 10.0.0.1 icmp_seq=1 Destination Host Unreachable
From 10.0.0.1 icmp_seq=2 Destination Host Unreachable
From 10.0.0.1 icmp_seq=3 Destination Host Unreachable
From 10.0.0.1 icmp_seq=4 Destination Host Unreachable
^C

Only the /tmp/hostapd.txt is being generated, there is no /tmp/debug*.txt, also no entries for hostap in the /var/log/syslog.
I tried the changes related to this PR #268, it fixes the problem of requiring to run from mininet-wifi root folder. But the behavior is the same.

What I tried:

  • to create a digital certificate for each client (instead of using the same for sta1 and sta2), but it also did not solve the problem.
  • changed identity to the specific commonName of certificates
  • changed eap_users file to the specific identity of sta1 and sta2
  • changed client_isolation=True to client_isolation=False for ap1
  • removed eapol_version=2, eapol_version, and eap_message

Please, any other ideas?
@ramonfontes
Copy link
Member

ramonfontes commented Nov 27, 2024
edited
Loading

98ff896 fixes the issue. Please note that you have to generate the certs with https://github.com/intrig-unicamp/mininet-wifi/blob/master/examples/eap-tls/CA/gencerts.sh.

@gubertoli
Copy link
Author

Thanks @ramonfontes, with those changes it is working now - stations ping each other.

Just an additional comment, based on 98ff896, the /tmp/debug*.txt files are not being generated.

I tested with the following change from PR #268, and it also works for generating those files:

From:

wpasup_flags='-dd > /tmp/debug1.txt',
wpasup_flags='-dd > /tmp/debug2.txt',

To:

wpasup_flags='-dd -f /tmp/debug1.txt',
wpasup_flags='-dd -f /tmp/debug2.txt',

@ramonfontes
Copy link
Member

336d8ba fixes that! Thank you :)

Btw, please feel free to submit PRs.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@gubertoli @ramonfontes