Re: dhclient unable to negotiate on WPA2-Enterprise network (eduroam)

In reply to: Naman Sood: "dhclient unable to negotiate on WPA2-Enterprise network (eduroam)"
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: Marek Zarychta <zarychtam_at_plan-b.pwste.edu.pl>
Date: Thu, 29 Jun 2023 19:09:29 UTC
W dniu 28.06.2023 o 18:54, Naman Sood pisze:
> Hi,
>
> After doing a system update to the newest CURRENT, dhclient is not able to obtain an IP address for itself over an eduroam WPA2-Enterprise PEAP network. Connecting to open and WPA2-Personal networks works fine. I'm using the rtwn network driver. Here's some relevant bits from all.log (I got this by killing dhclient, restarting netif, then running dhclient again manually on wlan0):
>
> Jun 28 12:32:52 neon sudo[3656]:    nsood : TTY=pts/1 ; PWD=/usr/home/nsood ; USER=root ; ENV=PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/home/nsood/binCOMMAND=/usr/bin/env dhclient wlan0
> Jun 28 12:32:52 neon dhclient[3660]: DHCPREQUEST on wlan0 to 255.255.255.255 port 67
> Jun 28 12:32:52 neon dhclient[3660]: send_packet: No buffer space available
> Jun 28 12:32:52 neon kernel: Jun 28 12:32:52 neon dhclient[3660]: send_packet: No buffer space available
> Jun 28 12:32:59 neon dhclient[3660]: DHCPREQUEST on wlan0 to 255.255.255.255 port 67
> Jun 28 12:32:59 neon dhclient[3660]: send_packet: No buffer space available
> Jun 28 12:33:00 neon /usr/sbin/cron[3665]: (operator) CMD (/usr/libexec/save-entropy)
> Jun 28 12:33:13 neon dhclient[3660]: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 3
> Jun 28 12:33:13 neon dhclient[3660]: send_packet: No buffer space available
> Jun 28 12:33:16 neon dhclient[3660]: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 6
> Jun 28 12:33:16 neon dhclient[3660]: send_packet: No buffer space available
> Jun 28 12:33:22 neon dhclient[3660]: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 14
> Jun 28 12:33:22 neon dhclient[3660]: send_packet: No buffer space available
> Jun 28 12:33:36 neon dhclient[3660]: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 21
> Jun 28 12:33:36 neon dhclient[3660]: send_packet: No buffer space available
> Jun 28 12:33:36 neon kernel: Jun 28 12:33:36 neon syslogd: last message repeated 5 times
> Jun 28 12:33:39 neon wpa_supplicant[3494]: wlan0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
> Jun 28 12:33:41 neon wpa_supplicant[3494]: wlan0: Authentication with 84:f1:47:d6:48:20 timed out.
> Jun 28 12:33:41 neon wpa_supplicant[3494]: wlan0: CTRL-EVENT-DISCONNECTED bssid=84:f1:47:d6:48:20 reason=3 locally_generated=1
> Jun 28 12:33:41 neon wpa_supplicant[3494]: wlan0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="eduroam" auth_failures=1 duration=10 reason=AUTH_FAILED
> Jun 28 12:33:41 neon wpa_supplicant[3494]: BSSID 84:f1:47:d6:48:20 ignore list count incremented to 2, ignoring for 10 seconds
> Jun 28 12:33:41 neon wpa_supplicant[3494]: wlan0: CTRL-EVENT-DSCP-POLICY clear_all
> Jun 28 12:33:41 neon kernel: wlan0: link state changed to DOWN
> Jun 28 12:33:41 neon dhclient[3660]: wlan0 link state up -> down
>
> After this wlan0 came back up and successfully negotiated an IP from a lower-priority WPA2-Personal network.
>
> I also saw this a bit further up in all.log when it tried to connect to eduroam automatically:
>
> Jun 28 12:44:24 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-SSID-REENABLED id=0 ssid="eduroam"
> Jun 28 12:44:24 neon wpa_supplicant[1517]: wlan0: Trying to associate with 84:f1:47:d6:48:20 (SSID='eduroam' freq=2437 MHz)
> Jun 28 12:44:25 neon kernel: wlan0: link state changed to UP
> Jun 28 12:44:25 neon dhclient[1951]: wlan0 link state down -> up
> Jun 28 12:44:25 neon dhclient[1951]: DHCPREQUEST on wlan0 to 255.255.255.255 port 67
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: Associated with 84:f1:47:d6:48:20
> Jun 28 12:44:25 neon dhclient[1951]: send_packet: No buffer space available
> Jun 28 12:44:25 neon kernel: Jun 28 12:44:25 neon dhclient[1951]: send_packet: No buffer space available
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
> Jun 28 12:44:25 neon wpa_supplicant[1517]: tls_connection_set_params: Clearing pending SSL error: error:12800067:DSO support routines::could not load the shared library
> Jun 28 12:44:25 neon wpa_supplicant[1517]: tls_connection_set_params: Clearing pending SSL error: error:07880025:common libcrypto routines::reason(524325)
> Jun 28 12:44:25 neon wpa_supplicant[1517]: tls_connection_set_params: Clearing pending SSL error: error:0308010C:digital envelope routines::unsupported
> Jun 28 12:44:25 neon wpa_supplicant[1517]: tls_connection_set_params: Clearing pending SSL error: error:03000086:digital envelope routines::initialization error
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-CERT depth=2 subject='/OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign' hash=[redacted]
> Jun 28 12:44:25 neon syslogd: last message repeated 1 times
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=BE/O=GlobalSign nv-sa/CN=GlobalSign RSA OV SSL CA 2018' hash=[redacted]
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=CA/ST=Ontario/L=Waterloo/O=University of Waterloo/CN=eduroam.uwaterloo.ca' hash=[redacted]
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:eduroam.uwaterloo.ca
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:cn-aaa.uwaterloo.ca
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:ns-aaa.uwaterloo.ca
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:auth-x.uwaterloo.ca
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:guest.wifi.uwaterloo.ca
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:ns-ise-psn-a.private.uwaterloo.ca
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:ns-ise-psn-b.private.uwaterloo.ca
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:ns-ise-psn-c.private.uwaterloo.ca
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:ns-ise-psn-d.private.uwaterloo.ca
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:ns-ise-psn-e.private.uwaterloo.ca
> Jun 28 12:44:25 neon wpa_supplicant[1517]: OpenSSL: EVP_DigestInit_ex failed: error:12800067:DSO support routines::could not load the shared library
> Jun 28 12:44:25 neon kernel: Jun 28 12:44:25 neon wpa_supplicant[1517]: OpenSSL: EVP_DigestInit_ex failed: error:12800067:DSO support routines::could not load the shared library
> Jun 28 12:44:25 neon wpa_supplicant[1517]: EAP-MSCHAPV2: Failed to derive response
>
> This makes me think the change might be related to the recent OpenSSL migration? Either way, things seem to be broken at the moment and a solution would be appreciated.
>
> Thanks,
> Naman.
> (they/them)
>
Thanks for the report. Have you tried security/wpa_supplicant BTW?

-- 
Marek Zarychta