From nobody Thu Jun 29 19:09:29 2023
X-Original-To: freebsd-current@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QsSgj2Gg4z4kXnY
	for <freebsd-current@mlmmj.nyi.freebsd.org>; Thu, 29 Jun 2023 19:09:53 +0000 (UTC)
	(envelope-from zarychtam@plan-b.pwste.edu.pl)
Received: from plan-b.pwste.edu.pl (plan-b.pwste.edu.pl [IPv6:2001:678:618::40])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
	 client-signature RSA-PSS (2048 bits) client-digest SHA256)
	(Client CN "plan-b.pwste.edu.pl", Issuer "GEANT OV RSA CA 4" (verified OK))
	by mx1.freebsd.org (Postfix) with ESMTPS id 4QsSgg65GVz4NdH
	for <freebsd-current@freebsd.org>; Thu, 29 Jun 2023 19:09:51 +0000 (UTC)
	(envelope-from zarychtam@plan-b.pwste.edu.pl)
Authentication-Results: mx1.freebsd.org;
	dkim=pass header.d=plan-b.pwste.edu.pl header.s=plan-b-mailer header.b=XqJ+C7YM;
	spf=none (mx1.freebsd.org: domain of zarychtam@plan-b.pwste.edu.pl has no SPF policy when checking 2001:678:618::40) smtp.mailfrom=zarychtam@plan-b.pwste.edu.pl;
	dmarc=pass (policy=none) header.from=plan-b.pwste.edu.pl
Received: from [IPV6:2a00:1110:200:83a5:70c0:54e4:40c:d24d] (2A001110020083A570C054E4040CD24D.mobile.pool.telekom.hu [IPv6:2a00:1110:200:83a5:70c0:54e4:40c:d24d])
	(authenticated bits=0)
	by plan-b.pwste.edu.pl (8.17.2/8.17.1) with ESMTPSA id 35TJ9aUR083294
	(version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO)
	for <freebsd-current@freebsd.org>; Thu, 29 Jun 2023 21:09:37 +0200 (CEST)
	(envelope-from zarychtam@plan-b.pwste.edu.pl)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=plan-b.pwste.edu.pl;
	s=plan-b-mailer; t=1688065780;
	bh=upv4t5rlzeDHDrXj1e9WlLyvTpo/vupHIrMhwbT1uGs=;
	h=Date:Subject:To:References:From:In-Reply-To;
	b=XqJ+C7YM1wtYRnUXnbQAwa4VUtFpHvtfKD281Iitw4tUdbZ9elcJWd4Se68tHdrjn
	 4TkFRF96OgIOO/Vih/OOIVwxWn1eKzGeTCIclk6g0WD4MKr9X3k6vUgSXgkyu5px0f
	 dbAcNLDlDh24XhwK1vCger7EMs6R6C5DdqZDRBR+Fdysra7KSk0C0XbEgyNHGVYTTc
	 nlU+UW0Ag8YGE7lxIWH9mHGBrcPf8ktlNhiKwZOvkJy8Hi4kug/CHtVNsgVsSmMYyG
	 +lXUECMGvfYwUPS+O2wGZG7eXMR2PWg1nC0cTl5JL+9kdPKsA1eyImF6sPfA4TDgQA
	 FBzsGz9G1Mp8g==
X-Authentication-Warning: plan-b.pwste.edu.pl: Host 2A001110020083A570C054E4040CD24D.mobile.pool.telekom.hu [IPv6:2a00:1110:200:83a5:70c0:54e4:40c:d24d] claimed to be [IPV6:2a00:1110:200:83a5:70c0:54e4:40c:d24d]
Message-ID: <bd950a10-6cd3-7486-33a6-c18b4208a513@plan-b.pwste.edu.pl>
Date: Thu, 29 Jun 2023 21:09:29 +0200
List-Id: Discussions about the use of FreeBSD-current <freebsd-current.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-current
List-Help: <mailto:freebsd-current+help@freebsd.org>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Subscribe: <mailto:freebsd-current+subscribe@freebsd.org>
List-Unsubscribe: <mailto:freebsd-current+unsubscribe@freebsd.org>
Sender: owner-freebsd-current@freebsd.org
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:102.0) Gecko/20100101
 Thunderbird/102.11.0
Subject: Re: dhclient unable to negotiate on WPA2-Enterprise network (eduroam)
To: freebsd-current@freebsd.org
References: <3757e302-5eca-4174-b459-81737c0fe8de@app.fastmail.com>
Content-Language: en-US
From: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl>
In-Reply-To: <3757e302-5eca-4174-b459-81737c0fe8de@app.fastmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 8bit
X-Spamd-Result: default: False [-3.79 / 15.00];
	NEURAL_HAM_LONG(-1.00)[-1.000];
	NEURAL_HAM_MEDIUM(-1.00)[-1.000];
	NEURAL_HAM_SHORT(-0.99)[-0.993];
	DMARC_POLICY_ALLOW(-0.50)[plan-b.pwste.edu.pl,none];
	R_DKIM_ALLOW(-0.20)[plan-b.pwste.edu.pl:s=plan-b-mailer];
	MIME_GOOD(-0.10)[text/plain];
	MLMMJ_DEST(0.00)[freebsd-current@freebsd.org];
	RCVD_VIA_SMTP_AUTH(0.00)[];
	FROM_EQ_ENVFROM(0.00)[];
	R_SPF_NA(0.00)[no SPF record];
	ASN(0.00)[asn:206006, ipnet:2001:678:618::/48, country:PL];
	MIME_TRACE(0.00)[0:+];
	DKIM_TRACE(0.00)[plan-b.pwste.edu.pl:+];
	HAS_XAW(0.00)[];
	RCPT_COUNT_ONE(0.00)[1];
	MID_RHS_MATCH_FROM(0.00)[];
	ARC_NA(0.00)[];
	RCVD_COUNT_TWO(0.00)[2];
	FROM_HAS_DN(0.00)[];
	TO_DN_NONE(0.00)[];
	TO_MATCH_ENVRCPT_ALL(0.00)[];
	PREVIOUSLY_DELIVERED(0.00)[freebsd-current@freebsd.org];
	RCVD_TLS_ALL(0.00)[]
X-Rspamd-Queue-Id: 4QsSgg65GVz4NdH
X-Spamd-Bar: ---
X-ThisMailContainsUnwantedMimeParts: N


W dniu 28.06.2023 o 18:54, Naman Sood pisze:
> Hi,
>
> After doing a system update to the newest CURRENT, dhclient is not able to obtain an IP address for itself over an eduroam WPA2-Enterprise PEAP network. Connecting to open and WPA2-Personal networks works fine. I'm using the rtwn network driver. Here's some relevant bits from all.log (I got this by killing dhclient, restarting netif, then running dhclient again manually on wlan0):
>
> Jun 28 12:32:52 neon sudo[3656]:    nsood : TTY=pts/1 ; PWD=/usr/home/nsood ; USER=root ; ENV=PATH=/sbin:/bin:/usr/sbin:/usr/bin:/usr/local/sbin:/usr/local/bin:/home/nsood/binCOMMAND=/usr/bin/env dhclient wlan0
> Jun 28 12:32:52 neon dhclient[3660]: DHCPREQUEST on wlan0 to 255.255.255.255 port 67
> Jun 28 12:32:52 neon dhclient[3660]: send_packet: No buffer space available
> Jun 28 12:32:52 neon kernel: Jun 28 12:32:52 neon dhclient[3660]: send_packet: No buffer space available
> Jun 28 12:32:59 neon dhclient[3660]: DHCPREQUEST on wlan0 to 255.255.255.255 port 67
> Jun 28 12:32:59 neon dhclient[3660]: send_packet: No buffer space available
> Jun 28 12:33:00 neon /usr/sbin/cron[3665]: (operator) CMD (/usr/libexec/save-entropy)
> Jun 28 12:33:13 neon dhclient[3660]: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 3
> Jun 28 12:33:13 neon dhclient[3660]: send_packet: No buffer space available
> Jun 28 12:33:16 neon dhclient[3660]: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 6
> Jun 28 12:33:16 neon dhclient[3660]: send_packet: No buffer space available
> Jun 28 12:33:22 neon dhclient[3660]: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 14
> Jun 28 12:33:22 neon dhclient[3660]: send_packet: No buffer space available
> Jun 28 12:33:36 neon dhclient[3660]: DHCPDISCOVER on wlan0 to 255.255.255.255 port 67 interval 21
> Jun 28 12:33:36 neon dhclient[3660]: send_packet: No buffer space available
> Jun 28 12:33:36 neon kernel: Jun 28 12:33:36 neon syslogd: last message repeated 5 times
> Jun 28 12:33:39 neon wpa_supplicant[3494]: wlan0: CTRL-EVENT-EAP-FAILURE EAP authentication failed
> Jun 28 12:33:41 neon wpa_supplicant[3494]: wlan0: Authentication with 84:f1:47:d6:48:20 timed out.
> Jun 28 12:33:41 neon wpa_supplicant[3494]: wlan0: CTRL-EVENT-DISCONNECTED bssid=84:f1:47:d6:48:20 reason=3 locally_generated=1
> Jun 28 12:33:41 neon wpa_supplicant[3494]: wlan0: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="eduroam" auth_failures=1 duration=10 reason=AUTH_FAILED
> Jun 28 12:33:41 neon wpa_supplicant[3494]: BSSID 84:f1:47:d6:48:20 ignore list count incremented to 2, ignoring for 10 seconds
> Jun 28 12:33:41 neon wpa_supplicant[3494]: wlan0: CTRL-EVENT-DSCP-POLICY clear_all
> Jun 28 12:33:41 neon kernel: wlan0: link state changed to DOWN
> Jun 28 12:33:41 neon dhclient[3660]: wlan0 link state up -> down
>
> After this wlan0 came back up and successfully negotiated an IP from a lower-priority WPA2-Personal network.
>
> I also saw this a bit further up in all.log when it tried to connect to eduroam automatically:
>
> Jun 28 12:44:24 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-SSID-REENABLED id=0 ssid="eduroam"
> Jun 28 12:44:24 neon wpa_supplicant[1517]: wlan0: Trying to associate with 84:f1:47:d6:48:20 (SSID='eduroam' freq=2437 MHz)
> Jun 28 12:44:25 neon kernel: wlan0: link state changed to UP
> Jun 28 12:44:25 neon dhclient[1951]: wlan0 link state down -> up
> Jun 28 12:44:25 neon dhclient[1951]: DHCPREQUEST on wlan0 to 255.255.255.255 port 67
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: Associated with 84:f1:47:d6:48:20
> Jun 28 12:44:25 neon dhclient[1951]: send_packet: No buffer space available
> Jun 28 12:44:25 neon kernel: Jun 28 12:44:25 neon dhclient[1951]: send_packet: No buffer space available
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-STARTED EAP authentication started
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
> Jun 28 12:44:25 neon wpa_supplicant[1517]: tls_connection_set_params: Clearing pending SSL error: error:12800067:DSO support routines::could not load the shared library
> Jun 28 12:44:25 neon wpa_supplicant[1517]: tls_connection_set_params: Clearing pending SSL error: error:07880025:common libcrypto routines::reason(524325)
> Jun 28 12:44:25 neon wpa_supplicant[1517]: tls_connection_set_params: Clearing pending SSL error: error:0308010C:digital envelope routines::unsupported
> Jun 28 12:44:25 neon wpa_supplicant[1517]: tls_connection_set_params: Clearing pending SSL error: error:03000086:digital envelope routines::initialization error
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-CERT depth=2 subject='/OU=GlobalSign Root CA - R3/O=GlobalSign/CN=GlobalSign' hash=[redacted]
> Jun 28 12:44:25 neon syslogd: last message repeated 1 times
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-CERT depth=1 subject='/C=BE/O=GlobalSign nv-sa/CN=GlobalSign RSA OV SSL CA 2018' hash=[redacted]
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/C=CA/ST=Ontario/L=Waterloo/O=University of Waterloo/CN=eduroam.uwaterloo.ca' hash=[redacted]
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:eduroam.uwaterloo.ca
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:cn-aaa.uwaterloo.ca
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:ns-aaa.uwaterloo.ca
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:auth-x.uwaterloo.ca
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:guest.wifi.uwaterloo.ca
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:ns-ise-psn-a.private.uwaterloo.ca
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:ns-ise-psn-b.private.uwaterloo.ca
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:ns-ise-psn-c.private.uwaterloo.ca
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:ns-ise-psn-d.private.uwaterloo.ca
> Jun 28 12:44:25 neon wpa_supplicant[1517]: wlan0: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:ns-ise-psn-e.private.uwaterloo.ca
> Jun 28 12:44:25 neon wpa_supplicant[1517]: OpenSSL: EVP_DigestInit_ex failed: error:12800067:DSO support routines::could not load the shared library
> Jun 28 12:44:25 neon kernel: Jun 28 12:44:25 neon wpa_supplicant[1517]: OpenSSL: EVP_DigestInit_ex failed: error:12800067:DSO support routines::could not load the shared library
> Jun 28 12:44:25 neon wpa_supplicant[1517]: EAP-MSCHAPV2: Failed to derive response
>
> This makes me think the change might be related to the recent OpenSSL migration? Either way, things seem to be broken at the moment and a solution would be appreciated.
>
> Thanks,
> Naman.
> (they/them)
>
Thanks for the report. Have you tried security/wpa_supplicant BTW?

-- 
Marek Zarychta