Re: WPA-EAP with phase2



On Tue, 2007-05-22 at 13:40 +0000, Volker Braun wrote:
> Why does network manager insist on setting the pairwise/group ciphers at 
> all? The wpa_supplicant default is
> 
>   pairwise=CCMP TKIP
>   group=CCMP TKIP WEP104 WEP40

If the SSID is hidden, you need to explicitly set the ciphers.  Also,
some access points (some 802.11G consumer Netgear ones) have problems at
various points when the cipher is not set to what it expects.

With 0.7 and the new config bits you'll have the ability to tell NM
exactly what ciphers to use when things aren't working correctly.  It
may be that things don't "just work", unfortunate as that is, and that
you need to set the cipher suites for your AP.

> and that should cover all bases. Side effect: one less configuration 
> option, yay! 
> 
> For those that transmit sensitive information via broadcast  one could 
> have a checkbox "Avoid WEP ciphers" or some such. But in that scenario 
> these ciphers really have to be turned off on the AP side, disallowing 
> them on the client side just makes it impossible to connect.
> 
> Irregardless, I really don't understand why anybody would use 
> pairwise=TKIP and group=WEP104. Old hardware that only needs to see 
> broadcast packets? 

For compat mode with mixed networks.  If you have clients that are not
WPA-capable, you set pairwise=TKIP/CCMP and group=WEP104 and then
non-WPA clients that are capable of WEP-only can still participate in
the network as normal because they don't care about the pairwise/group
distinction; they only need to be able to send/receive broadcast &
multicast frames to all other clients, and since group=WEP104 they can
do that without needing WPA.

Dan

> Volker
> 
> 
> 
> On Mon, 21 May 2007 15:48:38 +0200, Ralf Rublack wrote:
> > I try to connect to a wireless network with follow configuration
> > (from my wpa_cupplicant.conf)
> > 	key_mgmt=WPA-EAP
> >         eap=TTLS
> >         proto=WPA
> >         pairwise=TKIP
> >         group=WEP104
> >         phase2="auth=PAP"
> 
> _______________________________________________
> NetworkManager-list mailing list
> NetworkManager-list gnome org
> http://mail.gnome.org/mailman/listinfo/networkmanager-list




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]