RE: connecting to a non-broadcasted SSID

[Dan Williams <dcbw redhat com>]

On Thu, 2008-06-12 at 11:32 -0400, Miner, Jonathan W (US SSA) wrote:
> Responses at the bottom... apologies for using MS-Outlook...
> 
> -----Original Message-----
> From:	Dan Williams [mailto:dcbw redhat com]
> Sent:	Thu 6/12/2008 11:15 AM
> To:	Miner, Jonathan W (US SSA)
> Cc:	networkmanager-list gnome org
> Subject:	Re: connecting to a non-broadcasted SSID
> 
> On Thu, 2008-06-12 at 08:34 -0400, Miner, Jonathan W (US SSA) wrote:
> > I've noticed that when I successfully connect to a wireless network with a non-broadcasted SSID that the applet reports:
> > 
> > "You are now connected to the wireless network '(none)'."
> > 
> > This message comes from network-manager-applet/src/applet-device-wifi.c, line 1131
> > 
> > Clearly, NetworkManager knows the SSID of the network, since it was able to look for it, and successfully connect to it.  But it appears that the applet can't determine it?
> 
> Depends; the applet _should_ have the right idea of the current AP, but
> if you run 'nm-tool' is there a * next to your SSID while connected?  If
> not, then the problem lies in NetworkManager.
> 
> I did test hidden SSID last week and it worked OK for me, but enough
> people have reported this problem that I think there is a bug.
> 
> Also, can you report what '/sbin/iwconfig wlan0' (or whatever your wifi
> interface name is) says when you're definitely connected?  NM grabs that
> information periodically and tries to match it up with an AP that it's
> scanned, and if I cannot find the AP that the card says it's associated
> too (because it hasn't shown up in scan yet) then you'll end up with
> NULL.
> 
> So, if you have more than one AP in the same SSID, but none of them are
> broadcasting their SSIDs, NM can only auto-match the SSID AP's its seen
> before.  So if the card roams to a new AP that NM hasn't seen before,
> and also isn't broadcasting it's SSID, that AP won't necessarily be in
> the scan list yet, and even if it was, we wouldn't know it's SSID
> necessarily.
> 
> The solution?  _Don't_ hide your AP's SSID.  It's security through
> obscurity, and if you're using good encryption like WPA[2] + 802.1x,
> it's completely unnecessary anyway.  Anyone with WireShark can fire up a
> frame sniffer and grab your SSID at any time anyway.
> 
> Dan
> 
> >>>> My responses:
> 
> Right now, I only have one AP, but we'll grow to two or three when this gets rolled out. I agree with you on the SSID hiding issue, but that is a political issue.
> 
> nm-tool does has an asterisk:
> 
>   Wireless Access Points(* = Current AP)
>     *FooBar:        Infra, 00:12:17:70:0C:D0, Freq 2437 MHz, Rate 0 Mb/s, Strength 96 WPA Enterprise

Ok, then it's the applet that has the problem.  Thanks!

> iwconfig output:
> 
> wlan0     IEEE 802.11  ESSID:"FooBar"  
>           Mode:Managed  Frequency:2.437 GHz  Access Point: 00:12:17:70:0C:D0   
>           Bit Rate=54 Mb/s   Tx-Power=14 dBm   
>           Retry min limit:7   RTS thr:off   Fragment thr=2352 B   
>           Encryption key:9A2C-BE5F-2F1C-1595-D71B-8761-0B04-B11E-B396-1F94-B70C-7BB8-2C8A-D5D3-18B8-5073 [2]
>           Link Quality=100/100  Signal level:-42 dBm  Noise level=-94 dBm
>           Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
>           Tx excessive retries:0  Invalid misc:0   Missed beacon:0

Sorry, should have told you to obfuscate the key.  If you're using
802.1x (Dynamic WEP, WPA Enterprise, WPA2 ENterprise) this is OK because
your key will change in an hour, but if you're currently using WPA-PSK,
you should probably change your key right away...

Dan