samedi 28 mars 2020
Why Wifi drop atfer 8h24 (8 hours 24 minutes)?
Par david techer, samedi 28 mars 2020 à 10:26 :: Wifi
My WiFi Network
At home I have:- Freeradius 3.0.20 + OpenLDAP: for authentification EAP-TTLS/PAP
- 1st Access Point:
- Netgear R7000 (2.4GHz + 5GHz) based on dd-wrt
- Security Mode: WPA2-EAP/WPA-EAP, WPA Algorithm: TKIP+CCMP(AES)
- 2nd Access Point:
- Linksys WRT3200ACM (2.4GHz + 5GHz) based on dd-wrt
- Security Mode: WPA2-Enterprise, WPA Algorithm: CCPMP-128(AES)
Issue with WRT3200ACM
Wifi connexions are dropped after 8h24. Googling on that I found this link. I was a bit curious about these two parametersdot11RSNAConfigPMKLifetime and dot11RSNAConfigPMKReauthThreshold
After googling once again in wpa_supplicant configuration file, we have these values and these comments
# Maximum lifetime for PMKSA in seconds; default 43200 #dot11RSNAConfigPMKLifetime=43200 # Threshold for reauthentication (percentage of PMK lifetime); default 70 #dot11RSNAConfigPMKReauthThreshold=70
- So we have 43200 x 70% = 43200 x 70 / 100 = 30240 seconds. Now we want to estimate its value in ?? hours ?? minutes
- Let's try to estimate this value in hours. To be more precise (1 hours = 3600 second) we have 30240 / 3600 = 8.4 hours.
- Lets' try to testimate the remaining 0.4 minutes of 1 hour. It is just a percentage of 1 hour. 40% of 1 hours are egal to ( 1 hour = 60minutes) => 60 x 40 /100 = 24 minutes.
That's it 8 hours 24 minutes = 30240 seconds
I have two laptops connected to this router. After 8h24, I got this error in logsRekeying PTK for STA 30:23:03:db:38:c2 but driver can't safely do thaThe problem is that
- On both laptops wpa_supplicant is managed through NetworkManager -- I am using Xubuntu 19.10 on both of them --.
- The parameter
dot11RSNAConfigPMKLifetimeis manageable if you used wpa_supplicant.conf. This is not the case here through Network Manager.
Workarounds
The only solution is to- Laptop: modify wpa_supplicant by rebuilding it from sources and to modify its default value for
dot11RSNAConfigPMKLifetime(43200) by setting it to a higher value for almost 24 hours - Router: Add particulars parameters to hostapd through Web Interface that should help to fix this issue
cd /opt/Sources # Download hostapd sources. It should contain wpa_supplicant sources git clone git://w1.fi/srv/git/hostap.git cd hostap/ # We will replace 43200 by 129600. # This way: If dot11RSNAConfigPMKLifetime = 129600 then our Wifi connection should up for 70% of 129600 seconds # Duration for Wifi Connection = (129600 x 0.7) / 3600 = 25,2 hours # This is more than enough for me!!! # A simple loop using for is enough for file in $(grep -lr 43200 .);do sed -i "s:43200:129600:g" $file;done cd wpa_supplicant # Write a config file that should support NetworkManager and na Access Point cat << _EOF_ > .config CONFIG_BACKEND=file CONFIG_CTRL_IFACE=y CONFIG_DEBUG_FILE=y CONFIG_DEBUG_SYSLOG=y CONFIG_DEBUG_SYSLOG_FACILITY=LOG_DAEMON CONFIG_DRIVER_NL80211=y CONFIG_DRIVER_WEXT=y CONFIG_DRIVER_WIRED=y CONFIG_EAP_GTC=y CONFIG_EAP_LEAP=y CONFIG_EAP_MD5=y CONFIG_EAP_MSCHAPV2=y CONFIG_EAP_OTP=y CONFIG_EAP_PEAP=y CONFIG_EAP_TLS=y CONFIG_EAP_TTLS=y CONFIG_IEEE8021X_EAPOL=y CONFIG_IPV6=y CONFIG_LIBNL32=y CONFIG_PEERKEY=y CONFIG_PKCS12=y CONFIG_READLINE=y CONFIG_SMARTCARD=y CONFIG_WPS=y CFLAGS += -I/usr/include/libnl3 CONFIG_CTRL_IFACE_DBUS=y CONFIG_CTRL_IFACE_DBUS_NEW=y CONFIG_CTRL_IFACE_DBUS_INTRO=y _EOF_ # Build it and reduce its size using strip command make BINDIR=/sbin LIBDIR=/lib -j$(nproc) strip wpa_supplicant # * Stop the current original wpa_supplicant binary on the laptop if it is running # * Make a backup file # * Copy the new one into /sbin folder pidof wpa_supplicant && kill -9 $(pidof wpa_supplicant) cp /sbin/wpa_supplicant /sbin/wpa_supplicant_orig cp wpa_supplicant /sbin # Then reboot and test itThen copy the new binary on the other laptop
