Wpa_supplicant EAP error

John Watson · Jul 3, 2018

Hello forum,

wpa_supplicant works as expected with hotspot on iPhone 5s but gets eap errors on iPhone SE.
When I try the Iphone SE hotspot I do not get DHCP address or connection. Doesn't work with static IP and I get wpa_cli error "<3>CTRL-EVENT-EAP-FAILURE EAP authentication failed"

wpa_suplicant.conf

Code:

ctrl_interface=/var/run/wpa_supplicant
update_config=1
ap_scan=1
fast_reauth=1

network={
    ssid="ssid"
    psk="password"
}

rc.conf

Code:

ifconfig_bce2_name="wlan0"        # External Network
ifconfig_wlan0="WPA DHCP"

wpa_cli

Code:

bssid=XX:XX:XX:XX:XX:XX
freq=0
ssid=ssid
id=0
mode=station
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=WPA2/IEEE 802.1X/EAP
wpa_state=ASSOCIATED
ip_address=xx.xx.xx.xx
address=xx:xx:xx:xx:xx:xx
Supplicant PAE state=HELD
suppPortStatus=Unauthorized
EAP state=FAILURE
uuid=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
<3>CTRL-EVENT-EAP-FAILURE EAP authentication failed

Any help appreciated.

VladiBG · Jul 3, 2018

Replace the iPhone or use WPA

SirDice · Jul 3, 2018

John Watson said:
Code:

ifconfig_bce2_name="wlan0" # External Network ifconfig_wlan0="WPA DHCP"

This doesn't make sense. The bce(4) interface is a wired interface.

Handbook: 31.3. Wireless Networking

VladiBG said:
Replace the iPhone or use WPA

That's not very helpful is it? Besides that: EAP extensions under WPA and WPA2 Enterprise

John Watson · Jul 3, 2018

SirDice,
Thank you for your reply.

Code:

This doesn't make sense. The bce(4) interface is a wired interface.

It is wired connection but has iogear GWU627 wireless dongle. The USB wireless was unreliable.

John Watson · Jul 3, 2018

Update.

Packet capture below.

Code:

Frame 7: 18 bytes on wire (144 bits), 18 bytes captured (144 bits) on interface 0
    Interface id: 0 (wlan0)
        Interface name: wlan0
    Encapsulation type: Ethernet (1)
    Arrival Time: Jul  3, 2018 10:05:48.213950000 US Mountain Standard Time
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1530637548.213950000 seconds
    [Time delta from previous captured frame: 1.720917000 seconds]
    [Time delta from previous displayed frame: 1.720917000 seconds]
    [Time since reference or first frame: 6.728528000 seconds]
    Frame Number: 7
    Frame Length: 18 bytes (144 bits)
    Capture Length: 18 bytes (144 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:eapol]
    [Coloring Rule Name: Broadcast]
    [Coloring Rule String: eth[0] & 1]
Ethernet II, Src: xx:xx:xx:xx:xx:xx (xx:xx:xx:xx:xx:xx), Dst: Nearest (xx:xx:xx:xx:xx:xx)
    Destination: Nearest (xx:xx:xx:xx:xx:xx)
        Address: Nearest (xx:xx:xx:xx:xx:xx)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...1 .... .... .... .... = IG bit: Group address (multicast/broadcast)
    Source: Src: xx:xx:xx:xx:xx:xx (xx:xx:xx:xx:xx:xx),
        Address: Src: xx:xx:xx:xx:xx:xx (xx:xx:xx:xx:xx:xx),
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: 802.1X Authentication (0x888e)
802.1X Authentication
    Version: 802.1X-2001 (1)
    Type: Start (1)
    Length: 0

VladiBG · Jul 3, 2018

The personal hotspot on the telephone is using WPA2 PSK AES and can not be change it. There's nothing related to the EAP or to WPA2 Enterprise with Radius authentication.
You can try manual to specify the key_mgmt in the /etc/wpa_supplicant.conf file to WPA-PSK and verify if your wlan0 device is supporting WPA2-PSK with AES using ifconfig wlan0 list caps

Try to update your IOS on the phone.

VladiBG · Jul 3, 2018

On Android device you have additional security settings for Mobile hotspot and you are able to select between OPEN and WPA2 PSK. In the iPhone there's not such option for the hostspot.

John Watson · Jul 3, 2018

VladiBG,
I understand your advice is to get rid of the iPhone. Not an option

John Watson · Jul 3, 2018

From the packet captures:

On the iPhone SE connection which works, I get

Code:

[Protocols in frame: eth:ethertype:ipv6:udp:ssdp]

On iPhone SE which doesn't work, I get

Code:

[Protocols in frame: eth:ethertype:eapol]

It appears to be an issue with wpa_supplicant and iPhoneSE communication of eapol.

VladiBG · Jul 3, 2018

try to reset your network setting on the iPhone. I don't know the reason why your iphone se is using WPA2-enterprise for the hotspot.

John Watson · Jul 3, 2018

Do you mean turn it off and back on again?

VladiBG · Jul 3, 2018

Go to Settings > General > Reset > Reset Network Settings. This also resets Wi-Fi networks and passwords, cellular settings, and VPN and APN settings that you've used before.

John Watson · Jul 3, 2018

I reconnected the USB wireless dongle and now have connection. I would have to surmise that this issue has something to do with the iogear wireless to ethernet dongle or my NIC as wpa-supplicant has no problems with the USB wireless dongle and iPhoneSE

John Watson · Jul 3, 2018

Thanks for all your help.

Wpa_supplicant EAP error

Administrator