WPA2 Debugging

samca208
Posts: 2
Joined: Sat Nov 21, 2020 8:38 am

WPA2 Debugging

Postby samca208 » Sat Nov 21, 2020 8:51 am

Apart from increasing the debug level is there any other way ti have more debugging information for a WiFi (station) connection?
Like if the passphrase is incorrect in a PSK WiFi or invalid certificates in a TLS connection. I've used the official espressif WPA2 enterprise example.. with the example certificates (that obviously don't work with my radius server) and my proper certificates (that do work with other systems) I always have the same debuging info. Nothing on the certificates. Logging as follows:
Is there a way to debug a WiFi connection from the esp32. I have the below debug log but apart that is failing there is no indication of what is failing
Logging:

I (665) wifi:wifi driver task: 3ffc1b94, prio:23, stack:6656, core=0
I (665) system_api: Base MAC address is not set, read default base MAC address from BLK0 of EFUSE
I (665) system_api: Base MAC address is not set, read default base MAC address from BLK0 of EFUSE
I (695) wifi:wifi firmware version: 3ea4c76
I (695) wifi:config NVS flash: enabled
I (695) wifi:config nano formating: disabled
I (695) wifi:Init dynamic tx buffer num: 32
I (695) wifi:Init data frame dynamic rx buffer num: 32
I (705) wifi:Init management frame dynamic rx buffer num: 32
I (705) wifi:Init management short buffer num: 32
I (715) wifi:Init static rx buffer size: 1600
I (715) wifi:Init static rx buffer num: 10
I (725) wifi:Init dynamic rx buffer num: 32
I (725) example: Setting WiFi configuration SSID STMFG...
I (735) wpa: WPA2 ENTERPRISE VERSION: [v2.0] enable

I (835) phy: phy_version: 4180, cb3948e, Sep 12 2019, 16:39:13, 0, 0
I (835) wifi:mode : sta (a4:cf:12:6b:2f:28)
I (1085) wifi:new:<1,0>, old:<1,0>, ap:<255,255>, sta:<1,0>, prof:1
I (1835) wifi:state: init -> auth (b0)
I (1845) wifi:state: auth -> assoc (0)
I (1855) wifi:state: assoc -> run (10)
I (1855) wpa: wpa2_task prio:2, stack:6656

I (1905) wpa: >>>>>wpa2 FAILED

Leander
Posts: 18
Joined: Thu Sep 26, 2019 8:50 pm

Re: WPA2 Debugging

Postby Leander » Mon Jan 11, 2021 10:07 am

I'm also having troubles connecting to a Certificate based WPA2-enterprise network.
Did you find a solution?

There is an option in menuconfig to set the Wifi logging to debug mode.(I'm using esp-idf 4.2)
I'm having disconnect reason 23 = 802.1x authentication failed but unclear why.

Code: Select all

D (4605) wifi:filter: set rx policy=4
D (4615) wifi:first chan=1
D (4615) wifi:handoff_cb: status=0
D (4615) wifi:ap found, mac=02:00:00:00:00:00
D (4615) wifi:new_bss=0x3ffcbdd8, cur_bss=0x0, new_chan=<3,0>, cur_chan=1
D (4625) wifi:filter: set rx policy=5
I (4625) wifi:new:<3,0>, old:<1,0>, ap:<255,255>, sta:<3,0>, prof:1
D (4635) wifi:connect_op: status=0, auth=4, cipher=3
D (4635) wifi:auth mode is not none
D (4645) wifi:connect_bss: auth=1, reconnect=0
I (4645) wifi:state: init -> auth (b0)
D (4645) wifi:start 1s AUTH timer
D (4655) wifi:clear scan ap list
D (4655) wifi:recv auth: seq=2, status=0
I (4655) wifi:state: auth -> assoc (0)
D (4665) wifi:restart connect 1s timer for assoc
D (4665) wifi:recv assoc: type=0x10
D (4675) wifi:filter: set rx policy=6
I (4675) wifi:state: assoc -> run (10)
D (4675) wifi:start 30s connect timer for 4 way handshake
D (4695) wifi:rsn valid: gcipher=3 ucipher=3 akm=4

D (4705) wifi:recv deauth, reason=0x17
I (4705) wifi:state: run -> init (17c0)
D (4705) wifi:recv deauth/disassoc, stop beacon/connect timer
D (4705) wifi:connect status 1 -> 2
D (4715) wifi:add bssid 02:00:00:00:00:00 to blacklist, cnt=0
D (4715) wifi:stop CSA timer
D (4715) wifi:remove 02:00:00:00:00:00 from rc list
I (4725) wifi:new:<3,0>, old:<3,0>, ap:<255,255>, sta:<3,0>, prof:1
D (4725) wifi:filter: set rx policy=8
D (4735) wifi:sta leave
D (4735) wifi:stop CSA timer
D (4735) wifi:remove 00:00:00:00:00:00 from rc list
I (4745) wifi:new:<3,0>, old:<3,0>, ap:<255,255>, sta:<3,0>, prof:1
D (4745) wifi:filter: set rx policy=8
D (4755) wifi:Send disconnect event, reason=23, AP number=0

samca208
Posts: 2
Joined: Sat Nov 21, 2020 8:38 am

Re: WPA2 Debugging

Postby samca208 » Tue Jan 12, 2021 5:36 am

Yes did on EAP-TLS network. For further debugging information also turn on in menuconfig mbedtls debug. As the disconnection reason probably is due to certificate verification. Also for trial switch off server verification.

Ensure that your network doesn't have MAC filtering.

Last thing my Network blacklists for 40minutes the MAC address that failed to be verified. So or change board each time you try to connect or change the MAC address manually before each connection

Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 37 guests