1 Tråd av cii

  • cii
  • HSPA+
  • Offline
  • Registrerad: 2010-10-11
  • Inlägg: 154

Tråd: Secure WPA2 connection

Latest firmware here (4.3.0).
Clients: debian stable (lenny), debian unstable (sid), htc-desire android (Froyo 2.2), ubuntu karmic.
Unsecure communication works as expected.
wpa_supplicant (various versions) used in most installations (don't know what the android uses) on the client side.

I have another very similar setup (bsd based, pfsense 1.2.3, hostap): no problems, all clients work as expected.

Dovado router set to:
Wireless Band: 802.11 b+g (or 802.11 b+g+n), doesn't matter.
Authentication Type: WPA2 (AES) or WPA/WPA2 Mix mode (TKIP or AES), channel 9 (default) or channel 1 (reconfigured)
Internet Connection Settings: Ethernet cable in WAN port
and constantly rebooting between configurations, doesn't matter, no joy.

wicd network manager reports: 'wpa_supplicant authentication may have failed', and wpa_cli says: '4-Way Handshake failed - pre-shared key may be incorrect' (which obviously isn't).

Obviously, I looked for similar experiences, but found none (so, I may be doing something odd) sad

The router is a black box, no access to any logs, which is terribly unfortunate.

I'd need some guidelines as to how I may be able to debug this, unless someone already knows the way out and is willing to share.  I'll do my best to provide any additional information that may be required, to sort it out.

Any pointers?

Cheers,

Free your mind, and your OS will follow.

2 Svar av Mathias

  • Mathias
  • dovado.com
  • Offline
  • Från: Överallt :-)
  • Registrerad: 2008-08-20
  • Inlägg: 678

Sv: Secure WPA2 connection

Please contact us via

http://www.dovado.com/SupportForm.html

Mathias's hemsida

3 Svar av cii

  • cii
  • HSPA+
  • Offline
  • Registrerad: 2010-10-11
  • Inlägg: 154

Sv: Secure WPA2 connection

Right.  Done that.  Got almost immediate assistance.  Kudos smile
Unfortunately, only by private mail sad

Found out there actually _is_ a way to get out some logs, but I can just speculate as to why Dovado is _not_ willing to make that public knowledge sad  I dare to make it public, and hope it won't be censored by the listmasters.  Here it is:

http://192.168.0.1/cgi-bin/getcfg.cgi?docmd+getlogs

Still, that shows to _not_ be very useful, as that log (and similarly the configuration save file) are _not_ in a human readable format, and Dovado is _not_ prepared to divulge the binary format (which is one thing my paranoia cries for) outside the company walls.  Dovado wants me to send configuration information with a file I have no way of knowing the contents of.  Not reasonable at all, IMO.  Help to self help, unfortunately, does not seem to be on Dovado's priority list sad  Sad.  The owner is not allowed to see her/his own private data Dovado requires and has access to.  Unreasonable.

Anyway, I found some inspiration in the correspondence with Dovado's support representative, and located the reason to my problem.  And that reason is a bug in Dovado's software.

I'm willing to share that information, under an NDA agreement, with anyone that is _not_ working for Dovado and agrees to not disclose the solution/workaround for Dovado.  Obviously, this is meant as a provocation to afterthought, for Dovado.

Cheers,

Free your mind, and your OS will follow.

4 Svar av Mathias Senaste redigerad av Mathias (2010-10-13 04:58:31)

  • Mathias
  • dovado.com
  • Offline
  • Från: Överallt :-)
  • Registrerad: 2008-08-20
  • Inlägg: 678

Sv: Secure WPA2 connection

http://www.mobilabredband.se/forum/view … ?pid=13449
The infomation you provide has been public knowledge since 2 years back.

Glad that you sorted your issue.


Best Regards
Mathias

Mathias's hemsida

5 Svar av cii Senaste redigerad av cii (2010-10-14 18:03:41)

  • cii
  • HSPA+
  • Offline
  • Registrerad: 2010-10-11
  • Inlägg: 154

Sv: Secure WPA2 connection

Right.  It took just 2 years to make it to the manual but, unfortunately, it's still not there, in the trouble shooting chapter.

I'm also glad I solved my problem by myself, though I'm still disappointed Dovado seems to consider the customer should _not_ be given the access to her/his own data (log) files.   Dovado seems to want to continue to keep the format of those files secret, with the motivation "We do not send any help programs to convert log files to anyone outside the company".  I hope Dovado will soonish reconsider that standpoint.  Dovado _is_ using open source in the 4GR ('nmap' says "OS details: D-Link DNS-323 NAS device or Linksys WRT300N wireless broadband router") and I'm hoping for more openness and recognition for the customer rights to her/his _own_ data.

The bug is there and there's still a risk anyone could be bitten.  There's nothing in the manual/FAQ warning about this particular bug, AFAICS.

I was also informed the open source will be released sometime during the next weeks.  And someone (maybe me) is probably going to dissect and validate each and every bit of the firmware.


Cheers,

Free your mind, and your OS will follow.

6 Svar av cii

  • cii
  • HSPA+
  • Offline
  • Registrerad: 2010-10-11
  • Inlägg: 154

Sv: Secure WPA2 connection

Right.  More than 2 month have passed.  Is any Dovado representative able to confirm the open source for 4GR is now available/downloadable?

Free your mind, and your OS will follow.

7 Svar av cii

  • cii
  • HSPA+
  • Offline
  • Registrerad: 2010-10-11
  • Inlägg: 154

Sv: Secure WPA2 connection

Was informed the open source for the 4GR is now downloadable from:

http://www.dovado.com/gpl.html

Free your mind, and your OS will follow.

8 Svar av cii

  • cii
  • HSPA+
  • Offline
  • Registrerad: 2010-10-11
  • Inlägg: 154

Sv: Secure WPA2 connection

Quick question to Dovado: the wireless/authenticator daemon(s) you're running inside the box, are they proprietary or open source?

Free your mind, and your OS will follow.

9 Svar av Mathias

  • Mathias
  • dovado.com
  • Offline
  • Från: Överallt :-)
  • Registrerad: 2008-08-20
  • Inlägg: 678

Sv: Secure WPA2 connection

proprietary

Mathias's hemsida