Bug 3656 - EAP-TLS not working
: EAP-TLS not working
Status: RESOLVED WORKSFORME
Product: Connectivity
Networking
: 4.1 (4.2008.23-14)
: All Linux
: Low normal (vote)
: ---
Assigned To: unassigned
: networking-bugs
:
: moreinfo
:
:
  Show dependency tree
 
Reported: 2008-09-01 00:58 UTC by Daniel Would
Modified: 2009-02-19 13:44 UTC (History)
1 user (show)

See Also:


Attachments


Note

You need to log in before you can comment on or make changes to this bug.


Description Daniel Would (reporter) 2008-09-01 00:58:48 UTC
SOFTWARE VERSION:
(Control Panel > General > About product)

Nokia 770 OS2006
and
Nokia 770 os 2008 hacker edition

STEPS TO REPRODUCE THE PROBLEM:

Import p12 certificates for TLS setup.
configure wireless network for WPA with EAP
hidden network, infrastructure
select TLS, pick the certificate from the drop down.



EXPECTED OUTCOME:

Expect to be able to connect to the wifi network using EAP-TLS

ACTUAL OUTCOME:

an unspecified network connection error occurs. no diagnostics available.
I don't have access to any of my workplace network infrastructure so have no
idea how much conversation goes on, if any.

REPRODUCIBILITY:
(always/sometimes/once)

always

EXTRA SOFTWARE INSTALLED:
n/a
OTHER COMMENTS:

having searched on google, I've found various others apparently having the same
difficulty, In particular a lack of diagnostics makes it hard to tell why it is
not working


bug https://bugs.maemo.org/show_bug.cgi?id=1017 covers other related network
protocol problems
and my other bug 
https://bugs.maemo.org/show_bug.cgi?id=3655 
is a request for the related issue of EAP-LEAP support

the original bug makes it clear that there a quite a few people like myself
that really want to be able to use their internet tablet in a work
environement. However this defect in what should be a supported EAP-TLS and the
associated lack of support for EAP-LEAP (and some others) make it not possible.

one user suggested adding support for wpa_supplicant as a good option, and
provided good comment on the situation as it stands:
https://bugs.maemo.org/show_bug.cgi?id=1017#c22


User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-GB; rv:1.9.0.1)
Gecko/2008072820 Firefox/3.0.1
Comment 1 Andre Klapper maemo.org 2008-09-09 16:41:34 UTC
Oops, sorry for setting this to enhancement.

> having searched on google, I've found various others apparently having the 
> same difficulty

Links always appreciated. The more people run into a problem, the more
important is it to get fixed.

> In particular a lack of diagnostics makes it hard to tell 
> why it is not working

A packet capture could help to clarify what causes the problem. tcpdump can be
used on the Nokia device (Wireshark/Ethereal could be used from another host).
Please take a look at
http://maemo.org/development/documentation/man_pages/tcpdump.html for more
information.
Comment 2 Daniel Would (reporter) 2008-09-15 23:51:21 UTC
(In reply to comment #1)
> Oops, sorry for setting this to enhancement.
> 
> > having searched on google, I've found various others apparently having the 
> > same difficulty
> 
> Links always appreciated. The more people run into a problem, the more
> important is it to get fixed.


http://osdir.com/ml/handhelds.maemo.user/2006-12/msg00120.html
http://www.gossamer-threads.com/lists/maemo/users/13891?search_string=EAP-TLS;#13891


> 
> > In particular a lack of diagnostics makes it hard to tell 
> > why it is not working
> 
> A packet capture could help to clarify what causes the problem. tcpdump can be
> used on the Nokia device (Wireshark/Ethereal could be used from another host).
> Please take a look at
> http://maemo.org/development/documentation/man_pages/tcpdump.html for more
> information.
> 

thanks for the info, I will check out tcpdump, I'm not clear how I would emply
something like Ethereal to be of any use? I have no access to any of the
'server' side of the connection, All I have is one linux laptop (ubuntu) that
connects ok using boeth EAP-TLS and EAP-LEAP, and a nokia E61 that does
EAP-LEAP but despite it's claimed support of EAP-TLS has no way to get the
certificates into it....

I'm not sure if I can use either of these to query more information about the
AP/network etc.

I'll update again when I've had a chance to see what TCPDUMP can do for me, but
it will be tomorrow at the earliest.
Comment 3 Daniel Would (reporter) 2008-09-22 17:45:15 UTC
> I'll update again when I've had a chance to see what TCPDUMP can do for me, but
> it will be tomorrow at the earliest.

by way of an update, I've thus far failed to get hold of tcpdump for my 770
running 2008he
I have however just bought an n810, so I may try again when that arrives.
Comment 4 Daniel Would (reporter) 2008-10-13 15:58:03 UTC
Just adding some details,
I do now have an n810 and still no joy connecting. I also have a new E71 and
had some difficulty connecting which lead me to more details about what I
needed to get it working.

on the e71 I needed to use 802.1X as distinct from WPA/WPA2
although both appear to let me define EAP connections
Additionally the E71 required I chose the signing authority to use not just the
personal certificate, and this cause me trouble. I tried those in my immediate
chain, but actually it only worked when I selected Equifax Secure Certificate
I also found that the E71 allows you to define various encryption types to be
supported andI required ones with AES switched on.

None of this is exposed to me in my N810 so I have no idea how relevant it is.
But potentially is there s difference between 802.1X and WPA/WPA2? that means
that whilst this EAP-TLS setting *looks* like it should work, it's not actually
the same thing as EAP-TLS under 802.1X?
Comment 5 Andre Klapper maemo.org 2008-10-13 19:24:51 UTC
WPA2 is IEEE 802.11i-2004.

Which exact router/access point is this about (vendor, firmware version)?
Connecting works from a normal PC?

Again, a tcpdump to see what's going wrong would be nice. The password normally
isn't included in the dump (because of encryption), anyway feel free to check
before attaching.
Comment 6 Andre Klapper maemo.org 2009-02-19 13:44:17 UTC
(In reply to comment #5)
> Which exact router/access point is this about (vendor, firmware version)?
> Connecting works from a normal PC?

Closing this bug report as no further information has been provided. Please
feel free to reopen this bug if you can provide the information asked for/if
you can still reproduce this. Thanks!