WPA2 Encryption key: off?

tramni1980 · 07-07-2010, 11:14 AM

I followed http://alien.slackbook.org/dokuwiki/...ckware:network
to set up my wireless network with WPA2 encryption. It works now and knemo says: Encryption: active. However, "iwconfig wlan0" says Encrytion key: off:

Code:

wlan0     IEEE 802.11abgn  ESSID:"blitz"  
          Mode:Managed  Frequency:2.472 GHz  Access Point: 00:25:9C:DE:D3:7D   
          Bit Rate=0 kb/s   Tx-Power=15 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=70/70  Signal level=-24 dBm  
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

"wpa_cli status" says:

Code:

Selected interface 'wlan0'
bssid=00:25:9c:de:d3:7d
ssid=blitz
id=0
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=WPA2-PSK
wpa_state=COMPLETED
ip_address=192.168.1.101

So is there anything wrong with that "Encryption key: off" statement? I suspect that encryption key only applies to WEP, but not to WPA2 encryption, but I am not sure. So my question is, can I ignore that statement and assume that my encryption is fine?

Besides, where does knemo read the information about encryption from? As I mentioned, knemo detects that the encryption is active. Are there any other commands to make sure that my encryption is safe and well?

Regards,

Martin

Drakeo · 07-08-2010, 08:43 AM

this is what the ESSID "blitz is broadcasting. and the router encryption is off. Bad thing.

Quote:

wlan0 IEEE 802.11abgn ESSID:"blitz"
Mode:Managed Frequency:2.472 GHz Access Point: 00:25:9C:DE:D3:7D
Bit Rate=0 kb/s Tx-Power=15 dBm
Retry long limit:7 RTS thr:off Fragment thr:off
Encryption key:off
Power Management:off
Link Quality=70/70 Signal level=-24 dBm
Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0
Tx excessive retries:0 Invalid misc:0 Missed beacon:0

This is you connected to the router. This shows you configured for wpa2 But the router is not sending encrypted.

Quote:

Selected interface 'wlan0'
bssid=00:25:9c:de:d3:7d
ssid=blitz
id=0
pairwise_cipher=CCMP
group_cipher=CCMP
key_mgmt=WPA2-PSK
wpa_state=COMPLETED
ip_address=192.168.1.101

since your router is wide open you still connected.
configure your router and enable the wpa2 create a pass phrase and then configure your computers connection to use the pass phrase.
All said and done way back to slackware I think 10.2 Pat put Wicd
in the extra folder on the DVD. This is a wonderful program and is stable and kept up by Slackware team.
if you want to use the /etc/rc.d/rc.wireless.conf and manually put your key in. than you must put all the info needed.
That said wicd can be run from a command line.
I prefer Wicd because my laptop must have many profiles as it moves from hot spot to hot spot.

Quote:

remember a Wireless Internet Connection Device is a radio with a transceiver it transmits and receives the device is also a ether card too. The ether card side of it takes the digital transmission and uses it. Your WIFI router does the same. It sends what ever you configure the router to send. wep wpa wpa2 etc.

tramni1980 · 07-08-2010, 09:28 AM

Quote:

Originally Posted by Drakeo

configure your router and enable the wpa2 create a pass phrase and then configure your computers connection to use the pass phrase.

if you want to use the /etc/rc.d/rc.wireless.conf and manually put your key in. than you must put all the info needed.

Drakeo,
Thank you for your reply.

Following Alien's Wiki I have configured the router to use WPA2 Personal security mode with AES encryption. I have generated the code associated with the passphrase, following the same Wiki and have put the code into wpa_supplicant.conf. The problem is that it still seems that the router is sending unencrypted (at least according to iwconfig), but as I said knemo insists that encryption is active.

So long as /etc/rc.d/rc.wireless.conf is concerned, I prefer to leave it alone and configute rc.inet1.conf instead, as everyone recommends.

I also want to stick to Slackware's native configuration tools and not resort to wicd, as I believe that is the right way.

If necessary I could post my wpa_supplicant.conf and rc.inet1.conf. What is strange is that I do not get any error output during connecting.

Regards,

Martin

Bertical · 07-10-2010, 01:25 PM

I've got the same problem using the iwlagn driver. If I try and connect to the router using Windows it tells me it is WPA2 encrypted but iwconfig on my linux box says encryption key : off. WPA2 is enabled on the wireless router and using either OS I have to enter the correct key to connect.

Drakeo · 07-12-2010, 08:41 AM

I wonder if there is anyone out there that will let us know if wpa2 runs stealth until your wifi card sends a hand shake if so that would
create this environment. This would show managed connection only.
with an Encryption key:off then at the point of hand shake the encryption is then asked for. This would be a security type way of doing things.
Try to connect to it with out using encryption see what happens.
If so it would make since. When I run the GUI wicd I get the wpa showing. Strange.
Try

Quote:

iwlist wlan0 scan or just iwlist wlan0

look at the out put.

tramni1980 · 07-12-2010, 12:56 PM

Quote:

Originally Posted by Drakeo

Try
look at the out put.

Thank you for your suggestion. There is some advance in the investigation

Here is what "iwlist wlan0 scan" says:

Code:

wlan0     Scan completed :
          Cell 01 - Address: 00:25:9C:DE:D3:7D
                    Channel:13
                    Frequency:2.472 GHz (Channel 13)
                    Quality=70/70  Signal level=-24 dBm
                    Encryption key:on
                    ESSID:"blitz"
                    Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 6 Mb/s
                              9 Mb/s; 12 Mb/s; 18 Mb/s
                    Bit Rates:24 Mb/s; 36 Mb/s; 48 Mb/s; 54 Mb/s
                    Mode:Master
                    Extra:tsf=00000000049cc1a7
                    Extra: Last beacon: 67ms ago
                    IE: Unknown: 0005626C69747A
                    IE: Unknown: 010882848B960C121824
                    IE: Unknown: 03010D
                    IE: Unknown: 200100
                    IE: IEEE 802.11i/WPA2 Version 1
                        Group Cipher : CCMP
                        Pairwise Ciphers (1) : CCMP
                        Authentication Suites (1) : PSK
                       Preauthentication Supported
                    IE: Unknown: 2A0100
                    IE: Unknown: 32043048606C
                    IE: Unknown: DD180050F2020101020003A4000027A4000042435E0062322F00
                    IE: Unknown: 2D1A4E101BFF00000000000000000000000000000000000000000000
                    IE: Unknown: 3D160D0F0A00000000000000000000000000000000000000
                    IE: Unknown: DD0900037F01010000FF7F
                    IE: Unknown: DD0A00037F04010020000000
                    IE: Unknown: 0706474220010D14
                    IE: Unknown: DD930050F204104A00011010440001021041000100103B000103104700100000000000000001100000259CDED37D102100134C696E6B73797320436F72706F726174696F6E1023
00075752543132304E1024000776312E302E30311042000C4A555430304A4246333931351054000800060050F204000110110014576972656C65737320526F757465722857464129100800020084

and here is what "iwconfig wlan0" says:

Code:

wlan0     IEEE 802.11abgn  ESSID:"blitz"  
          Mode:Managed  Frequency:2.472 GHz  Access Point: 00:25:9C:DE:D3:7D   
          Bit Rate=1 Mb/s   Tx-Power=15 dBm   
          Retry  long limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          Link Quality=70/70  Signal level=-25 dBm  
          Rx invalid nwid:0  Rx invalid crypt:0  Rx invalid frag:0
          Tx excessive retries:0  Invalid misc:0   Missed beacon:0

So, iwlist says encryption key is on, while iwconfig says that it is off ?! How come that?

Regards,

Martin

Drakeo · 07-12-2010, 01:28 PM

well I guess the iwlist actually evokes hand shakes. It sends out a hand shake and waits for a reply. then the reply says you need to use wpa2. then your system sends a encrypted wpa pass phrase and it actually uses that to make the complete handshake.
iwconfig is just reading.
If you see me on the street and I walk by I have know clue. but if I wave at you I wait for your response.
buy scanning you said hi to a bunch of routers and the routers sent bake a responce or what ever signal.
so the router sits there waiting for you to ask iwlist asks.

Quote:

come to think of it iwconfig is your computer wifi card configuration not till you make a handshake does it invoke the wpa2

rfernandez · 07-12-2010, 03:19 PM

AFAIK, iwconfig does not have encryption beyond WEP key. WPA support is given by wpa_supplicant. While iwconfig does not show anything about encryption, wpa_supplicant is managing this part in your system. If you'd like to know, you can issue a

Code:

# wpa_cli -i wlan0 status

And see how your WPA encryption is configured and how it's connected. Additional info may be retrieved from dmesg when you connect to your wireless router.