WPA2 PSK with Nokia Phone as client

Sitron · July 29, 2009, 8:59pm

I have just got my MikroTik and everything works as expected (in other words: great!). However, I have just experienced one problem of which I hope you can help me:

I configured the wireless device as a bridge ap with all the settings needed to get it working. My Linux-client connects without a problem, so does my Nokia E51 phone. Then I switched to my own Security Profile. This profile uses WPA2 PSK with aes ccm and my usual key. Now my Nokia cannot connect any more, while my Linux-client have no trouble.

I have always used WPA2 PSK (aes) with the same key on every other AP I have owned, but this is the first time my Nokia cannot connect to the AP.

Has anyone else experienced this?

normis · July 30, 2009, 8:06am

how long is your key? http://ramblingfoo.blogspot.com/2008/09/nokia-and-wpa2-psk.html

Sitron · July 30, 2009, 8:18am

22 chars long. It’s the same key I have used before, both on OpenWRT, hostAP (Linux) and other types of AP. Same settings, same key. Both when using RouterOS on my MikroTik, my Nokia would not connect.

normis · July 30, 2009, 8:18am

enable wireless debug logs, and see what it says there when you connect your phone:
http://wiki.mikrotik.com/wiki/Wireless_Debug_Logs

Sitron · July 30, 2009, 12:56pm

Hi again,

I have now enabled debug-messages for Wireless on the RouterOS, and I tried again several times. But before I post the results, let me explain how I do this:

I have a WLAN with SSID broadcast
The WLAN is Bridge AP
The phone has a WLAN-scanner, and I can choose to connect to a WLAN and check if I get access to the Internet
It’s this WLAN-scanner and the Internet-check I use to verify connectivity

First I disabled security, running an open network:
Jul 30 14:28:05 wireless,debug wlan1: 00:1C:D6:30:41:BA attempts to associate
Jul 30 14:28:05 wireless,debug wlan1: 00:1C:D6:30:41:BA not in local ACL, by default accept
Jul 30 14:28:05 wireless,info 00: 1C:D6:30:41:BA@wlan1: connected

Then I turned on both WPA + WPA2, and typed in the WPA PSK:
Jul 30 14:32:05 wireless,debug wlan1: 00:1C:D6:30:41:BA attempts to associate
Jul 30 14:32:05 wireless,debug wlan1: 00:1C:D6:30:41:BA not in local ACL, by default accept
Jul 30 14:32:05 wireless,info 00: 1C:D6:30:41:BA@wlan1: connected

WPA + WPA2, and typed in the WPA2 PSK:
Jul 30 14:33:03 wireless,debug wlan1: 00:1C:D6:30:41:BA attempts to associate
Jul 30 14:33:03 wireless,debug wlan1: 00:1C:D6:30:41:BA not in local ACL, by default accept
Jul 30 14:33:03 wireless,info 00: 1C:D6:30:41:BA@wlan1: connected
Jul 30 14:33:08 wireless,info 00: 1C:D6:30:41:BA@wlan1: disconnected, unicast key exchange timeout
Error-msg on the Phone: Error: Bad WPA key

WPA2 only, using the WAP2 PSK:
(nothing in the logs)
Error-msg on the Phone: Error: WLAN network not found!

WPA only, using the WPA PSK:
Jul 30 14:40:22 wireless,debug wlan1: 00:1C:D6:30:41:BA attempts to associate
Jul 30 14:40:22 wireless,debug wlan1: 00:1C:D6:30:41:BA not in local ACL, by default accept
Jul 30 14:40:22 wireless,info 00: 1C:D6:30:41:BA@wlan1: connected

As long as I use WPA or Open Network, it works, but when I try WPA2 it does not. But when using my last AP (OpenWRT), it was WPA2 only and the phone worked. I also use my phone in other WPA2-only networks and that works also.

I also tried to change the key, no luck.

Can I add more debugging? Or do you have other hints and tips I can try?

Regards,
Vidar Hoel

uldis · July 30, 2009, 1:04pm

Try to use only TKIP and then only AES.

Sitron · July 30, 2009, 1:53pm

WPA only, tkip only: Works
WPA only, tkip+aes: Works
WPA only, aes only: Works

WPA2 only, tkip only: WLAN network not found!, and nothing in the logs
WPA2 only, tkip+aes: Works
WPA2 only, aes works: WLAN network not found!, and nothing in the logs

So, I finally got I working with WPA2, so I had to try some combos:
WPA2, tkip unicast, tkip + aes group: WLAN network not found!, and nothing in the logs
WPA2, tkip unicast, aes group: WLAN network not found!, and nothing in the logs
WPA2, tkip+aes unicast, aes group: Works
WPA2, tkip+aes unicast, tkip group: Works
WPA2, aes unicast, tkip + aes group: WLAN network not found!, and nothing in the logs
WPA2, aes unicast, tkip group: WLAN network not found!, and nothing in the logs

So, there you have it! To make my Nokia E51 work with WPA2, I have to enable both tkip+aes as unicast ciphers!

Thanks for the help! But do you want me to debug or test something else, just say so!

Best regards,
Vidar Hoel

austex · August 24, 2009, 3:56pm

“So, there you have it! To make my Nokia E51 work with WPA2, I have to enable both tkip+aes as unicast ciphers!”

What do you mean enable them both unicast ciphers and how do enable them that way?
I am having same connection problem wiht my E71. Nothing has worked to get it working with WPA/PSK.
It works with unsecured networks and I think with WEP

Any help is appreciated. THanks

Sitron · August 29, 2009, 6:14pm

Hi,

What I had to do is edit my Security Profile for my wireless:
Mode: dynamic keys
Authentication Types: WPA2 PSK
Unicat Ciphers: tkip, aes ccm
Group Ciphers: aes ccm

Hope it helps, if not: ask!

soosp · October 2, 2010, 4:26pm

I have same problem on our network. We use WPA2/AES CCM/EAP-TLS. I tested it my Nokia e71 phone (latest available firmware) and RB411/433 (RouterOS 4.11). If you set unicast chpers both tkip and aes ccm the phone able to discover and connect to the network. I you disable tkip the phone unable identify the network. I tested another wireless APs and routes in aes only mode and the phone worked well. I tested another phones (Eten with WinMo6, HTC with Android 2.1) with our MikroTik devices in aes only mode ant them worked as well as all other wireless devices. It seems that tere is some incompatibility between RouterOS and Symbian.

soosp · March 18, 2011, 8:26pm

Same result with the latest Nokia E71 software (501.21.001) and RouterOS version (4.17).