Community discussions

MikroTik App
 
dokmic
just joined
Topic Author
Posts: 1
Joined: Fri May 07, 2021 10:45 pm

4-way handshake timeout and iOS

Fri May 07, 2021 11:31 pm

Hi all,

I am facing a 4-way handshake timeout issue with iOS devices, and unfortunately, I cannot debug that any further.

Problem:
- iOS devices can connect to the 2.4GHz network and work just fine for a few hours. They may disconnect and connect again without any problem.
- After a few hours, devices can no longer connect to the network. And after the 4-way handshake timeout, I am being asked to input the passphrase again.
- On the Routerboard with enabled debug logging, I am getting only these two messages with nothing in between:
	00:00:00:00:00:00@cap1:1 connected, signal strength -66
	00:00:00:00:00:00@cap1:1 disconnected, 4-way handshake timeout
- After providing the password again, the device connects successfully, and it can last for another few hours.
- In Wireshark, I see that the handshake stops at the second message. The iOS device sends Nonce to the Routerboard but never receives the third message of the handshake containing GTK from the Routerboard

Here are the screenshots showing that:
routerboard.png
wireshark.png
I am using CAPsMAN with the following configuration.
2.4GHz Network 802.11-onlyn:
- 1st AP (hAP AC) 2462MHz 20MHz width without extension channel;
- 2nd AP (cAP AC) 2412MHz 20MHz width without extension channel.
There is no interference from other APs nor any obstructions.
The security configuration is WPA2-PSK with aes ccm encryption. Group key update interval equals to 1 hour.
The access list is empty.

Some of the observations:
- There are no warnings in the logs about extensive packet loss nor group key update timeouts.
- The same security configuration works without any problem in the 5GHz network.
- The problem is specific to only iOS devices, and all of them have the same problem. That's reproducible regularly on three devices.
- Other Apple devices like laptops work just fine.
- Other mobile devices from other vendors have no complaints.
- The password is correct and saved on the device. Therefore there is no way that it's incorrect.

The issue seems like on the Routerboard side. I couldn't find a way on how I can debug the handshake on the Routerboard. I would like to know why it stops sending messages back to the client.
If somebody ever faced similar behavior and managed to fix that, could you please let me know what you did?
You do not have the required permissions to view the files attached to this post.

Who is online

Users browsing this forum: Amazon [Bot], GoogleOther [Bot], JohnTRIVOLTA, nonolk and 38 guests