I am having a hard time getting WPA (tkip) to work using a 64 Char hex key
Does MT support 256 Bit WPA?
MY log error is "unicast key exchange timeout"
If is use a shorter key (13 char) all is well
At this point all im trying to connect from is a Windows XP sp2 notebook.
Please take a look at my config and tell me what im doing wrong.
I hope this is enough information.
Thank you
RouterOS 3.0rc1
# software id =
#
/interface wireless security-profiles
set default authentication-types="" eap-methods=passthrough group-ciphers="" \
group-key-update=5m interim-update=0s mode=none name="default" \
radius-eap-accounting=no radius-mac-accounting=no \
radius-mac-authentication=no radius-mac-caching=disabled \
radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username \
static-algo-0=none static-algo-1=none static-algo-2=none \
static-algo-3=none static-key-0="" static-key-1="" static-key-2="" \
static-key-3="" static-sta-private-algo=none static-sta-private-key="" \
static-transmit-key=key-0 supplicant-identity="MikroTik" \
tls-certificate=none tls-mode=no-certificates unicast-ciphers="" \
wpa-pre-shared-key="" wpa2-pre-shared-key=""
add authentication-types=wpa-psk group-ciphers=tkip group-key-update=5m \
interim-update=0s mode=dynamic-keys name="WPA" radius-eap-accounting=no \
radius-mac-accounting=no radius-mac-authentication=no \
radius-mac-caching=disabled radius-mac-format=XX:XX:XX:XX:XX:XX \
radius-mac-mode=as-username static-algo-0=none static-algo-1=none \
static-algo-2=none static-algo-3=none static-key-0="" static-key-1="" \
static-key-2="" static-key-3="" static-sta-private-algo=none \
static-sta-private-key="" static-transmit-key=key-0 supplicant-identity="" \
tls-certificate=none tls-mode=no-certificates unicast-ciphers=tkip \
wpa-pre-shared-key="446824674961466842277365572c3e76632d3b624372655443516a3\
d58246874" wpa2-pre-shared-key=""
/interface wireless
set 0 ack-timeout=dynamic allow-sharedkey=no antenna-gain=0 antenna-mode=ant-a \
area="" arp=enabled band=2.4ghz-b/g basic-rates-a/g=6Mbps \
basic-rates-b=1Mbps burst-time=disabled comment="" compression=no \
country=no_country_set default-ap-tx-limit=0 default-authentication=yes \
default-client-tx-limit=0 default-forwarding=yes dfs-mode=none \
disable-running-check=no disabled=no disconnect-timeout=3s \
frame-lifetime=0 frequency=2437 frequency-mode=manual-txpower hide-ssid=no \
hw-retries=15 mac-address=00:0B:6B:37:B0:51 max-station-count=2007 \
mode=ap-bridge mtu=1500 name="wlan1" noise-floor-threshold=default \
on-fail-retry-time=100ms periodic-calibration=default \
periodic-calibration-interval=60 preamble-mode=both \
proprietary-extensions=post-2.9.25 radio-name="000B6B37B051" \
rate-set=default scan-list=default security-profile=WPA ssid="WPATEST" \
station-bridge-clone-mac=00:00:00:00:00:00 \
supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps \
supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps tx-power-mode=default \
update-stats-interval=disabled wds-cost-range=50-150 \
wds-default-bridge=none wds-default-cost=100 wds-ignore-ssid=no \
wds-mode=disabled wmm-support=disabled
set 1 ack-timeout=dynamic allow-sharedkey=no antenna-gain=0 antenna-mode=ant-a \
area="" arp=enabled band=2.4ghz-b/g basic-rates-a/g=6Mbps \
basic-rates-b=1Mbps burst-time=disabled comment="" compression=no \
country=no_country_set default-ap-tx-limit=0 default-authentication=yes \
default-client-tx-limit=0 default-forwarding=yes dfs-mode=none \
disable-running-check=no disabled=yes disconnect-timeout=3s \
frame-lifetime=0 frequency=2412 frequency-mode=manual-txpower hide-ssid=no \
hw-retries=15 mac-address=00:0B:6B:35:8D:C5 max-station-count=2007 \
mode=ap-bridge mtu=1500 name="wlan2" noise-floor-threshold=default \
on-fail-retry-time=100ms periodic-calibration=default \
periodic-calibration-interval=60 preamble-mode=both \
proprietary-extensions=post-2.9.25 radio-name="000B6B358DC5" \
rate-set=default scan-list=default security-profile=default \
ssid="MikroTik" station-bridge-clone-mac=00:00:00:00:00:00 \
supported-rates-a/g=6Mbps,9Mbps,12Mbps,18Mbps,24Mbps,36Mbps,48Mbps,54Mbps \
supported-rates-b=1Mbps,2Mbps,5.5Mbps,11Mbps tx-power-mode=default \
update-stats-interval=disabled wds-cost-range=50-150 \
wds-default-bridge=none wds-default-cost=100 wds-ignore-ssid=no \
wds-mode=disabled wmm-support=disabled
/interface wireless align
set active-mode=yes audio-max=-20 audio-min=-100 \
audio-monitor=00:00:00:00:00:00 filter-mac=00:00:00:00:00:00 \
frame-size=300 frames-per-second=25 receive-all=no ssid-all=no
/interface wireless sniffer
set channel-time=200ms file-limit=10 file-name="" memory-limit=10 \
multiple-channels=no only-headers=no receive-errors=no \
streaming-enabled=no streaming-max-rate=0 streaming-server=0.0.0.0
/interface wireless snooper
set channel-time=200ms multiple-channels=yes receive-errors=no
[admin@MikroTik] /interface wireless>
Re: Cannot get 64 Char WPA to work
I have tried a 64 character WPA key on server routerboards and a few different RouterOS versions with CM9's to no avail
Has anyone got a 64 character WPA key to work with router OS?
Thank you
Here is my log
echo: wireless,debug wlan1: 00:90:4B:71:54:94 attempts to connect
echo: wireless,debug wlan1: 00:90:4B:71:54:94 not in local ACL, by default accep
t
[admin@MikroTik] >
echo: wireless,debug wlan1: 00:90:4B:71:54:94 attempts to connect
echo: wireless,debug wlan1: 00:90:4B:71:54:94 not in local ACL, by default accep
t
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - dec
ided to deauth: 4-way handshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - dec
ided to deauth: 4-way handshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - dec
ided to deauth: 4-way handshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - dec
ided to deauth: 4-way handshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: 00:90:4B:71:54:94 attempts to connect
echo: wireless,debug wlan1: 00:90:4B:71:54:94 not in local ACL, by default accep
t
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - dec
ided to deauth: 4-way handshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - dec
ided to deauth: 4-way handshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - dec
ided to deauth: 4-way handshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to dea
uth: 4-way handshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: 00:90:4B:71:54:94 attempts to connect
echo: wireless,debug wlan1: 00:90:4B:71:54:94 not in local ACL, by default accept
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
Has anyone got a 64 character WPA key to work with router OS?
Thank you
Here is my log
echo: wireless,debug wlan1: 00:90:4B:71:54:94 attempts to connect
echo: wireless,debug wlan1: 00:90:4B:71:54:94 not in local ACL, by default accep
t
[admin@MikroTik] >
echo: wireless,debug wlan1: 00:90:4B:71:54:94 attempts to connect
echo: wireless,debug wlan1: 00:90:4B:71:54:94 not in local ACL, by default accep
t
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - dec
ided to deauth: 4-way handshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - dec
ided to deauth: 4-way handshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - dec
ided to deauth: 4-way handshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - dec
ided to deauth: 4-way handshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: 00:90:4B:71:54:94 attempts to connect
echo: wireless,debug wlan1: 00:90:4B:71:54:94 not in local ACL, by default accep
t
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - dec
ided to deauth: 4-way handshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - dec
ided to deauth: 4-way handshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - dec
ided to deauth: 4-way handshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to dea
uth: 4-way handshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: 00:90:4B:71:54:94 attempts to connect
echo: wireless,debug wlan1: 00:90:4B:71:54:94 not in local ACL, by default accept
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
echo: wireless,debug wlan1: reject 00:90:4B:71:54:94, banned (last failure - decided to deauth: 4-way han
dshake timeout (15))
[admin@MikroTik] >
Re: Cannot get 64 Char WPA to work
your routeros versions are too old - please upgrade. And after that if you have problems, email tosupport@mikrotik.com with detailed info.
Re: Cannot get 64 Char WPA to work
Dear Mikrotik Users, Please help me understand this response from Mikrotik
Thank you
> I am unable to connect a windows xp sp2 laptop to a mikrotik AP using a
> 64 character WPA key. I can connect using shorter keys but not 64
> characters. My radio is a CM9
> I have tried 2.9.46 and 3.0rc4
__Response from Serjegs__
Indeeed RouterOS 'pre-shared-key' option (as well as different vendors call
it) is preshared-key 'passphrase'.
Passphrase lenght is from 8 to 63 ASCII characters. Special algortithm is used to generate from preshared-key-passphrase (that you set on 'interface wireless security-profile configuration) and SSID, these value are taken to generate preshared-key/digit that is used as 'master-key', it will be 64 characters
(64*4=256 master key).
As far as I know standart Windows XP is using the same passphrase to set WPA settings, if you use third-part tool for wireless configuration and need to enter preshared-key-passphrase directly, you need to find tool that will generate this digit from SSID un 'pre-shared-key' configured at RouterOS.
I do not have Windows, Linux allows to use tool 'wpa_passphrase', try to find in google the same option for Windows, that may generate preshared-key from passphrase and SSID.
Regards,
Sergejs
--
Come to MUM EGYPT
Sharm el Sheikh, November 21-22
http://mum.mikrotik.com
Thank you
> I am unable to connect a windows xp sp2 laptop to a mikrotik AP using a
> 64 character WPA key. I can connect using shorter keys but not 64
> characters. My radio is a CM9
> I have tried 2.9.46 and 3.0rc4
__Response from Serjegs__
Indeeed RouterOS 'pre-shared-key' option (as well as different vendors call
it) is preshared-key 'passphrase'.
Passphrase lenght is from 8 to 63 ASCII characters. Special algortithm is used to generate from preshared-key-passphrase (that you set on 'interface wireless security-profile configuration) and SSID, these value are taken to generate preshared-key/digit that is used as 'master-key', it will be 64 characters
(64*4=256 master key).
As far as I know standart Windows XP is using the same passphrase to set WPA settings, if you use third-part tool for wireless configuration and need to enter preshared-key-passphrase directly, you need to find tool that will generate this digit from SSID un 'pre-shared-key' configured at RouterOS.
I do not have Windows, Linux allows to use tool 'wpa_passphrase', try to find in google the same option for Windows, that may generate preshared-key from passphrase and SSID.
Regards,
Sergejs
--
Come to MUM EGYPT
Sharm el Sheikh, November 21-22
http://mum.mikrotik.com
Re: Cannot get 64 Char WPA to work
A devices can understand a key only in hexadecimal format. The key in hexadecimal format are too hard (expecially if they are long) to remember, so, many firmware engineer, have developed an algo to convert an alphanumeric key (more easy to remember) to a hexadecimal key. This algo IS NOT a standard, so, if you type a key in alphanumerical format on WinXP and on ROS, the result (the REAL hexadecimal key) may be very different.
If you want to be sure, type your key in hexadecimal format everywhere or use THE SAME firmware everywhere.
If you want to be sure, type your key in hexadecimal format everywhere or use THE SAME firmware everywhere.
Who is online
Users browsing this forum: UkRainUa and 61 guests