Hi all,
I am connecting to a WPA2 Enterprise network with a QCA4020 using PEAP MSCHAPV2 and am able to successfully authenticate. However, after connecting, the device will disconnect after precisely 30 minutes.
I observed the same issue on an Apple iPad, also on the same network. The solution that worked there was installing a root CA cert provided to me by the network administrator.
I attempted to implement a similar fix using the SDK (v3.4) by setting the __QAPI_WLAN_PARAM_GROUP_SECURITY_8021X_CA_CER parameter using the below snippet of code. I wrote the certificate to the flash filesystem at /spinor/cacert successfully before calling this function. I did not change the authentication method, leaving it as QAPI_WLAN_8021X_METHOD_EAP_PEAP_MSCHAPV2_E.
#define CERT_PATH "/spinor/cacert"
/* Snip */
const char * const certificate = CERT_PATH;
status = qapi_WLAN_Set_Param(0,
__QAPI_WLAN_PARAM_GROUP_WIRELESS_SECURITY,
__QAPI_WLAN_PARAM_GROUP_SECURITY_8021X_CA_CER,
certificate, strlen(certificate) + 1, FALSE);
Once I do the above, however, the QCA4020 now fails to authenticate. It does begin the authentication process, but fails to authenticate with the RADIUS server and obviously fails to connect to the network.
Am I misunderstanding how to configure the CA certificate? Is there another solution available? I read through the QCLI_Demo code (specifically wifi_cmd_handler.c:4037) and I see that the CA cert is only configured when using EAP TLS. However, this requires another client side certificate, which is not available for the network.
Thanks for the help.
Can you try with QCLI_Demo to verify the same behaviour ?
Step 1: Modify Build.bat to enable 802.1X
SET CFG_FEATURE_WLAN_8021X=true
Step 2:
wlan SetWpaCertParameters PEAP-MSCHAPV2 ioetest ioetest 12345678 0 0 0 0 0 1 QAPI_NET_SSL_NO_SERVER_AUTH
Or
net cert get clientCAlist.crt 192.168.20.130 -s clientCAlist -t pem_ca_list
WLAN SetWpaParameters WPA2CERT CCMP CCMP
WLAN SetWpaCertParameters TLS 4020_ap 4020test 12345678 0 clientCAlist client 0 0 0x1006b
Hi Raja,
I ran a test using QCLI_demo and observed the same behavior. Using PEAP-MSCHAPV2, the device is able to initially connect before losing connection at the 30 minute mark. It does automatically reconnect afterwards, printing DHCPv4c information. However, the connection is still lost for a brief period of time.
I was not able to test the behavior when using TLS since the network is not configured for that authentication method. No client certificates are available.
Thanks for the help!