From: "Christian Langanke" <os2-wireless_users@2rosenthals.com>
Message-ID: <45649D6C.6010508@clanganke.de>
Date: Wed, 22 Nov 2006 19:56:44 +0100
User-Agent: Thunderbird 1.5.0.7 (OS/2/20060915)
MIME-Version: 1.0
To: OS/2 Wireless Users Mailing List <os2-wireless_users@2rosenthals.com>
Subject: Re: [OS2Wireless]Re: Issues with WPA
References: <list-550409@2rosenthals.com>
In-Reply-To: <list-550409@2rosenthals.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Chris Clayton wrote:
> Christian,
>
> There is no reason to apologize, you and Willibald have done a
> fantastic effort getting us to this point!  There's always a few
> growing pains to wade through as you will see below.
>   

Chris, thank you very much.
I wanted to say though that I am sorry to hear that you have problems.
(you see I am not a native speaker)

>> Hmm, cannot think of a reason for that. The signal should be identical. 
>> Can you test the WPA encryption with a notebook running linux or Windows ?
>>     
>
> Believe it or not, my Window box refuses to connect with anything! 
>   

Hmm, having no working reference system makes diagnosis very difficult.

> Rather than mess up my working Actiontec DSL system with WEP wifi, I
> uncrated from storage a Linksys WRT54g I had when I was contemplating
> using a cable setup.  (When I decided to go to DSL, I needed a new box
> since Qwest use PPPoA and the Linksys only support PPPoE).  The Linksys
> box has a WPA option to use TKIP (WPA) or AES (WPA2).  When I tried the
> AES option I had the same problems I had with the Actiontec box. 
> However, with TKIP enabled and changing the the XWLAN option from WPA2
> to WPA, I was able to connect and had a working network!

This would be the way to go! Frankly I have no router supporting WPA2 
(AES), so I can't tell for sure that it works anyway. I only know that 
the wpa supplicant is supposed to support WPA2, and that due to the 
architecture of this program there should be no problem with that - once 
the supplicant works for one protocol, it should as well work for another.

>   All of leads
> me to believe that we have the usual "standards" problem!
>   

possibly yes.

> No, the red bars were for WPA2.  

Ah mixed that up.

> There is minimal documentation, but my
> understanding is that the Actiontec gateway I was initially using only
> uses AES for its WPA-PSK operation.  There is no option available to
> switch between TKIP and AES.
>   
AFAIK fom my researches in wikipedia (englixh and german) TKIP is the 
key interchange protocol, where AES provides encryption (in opposite to 
RC4 used for WPA). It is not about TKIP _or_ AES - that is, they should 
not exclude each other.

See also my presentation of Warpstock Europe 2006 about XWLAN and WPA 
security, you find it in the download section of http://wlan.netlabs.org/

Slide 20 lists the keywords that I search with wikipedia, try CCMP and 
you will read that CCMP is as well used together with TKIP.


>>    Will do once I do a little further investigation.  I need to disable
>> Object Desktop, possibly Norman AV, C-A-D Commander ... to narrow
>> things down.  BTW, there were no problems with Genmac 1+.
>>     

Do yourself a favour to cut required efforts down and install a small 
test partition, only with genmac and XWLAN. This way you can make sure 
nothing else interferes, and you can keep a test field where even after 
weeks you can try to reproduce an error situation with a new test build 
of genmac under defined conditions. And it is a good idea to write a 
test protocol, otherwise you may end up not being able to reproduce an 
error after some days or weeks. You have some more work in the 
beginning, but I'd bet that you save an awful amount of time later. 
Well, just my 2 cents.

With my old T20 I had problems, and for testing had even several test 
partitions (for different purposes) zipped on an external USB drive. 
This is easy to backup and restore by simple scripts. If you have 
problems zipping a complete, working eCS install partition, send PM to me.

> I am using fixed IPs only and I do use the radio on/off technique. 
> This is not a big problem since the script technique is working well.
>   

that is good to hear, I rarely get feedback on the XWLAN script feature 
(so I hardly can know if someone uses it anyway)

>> Chris, I am verry sorry, but I never tested to integrate NetBios over 
>> TCP/IP. This may work, but I cannot say that there will be no side 
>> effect by this.
>>     
>
> Thats, ok.  I have found that NetBIOS over TCPIP can be very finicky
> about configuration and caches being properly cleared.  I once tried to
> clone two machines from a backup file and change the network settings
> (IP, name, etc) for the second machine.  TCPBEIU complained for quite
> awhile that I had two systems with the same name on the network!  It
> took a painstaking clearing of the caches of ALL the computers to clear
> that up.
>   

I can well imagine that. And I would prefer to wait for a rock solid 
samba solution before I would start testcases for using XWLAN to switch 
a NetBIOS over TCP/IP connection between cabled and wireless. This 
protocol is oudated and IMHO should not longer be used (or at least only 
until Samba works out well).



bye, Christian

-------------------------------------------------

Christian Langanke
COS2E & CWSE
Team OS/2 Ruhr e.V.
cla@clanganke.de