Hostapd：客户端定期重新认证而不显示已被取消身份验证

我使用AWUS036NH适配器作为AP（芯片集Ralink RT3070）在Rasbian Raspberry Pi上运行Hostapd v1.0。它工作正常，除了一个问题：Hostapd：客户端定期重新认证而不显示已被取消身份验证

我的Android手机使用VOIP（Media5-fone应用程序，但不进行任何调用）每隔Nx10分钟重新连接，而不会显示已被服务器取消身份验证。在这里，日志怎么样子：

> Sep 17 07:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: authenticated 
Sep 17 07:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: associated (aid 1) 
Sep 17 07:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx RADIUS: starting accounting session 59BE12E5-00000001 
Sep 17 07:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: pairwise key handshake completed (RSN) 
> Sep 17 07:55:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: authenticated 
Sep 17 07:55:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: associated (aid 1) 
Sep 17 07:55:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx RADIUS: starting accounting session 59BE12E5-00000002 
Sep 17 07:55:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: pairwise key handshake completed (RSN) 
> Sep 17 08:05:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: authenticated 
Sep 17 08:05:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: associated (aid 1) 
Sep 17 08:05:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx RADIUS: starting accounting session 59BE12E5-00000003 
Sep 17 08:05:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: pairwise key handshake completed (RSN) 
Sep 17 08:15:04 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN) 
Sep 17 08:25:03 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN) 
Sep 17 08:35:01 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN) 
Sep 17 08:45:01 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN) 
> Sep 17 08:55:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: authenticated 
Sep 17 08:55:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: associated (aid 1) 
Sep 17 08:55:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx RADIUS: starting accounting session 59BE12E5-00000004 
Sep 17 08:55:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: pairwise key handshake completed (RSN) 
Sep 17 09:05:01 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN) 
Sep 17 09:15:02 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN) 
Sep 17 09:25:01 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN) 
Sep 17 09:35:03 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN) 
> Sep 17 09:45:07 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: authenticated 
Sep 17 09:45:07 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: associated (aid 1) 
Sep 17 09:45:07 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx RADIUS: starting accounting session 59BE12E5-00000005 
Sep 17 09:45:07 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: pairwise key handshake completed (RSN) 
Sep 17 09:55:02 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN) 
Sep 17 10:05:04 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN) 
Sep 17 10:15:04 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN) 
Sep 17 10:25:02 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN) 
> Sep 17 10:35:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: authenticated 
Sep 17 10:35:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: associated (aid 1) 
Sep 17 10:35:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx RADIUS: starting accounting session 59BE12E5-00000006 
Sep 17 10:35:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: pairwise key handshake completed (RSN) 
> Sep 17 10:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: authenticated 
Sep 17 10:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: associated (aid 1) 
Sep 17 10:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx RADIUS: starting accounting session 59BE12E5-00000007 
Sep 17 10:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: pairwise key handshake completed (RSN) 
Sep 17 10:55:02 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN) 
Sep 17 11:05:03 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN) 
Sep 17 11:15:03 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN) 
Sep 17 11:25:04 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN) 
Sep 17 11:35:02 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN) 
Sep 17 11:45:03 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN) 
Sep 17 11:55:03 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN) 
Sep 17 12:05:02 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN) 
Sep 17 12:15:02 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN) 
Sep 17 12:25:04 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN) 
Sep 17 12:35:03 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN) 
> Sep 17 12:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: authenticated 
Sep 17 12:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: associated (aid 1) 
Sep 17 12:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx RADIUS: starting accounting session 59BE12E5-00000008 
Sep 17 12:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: pairwise key handshake completed (RSN) 
Sep 17 12:55:04 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)

我hostapd.conf：

interface=wlan0 
logger_syslog=-1 
logger_syslog_level=2 
logger_stdout=-1 
logger_stdout_level=2 
ctrl_interface=/var/run/hostapd 
ctrl_interface_group=0 
ssid=TheWifiNetworkName 
country_code=US 
hw_mode=g 
channel=3 
beacon_int=100 
dtim_period=2 
max_num_sta=10 
macaddr_acl=0 
auth_algs=1 
ignore_broadcast_ssid=0 
wmm_enabled=1 
wmm_ac_bk_cwmin=4 
wmm_ac_bk_cwmax=10 
wmm_ac_bk_aifs=7 
wmm_ac_bk_txop_limit=0 
wmm_ac_bk_acm=0 
wmm_ac_be_aifs=3 
wmm_ac_be_cwmin=4 
wmm_ac_be_cwmax=10 
wmm_ac_be_txop_limit=0 
wmm_ac_be_acm=0 
wmm_ac_vi_aifs=2 
wmm_ac_vi_cwmin=3 
wmm_ac_vi_cwmax=4 
wmm_ac_vi_txop_limit=94 
wmm_ac_vi_acm=0 
wmm_ac_vo_aifs=2 
wmm_ac_vo_cwmin=2 
wmm_ac_vo_cwmax=3 
wmm_ac_vo_txop_limit=47 
wmm_ac_vo_acm=0 
ap_max_inactivity=1800 
eapol_key_index_workaround=0 
eap_server=0 
own_ip_addr=127.0.0.1 
wpa=2 
wpa_passphrase=ThePassword 
wpa_key_mgmt=WPA-PSK 
wpa_pairwise=TKIP 
rsn_pairwise=CCMP 
ap_table_max_size=100 
ap_table_expiration_time=1800

那么既然总是在10分钟的倍数发生了，我开始看任何配置变量，它是600的倍数秒，导致我们到：

ap_max_inactivity=1800 
ap_table_expiration_time=1800

但是，这并不能解释为什么10分钟...这是一个客户端的东西（Android）？我所知道的是，当Android VOIP连接到另一个WIFI网络时，不会发生这种情况。

我想添加一个额外的问题：你有没有在我的配置中看到任何不那么聪明的东西？（这是我第一次安装hostapd）

谢谢！

来源

2017-09-17 FlorianB

你尝试设置'wpa_group_rekey'参数吗？ –

@RomanMindlin：那似乎是的，谢谢！我第一次尝试了300秒，这使得手机每5分钟重新连接一次。然后我将它设置为604800（7天），并且在几个小时后仍然没有尝试重新连接。您能否以此作为答案并解释它的真实含义，工作原理，原因，以及是否通过提高价值来解决安全问题，以及是否还有其他有用的配置选项？另外，我们真的需要设置一个疯狂的高价值，还是有另一种方式，以便它永远不必重新连接？谢谢。 – FlorianB

您应该在您的/etc/hostapd/hostapd.conf文件中设置wpa_group_rekey参数。

使用CCMP/GCMP作为组密码时，默认为86400秒（每天一次），使用TKIP作为组密码时，默认为600秒（每10分钟一次）。

组密钥（组瞬时密钥）是连接到同一AP的所有Supplicant中的共享密钥，用于保护多播/广播流量。它不用于正常的单播流量。配对瞬态密钥可确保单播流量。

组密钥更新控制组瞬时密钥更改的频率。组密钥更新不控制配对瞬态密钥的更新周期。每次Supplicant验证或重新验证时，Pairwise瞬态密钥都会更改。

WPA使用预共享密钥来验证设备到受保护的网络。 WPA会在一段时间后自动更改密钥。组更新间隔是网络中所有设备共享的组密钥自动更改之间的时间段。

Read this关于已知的与GTK相关的漏洞，但正如它在本文中提到的，hostapd不是脆弱的。

鉴于此，您可以决定将哪个值设置为wpa_group_rekey参数。请记住您的网络环境的安全要求。

来源

2017-09-19 18:05:28

非常感谢，我把它设置为31536000（1年），所以它不会再打扰我了。 – FlorianB

Hostapd：客户端定期重新认证而不显示已被取消身份验证

回答

相关问题