1

我在使用 AWUS036NH 适配器作为 AP(芯片组 Ralink RT3070)的 Rasbian Raspberry Pi 上运行 Hostapd v1.0。除了一个问题外,它运行良好且快速:

我使用 VOIP(Media5-fone 应用程序,但不拨打任何电话)的 Android 手机每 Nx10 分钟重新连接一次,而似乎没有被服务器取消身份验证。日志如下所示:

> Sep 17 07:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: authenticated
Sep 17 07:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: associated (aid 1)
Sep 17 07:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx RADIUS: starting accounting session 59BE12E5-00000001
Sep 17 07:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: pairwise key handshake completed (RSN)
> Sep 17 07:55:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: authenticated
Sep 17 07:55:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: associated (aid 1)
Sep 17 07:55:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx RADIUS: starting accounting session 59BE12E5-00000002
Sep 17 07:55:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: pairwise key handshake completed (RSN)
> Sep 17 08:05:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: authenticated
Sep 17 08:05:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: associated (aid 1)
Sep 17 08:05:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx RADIUS: starting accounting session 59BE12E5-00000003
Sep 17 08:05:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: pairwise key handshake completed (RSN)
Sep 17 08:15:04 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 08:25:03 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 08:35:01 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 08:45:01 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
> Sep 17 08:55:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: authenticated
Sep 17 08:55:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: associated (aid 1)
Sep 17 08:55:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx RADIUS: starting accounting session 59BE12E5-00000004
Sep 17 08:55:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: pairwise key handshake completed (RSN)
Sep 17 09:05:01 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 09:15:02 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 09:25:01 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 09:35:03 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
> Sep 17 09:45:07 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: authenticated
Sep 17 09:45:07 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: associated (aid 1)
Sep 17 09:45:07 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx RADIUS: starting accounting session 59BE12E5-00000005
Sep 17 09:45:07 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: pairwise key handshake completed (RSN)
Sep 17 09:55:02 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 10:05:04 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 10:15:04 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 10:25:02 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
> Sep 17 10:35:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: authenticated
Sep 17 10:35:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: associated (aid 1)
Sep 17 10:35:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx RADIUS: starting accounting session 59BE12E5-00000006
Sep 17 10:35:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: pairwise key handshake completed (RSN)
> Sep 17 10:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: authenticated
Sep 17 10:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: associated (aid 1)
Sep 17 10:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx RADIUS: starting accounting session 59BE12E5-00000007
Sep 17 10:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: pairwise key handshake completed (RSN)
Sep 17 10:55:02 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 11:05:03 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 11:15:03 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 11:25:04 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 11:35:02 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 11:45:03 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 11:55:03 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 12:05:02 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 12:15:02 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 12:25:04 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
Sep 17 12:35:03 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)
> Sep 17 12:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: authenticated
Sep 17 12:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx IEEE 802.11: associated (aid 1)
Sep 17 12:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx RADIUS: starting accounting session 59BE12E5-00000008
Sep 17 12:45:06 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: pairwise key handshake completed (RSN)
Sep 17 12:55:04 wifi1 hostapd: wlan0: STA a0:10:81:67:xx:xx WPA: group key handshake completed (RSN)

我的hostapd.conf:

interface=wlan0
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=TheWifiNetworkName
country_code=US
hw_mode=g
channel=3
beacon_int=100
dtim_period=2
max_num_sta=10
macaddr_acl=0
auth_algs=1
ignore_broadcast_ssid=0
wmm_enabled=1
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0
ap_max_inactivity=1800
eapol_key_index_workaround=0
eap_server=0
own_ip_addr=127.0.0.1
wpa=2
wpa_passphrase=ThePassword
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
ap_table_max_size=100
ap_table_expiration_time=1800

因此,由于它总是以 10 分钟的倍数发生,我开始查看任何 600 秒的倍数的配置变量,这导致我们:

ap_max_inactivity=1800
ap_table_expiration_time=1800

但这并不能解释为什么 10 分钟......这是客户端的事情(Android)吗?我所知道的是,当 Android VOIP 连接到另一个 WIFI 网络时,这不会发生。

我想补充一个额外的问题:你有没有看到我的配置有什么不那么聪明的地方?(这是我第一次设置hostapd)

谢谢!

4

1 回答 1

2

您应该在文件中设置wpa_group_rekey参数。/etc/hostapd/hostapd.conf

使用 CCMP/GCMP 作为组密码时默认为 86400 秒(每天一次),使用 TKIP 作为组密码时默认为 600 秒(每 10 分钟一次)。

组密钥(Group Transient Key)是连接到同一个AP的所有请求者之间的共享密钥,用于保护组播/广播流量。它不用于正常的单播流量。成对瞬态密钥保护单播流量。

组密钥更新控制组临时密钥更改的频率。Group Key Renewal 不控制 Pairwise Transient Key 的更新周期。每次请求者进行身份验证或重新身份验证时,都会更改成对瞬态密钥。

WPA 使用预共享密钥对受保护网络的设备进行身份验证。WPA 会在一段时间后自动更改密钥。组密钥更新间隔是网络上所有设备共享的组密钥自动更改之间的时间段。

阅读有关与 GTK 相关的已知漏洞的信息,但正如本文中提到的,hostapd 不是易受攻击的。

鉴于此,您可以决定应该为wpa_group_rekey参数设置哪个值。请牢记网络环境的安全要求。

于 2017-09-19T18:05:28.160 回答