EAP-TLS "Unable to connect to this network"

[eddiez9]

Hi there,

I'm trying to connect to my AP using EAP-TLS to attempt MITM in my lab. Originally started with berate_ap but I encounter the same behaviour when directory using hostapd-mana.

I'm on Kali and have tried both building from source and the disti included hostapd-mana.

The error encountered when attempting to connect on Windows with a client certificate is 'Unable to connect to this network'

Event log shows some errors which I can't seem to find anything about what they mean. This is despite a EAP-SUCCESS being sent by hostapd-mana.

Was wondering if you've encountered this before?

event log detail

Reason: Explicit Eap failure received
Error: 0x80090304
EAP Reason: 0x80090304
EAP Root cause String: The Local Security Authority cannot be contacted
EAP Error: 0x80090304

hostapd.conf

interface=wlan0
ssid=PSKNet
channel=6
hw_mode=g

wpa=2
wpa_key_mgmt=WPA-EAP
wpa_pairwise=CCMP
rsn_pairwise=CCMP
auth_algs=3

ieee8021x=1
eapol_key_index_workaround=0
eap_server=1
eap_user_file=hostapd.eap_user
ca_cert=certs/hostapd.ca.pem
server_cert=certs/hostapd.cert.pem
private_key=certs/hostapd.key.pem
private_key_passwd=
dh_file=certs/hostapd.dh.pem

mana_eaptls=1

hostapd-mana non-debug

─# hostapd-mana hostapd.conf 
Configuration file: hostapd.conf
Using interface wlan0 with hwaddr 18:d6:c7:10:17:db and ssid "PSKNet"
wlan0: interface state UNINITIALIZED->ENABLED
wlan0: AP-ENABLED 
wlan0: STA b2:dd:1c:63:6a:a2 IEEE 802.11: authenticated
wlan0: STA b2:dd:1c:63:6a:a2 IEEE 802.11: associated (aid 1)
wlan0: CTRL-EVENT-EAP-STARTED b2:dd:1c:63:6a:a2
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: CTRL-EVENT-EAP-STARTED b2:dd:1c:63:6a:a2
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=1
wlan0: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=13
wlan0: CTRL-EVENT-EAP-SUCCESS b2:dd:1c:63:6a:a2

hostapd-mana debug

EAP: EAP entering state METHOD_REQUEST
EAP: building EAP-Request: Identifier 53
SSL: Generating Request
SSL: Sending out 158 bytes (message sent completely)
EAP-TLS: Done
EAP-TLS: CONTINUE -> SUCCESS
EAP: EAP entering state SEND_REQUEST
EAP: EAP entering state IDLE
EAP: retransmit timeout 3 seconds (from dynamic back off; retransCount=0)
IEEE 802.1X: 32:ce:2a:63:15:9e BE_AUTH entering state REQUEST
wlan0: STA 32:ce:2a:63:15:9e IEEE 802.1X: Sending EAP Packet (identifier 53)
wlan0: Event EAPOL_TX_STATUS (38) received
IEEE 802.1X: 32:ce:2a:63:15:9e TX status - version=2 type=0 length=164 - ack=1
wlan0: Event EAPOL_RX (24) received
IEEE 802.1X: 38 bytes from 32:ce:2a:63:15:9e
   IEEE 802.1X: version=1 type=0 length=34
EAP: code=2 identifier=53 length=34
 (response)
wlan0: STA 32:ce:2a:63:15:9e IEEE 802.1X: received EAP packet (code=2 id=53 len=34) from STA: EAP Response-TLS (13)
IEEE 802.1X: 32:ce:2a:63:15:9e BE_AUTH entering state RESPONSE
EAP: EAP entering state RECEIVED
EAP: parseEapResp: rxResp=1 rxInitiate=0 respId=53 respMethod=13 respVendor=0 respVendorMethod=0
EAP: EAP entering state INTEGRITY_CHECK
EAP: EAP entering state METHOD_RESPONSE
SSL: Received packet(len=34) - Flags 0x80
SSL: TLS Message Length: 24
SSL: Received packet: Flags 0x80 Message Length 24
SSL: 0 bytes pending from ssl_out
OpenSSL: Handshake finished - resumed=0
EAP-TLS: Derived key - hexdump(len=64): 0b 4a 5f 14 2e d4 1e 20 72 64 e0 df 65 29 63 90 49 8a 38 b4 e6 40 c8 ce a0 0a dd 3c 80 0d 2d 5c 55 08 46 88 5c 7e 74 8c c1 04 2c 65 fb d0 12 77 d5 23 52 46 4f c6 a5 34 ea 59 13 d4 d6 88 f2 97
EAP: Session-Id - hexdump(len=65): 0d 61 aa f4 ab b9 ad 3a 1e 37 35 4a d2 0c 6c 8a 04 18 a4 a4 37 01 79 01 88 59 a7 7d 2c 2c f7 37 6d c1 51 5e a7 3c a6 ff 93 c4 57 c0 e0 e3 21 46 85 4d 58 75 39 3c dc 63 8d 53 54 7a 92 6d c6 87 ef
EAP: EAP entering state SELECT_ACTION
EAP: getDecision: method succeeded -> SUCCESS
EAP: EAP entering state SUCCESS
EAP: Building EAP-Success (id=53)
wlan0: CTRL-EVENT-EAP-SUCCESS 32:ce:2a:63:15:9e
IEEE 802.1X: 32:ce:2a:63:15:9e BE_AUTH entering state SUCCESS
wlan0: STA 32:ce:2a:63:15:9e IEEE 802.1X: Sending EAP Packet (identifier 53)
IEEE 802.1X: 32:ce:2a:63:15:9e BE_AUTH entering state IDLE
WPA: 32:ce:2a:63:15:9e WPA_PTK entering state INITPMK
WPA: PMK from EAPOL state machine (MSK len=64 PMK len=32)
WPA: 32:ce:2a:63:15:9e WPA_PTK entering state PTKSTART
wlan0: STA 32:ce:2a:63:15:9e WPA: sending 1/4 msg of 4-Way Handshake
WPA: Send EAPOL(version=2 secure=0 mic=0 ack=1 install=0 pairwise=1 kde_len=22 keyidx=0 encr=0)
WPA: Replay Counter - hexdump(len=8): 00 00 00 00 00 00 00 01
WPA: Use EAPOL-Key timeout of 100 ms (retry counter 1)
wlan0: Event EAPOL_TX_STATUS (38) received
IEEE 802.1X: 32:ce:2a:63:15:9e TX status - version=2 type=0 length=4 - ack=1
wlan0: Event EAPOL_TX_STATUS (38) received
IEEE 802.1X: 32:ce:2a:63:15:9e TX status - version=2 type=3 length=117 - ack=1
WPA: EAPOL-Key TX status for STA 32:ce:2a:63:15:9e ack=1
WPA: Increase initial EAPOL-Key 1/4 timeout by 1000 ms because of acknowledged frame
nl80211: Event message available
nl80211: BSS Event 59 (NL80211_CMD_FRAME) received for wlan0
nl80211: MLME event 59 (NL80211_CMD_FRAME) on wlan0(18:d6:c7:10:17:db) A1=18:d6:c7:10:17:db A2=32:ce:2a:63:15:9e
nl80211: MLME event frame - hexdump(len=36): c0 00 3c 00 18 d6 c7 10 17 db 32 ce 2a 63 15 9e 18 d6 c7 10 17 db 40 01 01 00 dd 08 00 17 35 01 01 00 00 00
nl80211: Frame event
nl80211: RX frame da=18:d6:c7:10:17:db sa=32:ce:2a:63:15:9e bssid=18:d6:c7:10:17:db freq=2437 ssi_signal=-52 fc=0xc0 seq_ctrl=0x140 stype=12 (WLAN_FC_STYPE_DEAUTH) len=36
wlan0: Event RX_MGMT (19) received
wlan0: mgmt::deauth
wlan0: deauthentication: STA=32:ce:2a:63:15:9e reason_code=1
wlan0: STA 32:ce:2a:63:15:9e WPA: event 3 notification
wpa_driver_nl80211_set_key: ifindex=15 (wlan0) alg=0 addr=0x5621dddcaf70 key_idx=0 set_tx=1 seq_len=0 key_len=0
   addr=32:ce:2a:63:15:9e
WPA: 32:ce:2a:63:15:9e WPA_PTK entering state DISCONNECTED
WPA: 32:ce:2a:63:15:9e WPA_PTK entering state INITIALIZE
wpa_driver_nl80211_set_key: ifindex=15 (wlan0) alg=0 addr=0x5621dddcaf70 key_idx=0 set_tx=1 seq_len=0 key_len=0
   addr=32:ce:2a:63:15:9e
wlan0: STA 32:ce:2a:63:15:9e IEEE 802.11: deauthenticated
wlan0: STA 32:ce:2a:63:15:9e MLME: MLME-DEAUTHENTICATE.indication(32:ce:2a:63:15:9e, 1)
wlan0: STA 32:ce:2a:63:15:9e MLME: MLME-DELETEKEYS.request(32:ce:2a:63:15:9e)
wpa_driver_nl80211_set_key: ifindex=15 (wlan0) alg=0 addr=0x5621dddcaf70 key_idx=0 set_tx=1 seq_len=0 key_len=0
   addr=32:ce:2a:63:15:9e
nl80211: sta_remove -> DEL_STATION wlan0 32:ce:2a:63:15:9e --> 0 (Success)
nl80211: Set beacon (beacon_set=1)
nl80211: Beacon head - hexdump(len=57): 80 00 00 00 ff ff ff ff ff ff 18 d6 c7 10 17 db 18 d6 c7 10 17 db 00 00 00 00 00 00 00 00 00 00 64 00 11 04 00 06 50 53 4b 4e 65 74 01 08 82 84 8b 96 0c 12 18 24 03 01 06
nl80211: Beacon tail - hexdump(len=45): 2a 01 04 32 04 30 48 60 6c 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 01 00 00 3b 02 51 00 7f 08 04 00 00 00 00 00 00 40
nl80211: ifindex=15
nl80211: beacon_int=100
nl80211: dtim_period=2
nl80211: ssid - hexdump_ascii(len=6):
     50 53 4b 4e 65 74                                 PSKNet          
  * beacon_int=100
  * dtim_period=2
nl80211: hidden SSID not in use
nl80211: privacy=1
nl80211: auth_algs=0x3
nl80211: wpa_version=0x2
nl80211: key_mgmt_suites=0x1
nl80211: pairwise_ciphers=0x10
nl80211: group_cipher=0x10
nl80211: beacon_ies - hexdump(len=10): 7f 08 04 00 00 00 00 00 00 40
nl80211: proberesp_ies - hexdump(len=10): 7f 08 04 00 00 00 00 00 00 40
nl80211: assocresp_ies - hexdump(len=10): 7f 08 04 00 00 00 00 00 00 40
ap_free_sta: cancel ap_handle_timer for 32:ce:2a:63:15:9e
EAP: Server state machine removed
nl80211: Event message available
nl80211: Drv Event 20 (NL80211_CMD_DEL_STATION) received for wlan0
nl80211: Delete station 32:ce:2a:63:15:9e
nl80211: Event message available
nl80211: BSS Event 83 (NL80211_CMD_UNEXPECTED_FRAME) received for wlan0
wlan0: Event RX_FROM_UNKNOWN (18) received
Data/PS-poll frame from not associated STA 32:ce:2a:63:15:9e
nl80211: send_mlme - da= 32:ce:2a:63:15:9e noack=0 freq=0 no_cck=0 offchanok=0 wait_time=0 fc=0xc0 (WLAN_FC_STYPE_DEAUTH) nlmode=3
nl80211: send_mlme -> send_frame
nl80211: send_frame - Use bss->freq=2437
nl80211: send_frame -> send_frame_cmd
nl80211: CMD_FRAME freq=2437 wait=0 no_cck=0 no_ack=0 offchanok=0
CMD_FRAME - hexdump(len=26): c0 00 00 00 32 ce 2a 63 15 9e 18 d6 c7 10 17 db 18 d6 c7 10 17 db 00 00 07 00
nl80211: Frame TX command accepted; cookie 0x7
nl80211: Event message available