NetworkManager versus chaves compartilhadas

Para quem nem sabe o que é NetworkManager:

1. Site oficial: http://www.gnome.org/projects/NetworkManager/
2. Screenshot do Applet no Gnome:

Eu estava aqui precisando configurar mais uma vez uma rede wireless com WEP, só que o nm-applet não procedia à correta associação ao ponto de acesso. No caso, era uma conexão onde havia compartilhamento de chave (modo restricted da opção de encriptação na placa de rede, ou chave compartilhada na interface do nm-applet). Minha versão do NetworkManager é 0.6.5-3.

Então tive de fazer na mão...

1. Definindo o modo de chave compartilhada:

   # iwconfig eth2 enc restricted

2. Criei um arquivo de configuração chamado test.conf para o wpa_supplicant contendo:

   ctrl_interface=/var/run/wpa_supplicant
   network={
   	ssid="MINHA REDE"
   	key_mgmt=NONE
   	wep_key0="MINHA SENHA"
   	wep_tx_keyidx=0
   }

3. Tentei me associar ao ponto de acesso desta rede usando autenticação WEP usando:

   # wpa_supplicant -ieth2 -c/home/amadeu/test.conf

4. Caso mostre a mensagem semelhante a esta abaixo significa que a autenticação funcionou:

   Associated with 00:11:95:be:ce:d4
   CTRL-EVENT-CONNECTED - Connection to 00:11:95:be:ce:d4 completed (auth) [id=0 id_str=]

5. Então basta tenta pegar um IP (caso tenha DHCP na rede):

   # dhclient eth2

Ufaa... agora que peguei net procurei sobre o assunto mas...

1. Em http://mail.gnome.org/archives/networkmanager-list/2005-December/msg00157.html alguém reporta o mesmo problema que eu mas ninguém respondeu.
2. Aqui http://www.redhat.com/archives/rhl-beta-list/2004-November/thread.html#00166 tem uma discussão mais antiga ainda.
3. Já em http://mail.gnome.org/archives/networkmanager-list/2005-August/msg00140.html há resposta indicando que pode ser um mal funcionamento do ponto de acesso.
4. Olhando o /var/log/syslog tem alguma pista:

   Jan 14 10:09:47 sarang NetworkManager: <info>  Activation (eth2) Stage 1 of 5 (Device Prepare) complete. 
   Jan 14 10:09:47 sarang NetworkManager: <info>  Activation (eth2) Stage 2 of 5 (Device Configure) starting... 
   Jan 14 10:09:47 sarang NetworkManager: <info>  Activation (eth2/wireless): access point 'impa-wl' is encrypted, and a key exists.  No new key needed. 
   Jan 14 10:09:48 sarang NetworkManager: <info>  SUP: sending command 'INTERFACE_ADD eth2^I^Iwext^I/var/run/wpa_supplicant^I' 
   Jan 14 10:09:48 sarang kernel: bcm43xx: set security called, .level = 0, .enabled = 0, .encrypt = 0
   Jan 14 10:09:48 sarang last message repeated 3 times
   Jan 14 10:09:48 sarang NetworkManager: <info>  SUP: response was 'OK' 
   Jan 14 10:09:48 sarang NetworkManager: <info>  SUP: sending command 'AP_SCAN 1' 
   Jan 14 10:09:48 sarang NetworkManager: <info>  SUP: response was 'OK' 
   Jan 14 10:09:48 sarang NetworkManager: <info>  SUP: sending command 'ADD_NETWORK' 
   Jan 14 10:09:48 sarang NetworkManager: <info>  SUP: response was '0' 
   Jan 14 10:09:48 sarang NetworkManager: <info>  SUP: sending command 'SET_NETWORK 0 ssid 696d70612d776c' 
   Jan 14 10:09:48 sarang NetworkManager: <info>  SUP: response was 'OK' 
   Jan 14 10:09:48 sarang NetworkManager: <info>  SUP: sending command 'SET_NETWORK 0 key_mgmt NONE' 
   Jan 14 10:09:48 sarang NetworkManager: <info>  SUP: response was 'OK' 
   Jan 14 10:09:48 sarang NetworkManager: <info>  SUP: sending command 'SET_NETWORK 0 auth_alg SHARED' 
   Jan 14 10:09:48 sarang NetworkManager: <info>  SUP: response was 'OK' 
   Jan 14 10:09:48 sarang NetworkManager: <info>  SUP: sending command 'SET_NETWORK 0 wep_key0 <key>' 
   Jan 14 10:09:48 sarang NetworkManager: <info>  SUP: response was 'OK' 
   Jan 14 10:09:48 sarang NetworkManager: <info>  SUP: sending command 'SET_NETWORK 0 wep_tx_keyidx 0' 
   Jan 14 10:09:48 sarang NetworkManager: <info>  SUP: response was 'OK' 
   Jan 14 10:09:48 sarang NetworkManager: <info>  SUP: sending command 'ENABLE_NETWORK 0' 
   Jan 14 10:09:48 sarang NetworkManager: <info>  SUP: response was 'OK' 
   Jan 14 10:09:48 sarang NetworkManager: <info>  Activation (eth2) Stage 2 of 5 (Device Configure) complete. 
    ...
   Jan 14 10:10:48 sarang NetworkManager: <info>  Activation (eth2/wireless): association took too long (>60s), failing activation. 
   Jan 14 10:10:48 sarang NetworkManager: <info>  Activation (eth2) failure scheduled... 
   Jan 14 10:10:48 sarang NetworkManager: <info>  Activation (eth2) failed for access point (impa-wl) 
   Jan 14 10:10:48 sarang NetworkManager: <info>  Activation (eth2) failed. 
   Jan 14 10:10:48 sarang NetworkManager: <info>  Deactivating device eth2.</pre>
      1 Quando não é assim, acontece da associação ser *efetivada* mas o DHCP não responde (provavelmente porque a associação teve algum erro não identificado pelo !NetworkManager:<pre>
   Jan 14 11:25:41 sarang NetworkManager: <info>  SUP: response was 'OK' 
   Jan 14 11:25:41 sarang NetworkManager: <info>  SUP: sending command 'ADD_NETWORK' 
   Jan 14 11:25:41 sarang NetworkManager: <info>  SUP: response was '0' 
   Jan 14 11:25:41 sarang NetworkManager: <info>  SUP: sending command 'SET_NETWORK 0 ssid 696d70612d776c' 
   Jan 14 11:25:41 sarang NetworkManager: <info>  SUP: response was 'OK' 
   Jan 14 11:25:41 sarang NetworkManager: <info>  SUP: sending command 'SET_NETWORK 0 key_mgmt NONE' 
   Jan 14 11:25:41 sarang NetworkManager: <info>  SUP: response was 'OK' 
   Jan 14 11:25:41 sarang NetworkManager: <info>  SUP: sending command 'SET_NETWORK 0 auth_alg SHARED' 
   Jan 14 11:25:41 sarang NetworkManager: <info>  SUP: response was 'OK' 
   Jan 14 11:25:41 sarang NetworkManager: <info>  SUP: sending command 'SET_NETWORK 0 wep_key0 <key>' 
   Jan 14 11:25:41 sarang NetworkManager: <info>  SUP: response was 'OK' 
   Jan 14 11:25:41 sarang NetworkManager: <info>  SUP: sending command 'SET_NETWORK 0 wep_tx_keyidx 0' 
   Jan 14 11:25:41 sarang NetworkManager: <info>  SUP: response was 'OK' 
   Jan 14 11:25:41 sarang NetworkManager: <info>  SUP: sending command 'ENABLE_NETWORK 0' 
   Jan 14 11:25:41 sarang NetworkManager: <info>  SUP: response was 'OK' 
   Jan 14 11:25:41 sarang NetworkManager: <info>  Activation (eth2) Stage 2 of 5 (Device Configure) complete. 
   Jan 14 11:25:41 sarang kernel: bcm43xx: set security called, .active_key = 0, .enabled = 1, .encrypt = 1
   Jan 14 11:25:41 sarang kernel: SoftMAC: Open Authentication completed with 00:11:95:be:ce:d4
   Jan 14 11:25:41 sarang kernel: ADDRCONF(NETDEV_CHANGE): eth2: link becomes ready
   Jan 14 11:25:41 sarang NetworkManager: <info>  Activation (eth2/wireless) Stage 2 of 5 (Device Configure) successful.  Connected to access point 'impa-wl'. 
   Jan 14 11:25:41 sarang NetworkManager: <info>  Activation (eth2) Stage 3 of 5 (IP Configure Start) scheduled. 
   Jan 14 11:25:41 sarang NetworkManager: <info>  Activation (eth2) Stage 3 of 5 (IP Configure Start) started... 
   Jan 14 11:25:42 sarang NetworkManager: <info>  Activation (eth2) Beginning DHCP transaction. 
   Jan 14 11:25:42 sarang NetworkManager: <info>  Activation (eth2) Stage 3 of 5 (IP Configure Start) complete. 
   Jan 14 11:25:42 sarang NetworkManager: <info>  DHCP daemon state is now 12 (successfully started) for interface eth2 
   Jan 14 11:25:43 sarang avahi-daemon[3911]: Registering new address record for fe80::21a:73ff:fe29:7c49 on eth2.*.
   Jan 14 11:25:43 sarang NetworkManager: <info>  DHCP daemon state is now 1 (starting) for interface eth2 
   Jan 14 11:25:46 sarang dhclient: DHCPDISCOVER on eth2 to 255.255.255.255 port 67 interval 5
   Jan 14 11:25:51 sarang dhclient: DHCPDISCOVER on eth2 to 255.255.255.255 port 67 interval 6
   Jan 14 11:25:52 sarang kernel: eth2: no IPv6 routers present
   Jan 14 11:25:57 sarang dhclient: DHCPDISCOVER on eth2 to 255.255.255.255 port 67 interval 14
   Jan 14 11:26:11 sarang dhclient: DHCPDISCOVER on eth2 to 255.255.255.255 port 67 interval 19
   Jan 14 11:26:27 sarang NetworkManager: <info>  Device 'eth2' DHCP transaction took too long (>45s), stopping it.

5. Configurei o wpa_supplicant igual ao citado acima agora adicionando a linha auth_alg=SHARED, como o applet configura o NetworkManager e executei o wpa_supplicant:

   # wpa_supplicant -i eth2 -d -c test.conf
   Scan results: 3
   Selecting BSS from priority group 0
   Try to find WPA-enabled AP
   0: 00:11:95:be:ce:d4 ssid='impa-wl' wpa_ie_len=0 rsn_ie_len=0 caps=0x11
      skip - no WPA/RSN IE
   1: 00:15:e9:f7:1e:4d ssid='cin-wl' wpa_ie_len=0 rsn_ie_len=0 caps=0x11
      skip - no WPA/RSN IE
   2: 00:0f:3d:ae:cb:cd ssid='impa-wl' wpa_ie_len=0 rsn_ie_len=0 caps=0x11
      skip - no WPA/RSN IE
   Try to find non-WPA AP
   0: 00:11:95:be:ce:d4 ssid='impa-wl' wpa_ie_len=0 rsn_ie_len=0 caps=0x11
      selected non-WPA AP 00:11:95:be:ce:d4 ssid='impa-wl'
   Trying to associate with 00:11:95:be:ce:d4 (SSID='impa-wl' freq=2412 MHz)
   Cancelling scan request
   WPA: clearing own WPA/RSN IE
   Automatic auth_alg selection: 0x1
   Overriding auth_alg selection: 0x2
   WPA: clearing AP WPA IE
   WPA: clearing AP RSN IE
   WPA: clearing own WPA/RSN IE
   wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
   wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
   wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
   wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
   wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
   wpa_driver_wext_set_key: alg=1 key_idx=0 set_tx=1 seq_len=0 key_len=13
   wpa_driver_wext_set_drop_unencrypted
   State: SCANNING -> ASSOCIATING
   wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
   WEXT: Operstate: linkmode=-1, operstate=5
   wpa_driver_wext_associate
   Setting authentication timeout: 10 sec 0 usec
   EAPOL: External notification - portControl=ForceAuthorized
   RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
   Wireless event: cmd=0x8b06 len=12
   RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
   Wireless event: cmd=0x8b04 len=16
   RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
   Wireless event: cmd=0x8b1a len=23
   RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
   Wireless event: cmd=0x8b15 len=24
   Wireless event: new AP: 00:00:00:00:00:00
   BSSID 00:11:95:be:ce:d4 blacklist count incremented to 2
   CTRL-EVENT-DISCONNECTED - Disconnect event - remove keys
   State: ASSOCIATING -> DISCONNECTED
   wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
   WEXT: Operstate: linkmode=-1, operstate=5
   EAPOL: External notification - portEnabled=0
   EAPOL: External notification - portValid=0
   RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
   Wireless event: cmd=0x8b15 len=24
   Wireless event: new AP: 00:11:95:be:ce:d4
   State: DISCONNECTED -> ASSOCIATED
   wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
   WEXT: Operstate: linkmode=-1, operstate=5
   Associated to a new BSS: BSSID=00:11:95:be:ce:d4
   Associated with 00:11:95:be:ce:d4
   WPA: Association event - clear replay counter
   EAPOL: External notification - portEnabled=0
   EAPOL: External notification - portValid=0
   EAPOL: External notification - portEnabled=1
   EAPOL: SUPP_PAE entering state S_FORCE_AUTH
   EAPOL: SUPP_BE entering state IDLE
   Cancelling authentication timeout
   Removed BSSID 00:11:95:be:ce:d4 from blacklist
   State: ASSOCIATED -> COMPLETED
   CTRL-EVENT-CONNECTED - Connection to 00:11:95:be:ce:d4 completed (reauth) [id=0 id_str=]
   wpa_driver_wext_set_operstate: operstate 0->1 (UP)
   WEXT: Operstate: linkmode=-1, operstate=6
   Cancelling scan request
   RTM_NEWLINK: operstate=1 ifi_flags=0x11003 ([UP][LOWER_UP])
   WEXT: Operstate: linkmode=-1, operstate=6
   RTM_NEWLINK, IFLA_IFNAME: Interface 'eth2' added
   RTM_NEWLINK: operstate=1 ifi_flags=0x11043 ([UP][RUNNING][LOWER_UP])
   RTM_NEWLINK, IFLA_IFNAME: Interface 'eth2' added

6. E como mostra acima depois de 40 segundos a associação esteve completa e pude executar o dhclient tranquilamente e voltar a editar este blog.
7. Não sei bem como resolver a questão por completo nem onde está a origem do problema, talvez seja mesmo coisa do ponto de acesso mal configurado, mas o fato é que só funcionou com o wpa_supplicant manual.

Resumindo, caso vc tenha problemas com o NetworkManager para se conectar numa rede WEP com chaves compartilhadas, basta configurar seu wpa_supplicant para a configuração abaixo, rodar ele e esperar que a associação se complete:

ctrl_interface=/var/run/wpa_supplicant
network={
	ssid="MINHA REDE"
	key_mgmt=NONE
        auth_alg=SHARED
	wep_key0="MINHA SENHA"
	wep_tx_keyidx=0
}

Solução em http://mail.gnome.org/archives/networkmanager-list/2008-January/msg00095.html. Na verdade, eu deveria ter usado a opção WEP de 64/128-bit ASCII no menu do nm-applet e marcar chaves compartilhadas. Engraçado que tenho o mesmo problema em outra rede (puc-rio) e deve ser isso.

---

Esta obra está licenciada sob uma Licença Creative Commons.