esp-idf: Unable to connect to CISCO wpa2 enterprise network (IDFGH-2195)

Environment

  • Development Kit: [CUSTOM]
  • Module or chip used: [ESP32-WROOM-32D]
  • IDF version: // v3.3-127-g0a0f2caa1
  • Build System: [Make]
  • Compiler version: // 1.22.0-80-g6c4433a5
  • Operating System: [Windows]
  • Power Supply: [Battery]

Problem Description

A customer of mine has trouble connecting to their factory network that uses CISCO WPA2 enterprise security. He uses PEAP-MSCHAPV2 as a security method without any certificates being set (client or CA) with username and password assigned. Logging is set to DEBUG but does not generate much info.

The customer receives the following error message from the CISCO network: ‘** 12321 PEAP failed SSL / TLS handshake because client rejected ISE local certificate **’

I interpret it as ESP32 is rejecting the server certificate for some reason.

I have managed to connect to my own router (ASUS RT-AC86U) with freeRADIUS with the same ESP32 hardware/software version and settings.

One thing I noticed in the log output is the line: W (197204) wifi: add mismatch I have not seen this before. I have search for it but it seems to be embedded in the sealed espressif wifi library somewhere.

Expected Behavior

Actual Behavior

Steps to repropduce

I am unable to reproduce this due to lack of customer hardware

Code to reproduce this issue

Debug Logs

I (193481) wpa: WPA2 ENTERPRISE VERSION: [v2.0] enable

I (195159) wifi: new:<1,0>, old:<11,0>, ap:<255,255>, sta:<1,0>, prof:1 I (195164) wifi: state: run -> auth (b0) I (196165) wifi: state: run -> init (200) I (196170) wifi: new:<1,0>, old:<1,0>, ap:<255,255>, sta:<1,0>, prof:1 I (196171) wifi: new:<11,0>, old:<1,0>, ap:<255,255>, sta:<11,0>, prof:1 I (196176) wifi: state: init -> auth (b0) I (197179) wifi: state: auth -> init (200) I (197180) wifi: new:<11,0>, old:<11,0>, ap:<255,255>, sta:<11,0>, prof:1 I (197185) wifi: new:<1,0>, old:<11,0>, ap:<255,255>, sta:<1,0>, prof:1 I (197189) wifi: state: init -> auth (b0) I (197194) wifi: state: auth -> assoc (0) I (197199) wifi: state: assoc -> run (10) W (197204) wifi: add mismatch I (197205) wpa: wpa2_task prio:2, stack:6656

I (197244) wpa: >>>>>wpa2 FAILED

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 40 (24 by maintainers)

Most upvoted comments

@persan666 Can you try the following workaround - Replace this line with
“if (conn->cred && g_wpa_ca_cert &&”

+1
sagb2015 on Nov 28, 2019
Read more comments on GitHub
← esp-idf: Unable to build component host tests that test code using hal (IDFGH-9074)
esp-idf: Unable to connect to WiFi, ESP32S3 goes in loop (IDFGH-7755) →