2

My office WiFi uses WPA & WPA2 Enterprise Security with PEAP authentication, and MSCHAPv2 for inner authentication.

Since upgrading to Ubuntu 22.04, I am unable to connect to my office WiFi. Here's what I get in my syslog when trying to connect...

wlp0s20f3: CTRL-EVENT-EAP-STARTED EAP authentication started
wlp0s20f3: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
wlp0s20f3: CTRL-EVENT-EAP-PROPOSED-METHOD vendor=0 method=25
wlp0s20f3: CTRL-EVENT-EAP-METHOD EAP vendor 0 method 25 (PEAP) selected
wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=censored01.censored.local' hash=52e340fc31204b7f84c085407067b2bc1b320954930059e5358b51c453ff8f6e
wlp0s20f3: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:censored01.censored.local
wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=censored01.censored.local' hash=52e340fc31204b7f84c085407067b2bc1b320954930059e5358b51c453ff8f6e
wlp0s20f3: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:censored01.censored.local
wlp0s20f3: CTRL-EVENT-EAP-PEER-CERT depth=0 subject='/CN=censored01.censored.local' hash=52e340fc31204b7f84c085407067b2bc1b320954930059e5358b51c453ff8f6e
wlp0s20f3: CTRL-EVENT-EAP-PEER-ALT depth=0 DNS:censored01.censored.local
SSL: SSL3 alert: write (local SSL3 detected an error):fatal:internal error
OpenSSL: openssl_handshake - SSL_connect error:0A0C0103:SSL routines::internal error
wlp0s20f3: CTRL-EVENT-EAP-FAILURE EAP authentication failed
wlp0s20f3: Authentication with 58:b6:33:bb:19:4c timed out.
wlp0s20f3: CTRL-EVENT-DISCONNECTED bssid=58:b6:33:bb:19:4c reason=3 locally_generated=1
wlp0s20f3: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="Censored Secure" auth_failures=2 duration=28 reason=AUTH_FAILED
BSSID 58:b6:33:bb:19:4c ignore list count incremented to 2, ignoring for 10 seconds
wlp0s20f3: CTRL-EVENT-SSID-TEMP-DISABLED id=0 ssid="Censored Secure" auth_failures=3 duration=32 reason=CONN_FAILED

I've done some searching for these error messages, and I've seen some recommendations to allow OpenSSL to "allow unsafe legacy renegotiations." That sounds unsafe, for obvious reasons, so I'm reluctant to try it without understanding more.

Is this a known bug in Ubuntu 22.04? Is there a workaround I'm unaware of? Is it safe to enable unsafe renegotiations?

(Edit: here's an Ubuntu bug tracker discussion, with the aforementioned workaround recommendation. I'd be happy to use the workaround, except that I'm worried it will cause security problems if I'm using WiFi elsewhere...)

John Chrysostom
  • 181
  • 1
  • 10

2 Answers2

1

To fix the issue, you can downgrade to wpasupplicant 2.9.0 build 1

  1. Create a file "/etc/apt/sources.list.d/impish.list"
  2. Provide the below lines in the "impish.list" and save
    deb http://archive.ubuntu.com/ubuntu/ impish main restricted universe multiverse
    deb http://archive.ubuntu.com/ubuntu/ impish-updates main restricted universe multiverse
    deb http://archive.ubuntu.com/ubuntu/ impish-security main restricted universe multiverse
  1. sudo apt update
  2. sudo apt -y --allow-downgrades install wpasupplicant=2:2.9.0-21build1
  3. sudo apt-mark hold wpasupplicant

After the vendor releases a fix later, you can rollback the changes by

sudo rm -f /etc/apt/sources.list.d/impish.list

sudo apt-mark unhold wpasupplicant

sudo apt-get update

sudo apt-get install wpasupplicant

Sreejith Kumar S
  • 11
0

[UPDATE]

The impish source is no longer working. I used the following which worked:

  1. sudo nano /etc/apt/source.list
  2. Add to the end and save the following line:

deb http://archive.ubuntu.com/ubuntu/ focal-updates main restricted universe multiverse

  1. sudo apt update
  2. sudo apt -y --allow-downgrades install wpasupplicant=2:2.9-1ubuntu4.3
  3. sudo apt-mark hold wpasupplicant
Nik
  • 1