[Bluez-users] Bluez NAP refuses connection if PANU clent has deleted pairing.

[Bluez-users] Bluez NAP refuses connection if PANU clent has deleted pairing.

[Alec]

Hi,

I am using openslug 2.7 linux on Linksys NSLU2 server to create a 
Bluetooth NAP.

The packages are a bit out of date but they are the latest available for 
the NSLU2.

bluez-utils-nodbus - 2.21-r0 -
kernel-module-bluetooth - 2.6.12.2-r17.4 -
libbluetooth1 - 2.21-r0 -

The NAP works perfectly allowing clients to connect, enter the PIN and 
gain internet access via tle Bluez NAP.  Once clients have paired once 
they can re-connect without a PIN.

The problem I get is if a client deletes its pairing but the server 
still has its pairing in /var/lib/bluetooth/{ADDR}/linkkeys.  Under 
these circumstances the client is refused access until I delete the 
pairing on the server - at which point the client is prompted to re-pair 
and everything then works fine again.

I assumed there was some combination of settings in hcid.conf that would 
overcome this (pairing multi looked promising! but made no difference) 
and I have tried every variation of  settings I can think of. 

Please can anyone help?

Thanks in advance

Alec

[hcid.conf]

#
# HCI daemon configuration file.
#
# $Id: hcid.conf,v 1.4 2004/04/29 20:14:21 holtmann Exp $
#

# HCId options
options {
    # Automatically initialize new devices
    autoinit yes;

    # Security Manager mode
    #   none - Security manager disabled
    #   auto - Use local PIN for incoming connections
    #   user - Always ask user for a PIN

    security auto;  ## /etc/bluetooth/pin
    #security user; ## calls helper application


    # Pairing mode
    #   none  - Pairing disabled
    #   multi - Allow pairing with already paired devices
    #   once  - Pair once and deny successive attempts
    pairing multi;

    # PIN helper
    # pin_helper /bin/bluepin;
     pin_helper /etc/bluetooth/feed-pin.sh;

    # D-Bus PIN helper
    # dbus_pin_helper;
}

# Default settings for HCI devices
device {
    # Local device name
    #   %d - device id
    #   %h - host name
    name "%h";
   
    # Local device class
    class 0x820100;

    # Default packet type
    #pkt_type DH1,DM1,HV1;

    # Inquiry and Page scan
    iscan enable;
    pscan enable;

    # Default link mode
    #   none   - no specific policy
    #   accept - always accept incoming connections
    #   master - become master on incoming connections,
    #            deny role switch on outgoing connections
    #
    lm accept,master;

    # Default link policy
    #   none    - no specific policy
    #   rswitch - allow role switch
    #   hold    - allow hold mode
    #   sniff   - allow sniff mode
    #   park    - allow park mode
    #
    lp rswitch,hold,sniff,park;

    # Authentication and Encryption
    auth enable;
    encrypt enable;
}


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________


_______________________________________________
Bluez-users mailing list
Bluez-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-users

Re: [Bluez-users] Bluez NAP refuses connection if PANU clent has deleted pairing.

[Marcel Holtmann]

Hi Alec,

> I am using openslug 2.7 linux on Linksys NSLU2 server to create a 
> Bluetooth NAP.
> 
> The packages are a bit out of date but they are the latest available for 
> the NSLU2.
> 
> bluez-utils-nodbus - 2.21-r0 -
> kernel-module-bluetooth - 2.6.12.2-r17.4 -
> libbluetooth1 - 2.21-r0 -
> 
> The NAP works perfectly allowing clients to connect, enter the PIN and 
> gain internet access via tle Bluez NAP.  Once clients have paired once 
> they can re-connect without a PIN.
> 
> The problem I get is if a client deletes its pairing but the server 
> still has its pairing in /var/lib/bluetooth/{ADDR}/linkkeys.  Under 
> these circumstances the client is refused access until I delete the 
> pairing on the server - at which point the client is prompted to re-pair 
> and everything then works fine again.
> 
> I assumed there was some combination of settings in hcid.conf that would 
> overcome this (pairing multi looked promising! but made no difference) 
> and I have tried every variation of  settings I can think of. 

you are in security mode 3 (auth and encrypt enabled). Don't do this.
Simply start pand with -A and -E options. You should also update your
bluez-utils to the latest version, because the handling of the link keys
might contain a bug and this is the reason why you see this issue.

Regards

Marcel




_______________________________________________
Bluez-users mailing list
Bluez-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-users

Re: [Bluez-users] Bluez NAP refuses connection if PANU clent has deleted pairing.

[Marcel Holtmann]

Hi Alec,

> Thanks for the reply.  I will try to get a later version of bluez-utils 
> then update the mailing list with the outcome.

always reply to the mailing list. There is no point in moving this to a
private discussion.

> I just wanted to clarify one point first about not using auth and 
> encrypt (mode 3). 

If you set auth and encrypt in hcid.conf (which got removed in
bluez-utils-3.1 btw) then you are in security mode 3. You really don't
wanna do that and for the why you simply look at the mailing list
archive, because this has been discussed multiple times.

> Do you mean just that I shouldn't use them in hcid.conf and only use 
> them when I start the pand daemon?  Or is there some problem using both 
> options together?

The pand has the options -A (for auth) and -E (for encrypt) and this
gives you security mode 2 which is what you really want.

Regards

Marcel




_______________________________________________
Bluez-users mailing list
Bluez-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-users

Re: [Bluez-users] Bluez NAP refuses connection if PANU clent has deleted pairing.

[Alec]

Hi Marcel

Once I removed auth and encrypt from hcid.conf everything works fine.

Just to be on the safe side I downloaded the latest bluez-utils I could 
find for the NSLU2 (2.25) device anyway.

Thanks for your help

Alec

Marcel Holtmann wrote:
> Hi Alec,
>
>   
>> Thanks for the reply.  I will try to get a later version of bluez-utils 
>> then update the mailing list with the outcome.
>>     
>
> always reply to the mailing list. There is no point in moving this to a
> private discussion.
>
>   
>> I just wanted to clarify one point first about not using auth and 
>> encrypt (mode 3). 
>>     
>
> If you set auth and encrypt in hcid.conf (which got removed in
> bluez-utils-3.1 btw) then you are in security mode 3. You really don't
> wanna do that and for the why you simply look at the mailing list
> archive, because this has been discussed multiple times.
>
>   
>> Do you mean just that I shouldn't use them in hcid.conf and only use 
>> them when I start the pand daemon?  Or is there some problem using both 
>> options together?
>>     
>
> The pand has the options -A (for auth) and -E (for encrypt) and this
> gives you security mode 2 which is what you really want.
>
> Regards
>
> Marcel
>
>
>
>
>   


______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email 
______________________________________________________________________


_______________________________________________
Bluez-users mailing list
Bluez-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bluez-users