wifi "deauthenticated due to local deauth request"

From:	John Smith <jvin248 at gmail dot com>
To:	m0n0wall <m0n0wall at lists dot m0n0 dot ch>
Subject:	wifi "deauthenticated due to local deauth request"
Date:	Thu, 16 Jun 2011 08:24:44 -0400
Hi,
I've submitted this to the pfsense forum, but after three months of no 
solutions or pointers, I thought I'd hopefully ask here, because maybe 
it's a FreeBSD issue that m0n0wall has seen as well?

I have a pfsense v1.2.3 box running that keeps kicking wifi clients off 
and won't let them reconnect.  Clients are Ubuntu 9.10, 10.04, and 11.04 
plus Windows 7.  The clients can log into another radio (the ISP wifi 
gateway) directly when there are problems on pfsense, so the clients 
seem ok.  The pfsense router is using WPA2-PSK AES security features.

Here's a section of the log (reverse chronology) when the problem 
happens, this block is repeated many times as the client attempts to 
reconnect:

Jun 16 01:10:00     hostapd: ral0: STA 00:1c:bf:1d:xx:xx IEEE 802.11: 
deassociated
Jun 16 01:09:58     hostapd: ral0: STA 00:1c:bf:1d:xx:xx IEEE 802.11: 
associated
Jun 16 01:09:56     hostapd: ral0: STA 00:1c:bf:1d:xx:xx IEEE 802.11: 
deassociated
Jun 16 01:09:56     hostapd: ral0: STA 00:1c:bf:1d:xx:xx IEEE 802.11: 
deauthenticated due to local deauth request


Then I found if I reboot the router (lately all I do is turn off then 
back on WPA on the wireless interface page) it resets the router and the 
client can immediately attach. The client is left on and nothing other 
than selecting the pfsense AP is done. (reverse chronology):

Jun 16 11:29:04     hostapd: ral0: STA 00:1c:bf:1d:3b:xx WPA: pairwise 
key handshake completed (RSN)
Jun 16 11:29:04     hostapd: ral0: STA 00:1c:bf:1d:3b:xx IEEE 802.11: 
associated
Jun 16 11:28:29     check_reload_status: reloading filter
Jun 16 11:28:28     php: /interfaces_opt.php: Creating rrd update script
Jun 16 11:28:25     kernel: xl1: promiscuous mode enabled
Jun 16 11:28:25     kernel: ral0: promiscuous mode enabled
Jun 16 11:28:24     kernel: bridge0: Ethernet address: de:bf:66:1b:61:xx
Jun 16 11:28:23     kernel: ral0: promiscuous mode disabled
Jun 16 11:28:23     kernel: xl1: promiscuous mode disabled
Jun 16 11:28:10     kernel: xl1: promiscuous mode enabled
Jun 16 11:28:10     kernel: ral0: promiscuous mode enabled
Jun 16 11:28:09     kernel: bridge0: Ethernet address: 3e:70:38:47:03:xx
Jun 16 11:28:08     kernel: ral0: promiscuous mode disabled
Jun 16 11:28:08     kernel: xl1: promiscuous mode disabled
Jun 16 11:27:37     check_reload_status: reloading filter
Jun 16 11:27:32     php: /interfaces_opt.php: Creating rrd update script
Jun 16 11:27:28     kernel: xl1: promiscuous mode enabled
Jun 16 11:27:28     kernel: ral0: promiscuous mode enabled
Jun 16 11:27:26     kernel: bridge0: Ethernet address: 5e:00:70:7e:f5:xx
Jun 16 11:27:24     kernel: ral0: promiscuous mode disabled
Jun 16 11:27:24     kernel: xl1: promiscuous mode disabled
Jun 16 11:27:12     kernel: xl1: promiscuous mode enabled
Jun 16 11:27:12     kernel: ral0: promiscuous mode enabled
Jun 16 11:27:11     kernel: bridge0: Ethernet address: f2:0d:3c:73:5b:xx
Jun 16 11:27:10     kernel: ral0: promiscuous mode disabled
Jun 16 11:27:10     kernel: xl1: promiscuous mode disabled
Jun 16 08:25:00     check_reload_status: check_reload_status is starting


Any thoughts?  I changed the Key Rotation/Master Key Regeneration cycle 
from 1 minute to max of 2.5 hours and while the connection works longer 
it still eventually forces manually resetting the WPA option.


Thanks!

John