Airport Express works great… Until you want WPA2(AES)

I recieved my Airport Express last tuesday and had it installed as a wireless audio connection for my stereo in a couple of minutes as follows:

  1. Plug the Airport Express in a wall outlet.
  2. (Temporarily) connect it to the network using an UTP cable
  3. Run the Airport Administration utility (forget the wizzard, it will not allow you to setup the airport as a client).
  4. Setup the Airport Express to connect to your existing network (which was WEP encrypted at that time)
  5. Unplug the Airport Express, take it to the living room and plug it into an outlet, and connect it to the stereo (look ma, no wires!)
  6. Select the airtunes to be used as speaker device in iTunes and you’re all set

So far, so good. I’ve enjoyed listening to my mp3’s in the living room for a few days. I can see my Mac mini from the couch, and I can read the frontrow screen with the nice cover art, and can control playback with the apple remote. I also noted that I can select to use the Airport Extreme as well as the speakers connected to the mac simultaniously. The music is actually synchronized, so there is no “echo” when playing music from both speaker sets. Nice!

Today I decided to upgrade the encryption of the access point in the living room to WPA2 (or WPA with AES Rijndael encryption and reloading key groups every 5 minutes for the nerds out there). My Linksys WAP45G supports this, as well as all the wifi hardware I currently own (I checked). Everything was converted to WPA2 pretty easy, until I came to my new shiny toy, the Airport Extreme.

I spent this whole evening trying to get it connect as a client to the WPA2 network, but to no avail. Other people are reporting similar problems. It just sits there blinking it’s amber light. Luckaly I have an ethernet cable available near the stereo (network everywhere! wohoo!) so I decided to give up and connect the Airport Extreme to the network by cable. So now everything is working again

The disadvantage I have right now is that I can not use the Airport Extreme anywhere in the house without wires. I’m not downgrading my security for now, I hope Apple solves this problem in a future release of the Airport Express firmware. They are usually pretty fast with fixes so I’m not that worried (yet).

More info on WEP, WPA and WPA2 can be found on wikipedia at http://en.wikipedia.org/wiki/Wi-Fi_Protected_Access. And NO, WPA2 is NOT easy to crack, like I read on some forums. Damned wisenose hoax-starting scriptkiddies.

Still not convinced? From an article about AES on Wikipedia:
“The design and strength of all key lengths of the AES algorithm (i.e., 128, 192 and 256) are sufficient to protect classified information up to the SECRET level. TOP SECRET information will require use of either the 192 or 256 key lengths. The implementation of AES in products intended to protect national security systems and/or information must be reviewed and certified by NSA prior to their acquisition and use.”
So there. AES with 192 bit keys are secure enough for TOP SECRET documents for the US governement. Secure enough for your home? I guess so!

Sidestep: I noted this little “how to” on my desktop on how to set up the mac mini fileserver . I guess I need to finish that, since it is very intresting to see how simple it is to setup a quiet, low power fileserver with versioned backups, CVS server and the added security of the OSX operating system, for just over 300 Euros. I hope you’ll be able to read about it soon on this blog.

Advertisements

16 Responses to Airport Express works great… Until you want WPA2(AES)

  1. rolfje says:

    Now that my PS3 is sitting underneath my TV, and playing video over DLNA requires bandwidth, I plugged the ethernet cable in the PS3, and temporarily switched to WPA/TKIP for my wireless network.

    Next week I’ll be rearranging the livingroom. That’s when I will install a network switch behind the PS3 so that the Airport is again wired, and I can switch the wireless network back to WPA2/AES.

  2. Rich V says:

    Did you ever get your Airport Express to connect to a WPA2 protected router? If so how I can only get mine to connect via WPA or WEP.

  3. rolfje says:

    I never did got the Airport Express to work over WPA2 with my Linksys. The Airport is now connected by UTP cable because I wanted UTP to my TV and PS3 anyway. An extra cable to the switch solved the WPA2 problem (circumvented it actually).

    I sure hope Apple will fix this, but I think the Airport Express is maybe too old to update. It’s not in focus.

  4. Mark says:

    I have this problem too and it’s so annoying 😦 I’ve got my AE wired to my switch for now, as well…

    I read on Apple’s site that WPA2 requires a Mac–maybe just to set up–WEIRD?

  5. rolfje says:

    I have no Windows machines, only Macs here, so that can not be the problem. There’s something strange going on with the airport express, and Apple is clearly not supporting it anymore (although they say they do).

  6. Master-G says:

    WPA2-AES is now working since firmware 7.4.2.
    Hurray!!!

  7. bsod says:

    Too bad my AE is G only and stuck with 6.3 firmware 😦

  8. Dave NYC says:

    I too had the same problem but managed to work around it. When I first tried to configure WPA2-Personal AES on my older Airport Express (G only) I was using the Airport Utility v5.5.2. Every time I set up wireless security as WPA2-AES, I could not connect. If I turned off security, it all worked fine. Then I tried using the older Airport Admin Utility for Windows (v. 4.2) I select WPA-AES, and lo and behold, it took, and connected to the network after it reset.

  9. Abe Hendin says:

    I can confirm successful connection of my older Airport Express G-only on firmware 6.3 to my WPA2-AES network (DD-WRT v24 b13064 on Linksys WRT54GL).

    When I tried to connect at first (modifying AExp settings via Ethernet cable after a reset), I too got the flashing amber, then discovered that I had initially set my wireless algorithm to TKIP. Changed it to AES, applied, and bingo, once wireless was back online, Airport Express went green without even a power cycle.

  10. Dave NYC says:

    Abe – which version of the AE utility did you use to set the security parameter?

    • Abe Hendin says:

      @Dave NYC, I probably used 5.5.2 on OS X. Unfortunately, I later found that my AirTunes broke down. The damned thing is now unplugged! It would play for a bit, then simply stop, though the light remained green. Power cycle would bring it back for a bit, then the cycle would repeat.

      Since it’s an old unit and I’ve experienced failed wireless devices before, I’m thinking about trying the new model (N), but researching the issue doesn’t leave me hopeful. Apple’s own tech specs note reads “When joining an existing wireless network, AirPort Express supports only WPA-Personal.” What up wit dat?! This is 2011, for heaven’s sake! Ho hum.

  11. Horacio Vico says:

    I had the same problem with my old 6.3 G-only Airport Express, trying to connect it to my DD-WRT enabled router using WPA2 security. I managed to get it work, I had to choose “WPA2-Personal” (not WPA2-Personal Mixed), TKIP+AES as encryption algorithm, and WPA/WPA2 Personal in my Airport Express.

  12. Stan says:

    If you want to connect an AP (Airport in this case) to an existing wireless network- this is not the same thing for WiFi to deal with as if you actually use it as an access point. This will be a sort of a either range extender or a bridge (if you connect wired device to WiFi network using AP as a bridge). Due to lack of standards there is no support for WPA in this sort of bridges, and it is not to apple or any other vendor, unfortunately, as it relies on outdated industry standards.

    • rolfje says:

      It’s still stupid. According to the manual and the administration software, it can do this. I’m not sure why it’s impossible. WPA is simply an encryption protocol over WiFi. Why can’t the airport express implement this protocol as any other wifi device?

  13. Maarten says:

    If you want it to connect to WPA2, make sure the encryption is set to AES instead of (AES + TKIP) or TKIP. This will work

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s