Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FS#2625 - WiFi clients are isolated on WRT1900acs v2 running 19.07.0-rc1 #7450

Open
openwrt-bot opened this issue Nov 23, 2019 · 2 comments
Open
Labels

Comments

@openwrt-bot
Copy link

@openwrt-bot openwrt-bot commented Nov 23, 2019

sljansen:

I did an upgrade on a WRT1900acs v2 router (my backup router) that was running 18.06.4 (I think) via LuCI using the image "openwrt-19.07.0-rc1-mvebu-cortexa9-linksys_wrt1900acs-squashfs-sysupgrade.bin" keeping the old configuration. Everything seemed good except the clients could not connect or ping each other. The router could reach/ping the clients. This was the case whether or not "Isolate Clients" is set in the LuCI Wireless -> Edit -> Advanced Settings.

I noticed that if I connect an ethernet wire to one of the clients (a Raspberry Pi) and hook it to the router that I could connect/ping the Pi using either the IP associated with the ethernet connection or the IP associated with the WiFi connection from another client. When I disconnect the ethernet on the Pi I can no longer connect to the Pi's wireless IP
address.

I decided to reinstall 19.07.0-rc1 to see where the isolated client behavior starts. After I reinstalled 19.07.0-rc1 I restored the configuration using LuCI System -> Backup / Flash Firmware -> Restore Backup. After it rebooted it was working, clients were not isolated. I installed a few packages that I wanted, here's the list:

ca-bundle_20190110-1_all.ipk
ca-certificates_20190110-1_all.ipk
kmod-tun_4.14.151-1_arm_cortex-a9_vfpv3.ipk
liblzo2_2.10-2_arm_cortex-a9_vfpv3.ipk
libmbedtls12_2.16.3-1_arm_cortex-a9_vfpv3.ipk
libopenssl1.1_1.1.1d-2_arm_cortex-a9_vfpv3.ipk
libustream-mbedtls20150806_2019-11-05-c9b66682-2_arm_cortex-a9_vfpv3.ipk
openvpn-mbedtls_2.4.7-2_arm_cortex-a9_vfpv3.ipk

Everything still working. I wanted WPA3 so I removed wpad-basic and installed

wpad-openssl_2019-08-08-ca8c2bd2-1_arm_cortex-a9_vfpv3.ipk

Everything still working. I changed the 5 Ghz wifi from WPA2-SPK to WPA3-SAE. Everything still working. I changed the 2.4 Ghz wifi from WPA2-SPK to WPA2-SPK/WPA3-SAE mixed. This is when it stopped working. I don't know if this last step actually caused the problem since setting both wifi networks back to WPA2-SPK and rebooting (and unplugging for 5 minutes) does not fix the problem, clients are still isolated. Pretty much all clients are on the 2.4 Ghz network.

Here are a couple bits of diagnostic which may or may not be helpful:

-------------> when everything is working (clients not isolated):

cat /sys/devices/virtual/net/eth0.1/brport/hairpin_mode

0

cat /sys/devices/virtual/net/eth0.1/brport/isolated

0

cat /var/run/hostapd-phy0.conf

driver=nl80211
logger_syslog=127
logger_syslog_level=2
logger_stdout=127
logger_stdout_level=2
country_code=US
ieee80211d=1
ieee80211h=1
hw_mode=a
beacon_int=100
channel=36

tx_queue_data2_burst=2.0
ieee80211n=1
ht_coex=0
ht_capab=[HT40+][LDPC][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]
vht_oper_chwidth=1
vht_oper_centr_freq_seg0_idx=42
ieee80211ac=1
vht_capab=[RXLDPC][SHORT-GI-80][SU-BEAMFORMER][SU-BEAMFORMEE][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN][RX-STBC-1][MAX-A-MPDU-LEN-EXP7]

interface=wlan0
ctrl_interface=/var/run/hostapd
ap_isolate=1
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
preamble=1
wmm_enabled=1
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
multi_ap=0
wpa_passphrase=XXXXXXXXXX
auth_algs=1
wpa=2
wpa_pairwise=CCMP
ssid=folly_5g
bridge=br-lan
wpa_disable_eapol_key_retries=0
wpa_key_mgmt=WPA-PSK
okc=0
disable_pmksa_caching=1
bssid=62:38:e0:12:78:f3

cat /var/run/hostapd-phy1.conf

driver=nl80211
logger_syslog=127
logger_syslog_level=2
logger_stdout=127
logger_stdout_level=2
country_code=US
ieee80211d=1
hw_mode=g
beacon_int=100
channel=7

ieee80211n=1
ht_coex=0
ht_capab=[LDPC][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]

interface=wlan1
ctrl_interface=/var/run/hostapd
ap_isolate=1
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
preamble=1
wmm_enabled=1
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
multi_ap=0
wpa_passphrase=XXXXXXXXXX
auth_algs=1
wpa=2
wpa_pairwise=CCMP
ssid=folly
bridge=br-lan
wpa_disable_eapol_key_retries=0
wpa_key_mgmt=WPA-PSK
okc=0
disable_pmksa_caching=1
bssid=62:38:e0:12:78:f2

-------------> when it's not working (clients isolated)

cat /sys/devices/virtual/net/eth0.1/brport/hairpin_mode

0

cat /sys/devices/virtual/net/eth0.1/brport/isolated

0

cat /var/run/hostapd-phy0.conf

driver=nl80211
logger_syslog=127
logger_syslog_level=2
logger_stdout=127
logger_stdout_level=2
country_code=US
ieee80211d=1
ieee80211h=1
hw_mode=a
beacon_int=100
channel=36

tx_queue_data2_burst=2.0
ieee80211n=1
ht_coex=0
ht_capab=[HT40+][LDPC][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]
vht_oper_chwidth=1
vht_oper_centr_freq_seg0_idx=42
ieee80211ac=1
vht_capab=[RXLDPC][SHORT-GI-80][SU-BEAMFORMER][SU-BEAMFORMEE][RX-ANTENNA-PATTERN
][TX-ANTENNA-PATTERN][RX-STBC-1][MAX-A-MPDU-LEN-EXP7]

interface=wlan0
ctrl_interface=/var/run/hostapd
ap_isolate=1
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
preamble=1
wmm_enabled=1
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
multi_ap=0
sae_require_mfp=1
wpa_passphrase=XXXXXXXXXX
auth_algs=1
wpa=2
wpa_pairwise=CCMP
ssid=folly_5g
bridge=br-lan
wpa_disable_eapol_key_retries=0
wpa_key_mgmt=SAE
okc=1
ieee80211w=2
group_mgmt_cipher=AES-128-CMAC
bssid=62:38:e0:12:78:f3

cat /var/run/hostapd-phy1.conf

driver=nl80211
logger_syslog=127
logger_syslog_level=2
logger_stdout=127
logger_stdout_level=2
country_code=US
ieee80211d=1
hw_mode=g
beacon_int=100
channel=7

ieee80211n=1
ht_coex=0
ht_capab=[LDPC][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]

interface=wlan1
ctrl_interface=/var/run/hostapd
ap_isolate=1
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
preamble=1
wmm_enabled=1
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
multi_ap=0
wpa_passphrase=XXXXXXXXXX
auth_algs=1
wpa=2
wpa_pairwise=CCMP
ssid=folly
bridge=br-lan
wpa_disable_eapol_key_retries=0
wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256
okc=0
disable_pmksa_caching=1
ieee80211w=1
group_mgmt_cipher=AES-128-CMAC
bssid=62:38:e0:12:78:f2

@openwrt-bot
Copy link
Author

@openwrt-bot openwrt-bot commented May 12, 2020

socram8888:

I am being hit by this very same bug. It seems to be triggered by activating 802.11w. As soon as it is disabled, my clients can again ping each other.

This still affects me as of v19.07.2 on a WRT1200AC using wpad-openssl.

@openwrt-bot
Copy link
Author

@openwrt-bot openwrt-bot commented Nov 7, 2020

marbf:

I was running into the same problem. As I could not ping other wifi clients on my network. Disabling 802.11w helped here.

However this was only possible when having a WPA2-PSK network. Disabling 802.11w for WPA2-PSK/WPA3-SAE always resetted it to "Optional" and thus again to isolation of wifi clients.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant