OpenWrt/LEDE Project

  • Status Unconfirmed
  • Percent Complete
    0%
  • Task Type Bug Report
  • Category Base system
  • Assigned To No-one
  • Operating System All
  • Severity Low
  • Priority Very Low
  • Reported Version Trunk
  • Due in Version Undecided
  • Due Date Undecided
  • Private
Attached to Project: OpenWrt/LEDE Project
Opened by Stephan Jansen - 23.11.2019

FS#2625 - WiFi clients are isolated on WRT1900acs v2 running 19.07.0-rc1

I did an upgrade on a WRT1900acs v2 router (my backup router) that was running 18.06.4 (I think) via LuCI using the image “openwrt-19.07.0-rc1-mvebu-cortexa9-linksys_wrt1900acs-squashfs-sysupgrade.bin” keeping the old configuration. Everything seemed good except the clients could not connect or ping each other. The router could reach/ping the clients. This was the case whether or not “Isolate Clients” is set in the LuCI Wireless → Edit → Advanced Settings.

I noticed that if I connect an ethernet wire to one of the clients (a Raspberry Pi) and hook it to the router that I could connect/ping the Pi using either the IP associated with the ethernet connection or the IP associated with the WiFi connection from another client. When I disconnect the ethernet on the Pi I can no longer connect to the Pi’s wireless IP
address.

I decided to reinstall 19.07.0-rc1 to see where the isolated client behavior starts. After I reinstalled 19.07.0-rc1 I restored the configuration using LuCI System → Backup / Flash Firmware → Restore Backup. After it rebooted it was working, clients were not isolated. I installed a few packages that I wanted, here’s the list:

ca-bundle_20190110-1_all.ipk
ca-certificates_20190110-1_all.ipk
kmod-tun_4.14.151-1_arm_cortex-a9_vfpv3.ipk
liblzo2_2.10-2_arm_cortex-a9_vfpv3.ipk
libmbedtls12_2.16.3-1_arm_cortex-a9_vfpv3.ipk
libopenssl1.1_1.1.1d-2_arm_cortex-a9_vfpv3.ipk
libustream-mbedtls20150806_2019-11-05-c9b66682-2_arm_cortex-a9_vfpv3.ipk
openvpn-mbedtls_2.4.7-2_arm_cortex-a9_vfpv3.ipk

Everything still working. I wanted WPA3 so I removed wpad-basic and installed

wpad-openssl_2019-08-08-ca8c2bd2-1_arm_cortex-a9_vfpv3.ipk

Everything still working. I changed the 5 Ghz wifi from WPA2-SPK to WPA3-SAE. Everything still working. I changed the 2.4 Ghz wifi from WPA2-SPK to WPA2-SPK/WPA3-SAE mixed. This is when it stopped working. I don’t know if this last step actually caused the problem since setting both wifi networks back to WPA2-SPK and rebooting (and unplugging for 5 minutes) does not fix the problem, clients are still isolated. Pretty much all clients are on the 2.4 Ghz network.

Here are a couple bits of diagnostic which may or may not be helpful:

————→ when everything is working (clients not isolated):

# cat /sys/devices/virtual/net/eth0.1/brport/hairpin_mode
0

# cat /sys/devices/virtual/net/eth0.1/brport/isolated
0

# cat /var/run/hostapd-phy0.conf
driver=nl80211
logger_syslog=127
logger_syslog_level=2
logger_stdout=127
logger_stdout_level=2
country_code=US
ieee80211d=1
ieee80211h=1
hw_mode=a
beacon_int=100
channel=36

tx_queue_data2_burst=2.0
ieee80211n=1
ht_coex=0
ht_capab=[HT40+][LDPC][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]
vht_oper_chwidth=1
vht_oper_centr_freq_seg0_idx=42
ieee80211ac=1
vht_capab=[RXLDPC][SHORT-GI-80][SU-BEAMFORMER][SU-BEAMFORMEE][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN][RX-STBC-1][MAX-A-MPDU-LEN-EXP7]

interface=wlan0
ctrl_interface=/var/run/hostapd
ap_isolate=1
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
preamble=1
wmm_enabled=1
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
multi_ap=0
wpa_passphrase=XXXXXXXXXX
auth_algs=1
wpa=2
wpa_pairwise=CCMP
ssid=folly_5g
bridge=br-lan
wpa_disable_eapol_key_retries=0
wpa_key_mgmt=WPA-PSK
okc=0
disable_pmksa_caching=1
bssid=62:38:e0:12:78:f3

# cat /var/run/hostapd-phy1.conf
driver=nl80211
logger_syslog=127
logger_syslog_level=2
logger_stdout=127
logger_stdout_level=2
country_code=US
ieee80211d=1
hw_mode=g
beacon_int=100
channel=7

ieee80211n=1
ht_coex=0
ht_capab=[LDPC][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]

interface=wlan1
ctrl_interface=/var/run/hostapd
ap_isolate=1
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
preamble=1
wmm_enabled=1
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
multi_ap=0
wpa_passphrase=XXXXXXXXXX
auth_algs=1
wpa=2
wpa_pairwise=CCMP
ssid=folly
bridge=br-lan
wpa_disable_eapol_key_retries=0
wpa_key_mgmt=WPA-PSK
okc=0
disable_pmksa_caching=1
bssid=62:38:e0:12:78:f2

————→ when it’s not working (clients isolated)

# cat /sys/devices/virtual/net/eth0.1/brport/hairpin_mode
0

# cat /sys/devices/virtual/net/eth0.1/brport/isolated
0

# cat /var/run/hostapd-phy0.conf
driver=nl80211
logger_syslog=127
logger_syslog_level=2
logger_stdout=127
logger_stdout_level=2
country_code=US
ieee80211d=1
ieee80211h=1
hw_mode=a
beacon_int=100
channel=36

tx_queue_data2_burst=2.0
ieee80211n=1
ht_coex=0
ht_capab=[HT40+][LDPC][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]
vht_oper_chwidth=1
vht_oper_centr_freq_seg0_idx=42
ieee80211ac=1
vht_capab=[RXLDPC][SHORT-GI-80][SU-BEAMFORMER][SU-BEAMFORMEE][RX-ANTENNA-PATTERN
][TX-ANTENNA-PATTERN][RX-STBC-1][MAX-A-MPDU-LEN-EXP7]

interface=wlan0
ctrl_interface=/var/run/hostapd
ap_isolate=1
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
preamble=1
wmm_enabled=1
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
multi_ap=0
sae_require_mfp=1
wpa_passphrase=XXXXXXXXXX
auth_algs=1
wpa=2
wpa_pairwise=CCMP
ssid=folly_5g
bridge=br-lan
wpa_disable_eapol_key_retries=0
wpa_key_mgmt=SAE
okc=1
ieee80211w=2
group_mgmt_cipher=AES-128-CMAC
bssid=62:38:e0:12:78:f3

# cat /var/run/hostapd-phy1.conf
driver=nl80211
logger_syslog=127
logger_syslog_level=2
logger_stdout=127
logger_stdout_level=2
country_code=US
ieee80211d=1
hw_mode=g
beacon_int=100
channel=7

ieee80211n=1
ht_coex=0
ht_capab=[LDPC][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]

interface=wlan1
ctrl_interface=/var/run/hostapd
ap_isolate=1
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
preamble=1
wmm_enabled=1
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
multi_ap=0
wpa_passphrase=XXXXXXXXXX
auth_algs=1
wpa=2
wpa_pairwise=CCMP
ssid=folly
bridge=br-lan
wpa_disable_eapol_key_retries=0
wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256
okc=0
disable_pmksa_caching=1
ieee80211w=1
group_mgmt_cipher=AES-128-CMAC
bssid=62:38:e0:12:78:f2

Marcos Del Sol Vives commented on 12.05.2020 13:11

I am being hit by this very same bug. It seems to be triggered by activating 802.11w. As soon as it is disabled, my clients can again ping each other.

This still affects me as of v19.07.2 on a WRT1200AC using wpad-openssl.

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing