OpenWrt/LEDE Project

  • Status Unconfirmed
  • Percent Complete
    0%
  • Task Type Bug Report
  • Category Base system
  • Assigned To No-one
  • Operating System All
  • Severity Low
  • Priority Very Low
  • Reported Version Trunk
  • Due in Version Undecided
  • Due Date Undecided
  • Private
Attached to Project: OpenWrt/LEDE Project
Opened by Stephan Jansen - 23.11.2019

FS#2625 - WiFi clients are isolated on WRT1900acs v2 running 19.07.0-rc1

I did an upgrade on a WRT1900acs v2 router (my backup router) that was running 18.06.4 (I think) via LuCI using the image “openwrt-19.07.0-rc1-mvebu-cortexa9-linksys_wrt1900acs-squashfs-sysupgrade.bin” keeping the old configuration. Everything seemed good except the clients could not connect or ping each other. The router could reach/ping the clients. This was the case whether or not “Isolate Clients” is set in the LuCI Wireless → Edit → Advanced Settings.

I noticed that if I connect an ethernet wire to one of the clients (a Raspberry Pi) and hook it to the router that I could connect/ping the Pi using either the IP associated with the ethernet connection or the IP associated with the WiFi connection from another client. When I disconnect the ethernet on the Pi I can no longer connect to the Pi’s wireless IP
address.

I decided to reinstall 19.07.0-rc1 to see where the isolated client behavior starts. After I reinstalled 19.07.0-rc1 I restored the configuration using LuCI System → Backup / Flash Firmware → Restore Backup. After it rebooted it was working, clients were not isolated. I installed a few packages that I wanted, here’s the list:

ca-bundle_20190110-1_all.ipk
ca-certificates_20190110-1_all.ipk
kmod-tun_4.14.151-1_arm_cortex-a9_vfpv3.ipk
liblzo2_2.10-2_arm_cortex-a9_vfpv3.ipk
libmbedtls12_2.16.3-1_arm_cortex-a9_vfpv3.ipk
libopenssl1.1_1.1.1d-2_arm_cortex-a9_vfpv3.ipk
libustream-mbedtls20150806_2019-11-05-c9b66682-2_arm_cortex-a9_vfpv3.ipk
openvpn-mbedtls_2.4.7-2_arm_cortex-a9_vfpv3.ipk

Everything still working. I wanted WPA3 so I removed wpad-basic and installed

wpad-openssl_2019-08-08-ca8c2bd2-1_arm_cortex-a9_vfpv3.ipk

Everything still working. I changed the 5 Ghz wifi from WPA2-SPK to WPA3-SAE. Everything still working. I changed the 2.4 Ghz wifi from WPA2-SPK to WPA2-SPK/WPA3-SAE mixed. This is when it stopped working. I don’t know if this last step actually caused the problem since setting both wifi networks back to WPA2-SPK and rebooting (and unplugging for 5 minutes) does not fix the problem, clients are still isolated. Pretty much all clients are on the 2.4 Ghz network.

Here are a couple bits of diagnostic which may or may not be helpful:

————→ when everything is working (clients not isolated):

# cat /sys/devices/virtual/net/eth0.1/brport/hairpin_mode
0

# cat /sys/devices/virtual/net/eth0.1/brport/isolated
0

# cat /var/run/hostapd-phy0.conf
driver=nl80211
logger_syslog=127
logger_syslog_level=2
logger_stdout=127
logger_stdout_level=2
country_code=US
ieee80211d=1
ieee80211h=1
hw_mode=a
beacon_int=100
channel=36

tx_queue_data2_burst=2.0
ieee80211n=1
ht_coex=0
ht_capab=[HT40+][LDPC][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]
vht_oper_chwidth=1
vht_oper_centr_freq_seg0_idx=42
ieee80211ac=1
vht_capab=[RXLDPC][SHORT-GI-80][SU-BEAMFORMER][SU-BEAMFORMEE][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN][RX-STBC-1][MAX-A-MPDU-LEN-EXP7]

interface=wlan0
ctrl_interface=/var/run/hostapd
ap_isolate=1
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
preamble=1
wmm_enabled=1
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
multi_ap=0
wpa_passphrase=XXXXXXXXXX
auth_algs=1
wpa=2
wpa_pairwise=CCMP
ssid=folly_5g
bridge=br-lan
wpa_disable_eapol_key_retries=0
wpa_key_mgmt=WPA-PSK
okc=0
disable_pmksa_caching=1
bssid=62:38:e0:12:78:f3

# cat /var/run/hostapd-phy1.conf
driver=nl80211
logger_syslog=127
logger_syslog_level=2
logger_stdout=127
logger_stdout_level=2
country_code=US
ieee80211d=1
hw_mode=g
beacon_int=100
channel=7

ieee80211n=1
ht_coex=0
ht_capab=[LDPC][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]

interface=wlan1
ctrl_interface=/var/run/hostapd
ap_isolate=1
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
preamble=1
wmm_enabled=1
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
multi_ap=0
wpa_passphrase=XXXXXXXXXX
auth_algs=1
wpa=2
wpa_pairwise=CCMP
ssid=folly
bridge=br-lan
wpa_disable_eapol_key_retries=0
wpa_key_mgmt=WPA-PSK
okc=0
disable_pmksa_caching=1
bssid=62:38:e0:12:78:f2

————→ when it’s not working (clients isolated)

# cat /sys/devices/virtual/net/eth0.1/brport/hairpin_mode
0

# cat /sys/devices/virtual/net/eth0.1/brport/isolated
0

# cat /var/run/hostapd-phy0.conf
driver=nl80211
logger_syslog=127
logger_syslog_level=2
logger_stdout=127
logger_stdout_level=2
country_code=US
ieee80211d=1
ieee80211h=1
hw_mode=a
beacon_int=100
channel=36

tx_queue_data2_burst=2.0
ieee80211n=1
ht_coex=0
ht_capab=[HT40+][LDPC][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]
vht_oper_chwidth=1
vht_oper_centr_freq_seg0_idx=42
ieee80211ac=1
vht_capab=[RXLDPC][SHORT-GI-80][SU-BEAMFORMER][SU-BEAMFORMEE][RX-ANTENNA-PATTERN
][TX-ANTENNA-PATTERN][RX-STBC-1][MAX-A-MPDU-LEN-EXP7]

interface=wlan0
ctrl_interface=/var/run/hostapd
ap_isolate=1
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
preamble=1
wmm_enabled=1
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
multi_ap=0
sae_require_mfp=1
wpa_passphrase=XXXXXXXXXX
auth_algs=1
wpa=2
wpa_pairwise=CCMP
ssid=folly_5g
bridge=br-lan
wpa_disable_eapol_key_retries=0
wpa_key_mgmt=SAE
okc=1
ieee80211w=2
group_mgmt_cipher=AES-128-CMAC
bssid=62:38:e0:12:78:f3

# cat /var/run/hostapd-phy1.conf
driver=nl80211
logger_syslog=127
logger_syslog_level=2
logger_stdout=127
logger_stdout_level=2
country_code=US
ieee80211d=1
hw_mode=g
beacon_int=100
channel=7

ieee80211n=1
ht_coex=0
ht_capab=[LDPC][SHORT-GI-20][SHORT-GI-40][DSSS_CCK-40]

interface=wlan1
ctrl_interface=/var/run/hostapd
ap_isolate=1
bss_load_update_period=60
chan_util_avg_period=600
disassoc_low_ack=1
preamble=1
wmm_enabled=1
ignore_broadcast_ssid=0
uapsd_advertisement_enabled=1
utf8_ssid=1
multi_ap=0
wpa_passphrase=XXXXXXXXXX
auth_algs=1
wpa=2
wpa_pairwise=CCMP
ssid=folly
bridge=br-lan
wpa_disable_eapol_key_retries=0
wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256
okc=0
disable_pmksa_caching=1
ieee80211w=1
group_mgmt_cipher=AES-128-CMAC
bssid=62:38:e0:12:78:f2

Loading...

Available keyboard shortcuts

Tasklist

Task Details

Task Editing