WPA2 Personal on repeater bridge.

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Author Message
strifeknot
DD-WRT Novice


Joined: 20 Aug 2010
Posts: 9

PostPosted: Mon Oct 15, 2012 22:44    Post subject: WPA2 Personal on repeater bridge. Reply with quote
I've been unable to connect through WPA2 security with my repeater bridge setup (WRT-54GL router with std build 14929 behind Huawei Echolife HG520s on stock firmware).

I followed the repeater bridge wiki exactly and can connect by cable or wirelessly to the repeater bridge and router when there is just WPA Personal security but when WPA2 security is selected for both routers I can't connect from behind the repeater bridge. I've tried all the advice I could find on the wiki and forums such as powering down the repeater bridge twice, rebooting both devices, and changing the key refresh from 3600 to 15 seconds on both routers but I still haven't been able to connect with any device behind the repeater bridge whith WPA2 security. Can anyone help?
Sponsor
Xafonics
DD-WRT Novice


Joined: 08 Jun 2012
Posts: 5

PostPosted: Mon Oct 15, 2012 23:23    Post subject: Reply with quote
I'm having a similar issue. Have you tried just for test purposes if it will connect with no security enabled?

In my case it will not work with WDS with WPA2 personal/AES enabled but with it turned of it connects.
gene
DD-WRT Guru


Joined: 28 Dec 2007
Posts: 619

PostPosted: Tue Oct 16, 2012 13:15    Post subject: Reply with quote
Last time I checked, (which was some time back) WPA2 does not work with WDS - COPIED FROM HELP MENU IN WDS ROUTER HELP :

"Note
WDS is only available in AP mode. Also Wireless encryption WPA2 and Wireless network mode B-Only are not supported under WDS."

_________________
1 WRT160N v3 - remote AP WPA2 Personal Aes dd-wrt-mini-trailed CPU OC400,
2 wrt54G v3(BCM4712 chip rev 1, corerev=7)- AP WPA2 Personal Aes dd-wrt-mini-generic CPU OC228,
1 wrt54gs v6 - remote AP WPA2 Personal Aes dd-wrt-micro CPU OC228 ,
3 WAP54g v3 - repeater, client Bridge, repeater bridge dd-wrt-micro CPU OC225,
1 NetGear WNR2000 v3 AP Atheros AR7241 ver 1 rev 1.1 (0x0101) Trailed build CPU OC360
DD-WRT usually the most current BS builds and less frequently lately EKO builds(because of new BS rules that eliminated EKO builds I used).
strifeknot
DD-WRT Novice


Joined: 20 Aug 2010
Posts: 9

PostPosted: Sat Oct 20, 2012 20:36    Post subject: Reply with quote
Back to the thread topic, any suggestions for anything else I could try to get WPA2 working behind a repeater bridge?
MondayC
DD-WRT Novice


Joined: 15 Oct 2012
Posts: 4

PostPosted: Sun Oct 21, 2012 10:11    Post subject: Reply with quote
Try this:

On the Main Router (serving as access Point/Bridge to your WRT54xx)
Input a WPA2 Personal key composed with only (0-9 A-z) characters with AES+TKIP

On your secondary Router (WRT54xx)
First choose TKIP instead of AES
If no success, then go for AES afterwards.

The go here is to try the encryption types/character keys supported by both routers till you find a match.

Doesn't harm to boot both routers (Main first) after applying new settings.

Good luck

Also, try a 1to1 connection from your computer/laptop to the Main router configured as an Access Point with a particular key, then try to connect to the secondary router (temporary configured as Access Point) using the same key.
strifeknot
DD-WRT Novice


Joined: 20 Aug 2010
Posts: 9

PostPosted: Wed Oct 24, 2012 3:29    Post subject: Reply with quote
Thanks for your reply, I should've mentioned that I tried this with the most basic 8 character password possible without success neither with TKIP nor AES. As for setting my main router on TKIP+AES, unfortunately it doesn't have that option.
MondayC
DD-WRT Novice


Joined: 15 Oct 2012
Posts: 4

PostPosted: Fri Oct 26, 2012 18:28    Post subject: Reply with quote
were you able to connect in a 1to1 configuration a wireless client (pc/laptop) to both router using the same key, encryption method and channel ?

Maybe you will have more luck trying different Build(s) or by re-flashing the current Build?

Good luck
djb79
DD-WRT Novice


Joined: 13 Jul 2013
Posts: 4

PostPosted: Sat Jul 13, 2013 3:34    Post subject: Reply with quote
Hi All,
Similar topic, so I haven't started a new thread.

I've had my wireless bridge up and running for ~1year. It's set in bridge mode. I've got 2 x TP-Link TL-WR1043ND both running DD-WRT v24-sp2 (03/19/12) std - build 18777.

I've got 1 box next to my ADSL/SIP modem and the other in my bedroom/study. My ADSL modem is also acting as the DHCP server on the network and has wireless disabled.

In connected to the study(slave) router I've got a LAN Laser printer, my desktop and my laptop (connected via LAN cable). I've got USB enabled on both routers. I've also converted the WAN connection to LAN connection using the following commands run as part of the startup script:
swconfig dev rtl8366rb vlan 1 set ports '0 1 2 3 4 5t'
stopservice lan
startservice lan

I have to turn the study off at night so the wife doesn't get disturbed with all the lights (no dramas on that front). So every morning, I have to turn on all devices again.

I was running WEP on the wireless link, with no dramas at all, it came up first time every time.

A few day ago, I changed the security settings from WEP to WPA2(personal)-AES. This connection seems very flakey and will only come up if I establish the connection manually by playing with the settings on the slave box. I don't expect that any war drivers are in operation nearby, but having a background in network architecture/encryption/security, I prefer to have things locked down reasonably tightly.

Any suggestions how I can keep WPA2-AES and have it run stably?

Is there any other info that you need to help diagnose?

Regards
Darryl
criscabellos
DD-WRT Novice


Joined: 21 Oct 2016
Posts: 1

PostPosted: Fri Oct 21, 2016 11:45    Post subject: Help Too!!! Reply with quote
Hello everyone,

I know this is really old, but didn't find the solution yet.

Tried suggestions, but didn't work for me.

djb79, have you got your environment working like you wanted?

I'm in an equal situation and can get it working with WPA2, only with WEP. And here I'm trying in my company's network which is now required to not have any WEP wireless connections. Sad

If you or anyone else can help me on that I'd be really grateful.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 2717
Location: UK, London, just across the river..

PostPosted: Fri Oct 21, 2016 12:19    Post subject: Reply with quote
djb79 wrote:
Hi All,
Similar topic, so I haven't started a new thread.

I've had my wireless bridge up and running for ~1year. It's set in bridge mode. I've got 2 x TP-Link TL-WR1043ND both running DD-WRT v24-sp2 (03/19/12) std - build 18777...

........... I don't expect that any war drivers are in operation nearby, but having a background in network architecture/encryption/security, I prefer to have things locked down reasonably tightly.

Any suggestions how I can keep WPA2-AES and have it run stably?

Is there any other info that you need to help diagnose?

Regards
Darryl


1. connecting 2 Atheros devices refers to Atheros Forum....
2. it seems firmware you use is a bit too old and regarding, security and
functionality it may be outdated..
3.try this build as it is reported from one of the members as operational
http://dd-wrt.com/forum/viewtopic.php?t=304631
or try some old builds that may be working for you
ftp://ftp.dd-wrt.com/betas/

try to have same builds on the routers and start from scratch... erase nvram and reboot ...

"Wireless Security: Match the host router, exactly including capitals & security algorithm. EX: host using WPA2 Personal AES will still work if the repeater is set to WPA2 Personal Mixed AES, for whatever reason, as it includes the algorithm in use (WPA2-AES)"

_________________
Atheros
TP-Link WR740Nv1 ------ DD-WRT 33772 BS WAP/Switch (wired)
TP-Link WR1043NDv2 ------DD-WRT 40009 BS (AP,PPPoE,NAT,AD Blocking,AP Isolation,Firewall,Local DNS,Forced DNS,DoT)
TP-Link WR1043NDv2 ------DD-WRT 40672 BS (AP,NAT,AD Blocking,Firewall,Wi-Fi OFF,Local DNS,Forced DNS,DoT)
TP-Link WR1043NDv2.......... Gargoyle OS 1.11.0 (AP,NAT,QoS,Quotas)
Qualcomm/IPQ8065
Netgear R7800 ------------DD-WRT 40270M 4.9 Kong (AP,NAT,AD-Blocking,AP&Net Isolation,Firewall,Local DNS,Forced DNS,DNSCrypt v2 x2)
Broadcom
Netgear R7000 ---------DD-WRT 40270M Kong (AP,NAT,AD-Blocking,Firewall,Local DNS,Forced DNS,DoT)
----------------------------------------------------------------------------------------------------
Stubby for DNS over TLS I DNSCrypt v2 via Entware by mac913
foneran
DD-WRT Novice


Joined: 28 Nov 2011
Posts: 13

PostPosted: Thu Dec 13, 2018 12:14    Post subject: Reply with quote
Hello,

I have question: is possible set WDS REPEATER mode with WPA2 security (not only open and wep)?

I have

Ubiquiti PowerBeam PBE-M2-400 as Accesspoint
and second
Ubiquiti PowerBeam PBE-M2-400 as client - but i need set WDS Repeater

In original Airos is not possible set Wpa security in WDS REPEATER mode Sad

Then i look for alternative...
GeeTek
DD-WRT Guru


Joined: 06 Jun 2006
Posts: 3770
Location: I'm the one on the plate.

PostPosted: Tue Dec 18, 2018 3:14    Post subject: Reply with quote
foneran wrote:
....Ubiquiti PowerBeam PBE-M2-400 as client - but i need set WDS Repeater...

No, you do not need WDS repeater. These radios are not designed for 3 way communication. Not enough memory or processing power. They are made for 2 way communication and that is why the UBNT firmware has no repeater options. The proper way to satisfy your needs is to add a third radio at the remote site to re-broadcast the signal on a different channel.

_________________
http://69.175.13.131:8015 Streaming Week-End Disco. Station Ripper V 1.1 will do.
foneran
DD-WRT Novice


Joined: 28 Nov 2011
Posts: 13

PostPosted: Sun Jul 07, 2019 20:53    Post subject: Reply with quote
GeeTek wrote:
No, you do not need WDS repeater. These radios are not designed for 3 way communication. Not enough memory or processing power. They are made for 2 way communication and that is why the UBNT firmware has no repeater options. The proper way to satisfy your needs is to add a third radio at the remote site to re-broadcast the signal on a different channel.


Yes i need! I know, how is propher way, but...

Once again, UBNT firmware has build WDS repeater (AP-Repeater), but with only Open or Wep security! PROOF See here:

https://ibb.co/fQxh9U

This security is unaceptable for me. I not need full speed, me enough for example about 3 Mbit/s throughput for all on repeater side.

Ps: size and watt limitation is, why i need AP-Repeater (but with Wpa2 security) for this site. I think, many older devices (TL-WR841ND) have this functionality, but i need PB antena sensitivity and NOT REQUIRE high speed traffic.

I understand, WPA need more CPU time than WEP. Then i think, 3 Mbit/s throughput is enough for me.

This is, why i ask for, if ddwrt solve this ? I not test ddwrt on powerbeam until now
GeeTek
DD-WRT Guru


Joined: 06 Jun 2006
Posts: 3770
Location: I'm the one on the plate.

PostPosted: Wed Aug 07, 2019 2:05    Post subject: Reply with quote
foneran wrote:
This security is unaceptable for me...
There is no way to fix the security problem. WDS and repeater modes do not support new security protocols. You cannot fix this security problem.

The only way to fix your project is to use an additional radio like I already suggested.

The Asus RT-N12 is a very good radio and it has support for DD-WRT. Price is only $30 US Dollars, new. From what I can see it is the only way to solve your problem and it is the cheapest way.

https://www.newegg.com/asus-rt-n12-d1-ieee-802-11b-ieee-802-11g-ieee-802-11n-ieee-802-3-ieee-802-3u-ipv4-ipv6/p/N82E16833320168

_________________
http://69.175.13.131:8015 Streaming Week-End Disco. Station Ripper V 1.1 will do.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum