Kongac 39960M Guest network no go

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2  Next
Author Message
fedup
DD-WRT User


Joined: 24 Feb 2008
Posts: 105
Location: Winnipeg Canada

PostPosted: Sat Dec 05, 2020 19:15    Post subject: Kongac 39960M Guest network no go Reply with quote
I have a Netgear R7000 [DD-WRT v3.0-r39960M kongac (06/08/19)] as a WAP connected via a wired connection to an Asus router running Merlin firmware. I have tried several times to get the guest network on the R7000 running. I have followed the instructions here

https://wiki.dd-wrt.com/wiki/index.php/Guest_Network

specifically here https://wiki.dd-wrt.com/wiki/index.php/Guest_WiFi_%2B_abuse_control_for_beginners

Although those instructions mention/show "Masquerade/NAT" setting but there is no such setting in my build.

I also used WPA2/AES and of course a separate DHCP server configuration.

The result either I could not connect to the VAP or if I did I could not get an IP address. I did see a post indicating similar problems and one person's solution was to upgrade to r41664 (12/06/19).

Suggestions and recommendations welcome.
Sponsor
HalfBit
DD-WRT Guru


Joined: 04 Sep 2009
Posts: 776
Location: AR, USA

PostPosted: Sat Dec 05, 2020 19:22    Post subject: Reply with quote
Yes the newer build is an option, or even the latest Kong build from July 2019. If you need the file let me know.
_________________
R7000 Nighthawk - DD-WRT v3.0-r50308
R7000 Nighthawk - DD-WRT v3.0-r50308
~~~~~~~~~~Dismantled for learning opportunities~~~~~~~~~~
WRT54Gv2
WRT54Gv8.2
~~~~~~~~~~Other Settings~~~~~~~~~
https://nextdns.io/?from=2d3sq39x
https://pi-hole.net/
https://github.com/DNSCrypt/dnscrypt-proxy
fedup
DD-WRT User


Joined: 24 Feb 2008
Posts: 105
Location: Winnipeg Canada

PostPosted: Sat Dec 05, 2020 19:44    Post subject: Reply with quote
So is the Kongac build age the issue here? I do not want to go through the process of reconfiguring this router after doing the upgrade and find I am no better off. I need stable wifi wise so any recommendation on what build to use?

The other issue is Kongac has of course ceased updating dd-wrt builds. Just wondering if I am better off switching to another build on this router other than Kongac? Just using it for Wifi and would like to get an isolated Guest network on it.
Abboo
DD-WRT User


Joined: 03 Apr 2016
Posts: 175

PostPosted: Sat Dec 05, 2020 21:54    Post subject: Reply with quote
I have a Netgear R6250 running 40270M Kong build using a guest virtual interface. The Netgear R6250 traffic passes through Netgear R8000 which uses the latest BS current release, 44863.
My virtual access point works well. Any guest there is on my network cannot see any other device on my network and they have access to the internet.
fedup
DD-WRT User


Joined: 24 Feb 2008
Posts: 105
Location: Winnipeg Canada

PostPosted: Sat Dec 05, 2020 22:15    Post subject: Reply with quote
Abboo wrote:
I have a Netgear R6250 running 40270M Kong build using a guest virtual interface. The Netgear R6250 traffic passes through Netgear R8000 which uses the latest BS current release, 44863.
My virtual access point works well. Any guest there is on my network cannot see any other device on my network and they have access to the internet.


Ya so perhaps this build has the missing Masquerade/NAT settings and is in part the reason why my older build here does not work with a Guest_Vap
HalfBit
DD-WRT Guru


Joined: 04 Sep 2009
Posts: 776
Location: AR, USA

PostPosted: Sat Dec 05, 2020 22:23    Post subject: Re: Kongac 39960M Guest network no go Reply with quote
fedup wrote:
I have a Netgear R7000 [DD-WRT v3.0-r39960M kongac (06/08/19)] as a WAP connected via a wired connection to an Asus router running Merlin firmware. I have tried several times to get the guest network on the R7000 running. I have followed the instructions here

https://wiki.dd-wrt.com/wiki/index.php/Guest_Network

specifically here https://wiki.dd-wrt.com/wiki/index.php/Guest_WiFi_%2B_abuse_control_for_beginners

Although those instructions mention/show "Masquerade/NAT" setting but there is no such setting in my build.

I also used WPA2/AES and of course a separate DHCP server configuration.

The result either I could not connect to the VAP or if I did I could not get an IP address. I did see a post indicating similar problems and one person's solution was to upgrade to r41664 (12/06/19).

Suggestions and recommendations welcome.

Were you able to figure out the unbridged configuration from the links you posted? I have a bridge configured for my guest wifi, both the wl0.1 and wl1.1 interfaces under the Setup>Networking tab. Did you configure a valid gateway/subnet mask for the virtual access points?

_________________
R7000 Nighthawk - DD-WRT v3.0-r50308
R7000 Nighthawk - DD-WRT v3.0-r50308
~~~~~~~~~~Dismantled for learning opportunities~~~~~~~~~~
WRT54Gv2
WRT54Gv8.2
~~~~~~~~~~Other Settings~~~~~~~~~
https://nextdns.io/?from=2d3sq39x
https://pi-hole.net/
https://github.com/DNSCrypt/dnscrypt-proxy
fedup
DD-WRT User


Joined: 24 Feb 2008
Posts: 105
Location: Winnipeg Canada

PostPosted: Sat Dec 05, 2020 23:48    Post subject: Re: Kongac 39960M Guest network no go Reply with quote
HalfBit wrote:

Were you able to figure out the unbridged configuration from the links you posted? I have a bridge configured for my guest wifi, both the wl0.1 and wl1.1 interfaces under the Setup>Networking tab. Did you configure a valid gateway/subnet mask for the virtual access points?


I tried creating a bridge br1 assigned it to the wireless_vap virtual network. I had assigned an IP address 192.168.10.0 and 255.255.255.0 subnet for the VAP.

I do not remember anywhere I had to specify the gateway for the new VAP.
fedup
DD-WRT User


Joined: 24 Feb 2008
Posts: 105
Location: Winnipeg Canada

PostPosted: Sun Dec 06, 2020 2:12    Post subject: Reply with quote
I must be missing a key step here. I reset back to default settings in r39960m and then upgraded to DD-WRT v3.0-r40270M (07/11/19) and reset settings back to default. Reconfigured the router as a WAP per "[edit]Normal Version (Same Subnet)" on

https://forum.dd-wrt.com/wiki/index.php/Wireless_Access_Point

I then configured the VAP as follows. Note no new bridges was defined in dd-wrt is that what is missing because I can authenticate with the password assigned to the VAP but no IP is assigned and I of course can not ping anything.



VAP_Config2.jpg
 Description:
 Filesize:  70.21 KB
 Viewed:  2525 Time(s)

VAP_Config2.jpg



VAP_Config1.jpg
 Description:
 Filesize:  78.05 KB
 Viewed:  2525 Time(s)

VAP_Config1.jpg


fedup
DD-WRT User


Joined: 24 Feb 2008
Posts: 105
Location: Winnipeg Canada

PostPosted: Sun Dec 06, 2020 2:48    Post subject: Reply with quote
I rebooted the router and now I get an IP address assigned in the DHCP range I specified for the VAP but still can not ping out to the internet.
Abboo
DD-WRT User


Joined: 03 Apr 2016
Posts: 175

PostPosted: Sun Dec 06, 2020 3:19    Post subject: Reply with quote
I am no expert and had followed instructions which I cannot place my hands on now but under services, services, additional dnsmasq options I have:
interface=wl0.1
dhcp-option=wl0.1,3,192.168.5.1
dhcp-range=wl0.1,192.168.5.100,192.168.5.200,255.255.255.0,12h


Last edited by Abboo on Sun Dec 06, 2020 3:37; edited 1 time in total
Abboo
DD-WRT User


Joined: 03 Apr 2016
Posts: 175

PostPosted: Sun Dec 06, 2020 3:23    Post subject: Reply with quote
I believe where-ever I have 192.168.5.xxx you must replace it with 192.168.100.xxx
Abboo
DD-WRT User


Joined: 03 Apr 2016
Posts: 175

PostPosted: Sun Dec 06, 2020 3:36    Post subject: Reply with quote
Also under Administration, commands, firewall:
iptables -I FORWARD -i wl0.1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`

I believe you must save firewall

Just a novice making a suggestion. This is what works for me.
fedup
DD-WRT User


Joined: 24 Feb 2008
Posts: 105
Location: Winnipeg Canada

PostPosted: Sun Dec 06, 2020 4:07    Post subject: Reply with quote
Abboo wrote:
Also under Administration, commands, firewall:
iptables -I FORWARD -i wl0.1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`

I believe you must save firewall

Just a novice making a suggestion. This is what works for me.


Ok this is what I needed to do. I now have access to the internet. Your other post was already being handled with the DHCPD that I already had set up.

Thanks for the help
fedup
DD-WRT User


Joined: 24 Feb 2008
Posts: 105
Location: Winnipeg Canada

PostPosted: Mon Dec 07, 2020 14:58    Post subject: Reply with quote
I do not know whether it is Kongac v3.0-r40270M (07/11/19) or whether its these VAPS or the firewall IPTABLES commands but the router wifi became useless on two iOS devices here. YouTube would not work the iOS devices would loose connectivity even to the non VAP connections.

I have removed both VAPs and the firewall code since the 40270m code was just flashed to this router. I need to see what was causing the loss of wifi connectivity here. If it is stable without the VAP I may try adding 1 in. I did have 2 VAPs in a 2.4Ghz and 5Ghz.

I had this in the firewall section of dd-wrt:

Code:
iptables -I FORWARD -i wl0.1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
iptables -I FORWARD -i wl1.1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`


Last edited by fedup on Mon Dec 07, 2020 15:07; edited 1 time in total
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 12834
Location: Netherlands

PostPosted: Mon Dec 07, 2020 15:07    Post subject: Reply with quote
Probably redundant but for posterity set up a WAP with the wiki:
https://wiki.dd-wrt.com/wiki/index.php/Wireless_Access_Point

In short, disable WAN, give the WAP an IP address in the primary subnet outside DHCP scope, connect LAN<>LAN, disable DHCP and set Gateway and Local DNS to primary router.

For making a VAP on a WAP see the last paragraph of my attached notes, also take note of the VAP workaround.
There are more ways to do it, this is just my way Smile

Note: Do not use Net isolation (it does not work on a WAP see my notes) also probably don not use Forced DNS redirection , actually when setting an optional DNS target like you did (8.8.8.8 ) you are doing a forced DNS redirection to 8.8.8.8, setting Forced DNS redirection is of no use (and might even block DNS)



DDWRT Virtual Access Point Public.doc
 Description:

Download
 Filename:  DDWRT Virtual Access Point Public.doc
 Filesize:  255.5 KB
 Downloaded:  214 Time(s)


_________________
Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
Install guide R7800/XR500: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087


Last edited by egc on Mon Dec 07, 2020 15:13; edited 1 time in total
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum