Authentication failure on later builds for VAPs

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3, 4, 5, 6, 7  Next
Author Message
Briefcase
DD-WRT Novice


Joined: 06 Nov 2011
Posts: 11

PostPosted: Mon Oct 22, 2018 18:12    Post subject: Reply with quote
Wow, such an amazing response on this topic! Thanks all for replying!! Very much appreciated, it is good to see such an active and helpful community!

quarkysg wrote:
For those running ARM based Broadcom routers, if you don't mind, try the following and see if it solves your problem:

1. Download the attached wlconf.gz file and transfer to your router.
2. 'gunzip' the file with the following command:

Code:
gunzip wlconf.gz
chmod u+x wlconf


3. Issue the following commands in the same directory that you have uploaded the wlconf.gz file:

Code:
stopservice nas
stopservice wlconf
./wlconf eth1 up
./wlconf eth2 up
startservice nas


You can ignore all the errors shown when the 'wlconf <intf> up' commands is executed.

From the changes in the source codes for the 'wlconf' utility, it looks like the way that the MAC addresses are getting generated for the wireless interfaces have changed for newer drivers. I guess it only applies to newer Broadcom wireless chipsets, which broke older chipsets.

I changed the 'wlconf' utility behaviour back to what it was previously and it seems to work OK for the following routers which I'm using:

D-Link DIR-868L
D-Link DIR-880L
Asus RT-AC68U/W

Do report back if the above works for you. It can then be used to report back to BS & Kong for further investigation.

HTH.


WOOHOOOOOO DUDE(or chick!). This _WORKS_ (at least on Kong 37015M). Does this mean it's an error/oversight in the current code? Can we submit a patch to help Kong&BrainSlayer? Also, I do get a lot of errors when I execute your version, I hope that doesnt do harm Smile

Thank you so much for fixing this so insanely fast!


Edit:

if it is of any value, here is the output of 'wlconf eth1 up'
Code:

total vif count 2
eth1: Not supported
base addr XX:XX:XX:XX:13
local bit addr XX:XX:XX:XX:13
eth1: Bad address
eth1: Invalid argument
eth1: Not supported
eth1: Not supported
eth1: Invalid argument
eth1: Invalid argument
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
eth1: Not supported
enable bss eth1 0 (1)
enable bss eth1 1 (1)
Sponsor
@m0eb@
DD-WRT User


Joined: 26 Dec 2015
Posts: 283

PostPosted: Tue Oct 23, 2018 1:03    Post subject: The code needs a debugging and quality clearance Reply with quote
quarkysg wrote:
For those running ARM based Broadcom routers, if you don't mind, try the following and see if it solves your problem:
.
.
.
.

Do report back if the above works for you. It can then be used to report back to BS & Kong for further investigation.

HTH.


My router is R6400v2 configured as:
2.4GHz + LAN connectors 1 and 2 configured under openDNS and separated out via br1.
5 GHz + LAN connectors 3 and 4 configured under openVPN using PBR
Running Kong's 37015

I set up wl0.1 and put this under br2 with DHCP giving different subnet range. As expected, this stopped on reboot and devices were not connecting.

Then put your code in directory /opt and used telnet to run the lines as you mentioned. As you mentioned - lots of errors to ignore ... and then all SSIDs started to work. So far so good.
TROUBLE STARTED when I rebooted the router.
* SSID: None were connecting
* Browser configuration ... unreachable
* Telnet ... not working
* winSCP ... says only FTP enabled and Telnet is not possible (just like it happens when we try on a new Netgear Router running OEM firmware)

Options for me at this stage: Enable Telnet forcefully OR Revert back to stock/earlier version. I used nmrp to get back to Kong's .chk file and return to normalcy

A new user would be shocked and lost !! To a newbie, this is almost like a bricked router. I wonder how many posts above have rebooted the router before jumping with joy.

My take on the code:
## Code is working but with major bugs ... it did set my VLAN working
## Should come with a stern warning that this can semi-brick some routers
## Lacks trust. No one knows what the compiled thing actually does. dd-wrt is an open forum where multiple programmers know what is being posted. It is secure and hence trustworthy. In order to become useful, the code needs to be debugged (does need a deep look ... with so many errors popping up and routers getting semi-bricked). Please share this with Kong/BS wnd work together so that it can be used to everyone's benefit.

_________________
PROFESSIONAL STUDENT
my.Mistakes my.Learning ... provided I have the patience & persistence to learn
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 6365
Location: Netherlands

PostPosted: Tue Oct 23, 2018 8:38    Post subject: Reply with quote
Just hit the reset button should get you going. Smile

But it is really strange this should not permanently change anything, so a simple reboot (unless you placed the script in startup) should get you back to normal operation.

Lesson learned do not place anything in startup you do not fully trust.
What you can do is use a startup command to start this as a script in /opt, so if you just remove the USB stick (where /opt resides) the script can not execute.

P.S. @Quarkysg is a well known developer who has contributed a lot and has some of his patches incorporated upstream (VLAN numbers to 4096) and has created, among other things, a patched SFE which works with PBR (which I still use)

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard Client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
@m0eb@
DD-WRT User


Joined: 26 Dec 2015
Posts: 283

PostPosted: Tue Oct 23, 2018 10:18    Post subject: Reply with quote
egc wrote:
Just hit the reset button should get you going. Smile

But it is really strange this should not permanently change anything, so a simple reboot (unless you placed the script in startup) should get you back to normal operation.


Thanks egc.
1. I do not know the background - just posted what I observed. Facts only. I did say this code worked.
2. As mentioned, I used telnet (not in startup)
3. Did not reset and went straight to nmrp because of the reason of trust. In any case - whether it worked or not, I would have erased everything and refreshed the router. (Now that you give the credentials, I know that I can keep the working code - which is the first one that at least set the VAP working). I believe Quarkysg will understand and appreciate my apprehension here. And I did load this on my router and try.

@Quarkysg: Apologies ... I was just stating what I saw. No offense meant.

_________________
PROFESSIONAL STUDENT
my.Mistakes my.Learning ... provided I have the patience & persistence to learn
Briefcase
DD-WRT Novice


Joined: 06 Nov 2011
Posts: 11

PostPosted: Wed Oct 31, 2018 19:05    Post subject: Reply with quote
@quarkysg I am by no means an expert, but i tried to have a look at the code. Is it this commit that you reverted in your custom version of wlconf? https://svn.dd-wrt.com/changeset/36366/

I guess this works fine for the newer models but (at least) for the R7000 it should be like the old code?

If I am on the right track then I could update the issue that I linked to earlier (https://svn.dd-wrt.com/ticket/6404) to get some attention from BrainSlayer or Kong Smile.

Many thanks again!
quarkysg
DD-WRT User


Joined: 03 May 2015
Posts: 300

PostPosted: Wed Oct 31, 2018 21:30    Post subject: Reply with quote
@Briefcase yes you’re correct. That’s exactly the portion of code that I’ve reverted. Seems to work for for the Northstar prototype boards whereas the latest code broke all the VIF configuration.

I’ve also raise a ticket as well:

https://svn.dd-wrt.com/ticket/6395

BrainSlayer denied that those codes are the root cause tho. He claims that newer drivers configured the MAC addresses using the new algorithm but it doesn’t look right to me tho. The old codes looks correct.
Briefcase
DD-WRT Novice


Joined: 06 Nov 2011
Posts: 11

PostPosted: Wed Oct 31, 2018 21:59    Post subject: Reply with quote
quarkysg wrote:
@Briefcase yes you’re correct. That’s exactly the portion of code that I’ve reverted. Seems to work for for the Northstar prototype boards whereas the latest code broke all the VIF configuration.

I’ve also raise a ticket as well:

https://svn.dd-wrt.com/ticket/6395

BrainSlayer denied that those codes are the root cause tho. He claims that newer drivers configured the MAC addresses using the new algorithm but it doesn’t look right to me tho. The old codes looks correct.


Thanks for your follow-up, I am glad I found the right commit but obviously all the credits are for you on this one haha!

I have updated the issue, see https://svn.dd-wrt.com/ticket/6404#comment:9 . I hope this accurately reflects what we did in this thread. I also added a link from the issue you created to 6404. Hope the devs will have a second look. Thanks again so much for your help Quarkysg. Smile
quarkysg
DD-WRT User


Joined: 03 May 2015
Posts: 300

PostPosted: Wed Oct 31, 2018 23:06    Post subject: Reply with quote
Happy to help out the community.
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 6365
Location: Netherlands

PostPosted: Sun Nov 18, 2018 16:02    Post subject: Reply with quote
@Quarkysg, I use your patched wlconf (and your patched shortcut-fe.ko module) on my Netgear R6400v2 with the latest Kong build 37715 and can confirm that it works, without it I can not connect to the VAP, with the patched wlconf it starts to work.

I noticed that when it is not working it seems I was missing an ethernet address on the bridge, it looks like a layer 2 problem, the names of the MAC's maybe indicate that they are switched or something like that. Really wierd.

But of course many thanks for your work

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard Client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
<Kong>
DD-WRT Guru


Joined: 15 Dec 2010
Posts: 4339
Location: Germany

PostPosted: Sun Nov 18, 2018 16:19    Post subject: Reply with quote
quarkysg wrote:
@Briefcase yes you’re correct. That’s exactly the portion of code that I’ve reverted. Seems to work for for the Northstar prototype boards whereas the latest code broke all the VIF configuration.

I’ve also raise a ticket as well:

https://svn.dd-wrt.com/ticket/6395

BrainSlayer denied that those codes are the root cause tho. He claims that newer drivers configured the MAC addresses using the new algorithm but it doesn’t look right to me tho. The old codes looks correct.


It probably is unit depended, maybe works on yours but not on his, I don't have any issues on mine with current code. VAPs have always been problematic, timing number of vaps units etc. it never has worked for all configs.

_________________
KONG PB's: http://www.desipro.de/ddwrt/
KONG Info: http://tips.desipro.de/
grc
DD-WRT User


Joined: 11 Jul 2018
Posts: 87

PostPosted: Sun Nov 18, 2018 17:22    Post subject: Reply with quote
<Kong> wrote:
quarkysg wrote:
@Briefcase yes you’re correct. That’s exactly the portion of code that I’ve reverted. Seems to work for for the Northstar prototype boards whereas the latest code broke all the VIF configuration.

I’ve also raise a ticket as well:

https://svn.dd-wrt.com/ticket/6395

BrainSlayer denied that those codes are the root cause tho. He claims that newer drivers configured the MAC addresses using the new algorithm but it doesn’t look right to me tho. The old codes looks correct.


It probably is unit depended, maybe works on yours but not on his, I don't have any issues on mine with current code. VAPs have always been problematic, timing number of vaps units etc. it never has worked for all configs.


try to bridge wl0.1 and wl1.1 with same SSID (and WPA) together on freshly reseted r6300v2. I am pretty sure you cannot connect to this VAP
pix5650
DD-WRT User


Joined: 18 Feb 2007
Posts: 87
Location: Bern, Switzerland

PostPosted: Sun Nov 18, 2018 21:34    Post subject: Buffalo WZR-1750DHP Reply with quote
@quarkysg: Your patched wlconf fixes the VAP-issue on Buffalo WZR-1750DHP with Kong release r37715M.

Thanks!

_________________
Deployed:
Buffalo WZR-1750 - v3.0-r38580M kongac (02/05/19) - Router
Buffalo WZR-1750 - v3.0-r38580M kongac (02/05/19) - Client Bridge
Buffalo WZR-1750 - v3.0-r38100M kongac (12/27/18) - Router
Linksys WRT320 -> E2000 - v3.0-r33772 K30 mega (11/16/17) - Client Bridge

Others:
Buffalo WZR-1750, GL.iNet 6416, GL.iNet AR150, TP-Link TL-WR703N,
Linksys WRT610Nv2 -> E3000, Linksys E3000, Linksys E2000, Linksys WRT54GL
quarkysg
DD-WRT User


Joined: 03 May 2015
Posts: 300

PostPosted: Sun Nov 18, 2018 22:48    Post subject: Reply with quote
<Kong> wrote:

It probably is unit depended, maybe works on yours but not on his, I don't have any issues on mine with current code. VAPs have always been problematic, timing number of vaps units etc. it never has worked for all configs.


VAP has always been working for me until the changes was done recently to wlconf. It looks to me that the new MAC address computation algo is assigning the same MAC address to the virtual wireless interfaces. I guess the BCM wireless driver or the Linux kernel disagree with this and therefore the interface is not useable. The virtual interfaces finally ended up with invalid MAC addresses of 00:00:00:00:00:00.

In any case it looks like reverting the codes fixes the issue for all Northstar prototype router boards, or those boards using the BCM43xx chips.

Without looking at the driver codes, it’s hard to tell tho. Only you guys will be able to debug.
diogosena
DD-WRT Novice


Joined: 11 Jun 2011
Posts: 44

PostPosted: Mon Nov 19, 2018 10:55    Post subject: Reply with quote
i'm still using Firmware: DD-WRT v3.0-r36070M kongac (05/31/18)
This is the last VAP working version (and should be the current "stable" version)
Mile-Lile
DD-WRT Guru


Joined: 24 Feb 2013
Posts: 1516
Location: Belgrade

PostPosted: Mon Nov 19, 2018 13:27    Post subject: Reply with quote
quarkysg wrote:
In any case it looks like reverting the codes fixes the issue for all Northstar prototype router boards, or those boards using the BCM43xx chips.


not true... I have r6250 and current code works just fine for me... VAPs on both bands... unbridged... tested with or without wifi security...

what doesn't work for me is bridgeing those VAPs (wl0.1 and wl1.1) to separated br1 bridge... but I don't see purpose of this...
Goto page Previous  1, 2, 3, 4, 5, 6, 7  Next Display posts from previous:    Page 2 of 7
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum