Authentication failure on later builds for VAPs

Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3, 4, 5, 6, 7  Next
Author Message
pix5650
DD-WRT User


Joined: 18 Feb 2007
Posts: 87
Location: Bern, Switzerland

PostPosted: Mon Nov 19, 2018 18:27    Post subject: Reply with quote
Mile-Lile wrote:
not true... I have r6250 and current code works just fine for me... VAPs on both bands... unbridged... tested with or without wifi security...

what doesn't work for me is bridgeing those VAPs (wl0.1 and wl1.1) to separated br1 bridge... but I don't see purpose of this...


Your findings seem consistent with other feedback. The VAP issue only shows when bridging.

_________________
Deployed:
Buffalo WZR-1750 - v3.0-r38580M kongac (02/05/19) - Router
Buffalo WZR-1750 - v3.0-r38580M kongac (02/05/19) - Client Bridge
Buffalo WZR-1750 - v3.0-r38100M kongac (12/27/18) - Router
Linksys WRT320 -> E2000 - v3.0-r33772 K30 mega (11/16/17) - Client Bridge

Others:
Buffalo WZR-1750, GL.iNet 6416, GL.iNet AR150, TP-Link TL-WR703N,
Linksys WRT610Nv2 -> E3000, Linksys E3000, Linksys E2000, Linksys WRT54GL
Sponsor
Briefcase
DD-WRT Novice


Joined: 06 Nov 2011
Posts: 11

PostPosted: Mon Nov 19, 2018 18:59    Post subject: Reply with quote
Mile-Lile wrote:
quarkysg wrote:
In any case it looks like reverting the codes fixes the issue for all Northstar prototype router boards, or those boards using the BCM43xx chips.


not true... I have r6250 and current code works just fine for me... VAPs on both bands... unbridged... tested with or without wifi security...

what doesn't work for me is bridgeing those VAPs (wl0.1 and wl1.1) to separated br1 bridge... but I don't see purpose of this...


I am using this bridged setup to isolate private network from the guest network as described in this guide: https://flashrouters.zendesk.com/hc/en-us/articles/115000967873-How-To-Setup-a-DD-WRT-Guest-Wireless-Network-On-Your-FlashRouter Should I be using https://wiki.dd-wrt.com/wiki/index.php/Guest_WiFi_%2B_abuse_control_for_beginners instead? Is there any reason why the latter would be less secure (from a network perspective) then the first?

For the setup using the wiki, should i be specifying two separate subnets for 2.4Ghz guest network and 5Ghz guest network? Wouldn't this be a problem if I want to have them set to same SSID [both wl0.1 and wl1.1 set to SSID 'dd-wrt_guests' for instance]?
egc
DD-WRT Guru


Joined: 18 Mar 2014
Posts: 6181
Location: Netherlands

PostPosted: Mon Nov 19, 2018 19:45    Post subject: Reply with quote
Briefcase wrote:
Mile-Lile wrote:
quarkysg wrote:
In any case it looks like reverting the codes fixes the issue for all Northstar prototype router boards, or those boards using the BCM43xx chips.


not true... I have r6250 and current code works just fine for me... VAPs on both bands... unbridged... tested with or without wifi security...

what doesn't work for me is bridgeing those VAPs (wl0.1 and wl1.1) to separated br1 bridge... but I don't see purpose of this...


I am using this bridged setup to isolate private network from the guest network as described in this guide: https://flashrouters.zendesk.com/hc/en-us/articles/115000967873-How-To-Setup-a-DD-WRT-Guest-Wireless-Network-On-Your-FlashRouter Should I be using https://wiki.dd-wrt.com/wiki/index.php/Guest_WiFi_%2B_abuse_control_for_beginners instead? Is there any reason why the latter would be less secure (from a network perspective) then the first?

For the setup using the wiki, should i be specifying two separate subnets for 2.4Ghz guest network and 5Ghz guest network? Wouldn't this be a problem if I want to have them set to same SSID [both wl0.1 and wl1.1 set to SSID 'dd-wrt_guests' for instance]?


No it is ubbridged (in both cases) but your question is beside the topic please start a new thread for your question

_________________
Routers:Netgear R7800, R6400v1, R6400v2, Linksys EA8500, EA6900 (XvortexCFE), E2000 (converted WRT320N), WRT54GS v1.
OpenVPN Policy Based Routing guide: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321686
Install guide R6400v2:http://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399
OpenVPN Server Setup:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=318795
Install guide R7800: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614
Wireguard Server setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?p=1183135
Wireguard Client setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324624
Wireguard Advanced setup guide:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324787
Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
mac913
DD-WRT Guru


Joined: 02 May 2008
Posts: 1579
Location: Canada

PostPosted: Tue Nov 20, 2018 7:19    Post subject: Reply with quote
quarkysg wrote:
@Briefcase yes you’re correct. That’s exactly the portion of code that I’ve reverted. Seems to work for for the Northstar prototype boards whereas the latest code broke all the VIF configuration.

I’ve also raise a ticket as well:

https://svn.dd-wrt.com/ticket/6395

BrainSlayer denied that those codes are the root cause tho. He claims that newer drivers configured the MAC addresses using the new algorithm but it doesn't look right to me tho. The old codes looks correct.


quarkysq thanks for your solution it worked on my configuration on a R7000 I'm testing with Build 37715M (was on 36070M). I read that Kong and others don't have a problem with when using a "simple" unbridged VAP. But this is not practical for me and probably others when using VAPs with VLANs. All my VAPs are Bridged to VLANs and the changset 36366 breaks the way I need the networks with VAPs. I hope the Developers reconsider.

Thanks.

_________________
Home Network on Telus PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r44406 Std
R7000 - Wired ISP 4K IPTV Gateway - DDWRT r44406 Std

Off Site 1

R7000 - Gateway & WiFi & WireGuard - DDWRT r44406 Std
WRT610Nv1 - Client Bridge - DDWRT r33679 Mega K2.4

Off Site 2

R7000 - Gateway & WiFi - DDWRT r44406 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531


YAMon 3.4.6 | DNSCrypt-Proxy V2
shockdude
DD-WRT Novice


Joined: 06 Nov 2018
Posts: 3

PostPosted: Tue Nov 20, 2018 7:51    Post subject: Reply with quote
Netgear R6400v1, DD-WRT v3.0-r37715M kongac (11/14/18)
Same issue as others; want to bridge together a 2.4GHz VAP and a 5GHz VAP, but couldn't connect/authenticate to VAPs that are bridged together. VAPs work in unbridged mode, but that puts the 2.4GHz VAP and the 5GHz VAP are in different subnets.
Using quarkysg's wlconf, I can successfully connect to the bridged VAPs.

Use case for bridging both VAPs: using QoS to throttle both VAPs at once, instead of throttling each VAP independently. It also simplifies firewall rules.
grc
DD-WRT User


Joined: 11 Jul 2018
Posts: 87

PostPosted: Tue Nov 20, 2018 8:46    Post subject: Reply with quote
Mile-Lile wrote:
what doesn't work for me is bridgeing those VAPs (wl0.1 and wl1.1) to separated br1 bridge... but I don't see purpose of this...


Another purpose of this is to roaming between 2.4 and 5 Ghz. When the signal gets low the client can automatically switch to 2.4.
quarkysg
DD-WRT User


Joined: 03 May 2015
Posts: 297

PostPosted: Tue Nov 20, 2018 9:04    Post subject: Reply with quote
That’s how I use VAPs as well, bridged to the main bridge. I would think almost all typical users will use it as it is, I.e bridged to the main bridge interface. Expecting a typical users to configure the VAP in unbridged mode is a bit too much of an ask.

Therein lies the issues that needed to be looked into and fixed.
@m0eb@
DD-WRT User


Joined: 26 Dec 2015
Posts: 283

PostPosted: Sun Nov 25, 2018 11:04    Post subject: Reply with quote
egc wrote:
@Quarkysg, I use your patched wlconf (and your patched shortcut-fe.ko module) on my Netgear R6400v2 with the latest Kong build 37715 and can confirm that it works, without it I can not connect to the VAP, with the patched wlconf it starts to work.

@Quarkysg:

I too spent some time with my router R6400v2 (same one as egc) on 37715 and here's my config, followed by my observations:
2.4GHz + wl0.1 + wl0.2
5GHz + wl1.1
SSID1 in OpenDNS (Only 2.4GHz and not using VAP) ...in br1
SSID2 in Open VPN (5GHz + wl0.1) ... in br0
SSID3 direct to internet/ISP (wl0.2 + wl0.1) ...in br2

Following lines in startup:
sleep 10
stopservice nas
stopservice wlconf
/opt/wlconf/wlconf eth1 up
/opt/wlconf/wlconf eth2 up
startservice nas


This is working for a few hours and has lasted a few reboots. Twice I noticed that wl0.2 was vanishing and reappearing on WiFi Analyzer (Android phone). I manually ran your lines on telnet but this behaviour seemed to persist.

EDIT/ADD: Observed with various permutations. Put wl0.2 in all bridges - this is not very stable. Vanishes and reappears.

_________________
PROFESSIONAL STUDENT
my.Mistakes my.Learning ... provided I have the patience & persistence to learn
grc
DD-WRT User


Joined: 11 Jul 2018
Posts: 87

PostPosted: Tue Nov 27, 2018 7:27    Post subject: Reply with quote
for me bridged VAP works again on latest Kong build.
@m0eb@
DD-WRT User


Joined: 26 Dec 2015
Posts: 283

PostPosted: Tue Nov 27, 2018 14:52    Post subject: Reply with quote
grc wrote:
for me bridged VAP works again on latest Kong build.


Which build?
Which Router?
With or without Quarky's patch?

_________________
PROFESSIONAL STUDENT
my.Mistakes my.Learning ... provided I have the patience & persistence to learn
pix5650
DD-WRT User


Joined: 18 Feb 2007
Posts: 87
Location: Bern, Switzerland

PostPosted: Tue Nov 27, 2018 17:29    Post subject: Reply with quote
@m0eb@ wrote:
grc wrote:
for me bridged VAP works again on latest Kong build.


Which build?
Which Router?
With or without Quarky's patch?


Same for me. For details see thread "New <Kong> Test Build 37845 11-25-2018" https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=317610

_________________
Deployed:
Buffalo WZR-1750 - v3.0-r38580M kongac (02/05/19) - Router
Buffalo WZR-1750 - v3.0-r38580M kongac (02/05/19) - Client Bridge
Buffalo WZR-1750 - v3.0-r38100M kongac (12/27/18) - Router
Linksys WRT320 -> E2000 - v3.0-r33772 K30 mega (11/16/17) - Client Bridge

Others:
Buffalo WZR-1750, GL.iNet 6416, GL.iNet AR150, TP-Link TL-WR703N,
Linksys WRT610Nv2 -> E3000, Linksys E3000, Linksys E2000, Linksys WRT54GL
@m0eb@
DD-WRT User


Joined: 26 Dec 2015
Posts: 283

PostPosted: Tue Nov 27, 2018 17:52    Post subject: Reply with quote
pix5650 wrote:

Same for me. For details see thread "New <Kong> Test Build 37845 11-25-2018" https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=317610


THANX.
Will try it now without wasting any time

_________________
PROFESSIONAL STUDENT
my.Mistakes my.Learning ... provided I have the patience & persistence to learn
diogosena
DD-WRT Novice


Joined: 11 Jun 2011
Posts: 44

PostPosted: Tue Nov 27, 2018 22:39    Post subject: Reply with quote
ac68u using latest kong version, 5ghz vap still not working, 2.4ghz works without any workaround
B0ycee
DD-WRT Novice


Joined: 16 Nov 2018
Posts: 7

PostPosted: Tue Nov 27, 2018 23:59    Post subject: Reply with quote
Anyone tried this new build on a R7000P using bridged VAP?
mac913
DD-WRT Guru


Joined: 02 May 2008
Posts: 1579
Location: Canada

PostPosted: Wed Nov 28, 2018 1:34    Post subject: Reply with quote
grc wrote:
for me bridged VAP works again on latest Kong build.


It's still broken on my setup with 5 SSIDs. Build 3845M still has in effect quarkysg's work-around to keep my client's connected.

_________________
Home Network on Telus PureFibre - 10GbE Copper Backbone
2x R7800 - Gateway & WiFi & 3xWireGuard - DDWRT r44406 Std
R7000 - Wired ISP 4K IPTV Gateway - DDWRT r44406 Std

Off Site 1

R7000 - Gateway & WiFi & WireGuard - DDWRT r44406 Std
WRT610Nv1 - Client Bridge - DDWRT r33679 Mega K2.4

Off Site 2

R7000 - Gateway & WiFi - DDWRT r44406 Std
E2000 - Wired ISP IPTV PVR Blocker - DDWRT r35531


YAMon 3.4.6 | DNSCrypt-Proxy V2
Goto page Previous  1, 2, 3, 4, 5, 6, 7  Next Display posts from previous:    Page 3 of 7
Post new topic   This topic is locked: you cannot edit posts or make replies.    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum