Authentication failure on later builds for VAPs

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2, 3, 4, 5, 6, 7  Next
Author Message
SirDracula
DD-WRT User


Joined: 16 Feb 2007
Posts: 127

PostPosted: Sat Jan 19, 2019 4:38    Post subject: Reply with quote
I ended up in this thread from trying to get VAP working on an Asus RT-AC68U w/ Kong's latest r38100M 12/27/18. Running the unit in dumb access point only with WAN assigned to LAN as there's another wired router on the network. I'd like to have an isolated guest wifi on 2.4 radio only while the main 2.4 SSID still works. Security must work too. I tried creating the guest VAP but it either doesn't broadcast or I can't connect to it, the BSSID shows up as all 0s, etc.

Any chance to get this setup working? Or easier to just spend $20 on one of those GL.iNet OpenWRT travel routers and plug it in only when I need a guest network?

If not with the current build, what's the last stable build known to make this possible please?
Sponsor
SirDracula
DD-WRT User


Joined: 16 Feb 2007
Posts: 127

PostPosted: Sat Jan 19, 2019 17:51    Post subject: Reply with quote
I can confirm that the modified wlconf works on Asus RT-AC68U with bridged VAP. But now I can't get AP Isolation to work, guest clients can still talk to devices on the LAN. Router is in dumb access point mode, not sure if it's possible to get isolation in this mode.
SirDracula
DD-WRT User


Joined: 16 Feb 2007
Posts: 127

PostPosted: Tue Jan 22, 2019 17:38    Post subject: Reply with quote
One idea to make it all better and make the GUI work too if you are using the modified wlconf is to bind mount wlconf, assuming you put it on jffs:
Code:

mount -o bind /jffs/bin/wlconf /usr/sbin/wlconf
lpy
DD-WRT Novice


Joined: 17 Oct 2017
Posts: 27

PostPosted: Sat Jan 26, 2019 18:24    Post subject: Reply with quote
Asus RT-AC68U

I've been using 03-20-2018-r35452 for months because it was the latest stable version for me. Decided to try the latest 01-24-2019-r38381 and everything is fine except this issue.

I'm aware of the wlconf fix on page 1 but I found all I needed to do after a reboot was wlconf eth1 up; wlconf eth2 up;.

So I added that to the startup script using Telnet: nvram set rc_startup="sleep 60; wlconf eth1 up; wlconf eth2 up; sleep 60; wlconf eth1 up; wlconf eth2 up;" and everything seems ok. Can anyone shed any light on this? Is the fix really this simple for the Asus RT-AC68U? I'm not sure if this is ok or if I should use the patched wlconf method.
SirDracula
DD-WRT User


Joined: 16 Feb 2007
Posts: 127

PostPosted: Sat Jan 26, 2019 19:05    Post subject: Reply with quote
lpy wrote:
Asus RT-AC68U

I've been using 03-20-2018-r35452 for months because it was the latest stable version for me. Decided to try the latest 01-24-2019-r38381 and everything is fine except this issue.

I'm aware of the wlconf fix on page 1 but I found all I needed to do after a reboot was wlconf eth1 up; wlconf eth2 up;.

So I added that to the startup script using Telnet: nvram set rc_startup="sleep 60; wlconf eth1 up; wlconf eth2 up; sleep 60; wlconf eth1 up; wlconf eth2 up;" and everything seems ok. Can anyone shed any light on this? Is the fix really this simple for the Asus RT-AC68U? I'm not sure if this is ok or if I should use the patched wlconf method.


What is your VAP setup? Bridged or unbridged? Router mode or just WAP?

FWIW, I run my Asus RT-AC68U in just WAP mode, I bridge wl0.1 to a vlan5 for a Guest network (vlan5 goes up to a wired router that handles the security). Without the modified wlconf in this thread, I cannot authenticate to the Guest SSID.
lpy
DD-WRT Novice


Joined: 17 Oct 2017
Posts: 27

PostPosted: Sat Jan 26, 2019 19:18    Post subject: Reply with quote
SirDracula wrote:
What is your VAP setup? Bridged or unbridged? Router mode or just WAP?

FWIW, I run my Asus RT-AC68U in just WAP mode, I bridge wl0.1 to a vlan5 for a Guest network (vlan5 goes up to a wired router that handles the security). Without the modified wlconf in this thread, I cannot authenticate to the Guest SSID.


I don't know too much about all the settings, but if you mean in Wireless, I left it set as Bridged, and AP mode.

And in Networking, the bridging table is:
Code:
br0   no    eth1 eth2 vlan1
br1   yes   wl0.1 wl1.1
SirDracula
DD-WRT User


Joined: 16 Feb 2007
Posts: 127

PostPosted: Sat Jan 26, 2019 21:15    Post subject: Reply with quote
lpy wrote:
SirDracula wrote:
What is your VAP setup? Bridged or unbridged? Router mode or just WAP?

FWIW, I run my Asus RT-AC68U in just WAP mode, I bridge wl0.1 to a vlan5 for a Guest network (vlan5 goes up to a wired router that handles the security). Without the modified wlconf in this thread, I cannot authenticate to the Guest SSID.


I don't know too much about all the settings, but if you mean in Wireless, I left it set as Bridged, and AP mode.

And in Networking, the bridging table is:
Code:
br0   no    eth1 eth2 vlan1
br1   yes   wl0.1 wl1.1


Are you doing "up" twice for each interface or is that a typo and you meant to do down first then up?
> nvram set rc_startup="sleep 60; wlconf eth1 up; wlconf eth2 up; sleep 60; wlconf eth1 up; wlconf eth2 up;"
lpy
DD-WRT Novice


Joined: 17 Oct 2017
Posts: 27

PostPosted: Sun Jan 27, 2019 2:11    Post subject: Reply with quote
SirDracula wrote:
lpy wrote:
SirDracula wrote:
What is your VAP setup? Bridged or unbridged? Router mode or just WAP?

FWIW, I run my Asus RT-AC68U in just WAP mode, I bridge wl0.1 to a vlan5 for a Guest network (vlan5 goes up to a wired router that handles the security). Without the modified wlconf in this thread, I cannot authenticate to the Guest SSID.


I don't know too much about all the settings, but if you mean in Wireless, I left it set as Bridged, and AP mode.

And in Networking, the bridging table is:
Code:
br0   no    eth1 eth2 vlan1
br1   yes   wl0.1 wl1.1


Are you doing "up" twice for each interface or is that a typo and you meant to do down first then up?
> nvram set rc_startup="sleep 60; wlconf eth1 up; wlconf eth2 up; sleep 60; wlconf eth1 up; wlconf eth2 up;"

Twice, just as a backup in case the first 60-second delay isn't long enough, although it should be.
SirDracula
DD-WRT User


Joined: 16 Feb 2007
Posts: 127

PostPosted: Sun Jan 27, 2019 2:40    Post subject: Reply with quote
lpy wrote:
SirDracula wrote:
lpy wrote:
SirDracula wrote:
What is your VAP setup? Bridged or unbridged? Router mode or just WAP?

FWIW, I run my Asus RT-AC68U in just WAP mode, I bridge wl0.1 to a vlan5 for a Guest network (vlan5 goes up to a wired router that handles the security). Without the modified wlconf in this thread, I cannot authenticate to the Guest SSID.


I don't know too much about all the settings, but if you mean in Wireless, I left it set as Bridged, and AP mode.

And in Networking, the bridging table is:
Code:
br0   no    eth1 eth2 vlan1
br1   yes   wl0.1 wl1.1


Are you doing "up" twice for each interface or is that a typo and you meant to do down first then up?
> nvram set rc_startup="sleep 60; wlconf eth1 up; wlconf eth2 up; sleep 60; wlconf eth1 up; wlconf eth2 up;"

Twice, just as a backup in case the first 60-second delay isn't long enough, although it should be.


Not working here. All that does is completely kill the SSID broadcasts, can't even see the networks anymore and it sets BSSID: 00:00:00:00:00:00 for all wifi interfaces.
lpy
DD-WRT Novice


Joined: 17 Oct 2017
Posts: 27

PostPosted: Sun Jan 27, 2019 3:06    Post subject: Reply with quote
SirDracula wrote:
Not working here. All that does is completely kill the SSID broadcasts, can't even see the networks anymore and it sets BSSID: 00:00:00:00:00:00 for all wifi interfaces.

Interesting. Unfortunately I don't really know enough to know why that's happening, I just read through this thread and found what works for me.

In my case the Physical Interface is 192.168.1.x and Virtual Interfaces is 192.168.2.x. All 4 appear (2.4GHz & 5GHz) but the 2 virtual interfaces won't authenticate unless I use the wlconf command.
bernieke
DD-WRT Novice


Joined: 11 Oct 2018
Posts: 7

PostPosted: Sun Feb 10, 2019 9:28    Post subject: Reply with quote
Netgear R6400v2 (OTP) here.

VAP bridged with VLAN

After the upgrade to Kong 38580M (from Kong 37015M) my VAP started working, provided I reboot the router after I change any settings surrounding the network config.

I still see the same MAC address for both the 2.4G VAP interface and the 5G physical interface:
eth1 MAC1
wl0.1 MAC2
eth2 MAC2
But this apparently doesn't prevent things from working.

If I add a wl1.1 it gets MAC3 by the way, to further confuse things...
SirDracula
DD-WRT User


Joined: 16 Feb 2007
Posts: 127

PostPosted: Sun Feb 10, 2019 21:40    Post subject: Reply with quote
bernieke wrote:
Netgear R6400v2 (OTP) here.

VAP bridged with VLAN

After the upgrade to Kong 38580M (from Kong 37015M) my VAP started working, provided I reboot the router after I change any settings surrounding the network config.

I still see the same MAC address for both the 2.4G VAP interface and the 5G physical interface:
eth1 MAC1
wl0.1 MAC2
eth2 MAC2
But this apparently doesn't prevent things from working.

If I add a wl1.1 it gets MAC3 by the way, to further confuse things...


Are you sure you're getting MAC2 for both eth2 and wl0.1? Pay attention to the 1st byte of the MAC, I thought I was getting the same one but one started with AC and the other with AE (which is in the locally managed space for MAC addresses) but the rest of the bytes were all the same, easy to think it's the same when looking quickly.
bernieke
DD-WRT Novice


Joined: 11 Oct 2018
Posts: 7

PostPosted: Mon Feb 11, 2019 4:56    Post subject: Reply with quote
SirDracula wrote:

Are you sure you're getting MAC2 for both eth2 and wl0.1? Pay attention to the 1st byte of the MAC, I thought I was getting the same one but one started with AC and the other with AE (which is in the locally managed space for MAC addresses) but the rest of the bytes were all the same, easy to think it's the same when looking quickly.


Wow, you're right. Color me embarrassed...
SirDracula
DD-WRT User


Joined: 16 Feb 2007
Posts: 127

PostPosted: Mon Feb 11, 2019 5:23    Post subject: Reply with quote
bernieke wrote:
SirDracula wrote:

Are you sure you're getting MAC2 for both eth2 and wl0.1? Pay attention to the 1st byte of the MAC, I thought I was getting the same one but one started with AC and the other with AE (which is in the locally managed space for MAC addresses) but the rest of the bytes were all the same, easy to think it's the same when looking quickly.


Wow, you're right. Color me embarrassed...


Don't worry, you're not the only one. Easy mistake to make when you're frustrated things don't work right. More about locally administered MAC addresses in the answer here:
https://serverfault.com/questions/40712/what-range-of-mac-addresses-can-i-safely-use-for-my-virtual-machines
cristiancl
DD-WRT Novice


Joined: 04 Apr 2019
Posts: 3

PostPosted: Thu Apr 04, 2019 2:28    Post subject: Reply with quote
<Kong> wrote:
@m0eb@ wrote:
<Kong> wrote:
Using these commands together is bullshit anyways, if you want to turn off both radios use

startservice radio_off -f
startservice radio_on -f

any radio_off/radio_on no matter if you just turn only one radio off, will stop start wlconf/nas for all interfaces, and since we are multithreaded, this can conflict.

There are no commits right now, because I just rolled back my drivers since BS is playing with newer driver code for upcoming units.

Fail to understand what's going on !!

This is a landmark version with minor bugs.
Stopping NAS and wlconf and restarting them post reboot is giving me almost no issues (I am not using Quarky's patched wlconf file anyore - which WAS a lifesaver for past versions). Up and running for >72 hours now, with multiple manual reboots

Why stop when we are 99.9% there?
I would suggest that we have ONE quickfix version that works with WAP (maybe a couple of stop-start lines extra).
Let the community work with it while BS comes up with his newer code (which will take some time - but be
the final 'official' solution).

dd-wrt is the best there is. Kong & BS (and I do need to mention QSQ) have the thanks of the community.


Unfortunately just playing with wlconf nas etc. won't work for all units in the same way, since the radios are not the same. And it also completely different if you use them in bridged non-bridged 2 vaps 4 vaps etc.

The only solution is to rework the code so it handles every interface independently.



Kong, would you mind to share the last build that had VAP working? i've tried the stable version (23/09/18 ) available on your site but it didn't fix the issue. Even after erasing NVRAM

Thank you for your work Very Happy
Goto page Previous  1, 2, 3, 4, 5, 6, 7  Next Display posts from previous:    Page 5 of 7
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum