Posted: Sun Oct 10, 2021 7:38 Post subject: New Build - 10/10/2021 - r47528
[WARNING]: This thread is only for feedback on this beta release for developers and the community's benefit.
DO NOT flash this beta release unless you understand the risks involved and device specificrecovery methods.
Avoid discussions! Create threads for questions, general problems or use search; this thread is not for support.
Please list router model & revision, operating & wireless mode(s) and exact filename/firmware image flashed.
Issues:
• Show us your findings with steps to reproduce, configuration, output, logs and important information below!
Important:
• For issues provide applicable info: 'dmesg', 'cat /tmp/var/log/messages', syslog, klog, serial, strace, tcpdump, wireshark etc.
• Any firewall NAT or WAN issues, show output: 'iptables -vnL', 'iptables -t nat -vnL', 'iptables -t mangle -vnL' and /tmp/.ipt file.
• Search SVN tickets & discuss in forum before opening. Before reporting: reset & manually set up, not restore from a backup.
• Please include operating & wireless modes (e.g. Gateway, Router, AP, CB, WDS, Mesh) & relevant configuration information.
Router/Version: 3200ACM v1 File/Kernel: ddwrt-linksys-wrt3200acm-webflash.bin/DD-WRT v3.0-r47528 std (10/10/21) Previous/Reset: 10-04-2021-r47510 / No Mode/Status: Router/AP Issues/Errors: So far only one issue I've found which is only cosmetic. In the status > syslog tab, the previous and next buttons have odd characters before and after, respectively, but the buttons do work. I'll update if there's any other issues found. _________________ Router: Linksys WRT3200ACM WLAN0 and 1 have same SSID
88W8964 802.11ac WLAN0 Mode AP VHT80 80MHz Mixed Mode Channel and Extension Channel Auto Extension LL-6
88W8964 802.11ac WLAN1 Mode AP 20 MHz Mixed Mode Channel Auto
SD8887 802.11ac disabled but visible on GUI and CLI
TX Power 18 dBm
Antenna Gain 0 dBi
U-APSD (Automatic Power Save)Enabled
Protection Mode None
RTS Threshold Disabled
Short Preamble Disabled
Short GI Enabled
Single User Beamforming Enabled
Multi User Beamforming Enabled
AP Isolation Disabled
Beacon Interval 100
DTIM Interval 2
WMM Support Enabled
Radar Detection Disabled
ScanList default
Sensitivity Range (ACK Timing) 500 (Default: 500 meters)
Max Associated Clients 256 (Default: 256 Clients)
Minimum Signal for authenticate -128
Minimum Signal for connection -128
Poll Time for signal lookup 10
Amount of allowed low signals 3
Wireless security is WPA2 Personal CCMP-128 only
QAM256 is on
Since r47528 I have had a display error in the buttons, possibly something was messed around here in the character table. Here is a picture, the two buttons below are affected.
Posted: Fri Oct 15, 2021 7:47 Post subject: Net Isolation on Guest VAP
Router/Version: Linksys WRT3200ACM
File/Kernel: Linux version 4.9.285 (root@server2) (gcc version 11.1.0 (OpenWrt GCC 11.1.0 r16904-a4e2766a5b) ) #2895 SMP Sun Oct 10 03:12:22 +07 2021
Previous/Reset: v3.0-r47381 std (09/08/21)
Mode/Status: Router/AP
Issues/Errors: (Net Isolation on Guest VAP) - After upgrading r47381 to r47528 with reset and scratch build, everything seemed to be working well until I noticed my guest network had access to the router GUI, and also an external USB hard drive attached to the router.
Net Isolation on VAP:
After upgrading r47381 to r47528 with reset and scratch build, everything seemed to be working well until I noticed my guest network had access to the router GUI, and also my external USB hard drive attached to the router.
To be absolutely sure, I reset my router to default stock firmware for (BOTH) versions and followed these very minimum steps to reproduce the issue.
-Load r47381 - (reset)
nvram erase && reboot - extra clear/boot to be absolutely sure I'm starting from scratch.
-Load r47528 - (reset)
nvram erase && reboot - extra clear/boot to be absolutely sure I'm starting from scratch.
I followed these steps with NO other modifications for both versions. I also checked to see which partition I was loading to.
STEPS:
Log in to 192.168.1.1
Set Router Username
Set Router Password
Confirm Password
Setup/Basic Setup
• NTP Client (Enable)
• Set Time Zone
• Set Server/IP Name
• Save/Apply
Wireless/Basic Settings
• Add Virtual AP to wlan0
• Save/Apply/Reboot
• Log in again
• -- Advanced Settings wlan0.1
• AP Isolation (Enable)
• Network Configuration (Unbridged)
• Net Isolation (Enable)
• IP Address (192.168.2.1/24)
• Save/Apply/Reboot
I connected to the VAP and ran a Lan Scan from an android phone to produce the attached screen captures, which validated the reason I could hit the router GUI and my router attached USB hard drive.
It would be great if someone could reproduce these steps, or simply test adding a guest configured VAP, unless you may already have one configured. Simply test your lan access. Any help would be greatly appreciated.
Btw - I'm not sure when this issue occurred since I realize there are several versions in between 381 and 528. I went back to 381 because I was sure Net Isolation was working at that version.
Last edited by papagdog on Fri Oct 15, 2021 20:31; edited 1 time in total
Joined: 04 Aug 2018 Posts: 1446 Location: Appalachian mountains, USA
Posted: Fri Oct 15, 2021 13:03 Post subject:
USB and the router GUI have always been accessible from every subnet. It's not a bug.
Edit: People who know the big picture better than I are digging into it below, so maybe my routers are a special case because I implement my own net isolation with iptables commands. So let's just stand back and learn! _________________ 2x Netgear XR500 and 3x Linksys WRT1900ACSv2 on 53544: VLANs, VAPs, NAS, station mode, OpenVPN client (AirVPN), wireguard server (AirVPN port forward) and clients (AzireVPN, AirVPN, private), 3 DNSCrypt providers via VPN.
Posted: Fri Oct 15, 2021 13:28 Post subject: Net Isolation on Guest VA
Yes, I do understand the difference in how AP Isolation and Net Isolation function respectively. AP Isolation is still working in both versions. I tested each feature independently of the other. I included both in my scenario for a sanity check. Net Isolation was definitely working on r47381.
Joined: 18 Mar 2014 Posts: 12837 Location: Netherlands
Posted: Fri Oct 15, 2021 13:50 Post subject: Re: Net Isolation on Guest VA
papagdog wrote:
Yes, I do understand the difference in how AP Isolation and Net Isolation function respectively. AP Isolation is still working in both versions. I tested each feature independently of the other. I included both in my scenario for a sanity check. Net Isolation was definitely working on r47381.
Show output of (from CLI):
iptables -vnL FORWARD
iptables -vnL INPUT
Posted: Fri Oct 15, 2021 14:52 Post subject: Re: Net Isolation on Guest VAP
egc wrote:
Show output of (from CLI):
iptables -vnL FORWARD
iptables -vnL INPUT
If possible from both versions to compare
To be sure you did not setup as a Wireless Access Point but as a router in gateway mode where the WAN is connected to the internet (or another router)
I'll be glad to get the outputs but it will take a while. To reiterate, I did not make any other changes to the default configuration when following the previously listed steps. Default configuration for Wireless Mode = "AP". There are no other routers in my configuration.
Posted: Fri Oct 15, 2021 20:30 Post subject: Re: Net Isolation on Guest VAP
egc wrote:
Show output of (from CLI):
iptables -vnL FORWARD
iptables -vnL INPUT
If possible from both versions to compare
To be sure you did not setup as a Wireless Access Point but as a router in gateway mode where the WAN is connected to the internet (or another router)
I've gone through this again and configured both versions individually and exactly as I noted in my first response to this thread. The differences between the two (iptables -vnL INPUT) records appears to show some definite discrepancies, although I don't declare myself an expert by any means.
I've attached a text file for your review. Thanks!
--- I deleted the attached .jpg images as they were annoyingly ugly and were polluting this topic.
Last edited by papagdog on Sat Oct 16, 2021 1:33; edited 3 times in total