Posted: Sat Nov 27, 2021 20:01 Post subject: [SOLVED] Help - Recurring connection problems
(Ok, here it is, as a single topic.. this kind of info i've been recurring reporting in the new builds topics (since i installed dd-wrt has been a permanent problem in every build i install)
TP-Link TL-WR841ND v10 Build: r47665 std (11/24/21) (but happened in every other)
Previous/Reset: r47644 / web install / no reset
Mode/Status: AP / Client Bridge
As i said, i started using DD-WRT just some months ago.. but in every build i've been trying the router, used as an AP/Bridge, seems perfectly fine and with good signal until the signal just disappears and i have problem even connecting or pinging any of the routers (failure or large seconds of ping response time)
This is the recent logs from syslog|var/log/messages:
Code:
Nov 27 18:30:33 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx MLME: auth request, signal -65 (Accepted)
Nov 27 18:30:33 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
Nov 27 18:30:33 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx MLME: assoc request, signal -65 (Accepted)
Nov 27 18:30:33 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
Nov 27 18:30:33 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session 2EFB94870B2197BA
Nov 27 18:30:33 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx WPA: pairwise key handshake completed (RSN)
Nov 27 18:30:38 xxxxx daemon.err httpd[1280]: [httpd] : Request Error Code 408: No request appeared within a reasonable time period.
Nov 27 18:33:54 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx MLME: auth request, signal -63 (Accepted)
Nov 27 18:33:54 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
Nov 27 18:33:54 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx MLME: assoc request, signal -64 (Accepted)
Nov 27 18:33:54 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
Nov 27 18:33:54 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session 6F4198873EFAE026
Nov 27 18:33:54 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx WPA: pairwise key handshake completed (RSN)
Nov 27 18:34:25 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx MLME: auth request, signal -64 (Accepted)
Nov 27 18:34:25 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx MLME: auth request, signal -59 (Accepted)
Nov 27 18:34:25 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
Nov 27 18:34:25 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx MLME: assoc request, signal -64 (Accepted)
Nov 27 18:34:25 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
Nov 27 18:34:25 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session BB7F8F5D8292752D
Nov 27 18:34:25 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx WPA: pairwise key handshake completed (RSN)
Nov 27 18:35:05 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx MLME: auth request, signal -64 (Accepted)
Nov 27 18:35:05 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
Nov 27 18:35:05 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx MLME: assoc request, signal -64 (Accepted)
Nov 27 18:35:05 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
Nov 27 18:35:05 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session 7F135E2D138BBF5C
Nov 27 18:35:05 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx WPA: pairwise key handshake completed (RSN)
Nov 27 18:35:25 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx MLME: auth request, signal -65 (Accepted)
Nov 27 18:35:25 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
Nov 27 18:35:25 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx MLME: assoc request, signal -65 (Accepted)
Nov 27 18:35:25 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
Nov 27 18:35:25 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session 6DE377F9FDE5F8E0
Nov 27 18:35:25 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx WPA: pairwise key handshake completed (RSN)
Nov 27 18:35:30 xxxxx daemon.err httpd[1280]: [httpd] : Request Error Code 408: Unexpected connection close in intitial request.
Nov 27 18:47:27 xxxxx daemon.err httpd[1280]: [httpd] : Request Error Code 408: No request appeared within a reasonable time period.
Nov 27 18:47:35 xxxxx daemon.err httpd[1280]: [httpd] : Request Error Code 408: No request appeared within a reasonable time period.
Nov 27 18:48:31 xxxxx daemon.err httpd[1280]: [httpd] : Request Error Code 408: No request appeared within a reasonable time period.
Nov 27 18:49:38 xxxxx daemon.err httpd[1280]: [httpd] : Request Error Code 408: No request appeared within a reasonable time period.
Nov 27 18:49:57 xxxxx daemon.err httpd[1280]: [httpd] : Request Error Code 408: No request appeared within a reasonable time period.
Nov 27 18:50:46 xxxxx daemon.err httpd[1280]: [httpd] : Request Error Code 408: No request appeared within a reasonable time period.
Nov 27 18:55:19 xxxxx daemon.err httpd[1280]: [httpd] : Request Error Code 408: No request appeared within a reasonable time period.
Nov 27 18:56:36 xxxxx daemon.err httpd[1280]: [httpd] : Request Error Code 408: No request appeared within a reasonable time period.
Nov 27 19:01:00 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx MLME: auth request, signal -54 (Accepted)
Nov 27 19:01:00 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
Nov 27 19:01:00 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx MLME: assoc request, signal -53 (Accepted)
Nov 27 19:01:00 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 2)
Nov 27 19:01:00 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session 106B711C4AF3F19B
Nov 27 19:01:00 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx WPA: pairwise key handshake completed (RSN)
Nov 27 19:14:57 xxxxx daemon.err httpd[1280]: [httpd] : Request Error Code 408: No request appeared within a reasonable time period.
Nov 27 19:14:57 xxxxx daemon.err httpd[1280]: [httpd] : Request Error Code 408: No request appeared within a reasonable time period.
Nov 27 19:14:57 xxxxx daemon.err httpd[1280]: [httpd] : Request Error Code 408: No request appeared within a reasonable time period.
Nov 27 19:16:35 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx WPA: group key handshake completed (RSN)
Nov 27 19:16:35 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx WPA: group key handshake completed (RSN)
Nov 27 19:16:48 xxxxx daemon.debug ntpclient[23521]: Connecting to 194.117.47.42 [194.117.47.42] ...
Nov 27 19:16:48 xxxxx daemon.info ntpclient[23521]: Time set from 194.117.47.42 [194.117.47.42].
Nov 27 19:16:48 xxxxx daemon.info process_monitor[2030]: cyclic NTP Update success (servers 194.117.47.42)
Nov 27 19:16:48 xxxxx user.info : [sfe] : shortcut forwarding engine successfully stopped
Nov 27 19:19:26 xxxxx daemon.err httpd[1280]: [httpd] : Request Error Code 408: No request appeared within a reasonable time period.
Nov 27 19:28:49 xxxxx daemon.err httpd[1280]: [httpd] : Request Error Code 408: No request appeared within a reasonable time period.
Nov 27 19:29:26 xxxxx daemon.err httpd[1280]: [httpd] : Request Error Code 408: No request appeared within a reasonable time period.
Nov 27 19:29:31 xxxxx daemon.err httpd[1280]: [httpd] : Request Error Code 408: No request appeared within a reasonable time period.
Nov 27 19:31:59 xxxxx daemon.err httpd[1280]: [httpd] : Request Error Code 408: No request appeared within a reasonable time period.
Nov 27 19:39:17 xxxxx daemon.err httpd[1280]: [httpd] : Request Error Code 408: No request appeared within a reasonable time period.
Nov 27 19:40:29 xxxxx daemon.err httpd[1280]: [httpd] : Request Error Code 408: No request appeared within a reasonable time period.
Nov 27 19:40:44 xxxxx daemon.err httpd[1280]: [httpd] : Request Error Code 408: No request appeared within a reasonable time period.
Nov 27 19:42:00 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: disconnected due to excessive missing ACKs
Nov 27 19:42:30 xxxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
Nov 27 19:43:20 xxxxx daemon.err httpd[1280]: [httpd] : Request Error Code 408: No request appeared within a reasonable time period.
Nov 27 19:48:03 xxxxx daemon.err httpd[1280]: [httpd] : Request Error Code 408: No request appeared within a reasonable time period.
thanks
Edit(20211206): added [SOLVED] to post subject
Last edited by besteiro on Mon Dec 06, 2021 16:32; edited 1 time in total
As for the rest its hard to know, I see you have RADIUS setup, which may be the cause, hard to know where failure is specifically, log entries only spam the 408 code.
Perhaps you want to make sure your RADIUS setup is not the cause by using wpa2 aes directly and see how that behaves.
If that works you will know where to look for possible setup issues/bug RADIUS side.
Also make sure when you have upgraded that you clear the nvram.
I recommend you however make a txt backup of your nvram settings for reference.
Via SSH/Telnet do
Code:
nvram show > /tmp/my-nvram.txt
and then grab that file to your desktop or preferred location, before clearing your nvram so you have a reference when you reprogram the router again.
I don't think 4MB flash devices have an internal RADIUS server, unless it's part of the CoovaChili package (which I highly doubt). It would have to be an external RADIUS server. The only thing I know is that all of the (usual) hotspot configs are there. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
about the RADIUS thing.. i don't remember ever configuring it.. in Wireless Security i just have WPA2P/CCMP-128 (AES).. nothing more.. i didn't find it either in Basic Settings of the Wireless Interfaces (WLAN0 Client Bridge / WLAN0.1 AP)
About the configs, i've done what KP69 indicated.. the recycle was 0 already but the tcp_tw_reuse was with 1.. don't know if this can indicate you anything..
about the reset after upgrade i really don't mind of reconfiguring the router from base (i don't use much of the services).. the only thing is about the MAC filter white list.. is there a way to "import" / "export" this from my current config to a new (reset) one?
edit(log after tcp_tw vars update and reboot.. still RADIUS)
Code:
Jan 1 00:00:49 xxxx daemon.debug ntpclient[1331]: Connecting to 194.117.47.42 [194.117.47.42] ...
Nov 29 12:03:23 xxxx daemon.info ntpclient[1331]: Time set from 194.117.47.42 [194.117.47.42].
Nov 29 12:03:23 xxxx daemon.info process_monitor[1269]: cyclic NTP Update success (servers 194.117.47.42)
Nov 29 12:03:23 xxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx WPA: group key handshake completed (RSN)
Nov 29 12:03:24 xxxx user.info : [sfe] : shortcut forwarding engine successfully stopped
Nov 29 12:03:24 xxxx user.info : [sfe] : shortcut forwarding engine successfully started
Nov 29 12:03:24 xxxx user.info : [sfe] : shortcut forwarding engine successfully stopped
Nov 29 12:03:24 xxxx user.info root: WireGuard number of non failed tunnels in fail set: 0
Nov 29 12:03:25 xxxx user.info : [sfe] : shortcut forwarding engine successfully started
Nov 29 12:03:26 xxxx user.info : [sfe] : shortcut forwarding engine successfully started
Nov 29 12:03:26 xxxx daemon.debug process_monitor[1269]: Restarting cron (time sync change)
Nov 29 12:03:26 xxxx user.info : [cron] : daemon successfully stopped
Nov 29 12:03:26 xxxx user.info : [cron] : daemon successfully started
Nov 29 12:03:26 xxxx cron.info cron[1837]: (CRON) STARTUP (fork ok)
Nov 29 12:03:26 xxxx user.info : [process_monitor] : daemon successfully stopped
Nov 29 12:03:26 xxxx daemon.info process_monitor[1269]: [process_monitor] : cleanup timers
Nov 29 12:03:26 xxxx user.info : [process_monitor] : successfully started
Nov 29 12:03:26 xxxx daemon.debug process_monitor[1842]: We need to re-update after 3600 seconds
Nov 29 12:03:26 xxxx daemon.info process_monitor[1842]: [process_monitor] : set timer: 3600 seconds, callback: ntp_main()
Nov 29 12:03:35 xxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx MLME: auth request, signal -67 (Accepted)
Nov 29 12:03:35 xxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
Nov 29 12:03:35 xxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx MLME: assoc request, signal -66 (Accepted)
Nov 29 12:03:35 xxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
Nov 29 12:03:35 xxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session 9EAAB03A7186752E
Nov 29 12:03:35 xxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx WPA: pairwise key handshake completed (RSN)
Nov 29 12:11:31 xxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx MLME: auth request, signal -48 (Accepted)
Nov 29 12:11:31 xxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
Nov 29 12:11:31 xxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx MLME: assoc request, signal -49 (Accepted)
Nov 29 12:11:31 xxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 2)
Nov 29 12:11:31 xxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx RADIUS: starting accounting session D75FFA64B12B3F1B
Nov 29 12:11:31 xxxx daemon.info hostapd: wlan0.1: STA xx:xx:xx:xx:xx:xx WPA: pairwise key handshake completed (RSN)
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Mon Nov 29, 2021 13:29 Post subject:
Something is connecting to the router via Radius authentication, and none of the Sysctl tweaks will make Radius setup disapear, I dont even know where that idea came from, I suppose its some mi-understanding or mix up.
In any case, Its there, it exists and the fact you dont know how its setup, is not encouraging either. My advice stands, you need to find it and kill it, in order to rule out issues being caused by specific setups.
Look also to the clients connecting and ensure they aren't trying to use something that's not setup, like Radius.
I'm out, I think I just have to take out my fingers off this pie =) Too many pies and I'm not a juggler.
The RADIUS thing may be some kind of default with the implementation of hostapd on this router and an anomaly. I would have to dig further. Not knowing exact router configuration with screenshots, I can only grasp at straws. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
...
about the reset after upgrade i really don't mind of reconfiguring the router from base...
Its nessesary to check out if this is a config issue or build issue. I would downgrade to the r40750 known as solid build on this hardware with factory reset and manually reconfigure.
A config problem should recreate the issue. Keep in mind that on this hardware it may be nessesary to set vlan for the LAN ports to work, I recommend after basic setup to check LAN- LAN communication, before attaching external services to it.
The RADIUS thing may be some kind of default with the implementation of hostapd on this router and an anomaly. I would have to dig further. Not knowing exact router configuration with screenshots, I can only grasp at straws.
Joined: 08 May 2018 Posts: 14242 Location: Texas, USA
Posted: Mon Nov 29, 2021 20:09 Post subject:
Not sure why you have RTS/CTS mode enabled on your VAP, but that isn't necessary and could be causing issues because you do not have a threshold enabled and set. Also not sure why you have an RTS threshold set on your main wireless interface in CB mode, with no protection mode set. Neither may be required for CB mode to work with a VAP. If anything, you would set protection mode to RTS/CTS on the CB with a threshold of at least 980 if not 1350; the current recommendations from the wiki are 980 - 1500 for client modes. You would not set these on the VAP, whatsoever. If that is somehow getting mucked up and does not save or show properly, that's not good. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Not sure why you have RTS/CTS mode enabled on your VAP, but that isn't necessary and could be causing issues because you do not have a threshold enabled and set. Also not sure why you have an RTS threshold set on your main wireless interface in CB mode, with no protection mode set. Neither may be required for CB mode to work with a VAP. If anything, you would set protection mode to RTS/CTS on the CB with a threshold of at least 980 if not 1350; the current recommendations from the wiki are 980 - 1500 for client modes. You would not set these on the VAP, whatsoever. If that is somehow getting mucked up and does not save or show properly, that's not good.
I don't know if this is relevant for your debugging but i only did this now (morning here).. but i think that values change yesterday in sysctl had some good effect.. at least after that i didn't had (or noticed) the recurring problems i was reporting..
so.. this went to real problems again.. just stop responding.. i couldn't had a decent connection even to this router.. i had to shut it down so i could access it again..
i grep'ed the nvram show for radius related things.. but seems to me nothing is on (despite i don't understand why there are 5 wlan when i only have the 0/0.1)
but there is a value that's bugging me.. the wlan0.1_radius_retry has 600.. and that seems the time (10secs) value in consecutive pairwise radius/auth consecutive lines i have in syslog when the problems seem to trigger
Another thing besides the previous posts... i installed last build and was just navigating by dd-wrt config pages to see if i could get something that's RADIUS related..
In Administration\Router Management i have 802.1x enabled... could it be the reason for this (whole) problem?
Yes. Are you connecting to an 802.1x AP with this device?
guess not.. i think i misunderstood the ddwrt help about this ("A limited 802.1x server needed to fulfill WPA handshake requirements to allow Windows XP clients to work with WPA.).. as i have an old pc with XP i thought i had to enabled this.. funny because i don't use the XP so often
i'll disable this now and give the new build some uptime.. i'll give feedback later..
Joined: 08 May 2018 Posts: 14242 Location: Texas, USA
Posted: Tue Nov 30, 2021 20:23 Post subject:
That's a new one on me. 802.1x/EAP is for connecting to a public wifi AP that supports it AFAIK. There's two places I know of that there is anything related to this: management page and wireless security page... _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net