Posted: Sun Jan 02, 2022 23:58 Post subject: Two RT-AC88U routers w/ r47153 . VHT160 works on one only.
Two RT-AC88U routers w/ r47153 . VHT160 works on one only.
Anyway to find out the exact model of one vs the other and if there is a specific HW difference and nvram command that might explain why VHT160 is an option on one but not the other. I would think Wave 2 is supported on both.
However, no Windows error as of yet when on the latest firmware stated earlier (r48128).
VTH160 is not available on either firmware. When I try to connect to the 5Ghz wl1 wireless network, the connection is made, IP received however traffic tapers off thereafter and pages take forever to load, if they load. SSH to the router halts midway after entering login creds.
When I disconnect and reconnect using another RT-AC88U router running r47153 without any issue, I notice that on the faulty RT-AC88U DD-WRT Status page, the wireless speed for wl1 drops to 6.5 Mbit/s from a high of 480Mbit/s, after a wireless connection was attempted.
Still not 100% sure what the issue is. Wondering if there is a way to get more detailed wireless log output that might indicate what the issue is vs what's in /var/log/messages or a a set of commands I could use to try and debug this issue, besides the nvram commands I have been using? _________________ Cheers, TK
------------------------
Ended up figuring out the issue recently when attempting for reimage another AC3100 unit.
Turned out this was an NVRAM issue caused by excessive VPN and iptable rules. The VPN rules I pushed to the router from a machine outside the router, combining both the UI settings with the the TLS certificates.
The iptables I sources from /jffs, where there's plenty of space. A quick writeup for others facing the same thing:
Haven't tried this but definitely will spend some time reading this. Thanks egc!
Most of my rules are for allowing inbound traffic after I totally blocked everything. Idea is block everything and allow only what's needed. Having said that, I end up making rules very specific for only the traffic, protocol and IP that is needed making each entry unique.
This is where my rules blossom. If you have any example setup of ipset with some sample configs, wouldn't mind taking a look so I can a jump on using it.
I probably would still utilize /jffs as much as possible since, noticed a curious thing. The Wireless UI settings page no longer listed some of the settings for 5Ghz or 2.4Ghz yet the amount of NVRAM space was apparently enough. So a bit confused why the Wireless UI page started to show all options once I move the F/W rules to /jffs.
This was the space left in nvram w/ firewall rules directly in rc_firewall:
# nvram show >/dev/null
size: 68727 bytes (62345 left)
The same case is observed on RT-AC88U and AC3100 (though realistically these two routers are identical but mentioning anyway in case there's some difference I don't know between the two).