Ancient ios8 device, instant deauthenticated due to inactivity

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi. I'm trying to set up an old ipad with IOS8.1 as a dumb screen, but it refuses to connect.

I created a guest network using psk2 only (not even negotiate psk3), on 2.4ghz.

when i try to connect, it shows as disconnecting by inactivity in a split second. (so, don't think this is related to https://github.com/openwrt/openwrt/issues/8379 )

Wed Jun 25 19:37:15 2025 daemon.notice hostapd: wl0-ap1: AP-STA-DISCONNECTED a8:88:09:aa:b1:33
Wed Jun 25 19:37:15 2025 daemon.info hostapd: wl0-ap1: STA a8:88:09:aa:b1:33 IEEE 802.11: disassociated
Wed Jun 25 19:37:16 2025 daemon.info hostapd: wl0-ap1: STA a8:88:09:aa:b1:33 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
Wed Jun 25 19:37:17 2025 daemon.info hostapd: wl0-ap1: STA a8:88:09:aa:b1:33 IEEE 802.11: authenticated
Wed Jun 25 19:37:17 2025 daemon.info hostapd: wl0-ap1: STA a8:88:09:aa:b1:33 IEEE 802.11: associated (aid 1)
Wed Jun 25 19:37:17 2025 daemon.notice hostapd: wl0-ap1: AP-STA-CONNECTED a8:88:09:aa:b1:33 auth_alg=open
Wed Jun 25 19:37:17 2025 daemon.info hostapd: wl0-ap1: STA a8:88:09:aa:b1:33 WPA: pairwise key handshake completed (RSN)
Wed Jun 25 19:37:17 2025 daemon.notice hostapd: wl0-ap1: EAPOL-4WAY-HS-COMPLETED a8:88:09:aa:b1:33
Wed Jun 25 19:37:17 2025 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-guest) a8:88:09:aa:b1:33
Wed Jun 25 19:37:17 2025 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-guest) 192.168.3.137 a8:88:09:aa:b1:33
Wed Jun 25 19:37:17 2025 daemon.notice hostapd: wl0-ap1: AP-STA-DISCONNECTED a8:88:09:aa:b1:33
Wed Jun 25 19:37:17 2025 daemon.info hostapd: wl0-ap1: STA a8:88:09:aa:b1:33 IEEE 802.11: disassociated
Wed Jun 25 19:37:18 2025 daemon.info hostapd: wl0-ap1: STA a8:88:09:aa:b1:33 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
Wed Jun 25 19:37:19 2025 daemon.info hostapd: wl0-ap1: STA a8:88:09:aa:b1:33 IEEE 802.11: authenticated
Wed Jun 25 19:37:19 2025 daemon.info hostapd: wl0-ap1: STA a8:88:09:aa:b1:33 IEEE 802.11: associated (aid 1)
Wed Jun 25 19:37:19 2025 daemon.notice hostapd: wl0-ap1: AP-STA-CONNECTED a8:88:09:aa:b1:33 auth_alg=open
Wed Jun 25 19:37:19 2025 daemon.info hostapd: wl0-ap1: STA a8:88:09:aa:b1:33 WPA: pairwise key handshake completed (RSN)
Wed Jun 25 19:37:19 2025 daemon.notice hostapd: wl0-ap1: EAPOL-4WAY-HS-COMPLETED a8:88:09:aa:b1:33
Wed Jun 25 19:37:19 2025 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-guest) a8:88:09:aa:b1:33
Wed Jun 25 19:37:19 2025 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-guest) 192.168.3.137 a8:88:09:aa:b1:33
Wed Jun 25 19:37:19 2025 daemon.notice hostapd: wl0-ap1: AP-STA-DISCONNECTED a8:88:09:aa:b1:33
Wed Jun 25 19:37:20 2025 daemon.info hostapd: wl0-ap1: STA a8:88:09:aa:b1:33 IEEE 802.11: disassociated
Wed Jun 25 19:37:21 2025 daemon.info hostapd: wl0-ap1: STA a8:88:09:aa:b1:33 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)

(and then it just keeps trying over and over)

settings are:

# /etc/config/wifi
config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/18000000.wmac'
        option band '2g'
        option htmode 'HT20'
        option channel 'auto'
        option country 'US'
        option cell_density '1'
        option distance '100'

config wifi-iface 'guest'
        option device 'radio0'
        option mode 'ap'
        option network 'guest'
        option ssid 'guest1'
        option encryption 'psk2'
        option isolate '1'
        option key 'super secret guest @@@'
# /etc/config/network
config device 'guest_dev'
        option type 'bridge'
        option name 'br-guest'

config interface 'guest'
        option proto 'static'
        option device 'br-guest'
        list ipaddr '192.168.3.1/24'
        list dns '9.9.9.9'

tried both 23 and 24 stock openwrt releases. Same result.

ipad is "jailbroken" only to install things not on the store. stock otherwise. i can probably look at its logs but it is a pain without network as my only interface is ssh and i don't have a ssh client there.

(ninja edit) continued to search and found this https://openwrt.org/faq/deauthenticated_due_to_inactivity

added the disassoc_low_ack '0' option to my guest wifi iface, same results.

Anyone dealt with this before?

2

Remove distance, it is not for decreaing range.

3

Not sure why i had this. removed.

Also, tested with some options that are now default ON on 23+

option wmm '0'

same results.

4

Let's see the complete config:

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
5 
# ubus call system board
{
        "kernel": "5.15.162",
        "hostname": "modem1",
        "system": "ARMv8 Processor rev 4",
        "model": "Linksys E8450 (UBI)",
        "board_name": "linksys,e8450-ubi",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.4",
                "revision": "r24012-d8dd03c46f",
                "target": "mediatek/mt7622",
                "description": "OpenWrt 23.05.4 r24012-d8dd03c46f"
        }
}

# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix x

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr x
        list dns x
        list dns x
        list dns_search x
        option delegate '0'
        list ip6class 'local'
        option ip6ifaceid '::1'
        option ip6weight '0'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'
        option delegate '0'
        option peerdns '0'
        list dns x
        list dns_search 'local'

config interface 'wan6'
        option device 'wan'
        option proto 'none'
        option auto '0'

config device
        option name 'wan'
        option ipv6 '0'

config device 'guest_dev'
        option type 'bridge'
        option name 'br-guest'

config interface 'guest'
        option proto 'static'
        option device 'br-guest'
        list ipaddr '192.168.3.1/24'
        list dns '9.9.9.9'

config interface 'wg1'

config wireguard_wg1

config device
        option name 'wg1'
        option ipv6 '0'

config route
        option interface 'loopback'
        option type 'blackhole'
        option target '172.16.0.0/12'
        option metric '100'

# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/18000000.wmac'
        option band '2g'
        option htmode 'HT20'
        option channel 'auto'
        option country x
        option cell_density '1'
        option hwmode '11g'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid x
        option encryption 'sae'
        option key x
        option wpa_disable_eapol_key_retries '1'
        option wpa_group_rekey '550'
        option max_inactivity '60'
        option isolate '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option path '1a143000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
        option band '5g'
        option htmode 'HE20'
        option channel 'auto'
        option country x
        option cell_density '1'
        option distance '100'
        option he_su_beamformee '1'
        option he_bss_color '8'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid x
        option wpa_group_rekey '590'
        option max_inactivity '60'
        option encryption 'sae'
        option key x
        option wpa_disable_eapol_key_retries '1'
        option isolate '1'

config wifi-iface 'guest'
        option device 'radio0'
        option mode 'ap'
        option network 'guest'
        option ssid x
        option encryption 'psk2'
        option isolate '1'
        option wmm '0'
        option key x
        disassoc_low_ack '0'

# cat dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '1'
        option filter_a '0'

config host
	bunch of hosts...


config dhcp 'lan'
        option interface 'lan'
        option start '101'
        option limit '79'
        option leasetime '12h'
        option netmask '255.255.255.0'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config dhcp 'guest'
        option interface 'guest'
        option start '100'
        option limit '150'
        option leasetime '1h'

# cat firewall

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'
        option drop_invalid '1'
        option flow_offloading '1'
        option flow_offloading_hw '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'
        list network 'wg1'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        option log '1'
        option log_limit '10/second'


config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config zone 'guest'
        option name 'guest'
        option network 'guest'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'

config forwarding 'guest_wan'
        option src 'guest'
        option dest 'wan'

config rule 'guest_dns'
        option name 'Allow-DNS-Guest'
        option src 'guest'
        option dest_port '53'
        option proto 'tcp udp'
        option target 'ACCEPT'

config rule 'guest_dhcp'
        option name 'Allow-DHCP-Guest'
        option src 'guest'
        option dest_port '67'
        option proto 'udp'
        option family 'ipv4'
        option target 'ACCEPT'
6

You should consider upgrading to 24.10:

7

from the 1st post:

tried both 23 and 24 stock openwrt releases. Same result.

i was 24.something (wasn't 24.10.2 for sure, maybe 10.1?), i rolledback to see if there was something new because i vaguely remember this device connecting before. Also the changelog for .2 didn't show anything promising related to this.

8

I'm not saying that 24.10 will fix your problem, but just that it isn't likely the cause of your issue and it is typically best to stay current.

That said, we need to see your firewall and dhcp files. You may possibly have over-redacted the network config, but for now that may not matter.

1 Like
9

Do other devices have any issue connecting to the guest network?

10

embarrassingly, i haven't tried that :slight_smile:

Just tested with a newer android device. connects ok.

shows wifi4 with wpa/wpa2-personal, all IPs on the expected guest range. I think it checks out.

11

I'm not seeing anything obvious here. There's the possibility that there is a conflict that I can't see because of the over-redacted network config file, but that seems unlikely given that the android device was happy.

I suspect something is wrong with the old iOS device.

1 Like
12

Show the country code, and check 10x if auto-selected channel in 5ghz was permitted in country your iphone is set up in the year it was released. Yes, 5ghz wifi comes with client side regdb too.

1 Like
13

guest network is on the 2.4ghz radio only

14

setting disassoc_low_ack '0' option, and setting the old ipad to use static ip, (plus all the wifi limitations of the ios8 on the AP) finally worked.

sigh. damn closed-source-e-waste.

thanks for the support everyone.

15

back to square one. upgrading back to v24 (24.10.2), now even with the steps above i get instant disconnect again :frowning:

16

Does the old device connect to something else, eg mobile phone wifi tether?