Hardware or software problem with WDS? (TP-LINK 3220/1043 / BB 14.07

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi there,
I am using old (so cheap) hardware, TP-LINK WR-1043ND as "master" router (with WiFi WDS uplink to Internet and AP for local clients), and MR3220 as clients where I need USB / and/or 100M switch. Software I use is Barrier Breaker, "stock" OWRT for 1043, "stock" and "custom" for 3220.

Now I am facing some limitations, please help to find, whether it is hardware (old so I suppose well known) or system (version, possibly fixed in later version).

  • 1043ND - I CAN have 2 APs (SSIDs) but ONLY first is able to make WDS bridge work (with 3220 as WDS client). The second one gives messages it associates / authenticates (on client) but NO IP trafic, not even ARP works. I CAN see client MAC in "associated stations" list on 1043.
  • non-WDS clients to second SSID (1043) work perfectly.

Now 3220 I use as backup link router.

  • it is configured as non WDS client to AP in my phone (Android), separate address, routing, works OK.
  • second backup link is 3G modem, works.
  • mwan3 works as expected, with selection of link priorities and allowed trafic.

But what I CAN'T do, is make work it as AP.

  • I can configure AP + STA (non WDS), but AP works ONLY when STA is connected to the phone.

What are those limitations? HW or SW version related? (If SW I can try to switch to newer versions, even if I need to compile it from source - as 3220 is 4/32 and 1043 is 8/32 but also runs internet radio).
If it is HW I have a spare 1043, I can use and another AP (with WDS working, as it will be only SSID on this).

2

Barrier Breaker hasn't been supported for over half a decade by now and contains quite a few high-profile security issues, it shouldn't be used anywhere, at all. Even though your hardware is below spec, running outdated/ unsupported OpenWrt versions should not be considered to be an option, these devices are high risk and exposed to the open internet - you need to schedule hardware replacement soon.

WDS := 4addr works by combining an AP- and a STA interface, to transport the fourth MAC address over the air, but most radio hardware (all I know) only allows running a single STA interface (combined with multiple AP interfaces, if needed) at a time (and given channel concurrency, this wouldn't be possible anyways).

3

They are NOT exposed to Internet. They all are behind ISP provided router with NAT.

Could You propose some method of identifying source of problem? (HW vs SW)?

iw list on 1043 shows:

valid interface combinations:
* #{ managed, WDS } <= 2048, #{ AP, mesh point } <= 8, #{ P2P-client, P2P-GO } <= 1, #{ IBSS } <= 1,
total <= 2048, #channels <= 1, STA/AP BI must match

4

There have also been multiple pretty serious wireless vulnerabilities, both for AP- and STA uses.

1 Like
5

OK,
as I have spare 1043 and 3220 I'll try an upgrade.
for 1043 there is 18.06 image "OOB",
for 3220 there is 17.01.7 image.

Are those versions "fresh enough" to get help?
(if they fit, if not I'll try to compile from source, stripping everything I don't really need: - IPv6 on all, on some devices IPTABLES, etc).

6

18.06 image for 1043 look promising:

  • fresh install 4M flash free
  • USB audio + OSS + madplay + wget and still 2.5M flash free.
  • I don't use anyremote + bash anymore, so I don't install them (an BT as anyremote dependency).

Will test WiFi.

7

Not too promising;

  • I can configure 2 AP (WDS), connecting 1st works as in BB -> ok.
  • connecting to 2nd gives PING (to AP, not to other networks) but there are error messages (repeating indefinite) on client 3220:

[ 9344.910000] device wlan0 entered promiscuous mode [ 9345.470000] wlan0: authenticate with 76:ea:3a:a5:de:2a [ 9345.480000] wlan0: send auth to 76:ea:3a:a5:de:2a (try 1/3) [ 9345.490000] wlan0: authenticated [ 9345.510000] wlan0: associate with 76:ea:3a:a5:de:2a (try 1/3) [ 9345.520000] wlan0: RX AssocResp from 76:ea:3a:a5:de:2a (capab=0x431 status=0 aid=1) [ 9345.530000] wlan0: associated [ 9349.530000] wlan0: deauthenticated from 76:ea:3a:a5:de:2a (Reason: 2=PREV_AUTH_NOT_VALID)

/etc/config/wireless (on 3220):

config wifi-iface           
        option encryption 'psk2'
        option device 'radio0'  
        option mode 'sta'       
#       option bssid '74:EA:3A:A5:DE:2A
        option bssid '76:EA:3A:A5:DE:2A'
        option wds '1'                  
        option network 'lan'            
        option ssid 'IoT-test'          
#       option ssid 'adelin4'           
        option key 'password2'  
#       option key 'password1'
                                           
config wifi-iface                          
        option device 'radio0'             
        option mode 'ap'                   
        option encryption 'psk2'           
        option key 'password2'
        option network 'lan'          
        option ssid 'IoT2'            
        option disabled '0'

/etc/config/network (on 3220):

config interface 'lan'                         
        option force_link '1'                  
        option type 'bridge'                   
        option proto 'static'                  
        option netmask '255.255.255.0'         
        option ip6assign '60'                  
        option delegate '0'                    
#       option ipaddr '192.168.1.55'  
        option ipaddr '192.168.15.55' 
#       option gateway '192.168.1.60' 
        option gateway '192.168.15.70'
        option dns '194.204.152.34 194.204.159.1'
        option _orig_ifname 'eth0 wlan0'         
        option _orig_bridge 'true'               
        option ifname 'eth0 eth1'                
                                                 
config switch                                    
        option name 'switch0'                    
        option reset '1'                         
        option enable_vlan '1'                   
                                        
config switch_vlan                
        option device 'switch0'  
        option vlan '1'        
        option ports '0 1 2 3 4'
8

Stage 1 WiFi tests:

  • configured 4 SSIDs (all with WDS) on 2 1043 routers (both v1, one with BB 14.07 - working for years, but no SECOND WDS link working, other one with 18.06.8), 1 SSID on each router just bridged with LAN, static IP, "first AP / SSID", other SSID separate IP subnet ("second AP / SSID"), routed, DHCP, (planned to be significantly isolated from main LAN, just allow only what is really needed for IoT).

  • result - CAN connect from Linux laptop to all 4 networks, as "simple (non WDS) client" and get Internet connectivity. With DHCP addressing where configured.

Next step: use 3220 as client, both cases, "simple client" - no WDS, routing, "bridge" - WDS, bridging. 2 3220 as client - one with BB 14.07 (does NOT work WDS with SECOND SSID, works with first SSID), other with LEDE 17.01.7 - latest OWRT I have found "off the shelf" for 3220).

9

Partial solution - workaround.
Added another WiFi card on USB, small one but with antenna RP-SMA connector, RT5370 based (driver RT2800-USB).
Now WDS link WORKS (at least with MR3220 with Lede 15 software, not tested (yet?) with BB 14.07.).

10

Partial solution - workaround part 2:

  • USB card WORKS in WDS mode, but only with (not using anymore) LEDE and 18.06. Does NOT work (as WDS) in BB 14.07.
  • CAN connect to AP (ping, DHCP), but cannot to other networks...

Will investigate, probably problem in routing on some router (have 4 of them now...)

11

SOLVED!

  • 2x TP-LINK WR1043ND v1 (8/32) with 18.06.08 OpenWRT AND USB WiFi card works (finally) as expected, can be configured with LuCI. "Final client" can connect to "repeater node" and get address (and connectivity) from "main node". Using SECOND SSID on "main", what was the problem (not working) using Barrier Breaker on 1043 and 3220.

  • TP-LINK 1043 on "server" side and MR3220 (but this time with 18.06.01, will try later to compile latest 18.06.08) works, but needs some routing table manipulation in rc.local.

At least it can act as WiFi repeater, what was main purpose of using this device.
But I solved "main" problem without using this additional router.

12

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.