iOS DHCP Failing, v22.03.0-rc6

Hi,

This used to work :laughing:. But I noticed on rc5 that my iOS devices do not seem to succeed when trying to connect to Wi-Fi (LAN). I see the steps below, but DHCP seems to be failing (i.e. this is as far as things get). I was hoping it was just a bug, but rc6 is doing the same.

Fri Aug  5 20:53:42 2022 daemon.notice hostapd: wlan1: AP-STA-DISCONNECTED xx:xx:xx:xx:xx:xx
Fri Aug  5 20:53:42 2022 daemon.info hostapd: wlan1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
Fri Aug  5 20:53:42 2022 daemon.info hostapd: wlan1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
Fri Aug  5 20:53:42 2022 daemon.notice hostapd: wlan1: AP-STA-CONNECTED xx:xx:xx:xx:xx:xx
Fri Aug  5 20:53:42 2022 daemon.info hostapd: wlan1: STA xx:xx:xx:xx:xx:xx WPA: pairwise key handshake completed (RSN)
Fri Aug  5 20:53:42 2022 daemon.notice hostapd: wlan1: EAPOL-4WAY-HS-COMPLETED xx:xx:xx:xx:xx:xx
Fri Aug  5 20:54:36 2022 daemon.notice hostapd: wlan1: AP-STA-DISCONNECTED xx:xx:xx:xx:xx:xx
Fri Aug  5 20:54:36 2022 daemon.info hostapd: wlan1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: disassociated
Fri Aug  5 20:54:37 2022 daemon.info hostapd: wlan1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)

It works fine with my Windows client(s), but not iOS. Wondering if this is somehow IPv6 related, but I think I have all of that disabled ... though I may be wrong.

Has anyone else seen this same issue? And any thoughts of fixes?

Thanks!

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Sure! A lot of items to clean up, but here goes ... LOL.

root@travelRouter:~# clear; cat /etc/config/network

config interface 'loopback'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'
        option device 'lo'

config globals 'globals'
        option ula_prefix '---'

config interface 'lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option device 'br-lan'
        option ipaddr '172.16.0.1'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '0'

config interface 'trm_wwan'
        option proto 'dhcp'
        option metric '100'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'wgLinux'
        option proto 'wireguard'
        option private_key '---'
        list addresses '---'
        option auto '0'

config wireguard_wgLinux
        option description '---'
        option public_key '---'
        option preshared_key '---'
        list allowed_ips '0.0.0.0/0'
        option route_allowed_ips '1'
        option endpoint_host '---'
        option endpoint_port '---'
root@travelRouter:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option hwmode '11g'
        option path 'platform/10300000.wmac'
        option htmode 'HT20'
        option channel 'auto'
        option cell_density '0'
        option disabled '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option encryption 'psk2+ccmp'
        option ssid '---'
        option key '---'
        option disabled '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option hwmode '11a'
        option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
        option htmode 'VHT80'
        option channel 'auto'
        option country 'US'
        option cell_density '0'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option encryption 'psk2+ccmp'
        option ssid '---'
        option key '---'

config wifi-iface 'trm_uplink6'
        option device 'radio0'
        option mode 'sta'
        option network 'trm_wwan'
        option ssid '---'
        option encryption 'psk2+ccmp'
        option key '---'
        option disabled '0'
config dnsmasq
        option localise_queries '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option rebind_protection '0'
        option authoritative '1'
        option localservice '1'
        option domainneeded '1'
        list rebind_domain 'bap.aws.opennetworkexchange.net'
        list rebind_domain 'www.aainflight.com'
        list rebind_domain 'n491.network-auth.com'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option ra_management '1'
        option dhcpv6 'disabled'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'
root@travelRouter:~# cat /etc/config/firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'
        list network 'trm_wwan'
        list network 'wg0'
        list network 'trm_wwan'
        list network 'wgLinux'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option name 'Support-UDP-Traceroute'
        option src 'wan'
        option dest_port '33434:33689'
        option proto 'udp'
        option family 'ipv4'
        option target 'REJECT'
        option enabled 'false'

config include
        option path '/etc/firewall.user'

Thanks!

Not sure if this will make any difference, but try simply psk2 (not psk2+ccmp).

Doesn’t seem to help - but thanks! Will keep digging. It does seem to connect to WiFi, but no IP address. Hmmm.

And the same with other iOS devices.

OK, still not figuring it out :frowning_face:. I fully removed encryption of any sort (temporarily) ... still can't connect. The Wi-Fi part seems to succeed (from iPhone, iPad, Mac), but in every case - no IP address. I even tried manually setting the client IP, to the subnet, but still no go. Really odd.

Thanks!

OK, I think I found it! Or at least, where the issue seems to be. I was trying to use wlan1 (5 GHz) ... no go, even with no encryption. Then I tried wlan0, 2.4 GHz ... works fine! Even with WPA3.

Umm ... dumb question, but why no DHCP on wlan1?

Thanks!!

You may want to take a backup first, but then reset your device to defaults and change only the minimum items necessary relative to those default settings (like enabling the wifi and setting a password and SSID).

1 Like

From the config you posted earlier, I don't see why there would be a problem with DHCP on wlan1. Maybe post the latest?

Actually, I did exactly that :laughing: - so fully agree with you! This is after the reset.

Thanks!

ok... so after the reset, is it still not working on wlan1?

Sure - all 4 files, or just a particular one. It's really odd ... only DHCP, and only not working on 5 GHz.

Ok... silly idea/question -- is there anything else running on 5G with the same SSID in your space (such as a dumb AP)? If you unplug this device (from power), an you still connect to the 5G SSID? If so, something else is broadcasting the SSID and may not be connected to the network.

As far as the config files, probably just network and wifi (DHCP and firewall shouldn't be relevant at this moment).

1 Like

No such thing as a silly question - I am the definition of the bigger idiot ... LOL. But no, nothing else with the same SSID. And a bit above - I captured that the WiFi is getting associated, just not DHCP then. Make sense?

Sure!

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix '---::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '0'
config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/10300000.wmac'
        option channel '1'
        option band '2g'
        option htmode 'HT40'
        option country 'US'
        option cell_density '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid '---'
        option encryption 'sae-mixed'
        option key '---'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
        option band '5g'
        option country 'US'
        option cell_density '0'
        option htmode 'VHT20'
        option channel '144'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option key '---'
        option ssid '---'
        option encryption 'none'

Thanks!

I don’t see any reason why the 5g radio will connect but not issue a dhcp lease.

I’m hoping someone else will find what I am missing.

1 Like

No worries - appreciate the pointers! It is very odd ... and only Apple devices?!?!

Thanks!

Another thought…
On some APs, the DTIM parameter needs to be adjusted for iOS to be happy. On my unifi setup, I use dtim = 3. You could try that.

Appreciate the suggestion! Tried it, but no joy. BTW, I do see that when I try to connect, the device shows up as Associated (and on the list of devices) ... just no IP address. So it's not looking like a Wi-Fi issue, rather DHCP related?

So only iOS, on 5 GHz, and just not getting an IP. So odd.

Thanks!

It doesn't really make sense to me, but I think it is a wifi thing since the DHCP server is working on the 2.4G network and the network is properly bridged. Although rare, there are situations where DHCP doesn't go through for some reason, but the network connects as expected. For a long while, there was a bug on Unifi that would just swallow DHCP requests.

Here's another idea -- just to test that connectivity is working:
set one of your iOS devices to static IP (maybe 192.168.1.5, netmask 255.255.255.0, dns 192.168.1.1 and gateway 192.168.1.1). Does the device work on wifi in those circumstances?

Funny, but again I had the same though :laughing:. Had tried that, no joy ... says it is connected, but can't browse to the web interface (of OpenWrt). But interesting ... with that manual setup, then I see an IPv6 address when I look at the network details. Could this be IPv6 breaking things? I admit, I always find it fuzzy how to fully turn that off.

Thanks!