iPhones Frequently Disconnecting and Not Reconnecting to WiFi

I am on the latest OpenWrt version 24.10.0 on a Ubiquiti UniFi AP AC Pro access point. I have two WiFi networks on the 2.4Ghz band. One of the WiFi networks is for my IoT devices and the other is general one for my Apple and Android devices.

I have two iPhones (an iPhone SE 1st Gen and an iPhone SE 2nd Gen phone) that frequently disconnect and then refuses to auto reconnect again unless I manually go to the phone and select the WiFi network in question.

In the OpenWrt system logs, I see frequent entries that show these two devices as being deauthenticated due to inactivity (timer DEAUTH/REMOVE).

This problem does not happen with any of the non-Apple devices in my network such as Android and IoT devices.

I've read through the forum and have tried the suggestions from the other users here who have experienced this problem, namely:

• Do not use WPA2 / WPA3 mixed mode. Stick with WPA2 or WPA3 only.
• If you do use WPA2 / WPA3 mixed mode, make sure PMF is set to enabled or optional.
• Change the DTIM interval settings to 3.
• Disable inactivity polling.

I have tried setting WiFi network to WPA2 only but the problem continues. I have tried changing it to WPA2 / WPA3 mixed mode with PMF set to enabled or optional without any success. Likewise, changing the DTIM interval and disabling inactivity polling seems to have no effect either.

Do you know what else could be done of if something in my configuration is causing this?

Here is my config below:

System

{
        "kernel": "6.6.73",
        "hostname": "OpenWrt",
        "system": "Qualcomm Atheros QCA956X ver 1 rev 0",
        "model": "Ubiquiti UniFi AC Pro",
        "board_name": "ubnt,unifiac-pro",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "24.10.0",
                "revision": "r28427-6df0e3d02a",
                "target": "ath79/generic",
                "description": "OpenWrt 24.10.0 r28427-6df0e3d02a",
                "builddate": "1738624177"
        }
}

Network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd42:7995:d7b6::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'dhcp'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '2 3 0t'

config interface 'iotwifi'
        option proto 'static'
        option device 'phy1-ap0'
        option ipaddr '192.168.4.1'
        option netmask '255.255.255.0'

config interface 'homewifi'
        option proto 'static'
        option ipaddr '192.168.5.1'
        option netmask '255.255.255.0'
        option device 'br-homewifi'

config device
        option name 'br-homewifi'
        option type 'bridge'

Wireless

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/ahb/18100000.wmac'
        option channel 'auto'
        option band '2g'
        option htmode 'HT20'
        option txpower '14'
        option cell_density '0'
        option country 'US'

config wifi-iface 'wifinet0'
        option device 'radio1'
        option mode 'ap'
        option ssid 'iotssid'
        option encryption 'sae-mixed'
        option hidden '1'
        option short_preamble '0'
        option disassoc_low_ack '0'
        option key [REDACTED]
        option wpa_disable_eapol_key_retries '1'
        option network 'iotwifi'
        option macfilter 'deny'
        option skip_inactivity_poll '1'
        list maclist [REDACTED]
        list maclist [REDACTED]
        list maclist [REDACTED]
        option ocv '1'
        option dtim_period '3'

config wifi-iface 'wifinet1'
        option device 'radio1'
        option mode 'ap'
        option ssid 'homessid'
        option encryption 'sae-mixed'
        option hidden '1'
        option isolate '1'
        option short_preamble '0'
        option disassoc_low_ack '0'
        option key [REDACTED]
        option wpa_disable_eapol_key_retries '1'
        option network 'homewifi'
        option macfilter 'deny'
        list maclist [REDACTED]
        list maclist [REDACTED]
        list maclist [REDACTED]
        option ieee80211w '1'
        option ocv '1'
        option skip_inactivity_poll '1'
        option dtim_period '3'

Start by getting rid of any -mixed wifi encryption.

I tried that first by using WPA2 only as the WiFi encryption. Same exact problem, iPhones still frequently disconnect and then can't reconnect. Seemed to make no difference.

At least with mixed WPA2 / WPA3 mode, I get better security.

A bit of a guess on my part but what if you simplify the options while debugging this, dropping the mac filters and custom options? For reference, consider testing with something like:

config wifi-iface 'wifinet1'
        option device 'radio1'
        option mode 'ap'
        option ssid 'homessid'
        option encryption 'sae-mixed'
        option key [REDACTED]
        option wpa_disable_eapol_key_retries '1'
        option network 'homewifi'
        option ieee80211w '1'
        option ocv '1'

The connect/disconnect is typical for iDevices - it's power management of the wifi chip...

One thing to look at is the MAC randomization - on more recent versions of the Apple firmware, they made a change on the MAC randomization feature, where now they roll the MAC address by default - before it was either a single random MAC, or the fixed/assigned MAC from the factory...

Settings -> WiFi -> (Selected SSID) -> tap on the (i) icon, and scroll down to "Private WiFi Address" - there you can select Off/Fixed/Rotating - Off or Fixed should be fine, but rotating may be troublesome...

Well I've tried debugging by recreating the WiFi interface without any MAC filtering and custom options and the iPhones still constantly disconnect but most annoying of all do not automatically reconnect.

I have no idea what is causing it other than there is something in the way that Apple devices communicate or fail to communicate with OpenWRT.

It isn't clear which network is having the issue, but I see a bunch of things to correct.

Start by creating a bridge for the iotwifi network and using that as the device...

config device
        option name 'br-iotwifi'
        option type 'bridge'
        option bridge_empty '1'

Then, edit the iotwifi to use that device (the radios should never be specified in the network config file):

config interface 'iotwifi'
        option proto 'static'
        option device 'br-iotwifi'
        option ipaddr '192.168.4.1'
        option netmask '255.255.255.0'

Next, add the bridge_empty line to br-homewifi:

config device
        option name 'br-homewifi'
        option type 'bridge'
        option bridge_empty '1'

Next, remove the lines marked with - and don't use sae-mixed (change that to psk2):

And here, delete the lines marked with - and change the encryption to psk2:

Reboot and test again. If that doesn't fix the issues:

• which network(s) are experiencing the problems
• Describe (or better yet, draw) your network topology. For example, this appears to be a bridged AP... what is upstream? Are there other APs on the network? etc.
• let's see the updated config, complete with the firewall and dhcp files, too.

Sometimes it helps to reset the network settings on the iDevice itself, and then rebuild the connection...

It shouldn't matter, but sometimes that clears up a lot of trouble - you're not alone in seeing this, and it's not just happening with OpenWRT, if that helps...