One Windows laptop won't connect to one OpenWrt router unless wpad is restarted

I have a laptop (Dell Inspiron 15 Gaming/Inspiron 7567) which normally doesn't connect to my OpenWRT device (Linksys WRT1900AC) by WiFi unless I restart the router or restart the wpad service.

Another laptop of the same model connects to the same router just fine.

The problem is probably on my laptop, not OpenWRT, but because it only affects that OpenWRT router, I figured I should ask for help here. My laptop connects to other WiFi networks just fine.

Here's the output from logread | grep 'LAPTOP-MAC':

Fri Nov 18 18:09:20 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC IEEE 802.11: authentication OK (open system)
Fri Nov 18 18:09:20 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC MLME: MLME-AUTHENTICATE.indication(LAPTOP:MAC, OPEN_SYSTEM)
Fri Nov 18 18:09:20 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC MLME: MLME-DELETEKEYS.request(LAPTOP:MAC)
Fri Nov 18 18:09:20 2022 daemon.info hostapd: wlan0: STA LAPTOP:MAC IEEE 802.11: authenticated
Fri Nov 18 18:09:20 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC IEEE 802.11: association OK (aid 3)
Fri Nov 18 18:09:20 2022 daemon.info hostapd: wlan0: STA LAPTOP:MAC IEEE 802.11: associated (aid 3)
Fri Nov 18 18:09:20 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC MLME: MLME-ASSOCIATE.indication(LAPTOP:MAC)
Fri Nov 18 18:09:20 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC MLME: MLME-DELETEKEYS.request(LAPTOP:MAC)
Fri Nov 18 18:09:20 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC IEEE 802.11: binding station to interface 'wlan0'
Fri Nov 18 18:09:20 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC WPA: event 1 notification
Fri Nov 18 18:09:20 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC WPA: start authentication
Fri Nov 18 18:09:20 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC IEEE 802.1X: unauthorizing port
Fri Nov 18 18:09:20 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC WPA: sending 1/4 msg of 4-Way Handshake
Fri Nov 18 18:09:20 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC WPA: received EAPOL-Key frame (2/4 Pairwise)
Fri Nov 18 18:09:20 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC WPA: sending 3/4 msg of 4-Way Handshake
Fri Nov 18 18:09:20 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC WPA: received EAPOL-Key frame (4/4 Pairwise)
Fri Nov 18 18:09:20 2022 daemon.notice hostapd: wlan0: AP-STA-CONNECTED LAPTOP:MAC
Fri Nov 18 18:09:20 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC IEEE 802.1X: authorizing port
Fri Nov 18 18:09:20 2022 daemon.info hostapd: wlan0: STA LAPTOP:MAC WPA: pairwise key handshake completed (RSN)
Fri Nov 18 18:09:23 2022 daemon.info dnsmasq-dhcp[3732]: DHCPDISCOVER(br-lan) LAPTOP:MAC
Fri Nov 18 18:09:23 2022 daemon.info dnsmasq-dhcp[3732]: DHCPOFFER(br-lan) 192.168.1.101 LAPTOP:MAC
Fri Nov 18 18:09:23 2022 daemon.info dnsmasq-dhcp[3732]: DHCPREQUEST(br-lan) 192.168.1.101 LAPTOP:MAC
Fri Nov 18 18:09:23 2022 daemon.info dnsmasq-dhcp[3732]: DHCPACK(br-lan) 192.168.1.101 LAPTOP:MAC Laptop
Fri Nov 18 18:10:08 2022 kern.debug kernel: [342682.250541] ieee80211 phy0: Mac80211 start BA LAPTOP:MAC

I checked the Windows event log in "Applications and Services Logs/Microsoft/Windows/NetworkProfile", but I didn't see evidence of any difficulty connecting.

There's probably a setting I need to flip somewhere. Could somebody please help me find it?

sounds like your laptop... but let's see your config to make sure that there isn't anything obvious on the router:

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Here it is:

cat /etc/config/network:
config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix '*****'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config device
	option name 'lan1'
	option macaddr '*****'

config device
	option name 'lan2'
	option macaddr '*****'

config device
	option name 'lan3'
	option macaddr '*****'

config device
	option name 'lan4'
	option macaddr '*****'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.1.1'

config device
	option name 'wan'
	option macaddr '*****'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'
	option broadcast '1'
	option type 'bridge'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'
	option type 'bridge'

config interface 'IoT'
	option proto 'static'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'


cat /etc/config/wireless:
config device
	option name 'wlan0-1'


config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11g'
	option path '*****'
	option country 'US'
	option cell_density '0'
	option log_level '1'
	option htmode 'HT40'
	option channel '6'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option macaddr '*****'
	option ssid '*****'
	option encryption 'psk2+tkip+ccmp'
	option key '*****'

config wifi-device 'radio1'
	option type 'mac80211'
	option hwmode '11a'
	option path '*****'
	option htmode 'VHT80'
	option country 'US'
	option channel 'auto'
	option cell_density '0'
	option log_level '1'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option macaddr '*****'
	option ssid '*****'
	option encryption 'psk2+tkip+ccmp'
	option key '*****'
	option wpa_disable_eapol_key_retries '1'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid '*****IoT'
	option encryption 'psk2+tkip+ccmp'
	option network 'IoT'
	option key '*****'
	option disabled '1'


cat /etc/config/dhcp:
config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	option domain 'local'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
	list ra_flags 'none'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config domain
	option name '*****'
	option ip '192.168.1.1'

config domain
	option name '*****'
	option ip '10.0.0.1'

config host
	option name '*****'
	option ip '192.168.1.12'
	option mac '*****'

config host
	option name '*****'
	option ip '192.168.1.10'
	option mac '*****'

config dhcp 'IoT'
	option interface 'IoT'
	option start '100'
	option limit '150'
	option leasetime '12h'
	list ra_flags 'none'


cat /etc/config/firewall:
config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option target 'ACCEPT'
	list icmp_type 'echo-request'
	option family 'ipv4'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'Support-UDP-Traceroute'
	option src 'wan'
	option dest_port '33434:33689'
	option proto 'udp'
	option family 'ipv4'
	option target 'REJECT'
	option enabled '0'

config include
	option path '/etc/firewall.user'

config redirect
	option target 'DNAT'
	option name 'Space Engineers Server'
	option src 'wan'
	option src_dport '27016'
	option dest 'lan'
	option dest_port '27016'
	option dest_ip '192.168.1.12'
	option reflection_src 'external'

config redirect
	option target 'DNAT'
	option name 'NoMachine'
	option src 'wan'
	option dest 'lan'
	option dest_ip '192.168.1.12'
	option src_dport '22513'
	option dest_port '4000'

config rule
	option name 'Allow SSH'
	list proto 'tcp'
	option src 'wan'
	option dest_port '33423'
	option target 'ACCEPT'

config zone
	option name 'IoT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option log '1'
	option input 'ACCEPT'
	list network 'IoT'

config forwarding
	option src 'IoT'
	option dest 'wan'

config rule
	option name 'Allow-cjdns-wan'
	option src 'wan'
	option proto 'udp'
	option dest_port '57624'
	option target 'ACCEPT'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option src 'wan'
	option src_dport '80'
	option dest_ip '192.168.1.1'
	option dest_port '8080'
	option name 'Web Server (Insecure)'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Web Server (Secure)'
	option src 'wan'
	option src_dport '443'
	option dest_ip '192.168.1.1'
	option dest_port '4433'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Wordpress VM SSH'
	option src 'wan'
	option src_dport '43251'
	option dest_ip '192.168.1.12'
	option dest_port '22'
	option enabled '0'

It may be the encryption method. Try standard using encryption method wpa2 instead of psk2+tkip+ccmp.

Also, you should remove the bridge from wan and wan6... that should not be there. It isn't likely to affect your connectivity here, but bridges are not defined in that way anymore (they are done in their own stanzas to define a bridge device).

Ok, I tried changing the encryption method. The options that the GUI gave me were:

• Auto
• Force CCMP
• Force TKIP
• Force TKIP and CCMP

I didn't see an option for just "wpa2", so I tried "CCMP"

How do I remove the bridge properly from wan and wan6? The only place in the GUI that I see that mention both wan and wan6 are in relation to firewall zones, and as far as I know both wan and wan6 should be in firewall zones.

I'll have to wait until tomorrow to see if my laptop connects properly with that change.

Ok, I tried connecting my laptop to wifi today, and I had the same issue. I took a look at the output from logread and I didn't see anything obviously wrong.

Here is the output from logread | grep 'LAPTOP:MAC' today after I tried to connect, failed, restarted wpad, and successfully connected:

Sat Nov 19 09:09:08 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC IEEE 802.11: authentication OK (open system)
Sat Nov 19 09:09:08 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC MLME: MLME-AUTHENTICATE.indication(LAPTOP:MAC, OPEN_SYSTEM)
Sat Nov 19 09:09:08 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC MLME: MLME-DELETEKEYS.request(LAPTOP:MAC)
Sat Nov 19 09:09:08 2022 daemon.info hostapd: wlan0: STA LAPTOP:MAC IEEE 802.11: authenticated
Sat Nov 19 09:09:08 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC IEEE 802.11: association OK (aid 5)
Sat Nov 19 09:09:08 2022 daemon.info hostapd: wlan0: STA LAPTOP:MAC IEEE 802.11: associated (aid 5)
Sat Nov 19 09:09:08 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC MLME: MLME-ASSOCIATE.indication(LAPTOP:MAC)
Sat Nov 19 09:09:08 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC MLME: MLME-DELETEKEYS.request(LAPTOP:MAC)
Sat Nov 19 09:09:08 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC IEEE 802.11: binding station to interface 'wlan0'
Sat Nov 19 09:09:08 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC WPA: event 1 notification
Sat Nov 19 09:09:08 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC WPA: start authentication
Sat Nov 19 09:09:08 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC IEEE 802.1X: unauthorizing port
Sat Nov 19 09:09:08 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC WPA: sending 1/4 msg of 4-Way Handshake
Sat Nov 19 09:09:08 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC WPA: received EAPOL-Key frame (2/4 Pairwise)
Sat Nov 19 09:09:08 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC WPA: sending 3/4 msg of 4-Way Handshake
Sat Nov 19 09:09:08 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC WPA: received EAPOL-Key frame (4/4 Pairwise)
Sat Nov 19 09:09:08 2022 daemon.notice hostapd: wlan0: AP-STA-CONNECTED LAPTOP:MAC
Sat Nov 19 09:09:08 2022 daemon.debug hostapd: wlan0: STA LAPTOP:MAC IEEE 802.1X: authorizing port
Sat Nov 19 09:09:08 2022 daemon.info hostapd: wlan0: STA LAPTOP:MAC WPA: pairwise key handshake completed (RSN)
Sat Nov 19 09:09:13 2022 daemon.info dnsmasq-dhcp[3732]: DHCPDISCOVER(br-lan) 192.168.1.101 LAPTOP:MAC
Sat Nov 19 09:09:13 2022 daemon.info dnsmasq-dhcp[3732]: DHCPOFFER(br-lan) 192.168.1.101 LAPTOP:MAC
Sat Nov 19 09:09:13 2022 daemon.info dnsmasq-dhcp[3732]: DHCPREQUEST(br-lan) 192.168.1.101 LAPTOP:MAC
Sat Nov 19 09:09:13 2022 daemon.info dnsmasq-dhcp[3732]: DHCPACK(br-lan) 192.168.1.101 LAPTOP:MAC Laptop
Sat Nov 19 09:09:18 2022 kern.debug kernel: [396633.433741] ieee80211 phy0: Mac80211 start BA LAPTOP:MAC

Is this info helpful at all?

Update: a couple of days later, I'm noticing that the issue is not longer happening. I think that your guess about the encryption method turned out to be correct. Thank you very much, psherman.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.