OpenWrt 22.03 issue with pfsense router

amlanhldr · October 17, 2022, 11:25am

Hello,
I booted my U6_lite recently with old stable 21.02 and everything was running fine. Now when I try to upgrade it with latest 22.03 or 22.03.1 I find issues.
After image flash, the AP gets IP from DHCP server on pfsense router. But after that it cannot communicate with pfsense any more. I can ping the AP from other devices on same lan, but ping failed from AP to router or router to AP.
I have reverted to older firmware twice to work with the AP. But I cant understand if any new config I have to place to work with v22.03 or 22.03.1 on U6_lite?

Edit1:
I have another tplink AP running on 22.03 too. I just tried wireshark on ARP packets of that network. I see something different.
The Not-working AP ARP request packet:

Frame 384: 64 bytes on wire (512 bits), 64 bytes captured (512 bits) on interface /tmp/wireshark_extcap_sshdumpKYA6T1, id 0
Ethernet II, Src: d0:21:f9:e0:33:ec, Dst: ff:ff:ff:ff:ff:ff
    Destination: ff:ff:ff:ff:ff:ff
    Source: d0:21:f9:e0:33:ec
    Type: ARP (0x0806)
    Padding: 000000000000000000000000000000000000
    Frame check sequence: 0x00000000 [unverified]
    [FCS Status: Unverified]
Address Resolution Protocol (request)

ARP reply:

Frame 385: 46 bytes on wire (368 bits), 46 bytes captured (368 bits) on interface /tmp/wireshark_extcap_sshdumpKYA6T1, id 0
Ethernet II, Src: 02:de:33:9a:ac:00, Dst: d0:21:f9:e0:33:ec
    Destination: d0:21:f9:e0:33:ec
    Source: 02:de:33:9a:ac:00
    Type: ARP (0x0806)
    Trailer: 00000000
Address Resolution Protocol (reply)

And the working AP ARP request packet:

Frame 601: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface /tmp/wireshark_extcap_sshdumpKYA6T1, id 0
Ethernet II, Src: ac:84:c6:1f:d5:70, Dst: 02:de:33:9a:ac:00
    Destination: 02:de:33:9a:ac:00
    Source: ac:84:c6:1f:d5:70
    Type: ARP (0x0806)
    Padding: 000000000000000000000000000000000000
Address Resolution Protocol (request)

the reply:

Frame 602: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface /tmp/wireshark_extcap_sshdumpKYA6T1, id 0
Ethernet II, Src: 02:de:33:9a:ac:00, Dst: ac:84:c6:1f:d5:70
    Destination: ac:84:c6:1f:d5:70
    Source: 02:de:33:9a:ac:00
    Type: ARP (0x0806)
Address Resolution Protocol (reply)

Does this make any real world difference?

I can only see the questioned AP ARP reply, when I do wireshark on pfsense interface, but those replies are just vanished when I check on wire.

Now I dont believe the lan devices setup is messy, cause just the previous version was doing jobs good, then why not 22.03?

Thank you.

lleachii · October 17, 2022, 11:30am

Are you saying that you're having trouble configuring the network with version 22?

amlanhldr · October 17, 2022, 12:15pm

No, I've not touched the network setup. I have kept the config unaltered during upgrade. I'm sure the network setup inside works as is, cause I can ping the same IP from other devices of that lan.

trendy · October 17, 2022, 12:22pm

When you upgrade do you flash with or without keeping existing configuration?

amlanhldr · October 17, 2022, 12:28pm

I kept the configs as is.

trendy · October 17, 2022, 12:51pm

When flashing to a new major version it is not recommended to keep the old settings. Try to flash without keeping settings and restore manually the necessary network configuration to make it act as dhcp client. After you have verified it works, You can restore the rest of the configuration.

amlanhldr · October 17, 2022, 12:54pm

Last times I did that, did not work though.

slh · October 17, 2022, 1:22pm

You realize that even after your edits, there isn't much information to go by?

All we know is:

U6_lite configured as AP (configuration not supplied)
pfsense router (presumably acting as dhcpd, hopefully unchanged between tests)
21.02.x claimed to be working
22.03.x claimed to be broken, despite no change in unspecified configuration

What we don't know:

network topology (are there active components between router and AP, such as managed switches or similar)
type of uplink (wired, wireless, WDS, meshing, repeater)
AP configuration in either case
are VLANs or other specialties involved
is only the AP affected or also the clients connected to it (wired and wireless)
EDIT: what hardware the other (tp-link) AP is
- does it work completely (wirh 22.03.x)
- do the configs differ
what exactly works/ doesn't work

What would need testing (22.03.x):

config reset (firstboot)
- does the device 'work' in its default setup, as NAT router with uplink on wan to pfsense
- what happens if you replicate a simple dumb-AP setup (step by step, extend from a known-working base)

amlanhldr · October 17, 2022, 2:46pm

I understand we are not discussing any rocket science here. I put up the issue as I got it and enriched the question as soon as I found more solid details about it. Did I do any wrong?
About the questions asked:
yes I have a managed switch in between to distribute vlans and APs are directly connected to switch. Switch-ports has management vlan untagged and other user vlan tagged.
AP network config is as follows:

# uci show network
network.loopback=interface
network.loopback.device='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.packet_steering='1'
network.globals.ula_prefix='fd78:8fb8:ccee::/48'
network.@device[0]=device
network.@device[0].name='br-lan'
network.@device[0].type='bridge'
network.@device[0].ports='lan'
network.lan=interface
network.lan.device='br-lan'
network.lan.proto='dhcp'

This is the config after reset and setting br-lan as dhcp-client.
The issue is: after bootup, the AP gets IP from dhcpd of pfsense. After that it cannot do any communication with router.

What I understand, This AP is sending fcs with ARP request to pfsense and pfsense is sending ARP reply with <Trailer: 00000000>, which is not propagating through network for some reason and AP never receives it and it doesn't get the neighbor information about the router and communication breaks.
The working tp-link is EAP225, configured to work with dynamic vlan setup with radius and works well. One thing to note that it doesn't send any fcs through its ARP request frame.
I cannot connect clients to this for now, because I've to install wpad first to apply my working config.

amlanhldr · October 22, 2022, 1:12pm

Finally narrowed down to the problem. Seems like there was issues at pfsense end. My management vlan was on top of a bridge. When I plugged the device on user vlan the device communicates properly. Re-enabling dhcpd on affected interface did nothing. Finally end up removing the bridge and connected them directly. Configured dhcpd again from scratch on the new interface and everything working fine.
Thank you !

system · November 1, 2022, 1:13pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.