Please help solve wifi instability

borgqueenx · September 8, 2023, 10:49pm

Hey everyone. I have a mesh network of three openwrt routers. They are all the dynalink dl-36.
Two are set up as dumb points.
When i am in the bed room and basement, my phone literary constantly disconnects from wlan and switches back to cellular, but also connects back again. Signal strength is great, also in the bedroom.
I made a video to show the problem. Note that this problem is not there in the living room, probably(?) Because its close to the main access point. In the bedroom, there's two that the phone can connect to, with approx the same signal strenth. Its a mesh network as i said, so all 3 devices run the same SSID.

What logs and data can i provide to help this?
Feel free to watch the video i made about it. Be sure to play it on 2x speed and look at the wifi signal top right.

video removed by advice of moderator

Thanks!

psherman · September 8, 2023, 11:23pm

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

psherman · September 8, 2023, 11:24pm

You can remove the video... it doesn't actually give us any useful information. What will be helpful is your config files and then we'll ask for more detail as needed.

borgqueenx · September 9, 2023, 7:35am

Network:

 OpenWrt SNAPSHOT, r23375-cdfcac6e24
 -----------------------------------------------------
root@MainRouter:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'redacted'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        option ipv6 '0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option delegate '0'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'
        option metric '1'
        option dns_metric '10'
        option delegate '0'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'
        option auto '0'
        option reqaddress 'try'
        option reqprefix 'auto'

config interface 'surfshark'
        option proto 'wireguard'
        option private_key 'redacted'
        option metric '0'
        option delegate '0'
        list addresses 'redacted'
        list addresses 'redacted'
        list dns '100.64.0.15'

config interface 'surfsharkovpn'
        option proto 'none'
        option device 'tun0'
        option delegate '0'
        option auto '0'

config wireguard_surfshark
        option description 'de-fra-wg-402.conf'
        option public_key 'redacted'
        list allowed_ips '0.0.0.0/0'
        list allowed_ips '::0/0'
        option endpoint_host 'redacted'
        option endpoint_port '51820'
        option route_allowed_ips '1'
        option persistent_keepalive '25'

config wireguard_surfshark
        option description 'de-dus-wg-002.conf'
        option public_key 'redacted'
        list allowed_ips '0.0.0.0/0'
        list allowed_ips '::0/0'
        option endpoint_host 'redacted'
        option endpoint_port '51820'
        option route_allowed_ips '1'
        option persistent_keepalive '25'

config wireguard_surfshark
        option description 'de-ber-wg-005.conf'
        option public_key 'redacted'
        list allowed_ips '0.0.0.0/0'
        list allowed_ips '::0/0'
        option endpoint_host 'redacted'
        option endpoint_port '51820'
        option route_allowed_ips '1'
        option persistent_keepalive '25'

config wireguard_surfshark
        option description 'de-ber-wg-002.conf'
        option public_key 'redacted'
        list allowed_ips '0.0.0.0/0'
        list allowed_ips '::0/0'
        option endpoint_host 'redacted'
        option endpoint_port '51820'
        option route_allowed_ips '1'
        option persistent_keepalive '25'

config wireguard_surfshark
        option description 'de-fra-wg-008.conf'
        option public_key 'redacted'
        list allowed_ips '0.0.0.0/0'
        list allowed_ips '::0/0'
        option endpoint_host 'redacted'
        option endpoint_port '51820'
        option route_allowed_ips '1'
        option persistent_keepalive '25'

config wireguard_surfshark
        option description 'de-fra-wg-006.conf'
        option public_key 'redacted'
        list allowed_ips '0.0.0.0/0'
        list allowed_ips '::0/0'
        option endpoint_host 'redacted'
        option endpoint_port '51820'
        option route_allowed_ips '1'
        option persistent_keepalive '25'

Wireless:

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/c000000.wifi'
        option band '5g'
        option cell_density '0'
        option htmode 'HE80'
        option channel '40'
        option country 'US'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'BoRina Wireless'
        option encryption 'psk2'
        option key 'redacted'
        option ieee80211r '1'
        option mobility_domain '4f59'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/soc/c000000.wifi+1'
        option band '2g'
        option htmode 'HE20'
        option cell_density '0'
        option country 'DE'
        option channel '11'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'redacted'
        option encryption 'psk2'
        option key 'redacted'
        option ieee80211r '1'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'

config wifi-iface 'wifinet7'
        option device 'radio1'
        option mode 'mesh'
        option encryption 'sae'
        option mesh_id '189b'
        option mesh_fwding '1'
        option mesh_rssi_threshold '0'
        option key 'redacted'
        option network 'lan'
        option disabled '1'

config wifi-iface 'wifinet3'
        option device 'radio0'
        option mode 'mesh'
        option encryption 'sae'
        option mesh_id '188b'
        option mesh_fwding '1'
        option mesh_rssi_threshold '0'
        option key 'redacted'
        option network 'lan'

borgqueenx · September 9, 2023, 7:37am

DHCP:

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option cachesize '1000'
        option dnsforwardmax '350'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        option ra_slaac '0'
        option dns_service '0'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config host
        option name 'Samsung'
        option ip '192.168.1.154'
        option mac 'F4:FE:FB:9F:21:B6'

config host
        option name 'HarmonyHub'
        option ip '192.168.1.160'
        option mac '00:04:20:FC:18:14'

config host
        option name 'hubv3-4011035646'
        option ip '192.168.1.179'
        option mac '28:6D:97:A0:53:E8'

config host
        option name 'Samsung'
        option ip '192.168.1.151'
        option mac '38:68:A4:28:D3:EC'

config host
        option name 'everything-presence-st-fa2d68'
        option ip '192.168.1.229'
        option mac 'A0:B7:65:FA:2D:68'

config host
        option name 'everything-presence-st-700718'
        option ip '192.168.1.208'
        option mac '08:B6:1F:70:07:18'

config host
        option name 'everything-presence-st-7e8058'
        option ip '192.168.1.171'
        option mac '08:B6:1F:7E:80:58'

Firewall:

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'
        option flow_offloading '1'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option mtu_fix '1'
        option masq '1'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config zone
        option name 'surfshark'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'surfshark'

config include 'pbr'
        option fw4_compatible '1'
        option type 'script'
        option path '/usr/share/pbr/pbr.firewall.include'

config rule
        option name 'exceptions'
        option src 'lan'
        list src_ip '192.168.1.179'
        list src_ip '192.168.1.151'
        option dest 'wan'
        option target 'ACCEPT'
        option enabled '0'

config zone
        option name 'ovpntest'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'surfsharkovpn'
        option family 'ipv4'

config forwarding
        option src 'lan'
        option dest 'surfshark'

Out of all the above, the openvpn adapter is disabled. I am using the wireguard adapter. The only problem is that during some locations in the house, where reception shows as good, i am getting a lot of disconnections. The config shared above is the main router/device that gets internet from the bridge device. Is this helpful? I could also share the data of the mesh device? (both mesh devices are configured exactly the same, as dumb ap)

Ramon · September 9, 2023, 8:19pm

You have two different country codes set, US and DE. try setting it to the same thing

psherman · September 9, 2023, 8:23pm

I would recommend disabling 802.11r on all of your APs. For some client devices, 802.11r can cause major issues.

And +1 to what @Ramon said about your country codes -- they should be the same and they should be set to your actual country/region.

borgqueenx · September 9, 2023, 9:03pm

But thats a function that makes devices easily cross over into a other ap...? I'd rather not lose a function...besides it works good in most areas of the house.
Il try to use the same country code tommorow but i think i did that because of some bug that did not allow a normal channel to be used...

psherman · September 9, 2023, 9:13pm

It's actually not a necessary standard in many cases. Standard roaming (without 802.11r) can work really well when properly tuned. In fact, I often recommend turning off all of the 'additions' (802.11 k / r / v) and spend a bit of time optimizing the radios for good standard roaming performance first, as it is necessary for this to be working well before adding any of the other standards on top. Then, if you want to make for a (theoretically) improved roaming experience, then add those in. I don't use 802.11r and I have nearly seamless roaming across multiple APs.

borgqueenx · September 10, 2023, 6:27am

Thanks! Can i just disable it, also on the dumb ap's? Or do i have to disable or alter the mesh network then? The external routers are accessable through wireless mesh on a local ip, if i lose access to them with a wrong setting change, its quite some work to grab them and hook them up by a lan cable.
I updated the region settings but that unfortunately did not help.

psherman · September 10, 2023, 6:30am

I think you can just disable 802.11r.... although I'm not an expert on mesh -- I prefer to have all APs hardwired, so that's what I've done in my setups.

I assume that you're actually using mesh, and not confusing the terminology, right? Mesh specifically refers to the use of a wireless backhaul (i.e. one wired AP, the others are wirelessly conneted to the first). Many people think that mesh = roaming and that roaming = mesh. In actuality, client devices will roam from one node to another in a mesh network, but they can also roam from one node to another in a non-meshed network... roaming is simply the client moving between APs. Meshing is the wireless backhaul that makes up the connections between the APs.

hnyman · September 10, 2023, 7:29am

I have noticed occasional WiFi firmware crashes in kernel log when WPA3 clients leave/disassociate. I first disabled WPA3 802.11r, and currently trying to test if "WPA2 only" is more stable.

You might try using just WPA2

borgqueenx · September 10, 2023, 12:01pm

I just disabled fast roaming on all devices and rebooted. Everything worked fine. Then later the issue started again.
A reboot then fixes it again....
How to proceed now...

borgqueenx · September 10, 2023, 12:02pm

Where can we find crashes/crash reports?

frollic · September 10, 2023, 12:23pm

Dmesg.

I have two wrx36s, with 802.11r enabled, they've been working flawlessly since I flashed them in Jan.

No WPA3 though.

hnyman · September 10, 2023, 1:08pm

E.g. here links to them

.

Also search

https://forum.openwrt.org/search?q="Fatal%20error%20received"%20

borgqueenx · September 10, 2023, 1:11pm

Hmm...do you need to repair devices when switching encryption?
I suppose it's worth a try

Pico · September 10, 2023, 1:20pm

it does not hurt, to reset the Wifi config once on your client devices, if you had switched from a completely different router HW before.

zekica · September 10, 2023, 1:22pm

Can you try enabling "Multicast to unicast" on all APs? I would not recommend this normally, but with ath11k it can be much more reliable.

frollic · September 10, 2023, 1:25pm

Going from WPA3 to WPA2 ?
No idea.