[Solved] LEDE 17.01.5 deauthenticated due to local deauth request every 10 minutes

After upgrading to LEDE 17.01.5, my android phone is getting deauth every 10 minutes. This was not observed with 17.01.4. Any suggestions are much appreciated.

root@router:~# logread | grep deauth | tail
Thu Jul 26 14:26:23 2018 daemon.info hostapd: wlan1: STA 84:4b:f5:67:36:a0 IEEE 802.11: deauthenticated due to local deauth request
Thu Jul 26 14:36:23 2018 daemon.info hostapd: wlan1: STA 40:33:1a:99:1d:a8 IEEE 802.11: deauthenticated due to local deauth request
Thu Jul 26 14:36:23 2018 daemon.info hostapd: wlan1: STA 84:4b:f5:67:36:a0 IEEE 802.11: deauthenticated due to local deauth request
Thu Jul 26 14:46:23 2018 daemon.info hostapd: wlan1: STA 84:4b:f5:67:36:a0 IEEE 802.11: deauthenticated due to local deauth request
Thu Jul 26 14:56:23 2018 daemon.info hostapd: wlan1: STA 84:4b:f5:67:36:a0 IEEE 802.11: deauthenticated due to local deauth request
Thu Jul 26 15:06:23 2018 daemon.info hostapd: wlan1: STA 84:4b:f5:67:36:a0 IEEE 802.11: deauthenticated due to local deauth request
Thu Jul 26 15:16:23 2018 daemon.info hostapd: wlan1: STA 84:4b:f5:67:36:a0 IEEE 802.11: deauthenticated due to local deauth request
Thu Jul 26 15:26:23 2018 daemon.info hostapd: wlan1: STA 84:4b:f5:67:36:a0 IEEE 802.11: deauthenticated due to local deauth request
Thu Jul 26 15:36:23 2018 daemon.info hostapd: wlan1: STA 84:4b:f5:67:36:a0 IEEE 802.11: deauthenticated due to local deauth request
Thu Jul 26 15:46:23 2018 daemon.info hostapd: wlan1: STA 84:4b:f5:67:36:a0 IEEE 802.11: deauthenticated due to local deauth request

System information:

root@router:~# cat /etc/openwrt_release
DISTRIB_ID='LEDE'
DISTRIB_RELEASE='17.01.5'
DISTRIB_REVISION='r3919-38e704be71'
DISTRIB_CODENAME='reboot'
DISTRIB_TARGET='lantiq/xrx200'
DISTRIB_ARCH='mips_24kc'
DISTRIB_DESCRIPTION='LEDE Reboot 17.01.5 r3919-38e704be71'
DISTRIB_TAINTS=''

Wireless config:

root@router:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option hwmode '11a'
        option path 'pci0000:01/0000:01:00.0/0000:02:00.0'
        option htmode 'VHT80'
        option channel 'auto'
        option country 'GB'
        option distance '5'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'id'
        option network 'lan'
        option encryption 'psk-mixed'
        option key 'secred'
        option disassoc_low_ack '0'
        option wpa_strict_rekey '1'
        option wpa_strict_rekey '86400'

config wifi-device 'radio1'
        option type 'mac80211'
        option hwmode '11g'
        option path 'pci0000:00/0000:00:0e.0'
        option htmode 'HT20'
        option channel 'auto'
        option country 'GB'
        option distance '10'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option mode 'ap'
        option ssid 'id'
        option network 'lan'
        option encryption 'psk-mixed'
        option key 'secret'
        option disassoc_low_ack '0'
        option wpa_strict_rekey '1'
        option wpa_strict_rekey '86400'

See if the forum search gets you some helpful information.

1 Like

I did the search before posting. There are many posts pre-dating 17.01.5, from which I borrowed the lines

        option disassoc_low_ack '0'
        option wpa_strict_rekey '1'
        option wpa_strict_rekey '86400'

However, they seem to not have the desired effect in 17.01.5.

The only post covering the 17.01.5 lifespan suggest the solution by disabling igmp_snooping. I have never enabled this option - is it enabled by default?

I think I have found my mistake. I was using wpa_strict_rekey twice, whereas in fact one of them should be wpa_group_rekey. I changed my wireless config to include

        option disassoc_low_ack '0'
        option wpa_strict_rekey '1'
        option wpa_group_rekey '86400'

With these parameters, there is no deauth for the last 10 minutes. I will keep an eye on it for a day and then mark it as solved.

2 Likes