Wavlink Quantum T8 hacking

It's what was on the device I did just update to the rc5 "maybe not announced yet"
1st run 2nd radio slower but 2nd was quick again who knowns
here in AU 100 is a DFS channel
I do think scanning for radar would impact a little
for me, 36 & 146 are not DFS
but are different power levels
but I can't test on the same channel due to software limitation

I just read the V24.X.X-rcX announcement and it does mention recent MT76x changes :-). I may give it a try tomorrow. It's too late for that today ;-).

Thanks a lot already for your comments! Great the sun down under!

1 Like

Just in case it gives anyone a hint I'm sharing my (trivial) /etc/config/wireless here.

@Lucky1: can you please share your /etc/config/wireless as well? You get more than 50% more data rate on your 5GHz phys. I'm curious wether there's any obvious difference.

config wifi-device 'radio0'
	option type 'mac80211'
	option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
	option channel '6'
	option band '2g'
	option htmode 'HT40'
	option cell_density '0'
	option country 'DE'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'

config wifi-device 'radio1'
	option type 'mac80211'
	option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0+1'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'
	option cell_density '0'
	option country 'DE'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'

config wifi-device 'radio2'
	option type 'mac80211'
	option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
	option channel '100'
	option band '5g'
	option htmode 'VHT160'
	option cell_density '0'
	option country 'DE'

config wifi-iface 'default_radio2'
	option device 'radio2'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'

This shows the connection from the MacBook Pro to the Wifi. Is this good? Does the information show that it is using 2x2 MIMO? Every now and then it switches between a single and these two entries.

2024-01-08 - is this a 2x2 mimo connection

Edit:
Tinkering with "iw ... station dump" I think that these are the active TX / RX link configs. Maybe someone can comment on what I see there:

root@OpenWrt:~# iw dev phy1-ap0 station dump
Station d6:cf:0b:9f:20:5e (on phy1-ap0)
	inactive time:	0 ms
	rx bytes:	2435248
	rx packets:	36531
	tx bytes:	1306789861
	tx packets:	439526
	tx retries:	4857
	tx failed:	0
	rx drop misc:	3
	signal:  	-43 [-44, -47] dBm
	signal avg:	-42 [-43, -47] dBm
	tx bitrate:	866.7 MBit/s VHT-MCS 9 80MHz short GI VHT-NSS 2
	tx duration:	17563652 us
	rx bitrate:	866.7 MBit/s VHT-MCS 9 80MHz short GI VHT-NSS 2
	rx duration:	2336696 us
	airtime weight: 256
	expected throughput:	456.389Mbps
	authorized:	yes
	authenticated:	yes
	associated:	yes
	preamble:	long
	WMM/WME:	yes
	MFP:		no
	TDLS peer:	no
	DTIM period:	2
	beacon interval:100
	short slot time:yes
	connected time:	471 seconds
	associated at [boottime]:	305777.985s
	associated at:	1736356289371 ms
	current time:	1736356760072 ms

Expected throughput is in line with my measurements. But why is this so far away from the 866mbps of the link config?

Edit2:
I just noticed that OpenWRT officially supports the D-Link DIR-3060 that uses very similar components, but 6 instead of 8 antennas.


config wifi-device 'radio0'
	option type 'mac80211'
	option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
	option channel 'auto'
	option band '2g'
	option htmode 'HT40'
	option country 'AU'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'Openwrt'
	option encryption 'psk2+ccmp'
	option key 'PassWord'
	option wpa_disable_eapol_key_retries '1'

config wifi-device 'radio1'
	option type 'mac80211'
	option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0+1'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'
	option country 'AU'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'OPENWRT'
	option encryption 'psk2+ccmp'
	option key 'PassWord'
	option wpa_disable_eapol_key_retries '1'

config wifi-device 'radio2'
	option type 'mac80211'
	option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
	option channel '149'
	option band '5g'
	option htmode 'VHT80'
	option country 'AU'
	option cell_density '0'

config wifi-iface 'default_radio2'
	option device 'radio2'
	option network 'lan'
	option mode 'ap'
	option ssid 'OPENWRT'
	option encryption 'psk2+ccmp'
	option key 'PassWord'
	option wpa_disable_eapol_key_retries '1'

config wifi-iface 'wifinet2'
	option device 'radio1'
	option mode 'ap'
	option ssid 'Openwrt'
	option encryption 'psk2+ccmp'
	option key 'PassWord'
	option wpa_disable_eapol_key_retries '1'
	option network 'lan'
	option disabled '1'

config wifi-iface 'wifinet3'
	option device 'radio2'
	option mode 'ap'
	option ssid 'Openwrt'
	option encryption 'psk2+ccmp'
	option key 'PassWord'
	option wpa_disable_eapol_key_retries '1'
	option network 'lan'

A note, I only had one of the 5Ghz radio on while testing to make sure it was the one I was using

I do have some of the Dlink routers the DIR-878-A1,DIR-882-A1,DIR-1960-A1 also a Linksys EA8100 All are MT7621 with MT7615N radios

1 Like

Your config doesn't show any obvious different options compared to mine except for the country.

I do see 2 other strange behaviours:

  1. If I disable only the DBDC 5G wifi, both the MacBook and iPhone suddenly connect to the 2.4G wifi and not the faster ac wifi on the 2nd card. They generally seem to dislike that as they connected to it maybe once or twice of all tests without a chance to reproduce consistently.
  2. The 2.4G wifi uses only HT20 that also shows in the Channel Analysis, despite HT40 being configured (see above). Throughput reaches 110mbps at best.

I've no clue what's wrong. Client devices are close, signal quality is good (between -40 and -50dbm, sometimes down to -35dbm). I even played with TX power, but with no effect.

1 Like

I have 2 SSIDs, so the laptop's connect to the 5G over the others
so I do see this as well they connect to the best signal not speed
yes mine area has lots of 2.4G Wi-Fi around so drops to HT20
this works ok for my IOT stuff and phones
I'm not sure of how you are measuring it's speed
but mine if download well %99 down and $1 up
where if you test is up and down then it would be slower
as wifi is not full duplex

So, the drop of 2.4G down to HT20 might be explainable as I do indeed see a dozen other networks in those bands.

About the duplex I partially disagree. 2x2 MIMO should be able to compensate as both 5G PHYs seem to use dedicated TX / RX antennas (the router has a total of 8).

I suspect the real issue lies elsewhere. Above you mentioned some 73MBps = 584Mbps. What does "iw ... assoclist" show as "expected throughput" in that case? Mine is low with 430-440Mbps and that can perfectly explain the observed behavior. For the 2.4G wifi it shows 120-130Mbps. Both "expected throughput" are in line with my iperf3 measurements (I tested both directions just to be sure). But I would like to understand why the expected throughput is that low. I don't see any obvious reason.

Edit:

I just tried to turn of both PHYs (2.4G & 5G) of the DBDC card. No client can connect to the 2nd remaining 5G network. They all claim they "can't join". Until I switch from VHT160 to VHT80. Then it works. This is what "iw ... assoclist" says:

root@OpenWrt:~# iwinfo phy2-ap0 assoclist
D6:CF:0B:9F:20:5E  -42 dBm / -92 dBm (SNR 50)  0 ms ago
	RX: 866.7 MBit/s, VHT-MCS 9, 80MHz, VHT-NSS 2    175281 Pkts.
	TX: 866.7 MBit/s, VHT-MCS 9, 80MHz, VHT-NSS 2   2252977 Pkts.
	expected throughput: 467.3 MBit/s

This is for sure not a congestion issue. It's the only network visible in those bands (100-173), card has access to 4 antennas, shows capability of 4 streams, signal is good, SNR is great. Still only 467.3MBps. This is ridiculous.

Edit2:

The connection issues wrt the 5G PHY of the 2nd card are due to VHT160 setting. Reverting to VHT80 and enabling the other 2 PHYs again, clients still connect to the faster ac 5G PHY (due to better signal). So, VHT160 simply doesn't work or is buggy.

I started to double-check my assumptions and expectations. So far one of my assumptions was that NxN MIMO works seemlessly, i.e. as long as wifi endpoints don't see conflicts, they just use the maximum available bandwidth and split payload into N pieces and transmit them in parallel. But I doubt that that is the case. After reading into Best practices and tools for measuring wifi performance I tried iperf3 with option -P and suddenly effective bit rate reports as 645Mbps (4 streams). That translates to ~80MBps.

@Lucky1 Did you also use -P in your tests? I also tried using multiple clients and that did not scale similarily to "iperf3 -P 4" and instead just seemed to split the expected throughput (minus a little loss) among them. If not fixable that is a bit disappointing as it renders MIMO to be basically a useless feature.

What still remains to be verified is the unexplained behavior with HT40 on 2.4G and VHT160 on 5G.

The router maybe have enough stream for TX and RX
but the card in my laptop has not, it's only a 2 steam card

for VHT160 you need 4 streams, so no DBDC on the MT7615N
only the 2nd radio has it as an option on the non DBDC radio in the A8

as stated above, my test was only as I use the device
it was copying a file off a windows smb3 server pc via the A8 as a dump access point
to my laptop with windows on it with an intel AX210 Wi-Fi card in it
so no -p option in file manager

you can force HT40 in 2.4G I just don't "Advanced Settings > Force 40MHz mode"

I can't use VHT160 on this device due to channel software limitation imposed on this device
but is only available on the none DBDC 5G radio

tho my laptop has a 160Mhz 2x radio never tested it on AC tho
I'm using this on my AX access point & its speed is bottlenecked by the 1G Ethernet port :frowning:

1 Like

The situation with VHT80 on the DBDC 5G and VHT160 on the 2nd one is clear to me except for why configuring VHT160 actually results in a non-working network with no link being possible. The network though is visible from clients, so at least advertising SSID works.

Thanks for hinting me at "Force 40MHz mode". Result is this:

root@OpenWrt:~# iwinfo phy0-ap0 assoclist
D6:CF:0B:9F:20:5E  -33 dBm / -90 dBm (SNR 57)  0 ms ago
	RX: 144.4 MBit/s, MCS 15, 20MHz               106505 Pkts.
	TX: 144.4 MBit/s, MCS 15, 20MHz                36283 Pkts.
	expected throughput: 114.9 MBit/s

Channel analysis shows the 40MHz bandwidth then. I moved it to some other channel to maximize SNR. As a result signal levels are excellent, SNR is great. But again, practically it configures to use 20MHz.

I did a quick test with my EA8100 on my only 160Mhz channel after turning off my AX only
tho it says connected at 1733 160Mhz it was not faster ~ 73Mb,s
tho even the AX max's out about 98's MB's 1G cable limit