Why are wireless clients isolated by default?

catdog · January 10, 2021, 2:03am

Hi There,

Is this a bug or feature? On my Dlink DAP-2695 running OpenWrt 19.07.5 no communication passes in between wireless clients unless hairpin_mode is set to 1. I had to add a 10 seconds delayed script in /etc/rc.local forcing hairpin_mode to 1 on both 2.4GHz and 5GHz interfaces to compensate for this. Otherwise by default the hairpin_mode is 0 after the restart. The AP is in a gateway mode having all active interfaces bridged. Isolate Clients is off and confirmed the same in the config file.

lleachii · January 12, 2021, 5:15am

@catdog, welcome to the comunity!

Clients are not isolated by default.

Can you show us your config, please?

catdog · January 12, 2021, 9:45am

@lleachii indeed they should not be isolated. The config files follow:

/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11a'
option path 'pci0000:00/0000:00:00.0'
option htmode 'VHT80'
option legacy_rates '0'
option country 'IE'
option channel '36'
option txpower '20'

config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option key ''
option ssid '**'
option hidden '1'
option encryption 'psk2+ccmp'
option ifname '5GHz'
option signal_snr_connect '20'
option signal_snr_stay '15'
option signal_strikes '3'
option signal_poll_time '5'
option signal_drop_reason '3'

config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11g'
option path 'platform/qca955x_wmac'
option txpower '16'
option country 'IE'
option htmode 'HT20'
option channel '6'

config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option key '*'
option ssid ''
option hidden '1'
option encryption 'psk2+ccmp'
option ifname '2.4GHz'
option signal_snr_connect '20'
option signal_snr_stay '15'
option signal_strikes '3'
option signal_poll_time '5'
option signal_drop_reason '3'

/etc/config/network

config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix '*****************'

config interface 'lan'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.**'
option netmask '255.255.255.0'
option ifname 'eth0.1 eth1.2'
option ipv6 'off'
list dns '192.168..254'
option delegate '0'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 0t'

config switch_vlan
option device 'switch0'
option vlan '2'
option ports '3 6t'

config route
option target '0.0.0.0'
option gateway '192.168.******.254'
option netmask '0.0.0.0'
option interface 'lan'

lleachii · January 12, 2021, 10:07am

Please use codeboxes </> to enclose output and code.

Can you show us this setting, please?

What are these, or rather, why do you believe you need these???

trendy · January 12, 2021, 10:15am

This whole route could be just a option gateway 192.168.1.245 under lan interface.
Also 192.168.X.X are private addresses, there is no need to redact them.
Apart from the things @lleachii asked you to clear up, post also the output of ubus call system board

catdog · January 12, 2021, 5:33pm

@lleachii hairpin is set to 1 in

/etc/rc.local
# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.

# Revision 210109
# This is a workaround for possible bug that prevents WiFi clients to reach each other
# option multicast_to_unicast '0' does not seem to work
# sleep 10 added to allow the interfaces to start up. Otherwise the commands do not take effect.

sleep 10
echo 1 > /sys/devices/virtual/net/br-lan/lower_2.4GHz/brport/hairpin_mode
echo 1 > /sys/devices/virtual/net/br-lan/lower_5GHz/brport/hairpin_mode

exit 0

option signal_... is currently idle as the related script has been disabled. It used to force clients to disconnect from the access point and renegotiate when the signal dropped below certain level. It made 5GHz linked clients to migrate to 2.4GHz band. As there were some unintended consequences it is parked for now. It should not interfere with anything.

@trendy
route section has been trimmed


config route
        option gateway '192.168.111.254'

ubus call system board
{
        "kernel": "4.14.209",
        "hostname": "DAP-2695",
        "system": "Qualcomm Atheros QCA9558 ver 1 rev 0",
        "model": "D-Link DAP-2695 rev. A1",
        "board_name": "dap-2695-a1",
        "release": {
                "distribution": "OpenWrt",
                "version": "19.07.5",
                "revision": "r11257-5090152ae3",
                "target": "ar71xx/generic",
                "description": "OpenWrt 19.07.5 r11257-5090152ae3"
        }
}

Thank you both for your help. Sorry about the mess in the thread above I was figuring out the quoting.

trendy · January 12, 2021, 7:47pm

I didn't mean that, I said under lan interface.

config interface 'lan'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.**'
option netmask '255.255.255.0'
option ifname 'eth0.1 eth1.2'
option ipv6 'off'
list dns '192.168..254'
option delegate '0'

The file rc.local is normally empty. Were all these lines in there by default or did you add them?

catdog · January 12, 2021, 11:35pm

@trendy
I added the lines to rc. local to enable communication between the wireless clients

The file has been edited- did I get it right?

/etc/config/network 

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix '***::/48'

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.1.21'
        option netmask '255.255.255.0'
        option ifname 'eth0.1 eth1.2'
        option ipv6 'off'
        list dns '192.168.1.254'
        option delegate '0'
        option gateway '192.168.1.254'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '2 0t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '3 6t'

trendy · January 13, 2021, 11:48am

I checked one device of mine and the hairpin_mode is by default 1 when the wifi comes up.
Maybe @jow has a clue why isn't it set by default.

Yes, better now.