First, thanks for your reaction, guys!
Yeah, I like to compile latest snapshots for my devices. Its just a habit To see what has changed and see if it performs better. I like to try out new versions of drivers.
@brada4
Brada, you posted a link of hostapd.conf. I saw the DFS_CAC lines. What should I do with the information?
In the 23-snapshot buildroot I looked up the file and uncommented that DFS_CAC line that you pointed out in hostapd.conf file. Compiled the firmware, upgraded the firmware file to the router but still having the same issue.
(I did a make distclean beforehand, to make sure old configs and compiled binaries were truelly gone)
On the router via uart connection shell I edited /run/hostapd-phy0.conf to add the "acs_exclude_dfs=1" line, but the file gets auto updated I think and the line was removed again.
So I am wondering what to do with the "acs_exclude_dfs=1" line, where to put it.
@LilRedDog
I doubt the issue lies anywhere else than drivers, mt76, mt7921au, nl80211, hostapd, or its related configs. Network/dhcp/firewall is performing fine.
But okido, here we go!
ubus call system board:
{
"kernel": "6.6.61",
"hostname": "RaspberryPI4b",
"system": "ARMv8 Processor rev 3",
"model": "Raspberry Pi 4 Model B Rev 1.4",
"board_name": "raspberrypi,4-model-b",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "SNAPSHOT",
"revision": "r28146-52b6c92479",
"target": "bcm27xx/bcm2711",
"description": "OpenWrt SNAPSHOT r28146-52b6c92479",
"builddate": "1732223081"
}
}
cat /etc/config/network:
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdfd:4fa3:5ab8::/48'
config device
option name 'br-lan'
option type 'bridge'
option ipv6 '0'
option igmp_snooping '1'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.254'
option netmask '255.255.255.0'
option delegate '0'
option ip6assign '60'
config device
option name 'eth0'
option ipv6 '0'
config interface 'Surf_OVPN'
option proto 'none'
option device 'tun0'
option delegate '0'
option auto '0'
config interface 'Surfshark'
option proto 'wireguard'
option private_key 'xxxxxxxxxxxx'
list addresses '10.14.0.2/16'
list dns '162.252.172.57'
list dns '149.154.159.92'
option delegate '0'
option auto '0'
config wireguard_Surfshark
option description 'nl-ams.prod.surfshark.com'
option public_key 'xxxxxxxxxxxxx'
list allowed_ips '0.0.0.0/0'
option endpoint_host 'nl-ams.prod.surfshark.com'
option endpoint_port '51820'
option route_allowed_ips '1'
config wireguard_Surfshark
option description 'de-fra.prod.surfshark.com'
option public_key 'xxxxxxxxxxxxxxxxx'
list allowed_ips '0.0.0.0/0'
option route_allowed_ips '1'
option endpoint_host 'de-fra.prod.surfshark.com'
option endpoint_port '51820'
option disabled '1'
config wireguard_Surfshark
option disabled '1'
option description 'de-ber.prod.surfshark.com'
option public_key 'xxxxxxxxxxxxxxxxxxxxxxx'
list allowed_ips '0.0.0.0/0'
option route_allowed_ips '1'
option endpoint_host 'de-ber.prod.surfshark.com'
option endpoint_port '51820'
config wireguard_Surfshark
option description 'uk-lon.prod.surfshark.com'
option public_key 'xxxxxxxxxxxxxxxxxxxxxxxx'
list allowed_ips '0.0.0.0/0'
option route_allowed_ips '1'
option endpoint_host 'uk-lon.prod.surfshark.com'
option endpoint_port '51820'
option disabled '1'
config wireguard_Surfshark
option description 'uk-man.prod.surfshark.com'
option public_key 'xxxxxxxxxxxxxxxxxxxxxxxxx'
list allowed_ips '0.0.0.0/0'
option route_allowed_ips '1'
option endpoint_host 'uk-man.prod.surfshark.com'
option endpoint_port '51820'
option disabled '1'
config wireguard_Surfshark
option description 'be-bru.prod.surfshark.com'
option public_key 'xxxxxxxxxxxxxxxxxxxxxxxxx'
list allowed_ips '0.0.0.0/0'
option route_allowed_ips '1'
option endpoint_host 'be-bru.prod.surfshark.com'
option endpoint_port '51820'
option disabled '1'
config wireguard_Surfshark
option description 'be-anr.prod.surfshark.com'
option public_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
list allowed_ips '0.0.0.0/0'
option route_allowed_ips '1'
option endpoint_host 'be-anr.prod.surfshark.com'
option endpoint_port '51820'
option disabled '1'
config wireguard_Surfshark
option description 'ch-zur.prod.surfshark.com'
option public_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
list allowed_ips '0.0.0.0/0'
option route_allowed_ips '1'
option endpoint_host 'ch-zur.prod.surfshark.com'
option endpoint_port '51820'
option disabled '1'
config wireguard_Surfshark
option description 'us-nyc.prod.surfshark.com'
option public_key 'xxxxxxxxxxxxxxxxxxxxxxxxx'
list allowed_ips '0.0.0.0/0'
option route_allowed_ips '1'
option endpoint_host 'us-nyc.prod.surfshark.com'
option endpoint_port '51820'
option disabled '1'
config interface 'wan'
option proto 'pppoe'
option device 'eth1.6'
option username 'xxxxxxxxx'
option password 'xxxxxxxxxxx'
option ipv6 '0'
option sourcefilter '0'
option delegate '0'
config device
option type '8021q'
option ifname 'eth1'
option vid '6'
option name 'eth1.6'
option ipv6 '0'
config device
option name 'pppoe-wan'
option ipv6 '0'
config device
option name 'eth1'
option ipv6 '0'
/etc/config/wireless:
config wifi-device 'radio0'
option type 'mac80211'
option path 'scb/fd500000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0/usb1/1-1/1-1.3/1-1.3:1.0'
option band '5g'
option channel '124'
option cell_density '0'
option country 'NL'
option htmode 'HE80'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'The Kingdom Gods_5G'
option encryption 'sae'
option key 'xxxxxxxxxxxx'
option isolate '1'
option wpa_disable_eapol_key_retries '1'
list maclist 'xxxxxxxxxxxxxxxxxx'
list maclist 'xxxxxxxxxxxxxxxxxx'
list maclist 'xxxxxxxxxxxxxxxxxx'
list maclist 'xxxxxxxxxxxxxxxxxx'
list maclist 'xxxxxxxxxxxxxxxxxx'
list maclist 'xxxxxxxxxxxxxxxxxx'
list maclist 'xxxxxxxxxxxxxxxxxx'
list maclist 'xxxxxxxxxxxxxxxxxx'
list maclist 'xxxxxxxxxxxxxxxxxx'
list maclist 'xxxxxxxxxxxxxxxxxx'
list maclist 'xxxxxxxxxxxxxxxxxx'
list maclist 'xxxxxxxxxxxxxxxxxx'
list maclist 'xxxxxxxxxxxxxxxxxx'
list maclist 'xxxxxxxxxxxxxxxxxx'
list maclist 'xxxxxxxxxxxxxxxxxx'
list maclist 'xxxxxxxxxxxxxxxxxx'
option ocv '0'
cat /etc/config/dhcp:
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config host
option name 'Goliath'
option dns '1'
option ip '192.168.1.10'
list mac 'xxxxxxxxxxxxxxxxxxxxx'
list mac 'xxxxxxxxxxxxxxxxxxxxx'
list mac 'xxxxxxxxxxxxxxxxxxxxx'
config host
option name 'Galaxy-S7-Edge'
option dns '1'
list mac 'xxxxxxxxxxxxxxxxxxxxx'
option ip '192.168.1.11'
config host
option name 'Meta-Quest-2'
option dns '1'
list mac 'xxxxxxxxxxxxxxxxxxxxx'
option ip '192.168.1.12'
config host
option name 'Rasberry-PI4-wifi'
option dns '1'
list mac 'xxxxxxxxxxxxxxxxxxxxx'
option ip '192.168.1.14'
config host
option dns '1'
list mac 'xxxxxxxxxxxxxxxxxxxxx'
option ip '192.168.1.15'
option name 'Samsung-TV'
config host
option name 'Osprey'
option dns '1'
list mac 'xxxxxxxxxxxxxxxxxxxxx'
option ip '192.168.1.18'
config host
option name 'Squid'
option dns '1'
list mac 'xxxxxxxxxxxxxxxxxxxxx'
option ip '192.168.1.19'
config host
option name 'Jaguar'
option dns '1'
list mac 'xxxxxxxxxxxxxxxxxxxxx'
option ip '192.168.1.20'
config host
option dns '1'
list mac 'xxxxxxxxxxxxxxxxxxxxx'
option ip '192.168.1.21'
option name 'GL-MT300N-V2-1'
config host
option dns '1'
list mac 'xxxxxxxxxxxxxxxxxxxxx'
option ip '192.168.1.22'
option name 'GL-MT300N-V2-2'
config host
list mac 'xxxxxxxxxxxxxxxxxxxxx'
option ip '192.168.1.50'
option name 'Echo-Dot-4'
option dns '1'
config host
list mac 'xxxxxxxxxxxxxxxxxxxxx'
option ip '192.168.1.51'
option name 'Echo-Dot-4-Second'
option dns '1'
config host
list mac 'xxxxxxxxxxxxxxxxxxxxx'
option ip '192.168.1.52'
option name 'Echo-Dot-3'
option dns '1'
config host
list mac 'xxxxxxxxxxxxxxxxxxxxx'
option name 'Couch-RGB-L'
option dns '1'
option ip '192.168.1.60'
config host
list mac 'xxxxxxxxxxxxxxxxxxxxx'
option name 'Couch-RGB-R'
option dns '1'
option ip '192.168.1.61'
config host
list mac 'xxxxxxxxxxxxxxxxxxxxx'
option name 'Bed-Light-RGB'
option dns '1'
option ip '192.168.1.62'
config host
list mac 'xxxxxxxxxxxxxxxxxxxxx'
option name 'Ceiling-RGB'
option dns '1'
option ip '192.168.1.70'
config host
list mac 'xxxxxxxxxxxxxxxxxxxxx'
option name 'Ceiling-RGB-Kitchen'
option dns '1'
option ip '192.168.1.71'
config host
list mac 'xxxxxxxxxxxxxxxxxxxxx'
option name 'Ceiling-RGB-PC'
option dns '1'
option ip '192.168.1.72'
config host
list mac 'xxxxxxxxxxxxxxxxxxxxx'
option name 'Ceiling-RGB-Bedroom'
option dns '1'
option ip '192.168.1.73'
config host
list mac 'xxxxxxxxxxxxxxxxxxxxx'
option name 'Smart-Switch-1-AirPurifier'
option dns '1'
option ip '192.168.1.80'
config host
list mac 'xxxxxxxxxxxxxxxxxxxxx'
option name 'Smart-Switch-2-CV'
option dns '1'
option ip '192.168.1.81'
config host
list mac 'xxxxxxxxxxxxxxxxxxxxx'
option name 'Smart-Switch-3-BED'
option dns '1'
option ip '192.168.1.82'
config host
option name 'papa-ipad'
list mac 'xxxxxxxxxxxxxxxxxxxxx'
cat /etc/config/firewall:
config defaults
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
option synflood_protect '1'
option drop_invalid '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
option masq '1'
option mtu_fix '1'
list network 'wan6'
list network 'wan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
option enabled '0'
option limit '1000/second'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option family 'ipv4'
option target 'ACCEPT'
option enabled '0'
list icmp_type 'echo-request'
option limit '1000/second'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
option enabled '0'
option limit '1000/second'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
option limit '1000/second'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
list src_ip 'fe80::/10'
option limit '1000/second'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
list icmp_type 'bad-header'
list icmp_type 'destination-unreachable'
list icmp_type 'echo-reply'
list icmp_type 'echo-request'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'unknown-header-type'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
option enabled '0'
option limit '1000/second'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
option enabled '0'
option limit '1000/second'
config zone
option name 'openvpn'
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
option masq '1'
option mtu_fix '1'
list network 'Surf_OVPN'
config zone
option name 'wireguard'
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
option masq '1'
option mtu_fix '1'
list network 'Surfshark'
config forwarding
option src 'lan'
option dest 'openvpn'
config forwarding
option src 'lan'
option dest 'wireguard'
and the error in syslog:
Fri Nov 22 21:34:40 2024 daemon.notice hostapd: phy0-ap0: interface state HT_SCAN->DFS
Fri Nov 22 21:34:40 2024 daemon.notice hostapd: phy0-ap0: DFS-CAC-START freq=5620 chan=124 sec_chan=-1, width=1, seg0=106, seg1=0, cac_time=60s
Fri Nov 22 21:34:40 2024 daemon.err hostapd: DFS start_dfs_cac() failed, -1
Fri Nov 22 21:34:40 2024 daemon.err hostapd: Interface initialization failed
Fri Nov 22 21:34:40 2024 daemon.notice hostapd: phy0-ap0: interface state DFS->DISABLED
Fri Nov 22 21:34:40 2024 daemon.notice hostapd: phy0-ap0: AP-DISABLED
I think that looking up whats going on with radar check DFS_CAC in drivers or hostapd source or config file is the best bet. But I wonder if I have to change it in buildroot of 23-snapshot or that I can for example have to edit config files like /etc/wireless (or other file) on the router itself.