I am using a Linksys WRT1200AC router, Upgraded to v23 and then went back to v19.07 because of security problems in 23. Now the 2.4ghz wifi fails, but only when my USB NAS drive is plugged in to the router's USB port. Same router, Same USB drive as before, but now it makes the Wifi fail.
The 5ghz wifi and wired Ethernet seem to work fine. I used the backup/restore feature, but it did not restore the extra software I loaded (Samba3 & USB access). I reloaded what I could remember manually, but it seems to have problems with the USB firmware.
So why would the router fail when the USB drive is plugged in? What can I do to fix this? I have already reset the system and reinstalled from scratch numerous times. Everything seems fine until I load the USB access files.
I replied via email, but apparently they didn't make it. So this reply might seem duplicated if they ever come through.
To answer you question, the usb drive is a usb powered SSD and is not powered by an external source. I plugged a little usb thumb drive into the router to test and it broke the wifi as well. Only the 2.4ghz wifi gets broken, the 5ghz wifi seems fine.
The problem seems to be associated with the extra programs required for activating the mount points in the menu. My testing shows about a 90% packet loss on the 2.4 wifi when the thumb drive was connected and 0% loss on 5ghz wifi. Unplug the thumb drive and I get 0 packets lost on 2.4ghz as well.
Try using a powered usb hub between your router and your device. It is possible that the usb devices are drawing just enough power to put the router’s internal power circuits into a minor brown-out condition.
I don't have a usb power injector, but I did have an older usb HDD that is powered externally. I plugged it in and there was no packet loss on 2.4ghz. That said, it wasn't recognized by the router either. It is formatted with a dual partition half FAT and half NTFS. The router didn't see it.
That said, I tried a FAT formatted thumb drive and it crashed 2.4ghz wifi. The first thumb drive was an ext2 formatted drive. A usb thumb drive doesn't draw near enough power to cause a problem, but it does in this case.
While it does seem that usb power is an issue, why was there no problems before upgrading to v23 and back to v19?
This is a linksys wrt1200ac which is an older router, but it is well supported by openwrt. A lot of the newer routers have less ram, less flash and bad wifi drivers or cost a small fortune. I could buy a usb power injector, but if it is hardware problem, how long will that work before there is a problem again?
23.05 may be more taxing on the power supply based on additional processor use or other changes relative to earlier versions. If the power supply system is nearing its limit, it is possible that a usb device is sufficient to push it over the edge. It is possible it is not related to power, but my first recommendation for troubleshooting is to find a powered usb hub (borrow one? Or buy an inexpensive one) to ensure that the router is not responsible for providing power to the drive. If the problem persists, then this can be ruled out as the culprit. But if it resolves, then we know it is a power thing.
A usb mouse (even a radio dongle) consumes far less power than a usb mass storage device. It is not a fair comparison, and not, IMO, a valid test to rule out a power issue.
I’m not saying that it “absolutely is” a power problem, but it’s the first thing I suspect based on my experience and it is worth trying to rule it out with the method I’ve described.
An optical mouse is not likely as power hungry as an SSD drive, but I think its not that far off the mark compared to a thumb drive.
To further complicate the issue, now the wifi is working with the SSD plugged in.
I first tried a USB SD card adapter and there was no problem. Then I plugged the ext2 flash drive back in and it didn't kill the wifi either. So then I clicked generate config and mount all drives. Then the ext2 drive was available via samba over 2.4ghz wifi. Then I unplugged the ext2 flash drive and it seemed to short something out. I turned the power off and plugged the SSD back in and then turned the power back on and then everything was back up and running. USB is supposed to be hot swapable, but maybe the linksys engineers didn't get the memo.
Just so you know I have power cycled this numerous times before with no help.
So for right now its working. I will order a usb injector for the next time.
Keep in mind that USB3 is working on pretty much the same frequencies as 2.4 GHz wlan, so bad shielding or bad cables will have a detrimental effect on 2.4 GHz wireless performance. When the wrt3200acm was originally designed, there were much less USB3 devices in circulation, so fewer users might have noticed backed then. A USB mouse will only use USB2, a USB memory stick might - a modern USB disk certainly will (older ones however won't).
EDIT: btw. an easy test would be checking the problematic (new) disk connected with an old USB2 cable, which forces the connection down to USB2 standards, while power requirements should remain similar.
I was actually thinking about the noise issues... and some of that could even feed back into the power circuitry in the form of ripple/noise that would then be distributed to the other subsystems. But, all else being equal (cables, devices, etc.) wouldn't expect much of a difference between 19.07 -> 23.05 with respect to noise, but there could be other reasons for it to become more significant.
Actually, I'm running v19 now. I was originally running v19 with no issues, then I decided to upgrade to v23. Because there are security holes in v23 that I couldn't live with, I went back to v19. I might go to v21 later once the dust has settled.
I did notice some wifi flakiness when I had v23 going especially when trying to connect to my moto g7 phone (it wouldn't connect with 2.4ghz unless the legacy box was checked), yet it connected to my 20 year old win XP laptop just fine without legacy mode and no lost packets.
The problem described above was when I reverted back to v19 and restored the backup file. That process only restores the settings and not any firmware that was installed. At least that's how it works on v19. So I had to reinstall those manually. I'm thinking there could have been a problem with that.
It is working for the moment. I'm going to keep an eye on it. I'm thinking that if it is a power issue, that it might be a dried out cap or something. I'm still getting occasional LUCI errors that I never got before.
But for now, its working. I just watched a 2 hour movie streamed from that SSD and I had a ping going the whole time with no dropped packets.
Config files are not compatible from 19.07 <-> 23.05.
And packages do need to be reinstalled unless you use the image builder to create a custom image that includes the non-default packages you need.
What security holes are those?
And you do know that 19.07 has many unpatched security vulnerabilities, right? It's been EOL for several years, so there are CVEs that have come up and will never be addressed on EOL versions.
Just curious, since this is a dual partition device why you didn’t run System/Advanced Reboot and change back to your original v19 partition. There would be no need to re-flash v19 or restore a backup, or indeed even have to install/upgrade any packages.
Let's assume this is true and ignore the implausibility that 19.07 is an improvement in this regard. You've mentioned "security problems" twice in this thread with no details, elaboration, not even so much as a CVE link. If there's genuinely a problem, it's never going to get fixed unless you actually explain what the purported security hole is.
I could find no Advanced Reboot anywhere on v19. It would be a good feature for sure. Likewise, a universal backup/restore would also be good that would allow one to backup the old version and then restore to a new version - or simply a script that will convert between the two. Upgrading shouldn't be such a pain.
As far as the security hole in v23, I didn't elaborate before because I saw no need to convolute the primary issue. The hole allows access to the router where any change can be made by unauthorized people.
I have v21 on another router, Archer A7, and the bug is not there either. Different router and OS, but I thought I'd mention it.
What happens is that the guest network allows access to 192.168.1.1 and it cannot be blocked. My guest subnet was 192.168.8.x and access to 192.168.8.1 is forwarded to 192.168.1.1 without restriction. I tried for a good bit to block this from happening, but it persisted as if it was hardcoded to do so. There is a rule that forwards the guest subnet to the WAN, but nothing I could find that sends it anywhere else.
So what I'm saying is that a guest can connect to the unsecured guest network and then log in to the router. I don't want them to have any access to it. I'm talking web access. I didn't try SSH, but its likely that would have connected as well.
I used the same guest wifi config on v19 and the hole is not there. Also, on the other router running v21 and the hole is not there either. Unfortunately, unavoidable in v23 on the WRT1200AC. I have no idea if this happens on other routers. I have several other routers here, but they aren't compatible with openwrt.
I suspect that this has something to do with the change from iptables, but I do not access iptables directly, everything is set within the web page.
The other issue with v23 is that the 2.4ghz radio wont allow access by moto G7 phones unless the Legacy mode box is checked. This is different from the primary issue of this thread. I tried several other devices, including my 20 year old XP laptop, and they all worked fine with 2.4ghz wifi without legacy mode. This is not the same issue as this thread which deals with a wifi failure after reverting back to v19, although it could be related. I consider this a bug and not a security hole.
The generic procedure I use for adding a guest network is as follows:
Add the guestwifi interface and use 8.8.8.8 and 1.1.1.1 for the DNS servers and 192.168.8.1 for the subnet and assign the firewall zone to guestwifi.
Add a new radio interface under the 2.4ghz radio and assign to guestwifi and also check isolate clients.
Make sure firewall for guestwifi is set to reject except for output and also forward to WAN only.
Add exceptions under traffic rules to allow DHCP and DNS from the guestwifi.
So that's about it. v23 shouldn't be allowing guest access to the router, but it does. The same config doesn't in v19 and v21.
This is absolutely a misconfiguration on your end. I can guarantee to you that the firewall functions properly when you use the correct configuration syntax. The firewall is not hardware specific, and I know that it can successfully prevent access when it is setup to do so.
I appreciate the offer, but I did not save the config when I had v23 installed. However, I used the same config process (above) for v19 (WRT1200AC) and v21 (archer A7). I even tried adding a rule to explicitly block all traffic from the guestwifi to the device except for DNS and DHCP. And like I said, v19 and v21 work properly. I wont deny the possibility that I did something wrong, but I couldn't find it after several hours of searching.
I don't think I would go back to v23 even if it were fixed because of the moto G7 bug. From what I hear, its not just the G7 because other moto phones are affected. The bug does seem to be associated with the WRT1200AC. Perhaps someone tinkered with the radio driver in between v19 and v23 and introduced an incompatibility between the two.
I did actually install v21 on the WRT1200AC briefly, but I was just testing to see if it would load. I never tested the wifi so I don't know if the bug is on that router or not when running v21. All I know is that the wifi works fine with the archer A7 running v21, but the archer most likely uses a different radio driver.
As far as guest access in general, it is 100% configuration and doesn't require loading of additional firmware. Surely the openwrt progenitors can add a menu option for it. I mean, if they force people to use Samba4, which is about 10 times the size of Samba3, they should be able to justify a few bytes for a guest wifi script. I say that because when I had v23 loaded, I did not see a samba3 option, only samba4.
Sure, that hapens to all of us from time to time. But you could have posted here with the question. Please do that in the future for a few reasons:
We can usually help spot the issue quickly and then you're not banging your head against the wall
It may be useful for others to see the troubleshooting process
If there is an actual bug or other issue, it can be discovered, reproduced, and filed as a bug to be resolved.
It's not really useful to 'accuse' the platform of having a major security flaw without providing details/configs, especially if they may be resolvable as function of the configuration itself (and thus not a security flaw).
I would recommend that you reconsider using 23.05, and we can work with you to ensure your configuration is correct (and if relevant, triage any bugs or security issues).
This part is understandable. And I cannot speak to the radios/drivers in the WRT1200AC. But, it might be worth starting with a completely default config of 23.05 and only making the minimum changes necessary to see if this is still an issue. Again, it could have been a config issue, or maybe it is a legitimate issue with the radio system.
Yes, the Archer would use a different radio driver for sure. However, running 19.07 isn't a good idea on your WRT1200AC, especially if you're actually trying to stay ahead of security issues. 21.02 is also EOL and unsupported, but it's at least more up-to-date than 19.07. Likewise, though, you should consider upgrading your Archer A7 to 23.05, as well.
In theory, it wouldn't be terribly difficult to do at a base level. However, with the significant variability of hardware (some devices don't have radios at all, some have radios but only support a single SSID, etc.) and the variations of how people might want to implement it, it becomes challenging to make a one-size-fits-all button. However, that's not to say that someone couldn't develop a script (which could be tied to a button) to simplify the process... feel free to help in that development if you have some ideas of how it would come to fruition.
What makes you think people are "forced" to use Samba4?
The latest version of Samba is much larger than Samba3, yes... but nobody is forcing anyone to use it. In fact, if you look through these forums, you'll find that ksmbd is actually recommended in most cases instead of samba4.
Furthermore, these are optional packages that people add if/when they need to share files. They are not included in the default images.
Don't forget, OpenWrt is optimized to fit into small footprints (8MB minimum for 23.05, that will change to 16MB minimum for future versions). That's megabytes! very small amount of storage for all that the system does. So things that are deemed optional and/or not used by the majority of users are typically not included by default. Instead, they are available as packages that a user can install quite easily. This is how I would think a guest wifi "button" script thing would be packaged.
Yes, samba3 is no longer maintained and was superceeded by the newer samba4. But nobody is forcing samba4... ksmbd is, as I mentioned earlier, much lighter weight and better when you are on a resource constrained device.