WiFi connection issues on a simple dumb access point

Hi, I'm sorry for all the dumb questions, but I have another issue I can't figure out.

I swear it worked before, but recently I can't get the WiFi working, no matter what I try.

• On Android I get 'Can't authenticate connection'.
• On Linux Activation: (wifi) association took too long, failing activation
• Sometimes it connects. In that case, for a split second I can use Google, after which everything timeouts.

The only things I do are as follows:

• Follow this guide
• For each radio (there are two):
  • Set country code to BE - Belgium
  • Enable WPA2/PSK and set a password
  • Enable the access point

That's it!

Things I tried:

• Factory reset and follow the previously mentioned guide again
• Mess with the channels to see if that does something

Here's the complete setup (on the right is what counts):

network699×321 19.5 KB

I'm at loss here, does somebody know what's going on?

/etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix [redacted]
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.115.51'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.115.1'

/etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
	option channel '1'
	option band '2g'
	option htmode 'HE20'
	option cell_density '0'
	option country 'BE'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid [redacted]
	option encryption 'psk2'
	option key [redacted]

config wifi-device 'radio1'
	option type 'mac80211'
	option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0+1'
	option channel '36'
	option band '5g'
	option htmode 'HE80'
	option country 'BE'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid [redacted]
	option encryption 'psk2'
	option key [redacted]

we're missing /etc/config/firewall and /etc/config/dhcp.

I don't see anything obviously wrong with the above configuration, but just a few things to point out:

• You don't need to hide your ULA prefix, it's fd, followed by 5 randomized bytes/octets; this address is only meaningful locally.
• You don't need to set an ULA prefix in your dumb AP, you can just delete it; your main router will provide an ULA address via DHCPv6 or SLAAC.
• Set 'ip6assign' to disabled.
• Missing info about your device. cat /etc/board.json

You're right:

/etc/config/firewall

config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

/etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

Just curious, can this be done in LuCi? I'm trying to avoid manually adjusting the configuration (for now).

If it matters, here it is: fddc:0ffa:8ee1::/48

Here it is:

{
	"model": {
		"id": "asus,rt-ax53u",
		"name": "ASUS RT-AX53U"
	},
	"led": {
		"usb": {
			"name": "USB",
			"sysfs": "blue:usb",
			"type": "usbport",
			"ports": [
				"usb1-port2"
			]
		},
		"wlan2g": {
			"name": "WiFi 2.4GHz",
			"sysfs": "mt76-phy0",
			"trigger": "phy0tpt"
		},
		"wlan5g": {
			"name": "WiFi 5GHz",
			"sysfs": "mt76-phy1",
			"trigger": "phy1tpt"
		}
	},
	"network": {
		"lan": {
			"ports": [
				"lan1",
				"lan2",
				"lan3"
			],
			"protocol": "static"
		},
		"wan": {
			"device": "wan",
			"protocol": "dhcp"
		}
	},
	"system": {
		"compat_version": "1.1"
	}
}

To make matters worse, I regularly can't reach the AP on 192.168.115.51 from the main router WiFi, let alone on the WiFi of the AP itself (to which I can't establish a good connection).

To make it even more complicated, I can SSH into the machine.

Edit: scratch that, SSH fails now too, as does ping.

Edit 2: the main router reports the device as 'disconnected', even though a device connected to the AP (via ethernet) still has access to the Internet.

For removing the ULA: Network -> Interfaces -> Global network options -> IPv6 ULA-Prefix (leave empty)
For ip6assign: Network -> Interfaces -> Interfaces -> lan -> Edit -> Advanced Settings -> IPv6 assignment length (disabled)

It doesn't, but there are problems with leading zeroes in stable, see: Resolving router's hostname to IPv6's ULA

Try these:

1. System -> Startup: Disable and stop firewall, dnsmasq and odhcpd
2. Network -> Interfaces -> Interfaces -> lan -> Edit -> Advanced Settings -> Use custom DNS servers: add the local address of the main router

I did as you asked. It's a bit early, but this seems to have fixed the issue of the AP IP disappearing and being unreachable.

The original WiFi issue still persists, though. Does anyone know what's going on?

Edit: Under Network -> Wireless -> Associated Stations, I can see my laptop trying to connect. But the host remains ?. No IPv6 address is shown.

Edit 2: I now have these new options in Network -> Interfaces -> LAN -> Edit:

Should I do something with them to make things work?

Edit 3: after I briefly connected with the AP, the web interface is now painfully slow. I also get 'Bad Gateway' after logging in and waiting for a while.

Could this be because of some infinite loop inside the AP?

OpenWrt version? Is the warning from the ToH wiki page relevant to your setup?

Warning! Between versions 22.03.x and 23.05.x the WAN port was moved to a separate netcard out of the switch, so the old ethernet config is no longer valid and you need to reset the config in case of an upgrade. See https://github.com/openwrt/openwrt/issues/14801

Dumb APs don't have access to MAC/IP address association information, since they don't process the bridged frames.
There are multiple workarounds for it. The one, which in my opinion works best and also the one that I still make use of, is my own C utility (I'd previously published it here, but have since removed the link because of the annoyance that arised from my choice of hosting).

Don't uncheck "Use default gateway".

Is this while wired or wireless?

OpenWRT 23.05. Nope unfortunately not. It's a fresh install.

It remains checked.

First wireless connection that succeeds for a brief moment, then a wired connection to access LuCi.

Is SSH working ok? What's the load average from uptime?

Can you post the following info:

• /etc/config/network after your latest changes
• cat /sys/module/mt7915e/parameters/wed_enable (not sure if the MT7621AT has WED support)
• ifconfig -a
• netstat -lenp

Hide any info that you feel might compromise your privacy/security, such as MAC addresses.

Also, you're using this device as a dumb AP. You want to bridge the wan interface in br-lan. If there is a VLAN, you also want to move wan to the same VLAN as the other ports.

Thanks for all the feedback, but I'm afraid it won't be necessary anymore.

Eventually I fixed all WiFi issues (and got back my firewall in the process) by resetting the device and creating a subnet that's connected to the internet via my main router. No more 'dumb' AP for me.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.