search

greearb / ath10k-ct

Stand-alone ath10k driver based on Candela Technologies Linux kernel.
110 stars 40 forks source link

Devices connected to the same Wi-Fi using dynamic VLANs can’t ping each other #190

Open paudo opened 2 years ago

paudo commented 2 years ago

Summary

When configuring an Access-Point to use dynamic VLANs, devices connected to the same VLAN on the same ath10k-ct 5GHz radio of an access point can’t reach each other (e.g. through ping). If one of the devices is connected via Ethernet or a 2.4GHz Wi-Fi, they are able to reach each other.

Steps to reproduce

  1. Install OpenWrt 21.02.1 on e.g. Archer C7v5 (I saw the same issue on other devices like Archer C7 v2 as well)
  2. Install wpad on the device: opkg update && opkg remove wpad-mini wpad-basic wpad-basic-wolfssl && opkg install wpad
  3. Configure a dynamic VLAN WPA2 Enterprise Wi-Fi using the following /etc/config/wireless
/etc/config/wireless ``` config wifi-device 'radio0' option type 'mac80211' option path 'pci0000:00/0000:00:00.0' option hwmode '11a' option htmode 'VHT40' option country 'DE' option channels '32-48' config wifi-iface 'wifi_5ghz' option ifname 'wifi_5ghz' option device 'radio0' option mode 'ap' option ssid 'my_wifi' option encryption 'wpa2+ccmp' option auth_server '10.220.220.50' option auth_secret 'secret' option dynamic_vlan '2' option vlan_tagged_interface 'eth0' option vlan_bridge 'br-vlan' option vlan_naming '0' option disassoc_low_ack '0' option eap_reauth_period '0' ```
/etc/config/network ``` config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config globals 'globals' config interface 'vlan2220' option ifname 'eth0.2220' option type 'bridge' option proto 'static' option netmask '255.255.255.0' option gateway '10.220.220.1' option dns '137.226.111.1' option ipaddr '10.220.220.242' ```

  1. Make the radius server tag all devices into VLAN 2220 using the following reply

    Tunnel-Type             =   "VLAN"
Tunnel-Medium-Type      =   "IEEE-802"
Tunnel-Private-Group-ID =   "2220"

  2. Connect two devices to the Wi-Fi that was just configured

Expected results

The devices should be able to ping each other.

Actual results

It is not possible to reach the other device by pinging it. The following scenarios do work:

Connect one device via Ethernet

If one device is connected to the same VLAN via Ethernet and the other is connected using the dynamic VLAN Wi-Fi, ping works.

Connect one device to a 2.4GHz Wi-Fi with dynamic VLANs

When setting up a 2.4GHz Wi-Fi that also uses dynamic VLAN, similar to how it’s described above, and connecting one device to the 2.4GHz network and the other to the 5GHz network pinging also works.

Connect both devices to a 2.4GHz Wi-Fi with dynamic VLANs

Connecting both devices to a 2.4GHz Wi-Fi with dynamic VLANs that uses the ath9k-ct driver, it is possible to ping between the two devices.

Disable dynamic VLANs and tag all packages into the same VLAN

If the Wi-Fi is configured without dynamic VLANs and statically tags all packets into the same VLAN, e.g. as follows, it is also possible to ping between the two devices

/etc/config/wireless ``` config wifi-iface 'wifi_5ghz' option ifname 'wifi_5ghz' option device 'radio0' option network 'lan' option mode 'ap' option ssid 'my_wifi' option encryption 'wpa2+ccmp' option auth_server '10.220.220.50' option auth_secret 'secret' option disassoc_low_ack '0' option eap_reauth_period '0' ```

Software versions used

OpenWrt 21.02.1, r16325-88151b8303 on an Archer c7v5

opkg list-installed ``` ath10k-board-qca988x - 20201118-3 ath10k-firmware-qca988x-ct - 2020-11-08-1 base-files - 1434-r16325-88151b8303 busybox - 1.33.1-6 ca-bundle - 20210119-1 cgi-io - 2021-09-08-98cef9dd-20 curl - 7.79.1-1 dropbear - 2020.81-2 firewall - 2021-03-23-61db17ed-1 fstools - 2021-01-04-c53b1882-1 fwtool - 2019-11-12-8f7fe925-1 getrandom - 2020-10-25-9ef88681-2 hostapd-common - 2020-06-08-5a8b3662-35 ip6tables - 1.8.7-1 iptables - 1.8.7-1 iw - 5.9-8fab0c9e-1 iwinfo - 2021-04-30-c45f0b58-2.1 jshn - 2021-05-16-b14c4688-2 jsonfilter - 2018-02-04-c7e938d6-1 kernel - 5.4.154-1-79c5dc6db69102eb2943a96b9bec8b63 kmod-ath - 5.4.154+5.10.68-1-1 kmod-ath10k-ct - 5.4.154+2021-09-22-e6a7d5b5-1 kmod-ath9k - 5.4.154+5.10.68-1-1 kmod-ath9k-common - 5.4.154+5.10.68-1-1 kmod-cfg80211 - 5.4.154+5.10.68-1-1 kmod-gpio-button-hotplug - 5.4.154-3 kmod-hwmon-core - 5.4.154-1 kmod-ip6tables - 5.4.154-1 kmod-ipt-conntrack - 5.4.154-1 kmod-ipt-core - 5.4.154-1 kmod-ipt-nat - 5.4.154-1 kmod-ipt-offload - 5.4.154-1 kmod-lib-crc-ccitt - 5.4.154-1 kmod-mac80211 - 5.4.154+5.10.68-1-1 kmod-nf-conntrack - 5.4.154-1 kmod-nf-conntrack6 - 5.4.154-1 kmod-nf-flow - 5.4.154-1 kmod-nf-ipt - 5.4.154-1 kmod-nf-ipt6 - 5.4.154-1 kmod-nf-nat - 5.4.154-1 kmod-nf-reject - 5.4.154-1 kmod-nf-reject6 - 5.4.154-1 kmod-nls-base - 5.4.154-1 kmod-phy-ath79-usb - 5.4.154-1 kmod-ppp - 5.4.154-1 kmod-pppoe - 5.4.154-1 kmod-pppox - 5.4.154-1 kmod-slhc - 5.4.154-1 kmod-usb-core - 5.4.154-1 kmod-usb-ehci - 5.4.154-1 kmod-usb-ledtrig-usbport - 5.4.154-1 kmod-usb2 - 5.4.154-1 libblobmsg-json20210516 - 2021-05-16-b14c4688-2 libc - 1.1.24-3 libcurl4 - 7.79.1-1 libgcc1 - 8.4.0-3 libip4tc2 - 1.8.7-1 libip6tc2 - 1.8.7-1 libiwinfo-data - 2021-04-30-c45f0b58-2.1 libiwinfo-lua - 2021-04-30-c45f0b58-2.1 libiwinfo20210430 - 2021-04-30-c45f0b58-2.1 libjson-c5 - 0.15-2 libjson-script20210516 - 2021-05-16-b14c4688-2 liblua5.1.5 - 5.1.5-9 liblucihttp-lua - 2021-06-11-3dc89af4-1 liblucihttp0 - 2021-06-11-3dc89af4-1 libnghttp2-14 - 1.43.0-1 libnl-tiny1 - 2020-08-05-c291088f-2 libpthread - 1.1.24-3 libubox20210516 - 2021-05-16-b14c4688-2 libubus-lua - 2021-06-30-4fc532c8-2 libubus20210630 - 2021-06-30-4fc532c8-2 libuci20130104 - 2020-10-06-52bbc99f-5 libuclient20201210 - 2021-05-14-6a6011df-1 libustream-wolfssl20201210 - 2020-12-10-68d09243-1 libwolfssl4.8.1.66253b90 - 4.8.1-stable-4 libxtables12 - 1.8.7-1 logd - 2020-10-25-9ef88681-2 lua - 5.1.5-9 luci - git-20.074.84698-ead5e81 luci-app-firewall - git-21.295.66767-8eceb63 luci-app-opkg - git-21.079.58598-6639e31 luci-base - git-21.295.67054-13df80d luci-lib-base - git-20.232.39649-1f6dc29 luci-lib-ip - git-20.250.76529-62505bd luci-lib-jsonc - git-19.317.29469-8da8f38 luci-lib-nixio - git-20.234.06894-c4a4e43 luci-mod-admin-full - git-19.253.48496-3f93650 luci-mod-network - git-21.295.67048-4d3de0e luci-mod-status - git-21.295.66779-853a128 luci-mod-system - git-21.295.66903-8acd0d7 luci-proto-ipv6 - git-21.148.49484-14511e5 luci-proto-ppp - git-21.163.64918-6c6559a luci-ssl - git-20.244.36115-e10f954 luci-theme-bootstrap - git-21.298.68362-d24760e mtd - 26 muninlite - 2.1.1-1 netifd - 2021-07-26-440eb064-1 odhcp6c - 2021-01-09-53f07e90-16 odhcpd-ipv6only - 2021-07-18-bc9d317f-3 openwrt-keyring - 2021-02-20-49283916-2 opkg - 2021-06-13-1bf042dd-1 ppp - 2.4.8.git-2020-10-03-3 ppp-mod-pppoe - 2.4.8.git-2020-10-03-3 procd - 2021-02-23-37eed131-1 px5g-wolfssl - 3 rpcd - 2021-03-11-ccb75178-1 rpcd-mod-file - 2021-03-11-ccb75178-1 rpcd-mod-iwinfo - 2021-03-11-ccb75178-1 rpcd-mod-luci - 20210614 rpcd-mod-rrdns - 20170710 swconfig - 12 uboot-envtools - 2021.01-10 ubox - 2020-10-25-9ef88681-2 ubus - 2021-06-30-4fc532c8-2 ubusd - 2021-06-30-4fc532c8-2 uci - 2020-10-06-52bbc99f-5 uclient-fetch - 2021-05-14-6a6011df-1 uhttpd - 2021-03-21-15346de8-2 uhttpd-mod-ubus - 2021-03-21-15346de8-2 urandom-seed - 3 urngd - 2020-01-21-c7f7b6b6-1 usign - 2020-05-23-f1f65026-1 wireless-regdb - 2021.04.21-1 wpad - 2020-06-08-5a8b3662-35 xinetd - 2.3.15-11 ```

If you need any more information please let me know, I am able to reproduce the issue 100% of the time and am very happy to help you in any way.

TomerCo commented 1 year ago

I had similar issue and was able to solve it by changing the ath10k firmware, you can see the info on https://forum.openwrt.org/t/clients-are-isolated-when-working-with-dynamic-vlan/124372/4