Page 1 of 1

AP + STA mode - can't communicate between clients

Posted: Mon Sep 10, 2018 2:14 pm
by dimitry
VoCore 2 is running in AP + STA mode. Connect to it with 2 clients. Both get DHCP addresses. Both can access internet. Tried SSH'ing from one client to the other - no connection. Tried pinging - no cigar. What to do?

Re: AP + STA mode - can't communicate between clients

Posted: Wed Sep 12, 2018 2:14 pm
by Vonger
check firewall, allow forward mode :)

Re: AP + STA mode - can't communicate between clients

Posted: Wed Sep 12, 2018 3:06 pm
by dimitry
How can I tell if it's enabled? Here is my firewall config:
Code: Select all
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].network='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].network='wan' 'wan6' 'wwan'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[1].input='ACCEPT'
firewall.@zone[1].forward='ACCEPT'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fe80::/10'
firewall.@rule[3].src_port='547'
firewall.@rule[3].dest_ip='fe80::/10'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@rule[7]=rule
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'

Re: AP + STA mode - can't communicate between clients

Posted: Wed Sep 12, 2018 3:22 pm
by dimitry
My wireless configuration is:
Code: Select all
wireless.ap.device='radio0'
wireless.ap.mode='ap'
wireless.ap.network='lan'
wireless.ap.ifname='ra0'
wireless.ap.ssid='internal'
wireless.ap.key='password'
wireless.ap.encryption='psk'


Both clients connect to VoCore on the same 'internal' wifi. Both get DHCP in the same range 192.168.61.X. So, they should both be in the same 'lan' zone. No forwarding should be necessary if I understand it correctly.

Re: AP + STA mode - can't communicate between clients

Posted: Wed Sep 12, 2018 7:42 pm
by dimitry
Updated to firmware 20180723V.bin and it's still not working

Re: AP + STA mode - can't communicate between clients

Posted: Wed Sep 12, 2018 8:00 pm
by dimitry
Tried adding forwarding to the firewall:

lan -> lan
wan -> lan

(lan -> wan is already enabled)

Hairpinning is also enabled:
Code: Select all
root@OpenWrt:~# cat /sys/devices/virtual/net/br-lan/lower_ra0/brport/hairpin_mode
1
root@OpenWrt:~# cat /sys/devices/virtual/net/br-lan/lower_ra0/brport/multicast_to_unicast
1

Re: AP + STA mode - can't communicate between clients

Posted: Fri Sep 14, 2018 12:13 am
by dimitry
Nobody else has this problem? Vonger, you there?

Re: AP + STA mode - can't communicate between clients

Posted: Mon Sep 17, 2018 9:44 pm
by dimitry
Hi Vonger, Could you please provide further directions? I don't know what to do at this point. Thank you.

Re: AP + STA mode - can't communicate between clients

Posted: Tue Sep 18, 2018 9:20 am
by Vonger
I have no idea now, this should be simple...
If all you device can access VoCore2, the only problem block them communicate each other is firewall.
Try to change every REJECT to ACCEPT