AP + STA mode - can't communicate between clients

dimitry
 
Posts: 16
Joined: Thu Sep 07, 2017 7:57 pm

AP + STA mode - can't communicate between clients

Mon Sep 10, 2018 2:14 pm

VoCore 2 is running in AP + STA mode. Connect to it with 2 clients. Both get DHCP addresses. Both can access internet. Tried SSH'ing from one client to the other - no connection. Tried pinging - no cigar. What to do?

Vonger
 
Posts: 896
Joined: Sun Oct 19, 2014 6:00 am

Re: AP + STA mode - can't communicate between clients

Wed Sep 12, 2018 2:14 pm

check firewall, allow forward mode :)

dimitry
 
Posts: 16
Joined: Thu Sep 07, 2017 7:57 pm

Re: AP + STA mode - can't communicate between clients

Wed Sep 12, 2018 3:06 pm

How can I tell if it's enabled? Here is my firewall config:
Code: Select all
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].network='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].network='wan' 'wan6' 'wwan'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[1].input='ACCEPT'
firewall.@zone[1].forward='ACCEPT'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fe80::/10'
firewall.@rule[3].src_port='547'
firewall.@rule[3].dest_ip='fe80::/10'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@rule[7]=rule
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'

dimitry
 
Posts: 16
Joined: Thu Sep 07, 2017 7:57 pm

Re: AP + STA mode - can't communicate between clients

Wed Sep 12, 2018 3:22 pm

My wireless configuration is:
Code: Select all
wireless.ap.device='radio0'
wireless.ap.mode='ap'
wireless.ap.network='lan'
wireless.ap.ifname='ra0'
wireless.ap.ssid='internal'
wireless.ap.key='password'
wireless.ap.encryption='psk'


Both clients connect to VoCore on the same 'internal' wifi. Both get DHCP in the same range 192.168.61.X. So, they should both be in the same 'lan' zone. No forwarding should be necessary if I understand it correctly.

dimitry
 
Posts: 16
Joined: Thu Sep 07, 2017 7:57 pm

Re: AP + STA mode - can't communicate between clients

Wed Sep 12, 2018 7:42 pm

Updated to firmware 20180723V.bin and it's still not working

dimitry
 
Posts: 16
Joined: Thu Sep 07, 2017 7:57 pm

Re: AP + STA mode - can't communicate between clients

Wed Sep 12, 2018 8:00 pm

Tried adding forwarding to the firewall:

lan -> lan
wan -> lan

(lan -> wan is already enabled)

Hairpinning is also enabled:
Code: Select all
root@OpenWrt:~# cat /sys/devices/virtual/net/br-lan/lower_ra0/brport/hairpin_mode
1
root@OpenWrt:~# cat /sys/devices/virtual/net/br-lan/lower_ra0/brport/multicast_to_unicast
1

dimitry
 
Posts: 16
Joined: Thu Sep 07, 2017 7:57 pm

Re: AP + STA mode - can't communicate between clients

Fri Sep 14, 2018 12:13 am

Nobody else has this problem? Vonger, you there?

dimitry
 
Posts: 16
Joined: Thu Sep 07, 2017 7:57 pm

Re: AP + STA mode - can't communicate between clients

Mon Sep 17, 2018 9:44 pm

Hi Vonger, Could you please provide further directions? I don't know what to do at this point. Thank you.

Vonger
 
Posts: 896
Joined: Sun Oct 19, 2014 6:00 am

Re: AP + STA mode - can't communicate between clients

Tue Sep 18, 2018 9:20 am

I have no idea now, this should be simple...
If all you device can access VoCore2, the only problem block them communicate each other is firewall.
Try to change every REJECT to ACCEPT

Return to VoCore2/Lite/Ultimate

Who is online

Users browsing this forum: Google [Bot] and 39 guests