GREEN DHCP server is assigning IP addresses to WI-FI devices

My GREEN DHCP server is assigning IP addresses to my WI-FI devices, which then show up in the current dynamic leases section on the DHCP configuration page. The devices do not have to enter the WI-FI pass phase and can access the internet. So essentially, my GREEN network is currently wide open to all WI-FI devices.

I’ve setup RED, GREEN and BLUE and would like all WI-FI devices to connect only to BLUE and only after entering in the correct pass phase (i.e. The way it is supposed to work).

I originally thought that this issue might have occurred when I originally assigned one of my Gigabit Network adapters to Blue (as a placeholder) since my WI-FI card was not showing up (it was in the wrong slot). However, I since went back and assigned the WI-FI card to BLUE which now correctly shows up on the Main page and in the Zone configuration area.

This is a new install (v2.23 CU 138) on a pcengines’ apu4d4 with a wle900vx WI-FI card and Kingston 240GB mSATA.

I have not created any firewall rules which would open up GREEN. There are no errors in the console when booting up.

NICs are assigned in the network configuration area as follows:
RED (IP: 192.168.15.15) eth0
GREEN (IP: 192.168.10.1/24) eth1
BLUE (192.168.20.1/24) … wlan0 & wlan1
Both wlans have the same MAC address and I’m assuming this is for 2.4 and 5.0 bands (although in WLan I have HW Mode set to 802.11ac.)

IPFire is running well except for three outstanding issues:

  1. My internet speed thru my WLE900VX card is clocking in around 220 Mbps. While this shows that my ac network is working, it is a far cry from the +600Mbps I see when not using the WLE900VX.

  2. I cannot enable DHCP on BLUE. When I try to enable it, I receive an error message “DHCP on BLUE: Invalid start address”. This message is obviously pointing to some other issue because my start address is correct (192.168.20.11).
    Note: DHCP on the Green interface is enabled and as I noted above, is actively handing out IP addresses and access to any WI-FI device that asks for it.

  3. I cannot connect to the BLUE network even when it appears in a device’s WI-FI setting.

I tried, numerous steps to resolve this matter, including:

  1. uninstalling hostapd, rebooting IPFire and reinstalling hostapd via Pakfire
    As an FYI, my hostapd is currently:
driver=nl80211
interface=blue0
bssid=[my card's mac address]
country_code=CA
ieee80211d=1
ieee80211h=1
channel=44
hw_mode=a
ieee80211ac=1
ieee80211n=1
wmm_enabled=1
ht_capab=[HT40-][LDPC][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]]
[SMPS-STATIC]
vht_capab=
logger_syslog=-1
logger_syslog_level=0
logger_stdout=-1
logger_stdout_level=0
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
ssid=TheWI-FI
vht_oper_chwidth=1
logger_syslog=-1
logger_syslog_level=0
logger_stdout=-1
logger_stdout_level=4
auth_algs=1
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0
  1. In the console, unbinding BLUE and rebinding it to my WI-FI card.

  2. Trying to join BLUE network
    Under BLUE Access I’ve enabled devices with their MAC addresses and a static i.e. 192.168.20.21 (since BLUE’s DHCP Server cannot be enabled)
    When the BLUE ssid shows up on my iPad, I choose it and wait. But the IP address is not assigned by BLUE and the iPad defaults to the 169.254.xx.xxx private range and refuses to connect.

I’ve run out of ideas on how to resolve this. Any ideas why this happened and more importantly how I can fix it?

Thanks,
Richard

Strange. I also have this card in an APU2 but this is detected only as one wlan device. (This card not support 2.4 and 5 Ghz at the same time.) Looks like there is a wrong entry somewhere in the config. check /var/ipfire/ethernet/settings maybee you old card is still here.

Have you cannected 3 Antennas ob both sides of the connection. If you have only 2 220 Mbps is a good speed. (A 54 Mbit adverted “G” wlan also get only 20Mbps in reality.)

Thanks for the reply. I have reinstalled IPFire. That seems to have resolved the GREEN DHCP server to WI-FI device issue. I can also now enable DHCP on BLUE.

After reinstalling IPFire, I still see wlan0 and wlan1. They both are showing as Native. Everything in the config file appears correct:

CONFIG_TYPE=3
GREEN_DEV=green0
GREEN_MACADDR=[Green’s NIC’s MAC]
GREEN_DESCRIPTION=‘“pci: Intel Corporation I211 Gigabit Network Connection (rev
03)”’
GREEN_DRIVER=igb
RED_DEV=red0
RED_MACADDR=[Red’s NIC’s MAC]
RED_DESCRIPTION=‘“pci: Intel Corporation I211 Gigabit Network Connection (rev 033
)”’
RED_DRIVER=igb
BLUE_DEV=blue0
BLUE_MACADDR=[Blue’s Wireless MAC address]
BLUE_DESCRIPTION=‘“pci: Qualcomm Atheros QCA986x/988x 802.11ac Wireless Network
Adapter”’
BLUE_DRIVER=ath10k_pci
GREEN_ADDRESS=192.168.10.1
GREEN_NETMASK=255.255.255.0
GREEN_NETADDRESS=192.168.10.0
GREEN_BROADCAST=192.168.10.255
BLUE_ADDRESS=192.168.20.1
BLUE_NETMASK=255.255.255.0
BLUE_NETADDRESS=192.168.20.0

I have 3 antennas connected. Perhaps one of the antennas is not working or maybe my hostapd file is not optimized. Would it be possible for you to share your hostapd file for the WLE900VX card?

Speaking of the hostapd file, I notice that on the startup I see:
Starting ACPI daemon … [ OK ]
Starting hostapd …
Try to create additional AP device … [ OK ]

So the hostapd line does not return [ OK ], but doesn’t throw any error.
Also, when I shutdown or reboot IPFire, I receive a message that the hostapd is not running. However, I can access WLanAP and make changes. Is this normal?

Have you checked the syslog while try to start the hostapd.

This message is not normal for ATH10K cards. It’s only for an older card that has manually to put in Master mode.

Is there a firmware error or other message in /var/log/message?

Yes, there are errors, does any of the following help identify the issue?

Dec 12 17:50:52 ipfire kernel: ath10k_pci 0000:05:00.0: pci irq msi oper_irq_mode 2 irq_mode 0 reset_mode 0
Dec 12 17:50:52 ipfire kernel: ath10k_pci 0000:05:00.0: Direct firmware load for ath10k/pre-cal-pci-0000:05:00.0.bin failed with error -2
Dec 12 17:50:52 ipfire kernel: ath10k_pci 0000:05:00.0: Direct firmware load for ath10k/cal-pci-0000:05:00.0.bin failed with error -2
Dec 12 17:50:52 ipfire kernel: ath10k_pci 0000:05:00.0: Direct firmware load for ath10k/QCA988X/hw2.0/firmware-6.bin failed with error -2
Dec 12 17:50:52 ipfire kernel: ath10k_pci 0000:05:00.0: qca988x hw2.0 target 0x4100016c chip_id 0x043202ff sub 0000:0000
Dec 12 17:50:52 ipfire kernel: ath10k_pci 0000:05:00.0: kconfig debug 1 debugfs 0 tracing 0 dfs 1 testmode 1
Dec 12 17:50:52 ipfire kernel: ath10k_pci 0000:05:00.0: firmware ver 10.2.4-1.0-00037 api 5 features no-p2p,raw-mode,mfp,allows-mesh-bcast crc32
Dec 12 17:50:52 ipfire kernel: ath10k_pci 0000:05:00.0: Direct firmware load for ath10k/QCA988X/hw2.0/board-2.bin failed with error -2
Dec 12 17:50:52 ipfire kernel: ath10k_pci 0000:05:00.0: board_file api 1 bmi_id N/A crc32 bebc7c08

Dec 12 17:50:52 ipfire kernel: ath10k_pci 0000:05:00.0: htt-ver 2.1 wmi-op 5 htt-op 2 cal otp max-sta 128 raw 0 hwcrypto 1
Dec 12 17:50:52 ipfire kernel: EXT4-fs (sda4): re-mounted. Opts: (null)
Dec 12 17:50:52 ipfire kernel: ath10k_pci 0000:05:00.0 blue0: renamed from wlan0

Dec 12 17:50:53 ipfire kernel: ath10k_pci 0000:05:00.0: DFS region 0x0 not supported, will trigger radar for every pulse
Dec 12 17:51:01 ipfire kernel: igb 0000:01:00.0 red0: igb: red0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX

Not sure if it will help, but here is some additional details…

[root@ipfire ~]# sudo ethtool -i blue0
driver: ath10k_pci
version: 4.14.154-ipfire
firmware-version: 10.2.4-1.0-00037
bus-info: 0000:05:00.0
supports-statistics: yes
supports-test: no
supports-eeprom-access: no
supports-register-dump: no
supports-priv-flags: no

Hi @arne_f , do you have any suggestions what I need to do with respect to the above error messages?

Have you already tried with core139. In this core we ship a new linux-firmware archive.

I have not tried core 139, ty for the suggestion.

Would it be possible for you to share your hostapd file for the WLE900VX card?

@arne_f Although I’ve updated to core 139 I’m still seeing error messages in /var/log/messages. What is error -2? Is this a return code with 2 meaning permission was denied? Any other suggestions?

[root@ipfire ~]# grep --text ath10k_pci /var/log/messages
Dec 18 17:55:39 ipfire kernel: ath10k_pci 0000:05:00.0: pci irq msi oper_irq_mode 2 irq_mode 0 reset_mode 0
Dec 18 17:55:39 ipfire kernel: ath10k_pci 0000:05:00.0: Direct firmware load for ath10k/pre-cal-pci-0000:05:00.0.bin failed with error -2
Dec 18 17:55:39 ipfire kernel: ath10k_pci 0000:05:00.0: Direct firmware load for ath10k/cal-pci-0000:05:00.0.bin failed with error -2
Dec 18 17:55:39 ipfire kernel: ath10k_pci 0000:05:00.0: Direct firmware load for ath10k/QCA988X/hw2.0/firmware-6.bin failed with error -2
Dec 18 17:55:39 ipfire kernel: ath10k_pci 0000:05:00.0: qca988x hw2.0 target 0x4100016c chip_id 0x043202ff sub 0000:0000
Dec 18 17:55:39 ipfire kernel: ath10k_pci 0000:05:00.0: kconfig debug 1 debugfs 0 tracing 0 dfs 1 testmode 1
Dec 18 17:55:39 ipfire kernel: ath10k_pci 0000:05:00.0: firmware ver 10.2.4-1.0-00045 api 5 features no-p2p,raw-mode,mfp,allows-mesh-bcast crc32 ccbd5104
Dec 18 17:55:39 ipfire kernel: ath10k_pci 0000:05:00.0: Direct firmware load for ath10k/QCA988X/hw2.0/board-2.bin failed with error -2
Dec 18 17:55:39 ipfire kernel: ath10k_pci 0000:05:00.0: board_file api 1 bmi_id N/A crc32 bebc7c08
Dec 18 17:55:39 ipfire kernel: ath10k_pci 0000:05:00.0: htt-ver 2.1 wmi-op 5 htt-op 2 cal otp max-sta 128 raw 0 hwcrypto 1
Dec 18 17:55:39 ipfire kernel: ath10k_pci 0000:05:00.0 blue0: renamed from wlan0
Dec 18 17:55:40 ipfire kernel: ath10k_pci 0000:05:00.0: DFS region 0x0 not supported, will trigger radar for every pulse
[root@ipfire ~]#

error=-2 means “File not found” but it is normal for some files. The kernel first try to load a custom calibration firmware and after that a firmware with api 6 and if this fails it try api 5.

The last line in the log is suspicious. Have you configured the correct region in the WUI? Region 0x0 is not working for DFS at all.

I think I have. I normally use CA, but I’ve also tried using US in the Country Code and with different channels. However, I receive the same region 0x0 not supported message. Please see the enclosed screenshot below (Passphrase removed for the purposes of the screenshot).

Could it be an issue with my HT / VHT Caps? I assuming that they are not correct as I have nothing in VHT and I’m using the HT Caps string from WLE600VX. I’ve asked here https://community.ipfire.org/t/hostapd-file-for-wle900vx/685 for help.

Hi,

I also have the same errors in the log Summary therefore I am interested in any feedback about those.
Hardware - PCEngines APU2D4

Kernel and Firewall:
WARNING: Kernel Errors Present
ath10k_pci 0000:04:00.0: Direct firmware load for ath10k/QCA988X/hw2.0/board-2.bin failed with error -2 …: 1 Time(s)
ath10k_pci 0000:04:00.0: Direct firmware load for ath10k/QCA988X/hw2.0/firmware-6.bin failed with error -2 …: 1 Time(s)
ath10k_pci 0000:04:00.0: Direct firmware load for ath10k/cal-pci-0000:04:00.0.bin failed with error -2 …: 1 Time(s)
ath10k_pci 0000:04:00.0: Direct firmware load for ath10k/pre-cal-pci-0000:04:00.0.bin failed with error -2 …: 1 Time(s)

Thanks!
H&M