Mac Clone + Repeater mode = WPA2 AES breaks on Virtual SSID

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
JN
DD-WRT Guru


Joined: 29 Mar 2007
Posts: 771

PostPosted: Thu Jun 18, 2009 18:21    Post subject: Mac Clone + Repeater mode = WPA2 AES breaks on Virtual SSID Reply with quote
I discovered that if I turn on Mac Cloning and supply Mac Addresses in both fields, while I am in repeater mode with WPA2 AES encryption for both the physical and virtual SSIDs, that clients can no longer connect to the virtual SSID.

The moment I turn off Mac Cloning, keeping the WPA2 AES on both SSIDs, the problem goes away. And the problem does not impact the ability to use WPA2 AES on the physical interface - only the virtual is effected. Also, I can switch the virtual to WEP or no security and use Mac Cloning just fine.

I tested this issue to exist on both the highly recommended Eko 11296 build, as well as the more recent Eko 12220. The repeater was a WHR-HP-G54.

I am not sure if this has been noticed, because it requires the combination of Mac Cloning, Repeater mode, and use of WPA2 AES on the virtual SSID.
Sponsor
Murrkf
DD-WRT Guru


Joined: 22 Sep 2008
Posts: 12675

PostPosted: Thu Jun 18, 2009 18:50    Post subject: Reply with quote
Might want to file a ticket in trac.
_________________
SIG:
I'm trying to teach you to fish, not give you a fish. If you just want a fish, wait for a fisherman who hands them out. I'm more of a fishing instructor.
LOM: "If you show that you have not bothered to read the forum announcements or to follow the advices in them then the level of help available for you will drop substantially, also known as Murrkf's law.."
glorry
DD-WRT Novice


Joined: 06 May 2009
Posts: 18

PostPosted: Sun Aug 23, 2009 6:49    Post subject: repeater node&vssid with WPA/TKIP, failed for wireless Reply with quote
but Lan connection is ok.

i tried several firmware on WRH54G,it is same at all.

i am desired for sucessfull mac clone!!!

Eko, would u check it? thanks.
glorry
DD-WRT Novice


Joined: 06 May 2009
Posts: 18

PostPosted: Sun Aug 23, 2009 6:51    Post subject: Reply with quote
how to file a ticket in trac???
Murrkf
DD-WRT Guru


Joined: 22 Sep 2008
Posts: 12675

PostPosted: Sun Aug 23, 2009 14:20    Post subject: Reply with quote
This only effects routers in repeater mode, and mac cloning is not required because mac addresses do not transfer through the bridged router. You should try to solve your problem here. Start with reading the announcements at the top of this forum.
_________________
SIG:
I'm trying to teach you to fish, not give you a fish. If you just want a fish, wait for a fisherman who hands them out. I'm more of a fishing instructor.
LOM: "If you show that you have not bothered to read the forum announcements or to follow the advices in them then the level of help available for you will drop substantially, also known as Murrkf's law.."
glorry
DD-WRT Novice


Joined: 06 May 2009
Posts: 18

PostPosted: Mon Aug 24, 2009 5:33    Post subject: Reply with quote
Thanks Murrkf!
i'd like to use Repeater+Mac_clone cuz'd by i didn't want to others monitored my physical MAC by radio interface, if mac_clone works, i can shift it timely.

Today according your suggestion i changed the firmware to latest Eko's:
dd-wrt.v24-12548_WRH54G_micro-plus_ssh.bin

Problem still the same: Repeater+Mac_clone+virtual_ssid_wpa_tkip_or_aes==>virtual ssid can not distribute the DHCP.

i tried to use wpa2 tkip/aes, it is no longer be connected.

Primary router uses WEP mode, but i don't want to use wep and preffer to have WPA mode.

i have WRH54G and WRT54G, same problem existing.
GeeTek
DD-WRT Guru


Joined: 06 Jun 2006
Posts: 3763
Location: I'm the one on the plate.

PostPosted: Mon Aug 24, 2009 8:32    Post subject: Reply with quote
glorry wrote:
Thanks Murrkf!
i'd like to use Repeater+Mac_clone cuz'd by i didn't want to others monitored my physical MAC by radio interface, if mac_clone works, i can shift it timely.

It really sounds like you have been brewing your green tea a little bit too strong lately.

_________________
http://69.175.13.131:8015 Streaming Week-End Disco. Station Ripper V 1.1 will do.
Murrkf
DD-WRT Guru


Joined: 22 Sep 2008
Posts: 12675

PostPosted: Mon Aug 24, 2009 12:40    Post subject: Reply with quote
glorry wrote:
Primary router uses WEP mode, but i don't want to use wep and preffer to have WPA mode.


Can't... READ the peacock announcement! This has nothing to do with having mac cloning enabled. And, if the primary router can be accessed, your repeater might be available through it, and then your mac would be exposed in any event.

Change the encryption type on the primary router. If you can't do that, you likely shouldn't be using the connection.

You could always hexedit your CFE to a generic mac address, and then hexedit it back. Shocked Laughing

_________________
SIG:
I'm trying to teach you to fish, not give you a fish. If you just want a fish, wait for a fisherman who hands them out. I'm more of a fishing instructor.
LOM: "If you show that you have not bothered to read the forum announcements or to follow the advices in them then the level of help available for you will drop substantially, also known as Murrkf's law.."
glorry
DD-WRT Novice


Joined: 06 May 2009
Posts: 18

PostPosted: Thu Aug 27, 2009 8:42    Post subject: Reply with quote
You could always hexedit your CFE to a generic mac address, and then hexedit it back:

you mean that we can backup CFE then use a hex edit tool to find out the mac phrase, then change the mac which you wish, save to a new CFE file, white back to router?

for Repeater, i know the tips but i still wish to use wpa mode even host router has the wep or open wireless.

Is it hard to use a mac clone while we have the repeater mode?

Thank you Murrkf!!!
ShakaZ
DD-WRT Novice


Joined: 18 Mar 2010
Posts: 3

PostPosted: Thu Mar 18, 2010 23:33    Post subject: Same Same But Different Reply with quote
I have almost the same setup as glorry and can confirm it's the mac address clone that's messing with the ability to use WPA2 on the repeater.

When I'm in my homeland I connect to my parent's router through repeater mode. Both routers are Linksys WRT54GL. Before i used a WDS Linked Router setup to achieve the same goal; but they didn't like the WPA2 security as they find it way too difficult to setup.

So the current setup is: their router, host AP, open for all. My router in Repeater Mode and WPA2 security.
I tend to use Mac Address Clone feature to change the wifi mac of any router i install. Why? Just to make identification of the router's brand more difficult in case of an attack.

And indeed as soon as Mac Clone is used wifi clients can't connect if WPA2 is used as encryption.

I can't figure an explanation to why DD-WRT has this issue, looks like a bug to me. Any chance a new version would solve this?
glorry
DD-WRT Novice


Joined: 06 May 2009
Posts: 18

PostPosted: Mon Mar 22, 2010 11:44    Post subject: hi ShakaZ Reply with quote
now i found the solution of virtual ssid with wpa:
1.use latest rom of ddwrt.
2.mac of Lan and Wan must be same!

lucky to you.
mac1929
DD-WRT Novice


Joined: 03 Nov 2011
Posts: 2

PostPosted: Thu Nov 03, 2011 17:55    Post subject: Reply with quote
Hi I have just found the same issue.

I am using the latest build.

Steps to reproduce.
- set factory defaults
- disable firewall
- go to site survey and select an AP
- go to wireless and set mode = repeater
- add a vitual ap
- setup wireless security for the remote ap
- setup wap security to virtual ap
- go to clone mac and change WAN mac
- save & apply changes

With this config no user can connect to the router. If the virtual ap is set with no security everythink works fine.
mac1929
DD-WRT Novice


Joined: 03 Nov 2011
Posts: 2

PostPosted: Thu Nov 03, 2011 18:00    Post subject: Reply with quote
BTW issue filled

http://www.dd-wrt.com/dd-wrtv2/bugtracker/view.php?id=4187
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum