Cannot connect to guest network on ASUS RT-AC68U

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Goto page 1, 2  Next
Author Message
drakeca
DD-WRT Novice


Joined: 21 Mar 2017
Posts: 8

PostPosted: Fri Mar 24, 2017 19:55    Post subject: Cannot connect to guest network on ASUS RT-AC68U Reply with quote
I have a new router which I am trying to configure as a WiFi connection for a small branch to use.

For other sites, I previously loaded DD-WRT and used instructions from another site to isolate the guest network by manually entering firewall rules and DNSMasq commands. The new ASUS router has updated firmware which won't allow be to load the DD-WRT build I was running previously (from early 2016). I therefore had to download the latest build I could find (v3.0-r31690) and install it on the router. I have followed instructions from here (http://tips.desipro.de/2013/12/06/guest-wifi-setup-dd-wrt/) to try and isolate the guest traffic but it won't let me connect.

I can connect to the main WiFi network fine. If I type an incorrect password for the GUEST network, Windows tells me this. If I type in the correct GUEST password I am authenticated, but Windows sits for about 10 seconds and a windows pops up stating "Windows was unable to connect to GUEST".

I have double checked the pages from the link above (setting up and isolating GUEST network) but it doesn't seem to want to work and I am not assigned an IP address on the GUEST network (192.168.10.x).

Any suggestions??
Sponsor
drakeca
DD-WRT Novice


Joined: 21 Mar 2017
Posts: 8

PostPosted: Fri Mar 24, 2017 20:27    Post subject: Reply with quote
OK...I rebooted the router and can now get an IP assigned from the GUEST network...now my next battle.

I am connecting the ASUS into an existing network (with its own router). I have configured the ASUS with a static IP on the existing network and I have disabled DHCP on the ASUS. On the main network I can connect and am assigned an IP from the branch router. I can then access the Internet. On the GUEST network I am assigned an IP of 192.168.10.X with a gateway of 192.168.10.1. When on the GUEST network I cannot access the Internet, and cannot ping the gateway address.

How do I ensure GUEST traffic is able to see the 192.168.10.1 gateway address and be routed out to the Internet?
drakeca
DD-WRT Novice


Joined: 21 Mar 2017
Posts: 8

PostPosted: Wed Mar 29, 2017 19:03    Post subject: Reply with quote
Unfortunately I am still encountering issues with this. I have tried multiple firmware revisions from Brainslayer and KONG. Currently running v3.0-r31690.

I have an existing telco supplied router which has address 10.73.6.1. It is set as DHCP on our network and I want to use the ASUS router as a WAP.

I followed instructions from mrjcd listed on this post: (http://www.dd-wrt.com/phpBB2/viewtopic.php?p=1047143#1047143) and everything is configured exactly the way he has it listed, other than using port "wl0.1"

When I use the LAN port on the ASUS I am assigned an address on the 10.73.6.X subnet and I can access the Internet. Likewise, when I connect to the office WiFi network I am also assigned a 10.73.6.X address and can access the Internet.

When I connect to my Guest WiFi I am assigned a 192.168.10.X address but I cannot access the Internet, nor can I ping the router (192.168.10.1). The assigned gateway and DNS server are both 192.168.10.1, but I cannot connect to them.

Can anyone shed some light on this? I have so far spent several hours trying different builds and fixes but nothing has been able to get this working.
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Wed Mar 29, 2017 20:21    Post subject: Reply with quote
what does this mean other than using port "wl0.1"

I'm not sure how your Asus router list its wireless interfaces
or the VAPs.
Did you change firewall rule to match the VAP interface exactly?
drakeca
DD-WRT Novice


Joined: 21 Mar 2017
Posts: 8

PostPosted: Wed Mar 29, 2017 20:35    Post subject: Reply with quote
I followed the instructions in your other post, thanks for those. As my router is ASUS the virtual adapter created is "wl0.1" instead of "ath0.1" that is listed in your post. I substituted one value for the other in my configs.
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Wed Mar 29, 2017 20:46    Post subject: Reply with quote
ok .. yea the bottom part of my post
http://www.dd-wrt.com/phpBB2/viewtopic.php?p=1047143#1047143
is done on a broadcom uint

I don't have the ASUS RT-AC68U so can't tell you much more.
I would think it should work if properly setup as a WAP using long version described here -
http://www.dd-wrt.com/wiki/index.php/Wireless_Access_Point#Long_Version
drakeca
DD-WRT Novice


Joined: 21 Mar 2017
Posts: 8

PostPosted: Wed Apr 05, 2017 17:03    Post subject: Reply with quote
Not sure why this won't work for me. I tried following the "Long Version" config and then implementing your settings from this link (http://www.dd-wrt.com/phpBB2/viewtopic.php?p=1047143#1047143) but I still cannot access the Internet from the Guest WiFi. I have tried the latest builds from both Kong and Brainslayer, same results.

I am assigned an address on the 192.168.10.X subnet (with 192.168.10.1 being the gateway) but I cannot PING 192.168.10.1 nor access the Internet. I have toggled the "Routing" option under Administration - Management on and off, but that setting doesn't seem to make a difference.

If I connect to the main WiFi network I have full Internet access and can PING the router.

I have tried this on both a laptop and a smartphone, but neither can access the Internet via the Guest network.

I am really stumped as to why the router does not seem to forward traffic. Does anyone have suggestions on this?
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Wed Apr 05, 2017 17:18    Post subject: Reply with quote
I don't have the ASUS RT-AC68U so can't say for sure.
Some routers seem to have a problem with this.
You can telnet or ssh in and get:
cat /tmp/dnsmasq.conf
also get:
cat /tmp/.ipt

we can see what the conf is saying -- 'bout all I konw
drakeca
DD-WRT Novice


Joined: 21 Mar 2017
Posts: 8

PostPosted: Wed Apr 05, 2017 18:00    Post subject: Reply with quote
The weird thing is earlier versions of this router which I purchased I was able to load an earlier build of the firmware and it works perfectly. It's just these newer models which I can't load the older firmware on that don't work.

In any event, here is output from the router:

root@EDM-Router:/tmp# cat dnsmasq.conf
interface=br0
resolv-file=/tmp/resolv.dnsmasq
interface=wl0.1
dhcp-option=wl0.1,3,192.168.10.1
dhcp-range=wl0.1,192.168.10.100,192.168.10.150,255.255.255.0,24h

root@EDM-Router:/tmp# cat .ipt
*mangle
:PREROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
COMMIT
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:logaccept - [0:0]
:logdrop - [0:0]
:logreject - [0:0]
:trigger_out - [0:0]
:lan2wan - [0:0]
:grp_1 - [0:0]
:advgrp_1 - [0:0]
:grp_2 - [0:0]
:advgrp_2 - [0:0]
:grp_3 - [0:0]
:advgrp_3 - [0:0]
:grp_4 - [0:0]
:advgrp_4 - [0:0]
:grp_5 - [0:0]
:advgrp_5 - [0:0]
:grp_6 - [0:0]
:advgrp_6 - [0:0]
:grp_7 - [0:0]
:advgrp_7 - [0:0]
:grp_8 - [0:0]
:advgrp_8 - [0:0]
:grp_9 - [0:0]
:advgrp_9 - [0:0]
:grp_10 - [0:0]
:advgrp_10 - [0:0]
-A INPUT -i wl0.1 -p udp --dport 67 -j ACCEPT
-A INPUT -i wl0.1 -p udp --dport 53 -j ACCEPT
-A INPUT -i wl0.1 -p tcp --dport 53 -j ACCEPT
-A INPUT -i wl0.1 -m state --state NEW -j DROP
-A INPUT -i wl0.1 -j ACCEPT
-A logaccept -j ACCEPT
-A logdrop -j DROP
-A logreject -p tcp -j REJECT --reject-with tcp-reset
COMMIT
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Wed Apr 05, 2017 18:13    Post subject: Reply with quote
looks like it should work -- but these things are picky ..
I see you are not running a local DNS domain

try on main setup of the WAP put in local DNS IP ... should be same as gateway ...pointing to main router

in Services page (DHCP Server) section (Used Domain) select LAN & WAN ... don't know that will make any difference but might as well do it... no need to put in LAN Domain name unless you set one on main router ... bout all it does on the WAP is show up on its status page if you do.

reboot it and see what happens

EDIT:
seems there was a TP-Link router in the atheros forum that could never get the guest to work on 5GHz .... I know this should not have bearing on yours ... just sayin ... routers differ
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Wed Apr 05, 2017 18:32    Post subject: Reply with quote
" I cannot PING 192.168.10.1 "
yea well you won't be able to do that if 'Net isolation is on and you are connected to its same subnet ---
all communication is blocked to the router from guest network this way.

But you should be able to get to any WAN address.
Can you get a WAN site using IP when connected to the guests network --
try http://83.141.4.210/ see if that will
take you to the circus -
drakeca
DD-WRT Novice


Joined: 21 Mar 2017
Posts: 8

PostPosted: Wed Apr 05, 2017 18:58    Post subject: Reply with quote
Hmmm...this is interesting. The entry for DNS server was already listed on the main page, not sure why it doesn't show up in telnet. When I check the IP address assigned via GUEST to my WiFi I get 192.168.10.1 as both the DNS and gateway servers.

I cannot access Internet using DNS but the static IP you gave me for the DD-WRT site does allow me to access the page. It therefore seems to be routing traffic to the Internet but cannot resolve the domain names. I assume there is a command to assign DNS via DNSmasq command? Can I assign Google DNS servers using this to my GUEST client?
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Wed Apr 05, 2017 19:13    Post subject: Reply with quote
Yea it will show DNS for devices as the router's IP -- guest or main...whaterver you are connected to

add bottom in DNSMasq Options
dhcp-option=wl0.1,6,[DNS IP 1],[DNS IP 2]

[DNS IP 2] = whatever DNS you want to use

Should work without it -- won't work anyways if main router is set to Forced DNS redirection.
Do you have DNS set on main router or you just using what ISP gives????
You might check main router WAN status see what ISP is giving and go ahead and put them in
on 'main router' setup page in
Network Address Server Settings (DHCP)

I've got to waddle off --- I think you got it by the short hairs now.
If need more info ask them in the Advanded Networking forum -- just point to this thread and they will fix you up.

good luck -

EDIT:
You can of course use any public DNS you want.
just Google 'public DNS' for some.
wabe
DD-WRT Guru


Joined: 17 Jun 2006
Posts: 889

PostPosted: Wed Apr 05, 2017 19:47    Post subject: Reply with quote
Kong has a well written description on how to setup a guest network on his site (desipro.de). Follow those instructions and it will work!
_________________
Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
mrjcd
DD-WRT Guru


Joined: 31 Jan 2015
Posts: 6268
Location: Texas

PostPosted: Wed Apr 05, 2017 20:14    Post subject: Reply with quote
wabe wrote:
Kong has a well written description on how to setup a guest network on his site (desipro.de). Follow those instructions and it will work!

Kong's site doesn't address setting up a guest network on a WAP .... tiant the same as on regular gateway device.
Goto page 1, 2  Next Display posts from previous:    Page 1 of 2
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum