Posted: Fri Nov 22, 2019 15:35 Post subject: unable to connect to wifi with asus RT-AC66U (almost) latest
Hello,
For several years I already have my asus RT-AC66U router and I had build 25974 on it. It was working good except for some issues with printing and router web ui updates.
Operation was very stable and internet was working perfect both cable and wifi 2.4 and 5.0 ghz
Recently I upgraded it to the latest build at that moment (41517).
At first everything seems to work great and the printing issue and web ui refresh problems are solved.
However after a day or two suddenly clients can't connect anymore to wifi. Clients that are still connected keep on working but it is not possible to connect new ones. Connection refused is a message I got when trying via smartphone. Both 2.4 and 5.0 ghz are affected. When I disconnect a connected client and try to connect again it doesn't want anymore.
Rebooting the router solves the problem and everything works again for a day or two and then the same story again. I notice that I have to disconnect it from power wait 30 seconds or so and then repower it. A software reboot is not always successful because then often it happens that it cannot find the drives connected via the usb port via the name of the router and even sometimes via the ip of the router (\\192.168.1.1). These are samba shares.
Anyone having an idea what the problem could be of not being able to connect to wifi after some time and how to solve it? Should I go back to a previous build and if so which one would be recommended?
And I did a complete clean install by doing a full reset and then configuring the router from scratch so there were no settings hanging from the previous build
Posted: Fri Nov 22, 2019 18:57 Post subject: Re: unable to connect to wifi with asus RT-AC66U
peno wrote:
Recently I upgraded it to the latest build at that moment (41517).
At first everything seems to work great and the printing issue and web ui refresh problems are solved.
However after a day or two suddenly clients can't connect anymore to wifi. Clients that are still connected keep on working but it is not possible to connect new ones. Connection refused is a message I got when trying via smartphone. Both 2.4 and 5.0 ghz are affected. When I disconnect a connected client and try to connect again it doesn't want anymore.
Rebooting the router solves the problem and everything works again for a day or two and then the same story again.
https://svn.dd-wrt.com/ticket/6723
This issue is discussed quite a bit in the 'new build' threads. Set key renewal in Wireless->Security to 0. _________________ #NAT/SFE/CTF: limited speed w/ DD#Repeater issues#DD-WRT info: FAQ, Builds, Types, Modes, Changes, Demo#
OPNsense x64 5050e ITX|DD: DIR-810L, 2*EA6900@1GHz, R6300v1, RT-N66U@663, WNDR4000@533, E1500@353,
WRT54G{Lv1.1,Sv6}@250|FreshTomato: F7D8302@532|OpenWRT: F9K1119v1, RT-ACRH13, R6220, WNDR3700v4
Which I emailed the webmins about fixing that page, since this router doesn't use the K2.4 builds
Anyhow, yes, the gtk and radio timer issue is still wreaking havoc, and BS doesn't seem to acknowledge it. But it is also affecting radio scheduling on other hardware, too, I suspect (Atheros), but we don't know shi*t about nothing. I'm at my wit's end with this nonsense. I only have two out of nearly 30 devices I am hands on with that even run this firmware anymore, and they are both here at my 'office'. I am debating on which firmware is going to wind up on this wrt3200acm I got yesterday in the mail after I de-brick it. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
@jwh7 Thanks for giving the tip to set key renewal in Wireless->Security to 0
I have done this and I will see what this gives.
Is there a disadvantage by setting this to 0 instead of keeping the default value of 3600? What will be the effect on wifi?
Ok I read about Key Renewal Interval on https://wiki.dd-wrt.com/wiki/index.php/Basic_Wireless_Settings and it has to with an internal key which is refreshed every that time. Fortunately that will not be a problem where I live.
So let's hope that my original problem is solved with this.
Thanks
Joined: 08 May 2018 Posts: 14246 Location: Texas, USA
Posted: Sat Nov 23, 2019 17:27 Post subject:
The only (security) issue with setting GTK to 0 is that people can now sniff your wi-fi without interruption a whole lot easier. This is why it was reported to be broken, so it would get fixed, but instead, it's been ignored, because someone doesn't think it's broken, and blames it on the Broadcom drivers. Nope, not the drivers. Other firmware's GTK wouldn't be working properly if it were the drivers. Just seems this firmware is only revolving around certain devices anymore, and none of them are what made this firmware. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
The only (security) issue with setting GTK to 0 is that people can now sniff your wi-fi without interruption a whole lot easier. This is why it was reported to be broken, so it would get fixed, but instead, it's been ignored, because someone doesn't think it's broken, and blames it on the Broadcom drivers. Nope, not the drivers. Other firmware's GTK wouldn't be working properly if it were the drivers. Just seems this firmware is only revolving around certain devices anymore, and none of them are what made this firmware.
But if you use AES encryption on your wifi then cracking it is almost impossible if I understand well (if your password is not something like "password") so I guess this is quite safe then.
Joined: 08 May 2018 Posts: 14246 Location: Texas, USA
Posted: Sat Nov 23, 2019 18:08 Post subject:
Even with the current WPA2 ciphers in this firmware, since the GTK is not being refreshed when set to 0, this means someone has all the time they want to crack your wi-fi password and other things. Which is why I can't understand why it's not been fixed so that the connectivity issues are no longer issues. BS made a comment about setting it to 0 not being secure on one of the tickets recently. Well, duh, fix it, silly. It's not 100% fixed. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net
Even with the current WPA2 ciphers in this firmware, since the GTK is not being refreshed when set to 0, this means someone has all the time they want to crack your wi-fi password and other things. Which is why I can't understand why it's not been fixed so that the connectivity issues are no longer issues. BS made a comment about setting it to 0 not being secure on one of the tickets recently. Well, duh, fix it, silly. It's not 100% fixed.
From wikipedia:
Breaking a symmetric 256-bit key by brute force requires 2128 times more computational power than a 128-bit key. Fifty supercomputers that could check a billion billion (1018) AES keys per second (if such a device could ever be made) would, in theory, require about 3×1051 years to exhaust the 256-bit key space.
If you read those, you will understand why GTK being set to 0 and being broken is a bad thing. Pretty much nullifies the KRACK fixes in this firmware.
Ok then I will shedule a daily reboot of my rooter to work around that. It does not solve everything but an hourly reboot is not workable. But first look if my problem is solved by setting it on zero. At this moment 23 hours update and no problem yet but need a couple of days before I can be sure of that