1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Client-Brigde / WDS works great w/o security but not with it

Discussion in 'DD-WRT Firmware' started by beachman, Feb 13, 2006.

  1. beachman

    beachman Network Guru Member

    Hello all,

    I’ve been working with this for three days. I’ve searched the forums, the Wiki, and followed all suggestions but I cannot get WDS or Client-Bridge to work with any form of security.

    I have two Linksys WRT54G v4.0.
    I installed dd-wrt.v23_generic.bin (tried both 12/25/05 release and SP1) on both my routers.

    Here is my configuration:

    [internet] --- [FIREWALL (WRT54G)] ))))))

    (((((((( [AP (WRT54G)] --- [PC]


    I can setup both WDS and Client-Bridge (without any wireless security) and I can access everything. Router 1 (Firewall), Router 2 (AP), and internet.

    I can ping large packets (32000) everywhere and everything is perfect. DSL Reports is awesome. A perfect world… except no wireless security. For all my testing, I am using a WIRED PC.

    As soon as I enable wireless security, everything goes to downhill. I can ping whichever router I am plugged into (with all packet sizes) but LARGE pings to the other router does not work. Ping sizes of 1 bytes typically always goes through. Ping sizes of 32 suffers 25% loss. Ping sizes of 500 or more never make it: 100% packet loss.

    I know I have everything setup correctly because I can ping the other router with very very small packet sizes. But I cannot browse the web at all. I can’t access the firmware configuration of the other router (because of the massive packet loss).

    I tried WEP (64/128) WPA, WPA2.
    I’ve “reloaded defaults†of the firmware multiple files.
    I’ve reloaded the DD-WRT firmware.
    I followed all flashing directions.
    I’m stumped.
    It only works when I disable security.

    Can anyone suggest something to try? I’m really stumped. I’m thinking of trying OpenWRT or some other firmware but I don’t know what is best. Any suggestions are welcome.

    Thanks
     
  2. 4EverGreen

    4EverGreen Network Guru Member

    I have 3 WRT54GS v4 with DD-WRT v23 SP1 (01/27/2006), working in WDS mode with WPA PSK-TKIP for some time now ...

    The only thing that never worked for me was trying to setup WPA with different SSIDs ... in this case it only works with WEP.

    See here. :thumb:
     
  3. bytes2000

    bytes2000 Network Guru Member

    I have a WDS (LAN type not p2p) network with external antennas
    both of the routers have the same SSID, channel, WPA-PSK, beacon 50, fragm 2304, treshhold 2304, firewall just on the gateway.


    PING 192.168.1.2 (192.168.1.2): 56 data bytes
    64 bytes from 192.168.1.2: icmp_seq=0 ttl=64 time=5.5 ms
    64 bytes from 192.168.1.2: icmp_seq=1 ttl=64 time=2.8 ms
    64 bytes from 192.168.1.2: icmp_seq=2 ttl=64 time=4.2 ms
    64 bytes from 192.168.1.2: icmp_seq=3 ttl=64 time=3.2 ms
    64 bytes from 192.168.1.2: icmp_seq=5 ttl=64 time=2.6 ms
    64 bytes from 192.168.1.2: icmp_seq=7 ttl=64 time=5.2 ms

    --- 192.168.1.2 ping statistics ---
    8 packets transmitted, 6 packets received, 25% packet loss
    round-trip min/avg/max = 2.6/3.9/5.5 ms

    -------------------------------------------------------------------------
    MAC Signal Noise SNR
    WDS Signal (nodex): xx:xx:xx:xx:xx:xx -63 -100 37
    -------------------------------------------------------------------------

    Link is stable with some packet lost but its fast enough...
     
  4. __spc__

    __spc__ Network Guru Member

    Same as bytes2000.

    I have two WRT54G in WDS, working successfully.

    You have same SSID and same channel?

    You have MAC filtering? If so, it's setup correctly?

    Enable WPA-PSK - use a very simple passphrase, e.g. 'pass'. This SHOULD work...
     
  5. beachman

    beachman Network Guru Member

    Thank you all for your suggestions. I tried them all and none of them seemed to work. But I did figure out what the problem is: One of the routers is bad. When encryption is enabled, it bombs miserably. Without encryption, WDS & client-bridge work great.

    I'm going to return it to CompUSA for another one. I only hope that they'll give me a V4 for it. I might have to hunt around again. I doubt that they'll care about the firmware difference.

    Can anyone suggest I try anything before I return the router? I'd like to try and fix (if possible) this V4 before I return it.

    Here is my testing log for those who are interested.

    ================================================

    WRT54G v4.0 Installation Log

    1. Flashed both routers with: dd-wrt.v23_mini_wrt54g.bin (SP1 2006-02-14)
    2. Restored Factory Defaults (on both routers)
    3. Flashed both routers with: dd-wrt.v23_generic.bin (SP1 2006-02-14)
    4. Power cycled both routers (unplug power for two seconds and then plugged it back in)
    5. Restored Factory Defaults (on both routers)
    6. Hard Reset (hold reset button for 30 seconds)
    7. Power cycled both routers
    8. Change router #1 to be named FIREWALL with IP 192.168.1.1
    a. Internet is plugged into this router
    9. Change router #2 to be named AP with IP 192.168.1.2
    a. Gateway IP of 192.168.1.1
    b. Local DNS IP of 192.168.1.1
    c. Disabled DHCP Server

    Now following directions from the following wiki page:
    http://wrt-wiki.bsr-clan.de/index.php?title=WDS_Linked_router_network

    10. Disabled Firewall Protection on both routers
    11. Entered the opposite routers MAC address into the WDS (LAN) settings.
    a. At this point, I can ping “size 1000†to both routers (plugged into either router)
    b. I can also access the internet
    12. Unchecked “Block Anonymous Internet Requests†on the AP Router.
    13. Confirmed that WDS Watchdog was unchecked on both routers.

    Everything works find with no security enabled. I can plug my LAN cable into either router and access the internet just fine.

    Here is my testing:

    Small = 1 byte ping
    Normal = 50 byte ping
    Large = 1000 byte ping

    ** Plugged into FIREWALL **
    Small Ping to FIREWALL: 1ms
    Large Ping to FIREWALL: 1ms
    Small Ping to AP: 2ms
    Large Ping to AP: 2ms
    Normal Ping to INTERNET: 1ms
    No packet loss anywhere.

    ** Plugged into AP **
    Small Ping to FIREWALL: 2ms
    Large Ping to FIREWALL: 2ms
    Small Ping to AP: 1ms
    Large Ping to AP: 1ms
    Normal Ping to INTERNET: 2ms
    No packet loss anywhere.


    **************************
    Adding WPA Security
    **************************

    14. Changed FIREWALL Security Mode to WPA Pre-Shared Key using TKIP.
    15. Changed AP Security Mode to WPA Pre-Shared Key using TKIP.

    Network connectivity is horrible.

    ** Plugged into AP **
    Small Ping to FIREWALL: 1-3ms (3 / 4 requests make it)
    Large Ping to FIREWALL: Request timed out. (1 / 15 requests make it)
    Small Ping to AP: 1ms
    Large Ping to AP: 1ms
    Normal Ping to INTERNET: 2-5ms (4 / 5 requests make it.)

    When enabling encryption, I cannot have large packet sized. That makes the internet unusable.

    **************************
    Adding WEP Security
    **************************

    16. Changed FIREWALL Security Mode to WEP 64 bit encryption
    17. Changed AP Security Mode to WEP 64 bit encryption

    Connectivity is the same as using WPA --> Horrible

    **************************
    Adding WPA2 Security
    **************************

    18. Changed FIREWALL Security Mode to WPA Pre-Shared Key 2 (TKIP)
    19. Changed AP Security Mode to WPA Pre-Shared Key 2 (TKIP)

    Cannot reach the other router.

    **************************
    Adding WPA2 (AES) Security
    **************************

    20. Changed FIREWALL Security Mode to WPA Pre-Shared Key 2 (AES)
    21. Changed AP Security Mode to WPA Pre-Shared Key 2 (AES)

    Cannot reach the other router.

    **************************
    Disabled Wireless Security
    **************************

    22. Changed FIREWALL Security Mode to WPA DISABLED
    23. Changed AP Security Mode to DISABLED

    Connectivity is perfect. Except no security.

    **************************
    Try Client-Bridge
    **************************

    24. Disable WDS on FIREWALL
    25. Changed AP router to Client-Bridge mode.
    26. AP: Survey and “join†the FIREWALL’s SSID.
    27. Reboot routers

    Connectivity is perfect. Except no security.

    **************************
    Try WEP Security (with Client-Bridge)
    **************************

    28. Change security to “WEP†and change the passphrase to “hiâ€

    Connectivity is the same as using WDS WPA --> Horrible. Same packet loss with larger sized packets.

    Summary: Encryption does not work between these two routers. Maybe one of them is bad? To test, I’m going to try “client mode†between these two routers and my existing d-link 802.11b router.

    **************************
    Test AP Client Mode to Existing D-LINK Access point
    **************************

    29. AP: Change security to “WEP†and change the 128bit key.
    30. AP: Remove Gateway & Local DNS Settings
    31. AP: Enable DHCP
    32. AP: “join†the D-LINK network (select the d-link SSID)
    33. AP: Forced a WAN RENEW to get an IP. Success.
    34. Computer: IPCONFIG /RENEW to make sure I get a valid IP. Success.

    ** Plugged into AP (Client of D-LINK) **
    Small Ping to D-LINK: 3-6ms (minor ping loss)
    Large Ping to D-LINK: 5ms (major ping loss)
    Small Ping to AP: 1ms
    Large Ping to AP: 1ms
    Normal Ping to INTERNET: 14ms (medium packet loss: 4/5 succeed)

    **************************
    Test FIREWALL Client Mode to Existing D-LINK Access point
    **************************

    35. FIREWALL: Change security to “WEP†and change the 128bit key.
    36. FIREWALL: Remove Gateway & Local DNS Settings (already done)
    37. FIREWALL: Enable DHCP (already done)
    38. FIREWALL: “join†the D-LINK network (select the d-link SSID)
    39. FIREWALL: Forced a WAN RENEW to get an IP. Success.
    40. Computer: IPCONFIG /RENEW to make sure I get a valid IP. Success.

    ** Plugged into FIREWALL (Client of D-LINK) **
    Small Ping to D-LINK: 3-6ms (no ping loss)
    Large Ping to D-LINK: 5-7ms (no ping loss)
    Small Ping to AP: 1ms
    Large Ping to AP: 1ms
    Normal Ping to INTERNET: 12-15ms (no packet loss)

    Connectivity is perfect. Even with WEP security! The AP router must be bad.
     

Share This Page