MaxT Posted October 11 Posted October 11 Maybe worth trying OpenWRT - it is built with AP functionality in mind and if it works, assess whether config(s)/build options can be applied to Armbian 0 Quote
Igor Posted October 11 Posted October 11 54 minutes ago, MaxT said: Maybe worth trying Its usually hardware / quality of the driver ... but ofc also "something in between". Armbian config way has been significantly improved, worth trying upcoming app: https://github.com/armbian/configng 0 Quote
ag123 Posted October 11 Posted October 11 Imho trying OpenWRT isn't a direct 'solution' of a problem. A notion is that 'it works in A OS' and 'doesn't work in B OS' normally won't give a clue to fixing the problem in 'B OS', except for the cases of *strictly a config problem*. rather if you have A OS with a particular config that works and another A OS that has a config that doesn't work, then one'd be better comparing the 2 different configs between the 2 A OS, it would more likely find the 'config error'. in theory if it is strictly config error, then you may as well copy over the 'correct' config and it should work. my guesses as it has come this far is that it may not be simply a config problem. i.e. that there is (or at least may be) no problem with configs. there is 'something else' that cause the problem, and it may not be config. the thing is we do not know what that 'something else' is. We can't rule out hardware differences, there are different memory sizes for Orange Pi zero 3 ( 1, 1.5, 2, 4 GB) as it has not been discussed here. But even then that is just one of the possible factors. for the record, I've been using hostapd, Armbian on Orange Pi Zero 3, and it is practically my desktop WiFi hotspot, it 'just works', at least that Android connects to it flawlessly, and yes WPA2 (see prior comments) It runs for months literally without reboot and offers fast > 100 Mbps (throughput across both wifi and ethernet interfaces) WiiFi5 on 5 ghz band. And I think (or I observed) that iphones connect just fine ! (we need inputs from other iphone users who have successfully done the same that if that 'just works'. Then maybe it is easier to compare on the same basis. not easy to narrow down what that 'something else' is. For now, based on prior analysis a few comments prior (especially about the hostapd/wpa_supplicant 'discovery', perhaps rebuild the Armbian image (kernel + distribution) from source may help ! Still it is a gamble, as I do not know the root cause of it. edit: @av4625 there is one other thing, and this relates to config https://gist.github.com/ag88/de02933ba65500376d1ff48e504b1bf3 in my hostapd.conf example I specified channel=0 (that should literally should mean auto selection of channel) in actual fact, I used a specific channel # "a" simply means 5Ghz hw_mode=a # the channel to use channel=36 ieee80211ac=1 the relevant channel is selected by running sudo iw list which gives a detailed list of the frequencies / channels that can be set then simply pick a channel that is legal and that one prefers (e.g. by checking that no other AP visible is using it) and set that in the hostapd.conf as above if that is the problem, maybe it helps. it is perhaps overlooked as the assumption is that only WPA/WPA2 is the issue. 0 Quote
MaxT Posted October 11 Posted October 11 If a feature works on the board under OS A and does not under OS B, given both are Linux based, one can rule our HW issue.By comparing kernel patches, one can rule out drivers, same with kernel configs/build options and lastly userland SWThat's all I meant.Remember, OpenWRT, DDWRT, etc. are built with networking/AP functionality in mind, have large user base using exactly feature in question and there might be hints on their forums, wiki, etc. 0 Quote
robertoj Posted October 11 Posted October 11 I just checked the openwrt webpage. There's no mention of orange pi zero 3 working: https://openwrt.org/toh/xunlong/start The wifi chip is CDtech 20U5622 (or UWE5622) ... do you see that anywhere in openwrt? 0 Quote
MaxT Posted October 11 Posted October 11 I just checked the openwrt webpage. There's no mention of orange pi zero 3 working: https://openwrt.org/toh/xunlong/start The wifi chip is CDtech 20U5622 (or UWE5622) ... do you see that anywhere in openwrt?See last two lineshttps://openwrt.org/toh/views/toh_single-board-computersSeems snapshots are available 0 Quote
ag123 Posted October 12 Posted October 12 I'd guess that channel=36 specifier in hostapd.conf 2 comments above would likely make a difference. prior, i stated channel=0 and I'm assuming ACS (automatic channel selection). I think ACS may not be working after all, hence, it is necessary to specify the channel manually. the easiest way to list all channels and frequencies is sudo iw list and to list APs that are visible accordingly it is nmcli dev wifi or sudo iw dev wlan0 scan I think iw dev wlan0 scan and nmcli dev wifi needs to be done without hostapd or an AP (e.g. on Network Manager) running I think on Android (and/or iphone?) there are also apps available to list visible WiFi APs and their frequencies / channels even if it conflicts (e.g. 2 AP on the same channel) I'd guess it'd still work, just that there'd be 'interference' and possibly lower throughput. --- blurb: yes OpenWRT, Armbian, ... are among the earliest 3rd party open sourced implementations to run on Orange Pi Zero 3. using Armbian (vs OpenWRT) is just my personal preference, partly as it is a complete linux distribution (e.g. debian). One can run various other things in addition to simply using it as a 'router'. And that deban, ubuntu style apt update ; apt upgrade or apt install xxyy is very mature and setting up many different apps is simply a one liner apt install xxyy. And not least Ambian build framework is one of the highlights https://github.com/armbian/build one can catch up to the (bleeding) 'edge' of Linux if one wants to. another blurb, using SBC (Single board computers) as WiFi hotspot running open sourced implementations e.g Armbian, OpenWRT etc is 'very significant'. Well, these days there are dedicated 'mesh' routers, those are likely faster e.g. WiFi 6 etc (cost wise may actually be equal) but that running Armbian (etc) means one can literally customize the use including setting it up as a router / WiFi hotspot and customize the network setup to work around problems that may not be possible on 'standard' consumer box routers. And in addition running apps, e.g. file server (lan based storage) , web server with apps, stream media, databases (mysql?) etc in addition. 0 Quote
Igor Posted October 12 Posted October 12 8 hours ago, MaxT said: given both are Linux based, one can rule our HW issue. I wish this would be that simple First, all distros are (usually) re-building packages at different time, thus by default bringing different code base. That change can be small (using same main version of kernel) or big (6.1 vs. 6.10 for example). Then. Armbian adds (ATM) 436 general patches to the kernel and we add several 3rd party drivers to the kernel. We actively maintain this kernel, unlike others. Some distributions are using our kernel, while OpenWRT AFAIK not. Which means they use some version of mainline Linux kernel with their own patches. Their focus is networking (protocols), so I would assume they are fixing those things. I doubt they are doing anything related to this hardware (wifi chip) besides adding device tree (if not yet in mainline). Fixing wireless drivers in its core is done by very few people that are not tied to any distribution in particular https://github.com/morrownr/USB-WiFi https://github.com/kimocoder ... experience will be different, especially in area of this particular hardware. 0 Quote
Michael Robinson Posted October 13 Posted October 13 https://github.com/garywill/linux-router 1 Quote
av4625 Posted October 14 Author Posted October 14 Lots of replies here, thanks everyone! I tried specifying the channel, but it didn't help. I also tried 5GHz instead of 2.4GHz "just incase", but that didn't help either. You can see my config here: cat /etc/NetworkManager/system-connections/access_point.nmconnection [connection] id=access_point uuid=4eba9c88-d36f-40bb-a740-a9eeb903ca75 type=wifi interface-name=wlan0 mdns=2 timestamp=1728918559 [wifi] band=a channel=36 mode=ap ssid=TEST_TEST [wifi-security] key-mgmt=wpa-psk psk=password [ipv4] method=shared [ipv6] addr-gen-mode=default method=auto [proxy] One thing I noticed is that wpa_supplicant is showing UNKNOWN as the key management type which I thought was weird. sudo wpa_cli status Selected interface 'wlan0' bssid=44:fa:6d:94:c1:36 freq=5180 ssid=TEST_TEST id=0 mode=AP pairwise_cipher=CCMP+TKIP group_cipher=TKIP key_mgmt=UNKNOWN wpa_state=COMPLETED ip_address=10.42.0.1 p2p_device_address=46:fa:6d:94:c1:36 address=44:fa:6d:94:c1:36 uuid=82ce0d53-c98a-5bf8-b8a7-89759b194923 Haven't had time to try anything else yet 0 Quote
jimg Posted October 15 Posted October 15 (edited) FWIW, here's the ansible script I use to set up the Orange Pi Zero 2W we use as our home wireless access point running in 5 Ghz (AC) mode. It is currently on Armbian 24.11 Debian Bookworm using kernel 6.6.54. This should work on an Orange Pi Zero 3 since it uses the same CPU and wifi chip. Note I am using systemd-networkd that netplan uses by default in Armbian's minimal/IOT images, not nmcli. --- - name: Install networking packages apt: name: - hostapd - dnsmasq state: present # setup access point - name: configure dnsmasq file: src: dnsmasq.conf dest: /etc/dnsmasq.conf mode: 0644 tags: - dnsmasq - name: create dnsmasq.service.d directory if non-existent file: path: /etc/systemd/system/dnsmasq.service.d recurse: true state: directory tags: - dnsmasq - name: copy fix for systemd-resolved conflict when: - ansible_facts.services['systemd-networkd.service'] is defined - ansible_facts.services['systemd-networkd.service']['status'] == 'enabled' copy: src: systemd-resolved-fix.conf dest: /etc/systemd/system/dnsmasq.service.d/systemd-resolved-fix.conf mode: 0644 tags: - dnsmasq - name: activate dnsmasq service command: systemctl enable dnsmasq.service tags: - dnsmasq - name: Set up IPv4 forwarding ansible.builtin.copy: src: routed-ap.conf dest: /etc/sysctl.d/10-routed-ap.conf mode: 0644 - name: copy hostapd.conf file: src: hostapd.conf dest: /etc/hostapd/hostapd.conf mode: 0644 tags: - hostapd - name: copy hostapd.service file: src: hostapd.service dest: /etc/systemd/system/hostapd.service mode: 0644 tags: - hostapd # hostapd is masked by default after installation - name: unmask hostapd.service command: systemctl unmask hostapd.service tags: - hostapd - name: activate hostapd service command: systemctl enable hostapd.service tags: - hostapd Here's the /etc/dnsmasq.conf file: # disables dnsmasq reading any other files like /etc/resolv.conf # for nameservers no-resolv #IGNORE_RESOLVCONF=yes #DNSMASQ_EXCEPT="lo" interface=wlan0 log-queries log-facility=/var/log/dnsmasq.log addn-hosts=/etc/hosts no-dhcp-interface=lo domain-needed bogus-priv dhcp-range=10.10.1.50,10.10.1.199,12h dhcp-option=3,10.10.1.1 server=1.1.1.1 The /etc/systemd/system/dnsmasq.service.d/systemd-resolved-fix.conf file mentioned in the script stops systemd-resolved when dnsmasq is started so it doesn't conflict with dnsmasq: [Unit] After=systemd-resolved.service [Service] ExecStartPre=/usr/bin/systemctl stop systemd-resolved.service ExecStartPost=/usr/bin/systemctl start systemd-resolved.service The /etc/sysctl.d/10-routed-ap.conf file enables iPv4 and IPv6 address forwarding. This is required since hostapd is running in routed mode, not bridged: # https://www.raspberrypi.org/documentation/configuration/wireless/access-point-routed.md # Enable IPv4 routing net.ipv4.ip_forward=1 # Enable IPv6 routing #net.ipv6.conf.default.forwarding=1 The /etc/hostapd/hostapd.conf file, configured for the wifi chips' capabilities: ssid=<YOUR SSID GOES HERE> interface=wlan0 hw_mode=g channel=40 driver=nl80211 logger_syslog=0 logger_syslog_level=0 wpa=2 preamble=1 # Wifi Multi-Media support, also required for full speed on 802.11n/ac/ax wmm_enabled=1 wpa_passphrase=<YOUR PASSWORD GOES HERE> wpa_key_mgmt=WPA-PSK wpa_pairwise=TKIP rsn_pairwise=CCMP auth_algs=1 macaddr_acl=0 ## IEEE 802.11n ieee80211n=1 ht_capab=[LDPC][HT40-][HT40+][SHORT-GI-20][SHORT-GI-40][RX-STBC1] country_code=US ieee80211d=1 ## IEEE 802.11n ## IEEE 802.11a hw_mode=a ## IEEE 802.11a ## IEEE 802.11ac ieee80211ac=1 vht_capab=[MAX-MPDU-7991][RXLDPC][SHORT-GI-80][SU-BEAMFORMEE][MU-BEAMFORMEE][VHT-TXOP-PS][MAX-A-MPDU-LEN-EXP3] vht_oper_chwidth=1 vht_oper_centr_freq_seg0_idx=42 ## IEEE 802.11ac # controlling enabled ctrl_interface=/var/run/hostapd ctrl_interface_group=0 The /etc/systemd/system/hostapd.service file: [Unit] Description=Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator Documentation=man:hostapd(8) After=network.target Before=dnsmasq.service ConditionFileNotEmpty=/etc/hostapd/hostapd.conf #Wants=dhcpcd.service #Before=network.target dhcpcd.service wpa_supplicant.service [Service] Type=forking PIDFile=/run/hostapd.pid Restart=on-failure RestartSec=2 Environment=DAEMON_CONF=/etc/hostapd/hostapd.conf EnvironmentFile=-/etc/default/hostapd ExecReload=/bin/kill -s HUP $MAINPID ExecStartPre=/usr/bin/ip link set wlan0 down ExecStartPre=/usr/bin/ip address flush dev wlan0 ExecStartPre=/usr/bin/ip link set wlan0 up ExecStartPre=/usr/bin/ip addr add 10.10.1.1/24 dev wlan0 ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid $DAEMON_OPTS $DAEMON_CONF [Install] WantedBy=multi-user.target Hope this helps. Edited October 15 by jimg 0 Quote
av4625 Posted October 15 Author Posted October 15 I downloaded the latest image which has the same versions as you. This seemed to get a little bit further. I set it up manually using the exact files above just changing ssid and password as I havent used ansible before and couldn't get it to work. I am able to select the AP and type in the password and it seems to connect. But I get a no Wi-Fi symbol, this is no drama as I only want to be able to talk to the OPi using this hotspot to access a server it hosts. But, when I look at the connection, it doesn't seem to have a router/gateway IP. On my OPi Zero LTS where the hotspot works, I can SSH to the gateway IP (10.42.0.1 by default). Another weird thing the IP that my Mac got after connecting started with 169, I would have expected this to be in the range specified in /etc/dnsmasq.conf (dhcp-range=10.10.1.50,10.10.1.199,12h). I'm not sure if its just how this specific hotspot is configured but I guess yours works better than this. I dunno why, but I find hostapd and dnsmasq a lot more complicated and harder to understand. But I wonder, because this hotspot seemed to accept a password and my Mac showed it as WPA2/WPA3, is it just an option that needs to be set for the nmcli hotspot. Because without a password it works perfectly like I expect and I can SSH to the gateway IP etc etc. I also tried my own nmcli commands on the new image "just incase" but no luck. 0 Quote
ag123 Posted October 15 Posted October 15 if this is based on hostapd try journalctl -u hostapd to check the connect logs, normally successful connection attempts is quite 'intuitive' e.g. that there is normally a WPA / authentication related message other things that possibly matters include ip address, that should be provided by dhcp (e.g. dnsmasq) dns server, i think some os (e.g. android at least) tries to connect to some internet web sites (google?) and complains that there is no internet if is not accessible. if there is after all no internet, you may need to run a dns to resolve the ap itself if you are accessing it via domain names. For accessing the host itself, i'm not too sure if dnsmasq can work as dns and resolve its own domain. Otherwise, accessing the host would likely need to be based on ip address. alternatively, I'd think install and configure avahi (MDNS) which may help to resolve the ap itself as host.local (e.g. orangepizero3.local) interfaces and routing, we normally assume that it is configured and working? but nevertheless it may help to check e.g. ip link ip -4 add ip route 0 Quote
jimg Posted October 16 Posted October 16 Quote Another weird thing the IP that my Mac got after connecting started with 169, I would have expected this to be in the range specified in /etc/dnsmasq.conf (dhcp-range=10.10.1.50,10.10.1.199,12h). I'm not sure if its just how this specific hotspot is configured but I guess yours works better than this. I dunno why, but I find hostapd and dnsmasq a lot more complicated and harder to understand. A 169.x.x.x address is a link-local address and indicates the Orange Pi's DHCP server (i.e., dnsmasq) isn't running. As mentioned in the ansible file, dnsmasq is masked by default on installation. To get it to function, you have to both unmask and enable it after installation: sudo systemctl unmask dnsmasq.service sudo systemctl enable dnsmasq.service If you did that and it's still not working, check if dnsmasq is running using: sudo systemctl status dnsmasq.service Check the 'Active' attribute in the output; It should be "active (running)". If it's not, check the log messages printed at the end of the report's output to determine the cause. Feel free to post the output here if you need help debugging it. dmsmasq by default is left disabled after installation. Did you enable the dnsmasq systemd service as mentioned in the ansible file? 0 Quote
av4625 Posted October 16 Author Posted October 16 Thanks for the help, my network knowledge is poor as you can likely tell. I did enable dnsmasq like the ansible file does and it seems to be running, but there is a failed log: ● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; preset: enabled) Drop-In: /etc/systemd/system/dnsmasq.service.d └─systemd-resolved-fix.conf Active: active (running) since Wed 2024-10-16 00:18:11 BST; 18h ago Process: 808 ExecStartPre=/etc/init.d/dnsmasq checkconfig (code=exited, status=0/SUCCESS) Process: 938 ExecStartPre=/usr/bin/systemctl stop systemd-resolved.service (code=exited, status=0/SUCCESS) Process: 941 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS) Process: 946 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS) Process: 991 ExecStartPost=/usr/bin/systemctl start systemd-resolved.service (code=exited, status=0/SUCCESS) Main PID: 945 (dnsmasq) Tasks: 1 (limit: 4548) Memory: 5.1M CPU: 222ms CGroup: /system.slice/dnsmasq.service └─945 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service Oct 16 00:18:09 orangepizero3 systemd[1]: Starting dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server... Oct 16 00:18:11 orangepizero3 resolvconf[963]: Dropped protocol specifier '.dnsmasq' from 'lo.dnsmasq'. Using 'lo' (ifindex=1). Oct 16 00:18:11 orangepizero3 resolvconf[963]: Failed to set DNS configuration: Link lo is loopback device. Oct 16 00:18:11 orangepizero3 systemd[1]: Started dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server. hostapd status: ● hostapd.service - Access point and authentication server for Wi-Fi and Ethernet Loaded: loaded (/lib/systemd/system/hostapd.service; enabled; preset: enabled) Active: active (running) since Wed 2024-10-16 00:18:10 BST; 18h ago Docs: man:hostapd(8) Process: 814 ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid $DAEMON_OPTS ${DAEMON_CONF} (code=exited, status=0/SUCCESS) Main PID: 853 (hostapd) Tasks: 1 (limit: 4548) Memory: 2.8M CPU: 265ms CGroup: /system.slice/hostapd.service └─853 /usr/sbin/hostapd -B -P /run/hostapd.pid /etc/hostapd/hostapd.conf Oct 16 00:18:09 orangepizero3 systemd[1]: Starting hostapd.service - Access point and authentication server for Wi-Fi and Ethernet... Oct 16 00:18:10 orangepizero3 hostapd[814]: wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE Oct 16 00:18:10 orangepizero3 systemd[1]: Started hostapd.service - Access point and authentication server for Wi-Fi and Ethernet. I don't seem to get any logs from hostapd when trying to join the hotspot, it just shows this: $ journalctl -fu hostapd Oct 16 00:18:09 orangepizero3 systemd[1]: Starting hostapd.service - Access point and authentication server for Wi-Fi and Ethernet... Oct 16 00:18:10 orangepizero3 hostapd[814]: wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE Oct 16 00:18:10 orangepizero3 systemd[1]: Started hostapd.service - Access point and authentication server for Wi-Fi and Ethernet. ip output: $ ip link 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: end0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000 link/ether 02:00:97:9b:cb:c0 brd ff:ff:ff:ff:ff:ff 3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether 44:fa:6d:94:c1:36 brd ff:ff:ff:ff:ff:ff $ ip -4 add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever 2: end0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 inet 192.168.178.170/24 metric 100 brd 192.168.178.255 scope global dynamic end0 valid_lft 839122sec preferred_lft 839122sec $ ip route default via 192.168.178.1 dev end0 proto dhcp src 192.168.178.170 metric 100 192.168.178.0/24 dev end0 proto kernel scope link src 192.168.178.170 metric 100 192.168.178.1 dev end0 proto dhcp scope link src 192.168.178.170 metric 100 0 Quote
jimg Posted October 16 Posted October 16 Looks like dnsmasq is running. I get that failed message in my log, too, so you can ignore it. According to your 'ip -4 add' output, it doesn't appear the wlan0 interface is getting assigned the 10.10.1.1 address like it should from the hostapd.service file. Based on the 'systemctl status hostapd.service' output, the ExecStartPre commands in that file that set the address aren't being run. What's the output of 'cat /etc/systemd/system/hostapd.service'? 1 Quote
av4625 Posted October 16 Author Posted October 16 I have no idea what I did, that file didn't exist. I swear I put it there. I did the last 3 steps of the ansible file again after stopping hostapd and it now works! 🤯 I dunno if its mean't too, but it doesn't share the eth connection, so for example I can't access the internet when connected to it (the Zero LTS I have setup with network manager can without me setting anything up to do that). But I don't care about that anyway as it will live in a car and not be connected over ethernet after I'm finished dev anyway, just thought I'd call it out. Why my original way doesn't work and this does still baffles me 🤷♂️ I don't like not understanding why the other way didn't work lol But thank you a lot, I will try and research and learn more about hostapd and dnsmasq now so I understand it better. 0 Quote
av4625 Posted October 16 Author Posted October 16 I wont have a chance to look into it all until tomorrow, but does your setup use wpasupplicant? If so that rules that out as being the earlier issue 0 Quote
jimg Posted October 17 Posted October 17 4 hours ago, av4625 said: I have no idea what I did, that file didn't exist. I swear I put it there. If you tried creating an access point using NetworkManager, my guess is it's probably overwriting the dnsmasq.service file. See if the access point(s) you attempted to create is listed in one of the system connection files: ls /etc/NetworkManager/system-connections If so, delete the offending file(s). If you still have NetworkManager installed, you should also do what @ag123 recommended earlier and create a file so NetworkManager doesn't attempt to control the wlan0 interface: Quote I added in /etc/NetworkManager/conf.d/99-unmanaged-devices.conf [keyfile] unmanaged-devices=interface-name:wlan0 4 hours ago, av4625 said: Why my original way doesn't work and this does still baffles me 🤷♂️ I don't like not understanding why the other way didn't work lol I am not surprised. I generally like NetworkManager for networking, but have rarely succeeded in using it to set up an AP on most boards I've tried in the past. And, because it's so opaque, it's difficult to debug what's wrong. That's why I use hostapd + dnsmasq. It very configurable and easier to debug. 3 hours ago, av4625 said: I wont have a chance to look into it all until tomorrow, but does your setup use wpasupplicant? If so that rules that out as being the earlier issue Yes, it's installed by default on my minimal/IOT image and launched by systemd. But I think your problem is probably caused by conflicting NetworkManager configuration(s), not wpa_supplicant. 0 Quote
ag123 Posted October 17 Posted October 17 yes this is useful I added in /etc/NetworkManager/conf.d/99-unmanaged-devices.conf [keyfile] unmanaged-devices=interface-name:wlan0 Network Manager can still manage the end0 (ethernet) interface which is what I did. In fact, I used Network manager to setup a bridge and let hostapd patch wlan0 into the bridge. And in fact I manage my ip address and services on the bridge itself, i.e. use the bridge as my ip 'interface', all other stuff (dns, dhcp, etc can run on that instead) It is not without issues though, Network Manager and hostapd has a race condition at startup, because hostapd creates the bridge (this is if you use the bridge=br0 configuration) if it is started earlier. And Network Manager sometimes gets goofy there and disabled the bridge etc. Hence, I make hostapd start 2 seconds later using /usr/bin/sleep 2 in the hostapd.service file. If using a bridge is not necessarily one's preferred option as the LAN segments becomes all connected. Then one'd need to setup the sub-nets accordingly and update the routing tables (at least static routing) accordingly, you would need to consider the 'overall' network setup including adjacent routers as well. One can setup NAT (ip masquadering) so that on the up stream (e.g. ethernet) only a single ip address is used, and that Opi Zero 3 AP does that NAT. Accordingly there is another trick known as proxy arp. https://wiki.debian.org/BridgeNetworkConnectionsProxyArp The main reason I'm using a bridge is actually that dhcp, dns and routing is based on the 'main' router which is not the Opi Zero 3 AP itself, this works rather well in a small e.g. home network with a few devices. what @jimg proposes should be good working configurations with local ip and without the bridge. there could be possible race conditions to look out for though, e.g. that dhcp, dns, dnsmasq, avahi etc has a dependency on the wlan0 interface and probably needs to run after the wlan0 interface (e.g. ip etc ) is setup and up. accordingly, systemd-networkd can be used to setup the network, https://wiki.archlinux.org/title/Systemd-networkd Apparently, it has rather good support for hostapd https://wiki.archlinux.org/title/Systemd-networkd#[DHCPServer] one may like to explore this option instead. Though I've not tried it myself and hence can't comment much about it. It'd be good to 'document' that say in a post (e.g. in tutorials https://forum.armbian.com/forum/40-reviews-tutorials-hardware-hacks/) here, if one successfully setup the AP with all the necessary services running. e.g. hostapd, dhcp, dhs, dnsmasq etc. accordingly, there is another way to setup the interfaces e.g. in /etc/network/interfaces https://wiki.debian.org/NetworkConfiguration#A4_ways_to_configure_the_network this may work better with hostapd setup and can likely co-exist with Network Manager if one used them in combination. e.g. that the network setup can run first, after that hostapd, dhcp, dns, dnsmasq, avahi etc can run after the dependent wlan0 interface is up. 0 Quote
jimg Posted October 17 Posted October 17 4 hours ago, ag123 said: what @jimg proposes should be good working configurations with local ip and without the bridge. I have always use a routed configuration instead of a bridge because I'm always configuring my AP as our home router or subnet router. If there is no upstream router in front, then you will definitely need to install a firewall too like ufw or firewalld (which I always do). 4 hours ago, ag123 said: systemd-networkd can be used to setup the network, It's worth noting that Armbian now uses netplan to setup networking each time at boot. Server/IOT images configure netplan to use systemd-networkd. Server images use NetworkManager. To change from systemd-networkd, you need to install NetworkManager, then change the netplan configuration file(s) to use it instead. Interfaces not named or matched in the netplan file or ignored by Netplan, so if you're creating a hotspot with hostapd & dnsmasq, wlan0 should be left out of the configuration files listed in /etc/netplan. systemd-networkd has more limited functionality than NetworkManager when using netplan; e.g., you can use matching rules like 'wlx*' when defining networks with NetworkManager in netplan but not systemd-networkd. 0 Quote
ag123 Posted October 17 Posted October 17 @jimg thanks. Nothing wrong or against a routed configuration, just that a routed configuration needs the various routers to 'play well together'. In fact, I preferred a routed configuration as it separates the LAN segments, just that a routed config need more planning e.g. if there are more than a single router. I'm using bridge config partly as the central router handles dhcp etc. one of the 'problems' that I confront is ipv6 router advertisements https://en.wikipedia.org/wiki/Radvd https://en.wikipedia.org/wiki/IPv6#Stateless_address_autoconfiguration_(SLAAC) As my isp provides only a /64 'network', I kind of am 'out of options' as IPV6 normally reserves the entire lower 64 bits as the 'host' part. Hence, it is not possible to subnet the lower /64 network. That leaves practically only bridging as the only option for the subnets. Then that these OPi Zero 3 APs are 'mesh' APs and that a slight benefit here is that using bridges makes them 'auto' configuring, i.e. the same AP can be 'shifted' around to other network points and it 'just works' without re-configuring. Routing can achieve similar effect, but that a routing daemon is needed, static routing may have some limitations for 'auto' configuring in this respects. I've not tried netplan and I think I should try it out. Apparently netplan currently, only supports NetworkManager for AP https://netplan.readthedocs.io/en/stable/netplan-yaml/#properties-for-device-type-wifis and it seemed the 'workaround', is to only have netplan setup the ip address of the wifi interface https://eternaltinkering.com/blog/ubuntu-server-wifi-ap.html hostapd etc would be separate from that. 0 Quote
av4625 Posted October 17 Author Posted October 17 Quote If you tried creating an access point using NetworkManager, my guess is it's probably overwriting the dnsmasq.service file. I started from a clean install just incase anything I did previously affected it, so NetworkManager is no longer installed. Quote See if the access point(s) you attempted to create is listed in one of the system connection files: ls /etc/NetworkManager/system-connections This directory doesn't exist for me now. Although the hotspot does work after reboots now, so it could have just been something I did wrong before but I was trying to be really careful and do. it all as you had in your earlier reply. Quote but have rarely succeeded in using it to set up an AP on most boards I've tried in the past I must have just been very lucky with the OPi Zero LTS as it "just worked" and seemed "easy" lol Quote Network Manager can still manage the end0 (ethernet) interface which is what I did. Its funny you say this, in my early attempts with network manager, when I listed all connections it never listed the ethernet connection and only my (broken) hotspot or when I connected to my router over wifi it listed that. So it seems like network manager never managed my eth connection, not sure what actually does. 0 Quote
ag123 Posted October 17 Posted October 17 @av4625 here are some of my thoughts, as discussed prior, wpa_supplicant and / or hostapd is The 'library' that does *all* of WPA/WPA2/WPA3 https://w1.fi/wpa_supplicant/devel/ The design goal for wpa_supplicant was to use hardware, driver, and OS independent, portable C code for all WPA functionality The design goal for hostapd was to use hardware, driver, and OS independent, portable C code for all WPA functionality. That means selecting either wpa_supplicant or hostapd would provide the wifi AP functionality specifically for WPA / WPA2 and authentication. Using hostapd apparently has 'better' logging as the access attempt is logged journalctl -u hostapd there are some messages, some abstracts from my logs STA mac_addr IEEE 802.11: associated STA mac_addr RADIUS: starting accounting session 63AA93B230BE083E STA mac_addr WPA: pairwise key handshake completed (RSN) STA mac_addr WPA: group key handshake completed (RSN) STA mac_addr IEEE 802.11: disassociated this helps ascertain that the connection / WPA / WPA2 is established and authentication is successful From prior discussions, it seemed NetworkManager uses wpa_supplicant. In my case, I find the lack of logs 'opaque' and lacks info for adequate troubleshooting. I'm also unsure if I can adequately separate the concerns with Network Manager with an AP, i.e. hostapd itself (for WPA/WPA2 and authentication), then dhcp to provide (to connecting clients) ip address and dns address, ipv6 router advertisements etc and in addition to setup a bridge separate from the wifi interface itself. And in part, hostapd apparently provides significantly more detailed configuration, in particular for the various features supported by wifi itself. https://web.mit.edu/freebsd/head/contrib/wpa/hostapd/hostapd.conf Hence, I choose to use hostapd instead. However, given those documentations, https://w1.fi/wpa_supplicant/devel/, it'd seem that hostapd and wpa_supplicant are likely equivalent. just that i'm more familiar with hostapd currently. Hence, in my setup. I've Network Manager omit setting up the wifi interface. /etc/NetworkManager/conf.d/99-unmanaged-devices.conf [keyfile] unmanaged-devices=interface-name:wlan0 Network manager, however, is used to setup the bridge and manage the ethernet interface, configured using nmcli. Then hostapd is configured to patch the wifi interface into the bridge after hostapd is running. /etc/hostapd/hostapd.conf bridge=br0 Networkmanager configuration of the bridge looks like this > nmcli c NAME UUID TYPE DEVICE bridge d0fc7d8a-51ea-4c5d-a297-943e2a037cff bridge br0 lo 59201f46-2fff-4f67-9822-7019cea62cf5 loopback lo br-eth 29c02c5c-4d75-4e03-bb71-8a761e076562 ethernet end0 > sudo brctl show bridge name bridge id STP enabled interfaces br0 8000.xxyy yes end0 wlan0 Here, wlan0 is patched into the bridge by hostapd. Note the race condition issue discussed 3 comments prior. The ethernet connection should be visible in NetworkManager in the default configuration e.g. as "Wired connection 1" Then to setup the bridge I used a bunch of nmcli commands https://gist.github.com/ag88/de02933ba65500376d1ff48e504b1bf3 nmcli con down "Wired connection 1" nmcli con del "Wired connection 1" nmcli con add connection.id bridge type bridge ifname br0 nmcli con add connection.id br-eth type bridge-slave ifname end0 master br0 #this is for dynamic (dhcp IP address) #nmcli c modify bridge ipv4.method auto #this is for fixed ip address, and assume that your gateway router is at 192.168.1.1 nmcli c modify bridge ipv4.method manual ipv4.addresses 192.168.1.10/24 ipv4.gateway 192.168.1.1 In the above I removed the default Ethernet connection and replaced that with a bridge setup. The above can only be done via a 'usb-uart serial debug' bridge/dongle on the 3 serial pins for the serial console. i.e. you can't work from ssh into the ethernet connection and change the network configs. This is for the bridged setup. For a routed setup, my thoughts are that the 'missing' things are configure ip address and routing for the wifi (wlan0) interface (this would need to be done outside NetworkManager if it isn't managing it) run a dhcp server to provide connecting clients with ip address and dns address (this can be provided by dnsmasq or a dhcp server (e.g. isc-dhcp-server). (other services to run can included ipv6 router advertisements (radvd or dnsmasq does that), avahi (multi-cast DNS) etc) configure 'upstream' routing / forwarding through the ethernet (end0) Those are covered to some extent in the prior discussions. If you managed to run a succcessful setup say with hostapd, my guess is that you could likely migrate/convert that into a completely NetworkManager setup which uses wpa_supplicant internally. It could possibly be 'less verbose' as compared to these setups which requires a lot of additional manual configuration as like above. 1 Quote
ag123 Posted October 18 Posted October 18 @av4625 I tried setting up WiFI AP using Network Manager which in turns uses wpa_supplicant. The configuration is actually 'much' easier than this current manual method using hostapd. 1st install dnsmasq (without this I found errors in journalctl -u NetworkManager logs saying that dnsmasq is not accessible) apt install dnsmasq then the following needs to be done using the usb uart serial debug dongle on the 3 serial pins. to configure the upstream *ethernet* interface it is nmcli c add "Wired connection 1" ifname end0 type ethernet That creates the network manager connection for the ethernet interface and it obtains its address via dhcp Hang / no response while half way working with usb uart serial debug dongle Some troubles while working in the usb uart serial debug dongle, it occasionally (quite frequently) hangs for uncertain reasons, no response in terminal. The terminal app I used is putty https://www.putty.org/ There is actually 'no solution' to the serial debug hang issue. I'm halfway suspecting that it may be due to loose connections, but I can't prove it. I used cheap usb-uart dongles like these https://www.aliexpress.com/w/wholesale-usb-uart.html solution to serial debug hang What I actually did to 'overcome' this is that I first configure the ethernet to work correctly in network manager (as above using nmcli). after that useful tip, install avahi (mDNS https://en.wikipedia.org/wiki/Multicast_DNS ) apt install avahi-daemon apt install avahi-utils then in /etc/avahi/avahi-daemon.conf [server] publish-workstation=yes then I look for that over the network using avahi-browse -a to search for the board in the lan. it is then simple to ssh into that e.g. ssh user@orangepizero3.local The ethernet connection proved to be more stable than the 'usb uart serial debug' monitor route. ------ configuring the WiFi AP. nmcli d wifi hotspot ifname wlan0 ssid testspot password 12345678 The good thing about NetworkManager with this is that it configures and setup the WiFi hotspot, configures all that necessary routing, setup ip masquadering through the other interface ( i.e. ipv4.method = shared ), configures dnsmasq. Everything with this 'simple looking' command line. devices are unable to connect with / without password I'm able to reproduce the various troubles that you are encountering. e.g. it is not possible to connect after playing with the various wpa / wpa 2 settings including things like key-mgmt, pairwise, group etc. I tried specifying 'tkip, ccmp' for both pairwise and group, didn't work. I run wpa_ctl status like what you see the key-mgmt is 'unknown'. I set "log_level debug" < yup just this statement in the prompt, then run journalctl -fu wpa_supplicant. The trouble is I've troubles connecting, but that nothing shows in the log during my connection attempts. I googled around next, apparently wpa_supplicant has its own large set of knobs (parameters) to play with https://web.mit.edu/freebsd/head/contrib/wpa/wpa_supplicant/wpa_supplicant.conf ^ what is quite interesting in this example is that key-mgmt do have the various options in network manager, but that in wpa_ctl , and running "status" command shows that to be 'unknown'. solution to 'NetworkManager' AP Actually, I 'don't have a solution'. Rather, I'm not sure where and what to tweak to try to make wpa_supplicant work with Network Manager. I tried creating a /etc/wpa_supplicant.conf play with some values, more occasional hangs etc, but did not solve the problem, i.e. journalctl -fu wpa_supplicant don't show any entries and I can't connect from my android phone. Then I switched back to my hostapd based setup in prior comment. it 'just works', practically 'no nonsense' The trouble with hostapd based setup is that you have more work to do (unlike that nmcli one liner to create an AP) if you want to run a routed setup as discussed in the prior comment. I'd guess that you could adapt that 'bridged' setup, e.g. doing that and running dhcp (e.g. dnsmasq or isc-dhcp-server, you would need to configure it separately) https://gist.github.com/ag88/de02933ba65500376d1ff48e504b1bf3 could be a possible setup. The catch is that when you connect through ethernet, that dhcp is running on the bridge and if you have another dhcp server in the lan, things can be somewhat messy. the other ways would be to do a truly routed setup as discussed in prior comments. Configuring the WiFI interface as 'ethernet' in Network manager I'm not too sure if it is quite possible to setup the 'wifi' interface as 'ethernet' in network manager (e.g. nmcli). e.g. nmcli c add "WiFI connection" ifname wlan0 type ethernet ipv4.method manual ipv4.address <IP>/<prefix> ipv4.gateway <GW-address> ^ I'd guess ipv4.method = shared and without those ipv4.address, ipv4.gateway params may be possible with this which would do ip masquadering through the other (ethernet) interface use ip -4 add and/or ip route, to check what addresses and subnet gets assigned to wifi interface (wlan0) if you used ipv4.method = shared That is needed for the dhcp server below. Note check also if network manager 'automatically' configures dnsmasq as dhcp server by using ipv4.method = shared, which would make that extra step to configure dnsnmasq below redundant, unnecessary. 'everything' can be configured in network manager if this works. I've not tried this, but that if this is feasible, it would save some effort trying to set an ip address and routing for the wifi interface. I'd guess hostapd should still be able to run on top of that as hostapd doesn't bother about the ip and routing stuff. The bridge (bridge=br0) is not needed in hostapd.conf in this case. and with this it is not necessary to 'unmanage' the wifi interface in network manager i.e. that /etc/NetworkManager/conf.d/99-unmanaged-devices.conf is not required And in addition, you would still need to install and configure dhcp (dnsmasq or isc-dhcp-server) to provide the connecting devices with ip address and dns address. note: see that ipv4.method = shared above. This step may not be needed. oh and systemctl disable wpa_supplicant, I'm not too sure if hostapd would conflict with wpa_supplicant (I'd guess quite possible, they do pretty much similar and contradictory system calls. Hostapd runs an AP, wpa_supplicant mainly tries to setup a wifi client) do report on if this is feasible / successful / issues etc if you try this 0 Quote
av4625 Posted October 18 Author Posted October 18 Quote The configuration is actually 'much' easier than this current manual method using hostapd. This is exactly why I preferred to use network manager and you don't have to mess with dnsmasq and can use the default resolved and not worry about race conditions with them etc. Its also easy to use mDNS as its just setting a resolved conf value and a option on the network manager AP. Quote 1st install dnsmasq (without this I found errors in journalctl -u NetworkManager logs saying that dnsmasq is not accessible) dnsmasq-base should be enough, network manager seems to run its own instance of dnsmasq-base. Quote Hang / no response while half way working with usb uart serial debug dongle I was also getting this, I also use a cheap uart to usb converter, but never had issues with it before. I have tried some of your previous suggestions too that I hadn't yet got round to yet. I built my own version of armbian, I chose Jammy and a server cli build as this is exactly what is on my working device. I wanted to see if the server image had something extra that I needed and didn't know about. I noticed that all the tiny differences I noticed with the debian minimal image were no longer there, like permissions differences with nmcli and by default on this image network manager manages the ethernet connection. Long story short, I still can't connect to a hotspot with a password on this image. All versions are the same as my working device so it must be a hardware difference. Quote The design goal for wpa_supplicant was to use hardware, driver, and OS independent, portable C code for all WPA functionality Probably the "hardware" bit here. I then tried the latest ubuntu server cli image (Oracular) on bleeding edge. It failed at the nmcli command to bring the connection up. Fails with a wpasupplicant error about taking too long to authenticate. 0 Quote
ag123 Posted October 19 Posted October 19 @av4625 there is one experiment that I did not try which is to play with wpa_supplicant with its own /etc/wpa_supplicant.conf if it works, it'd likely point to a problem in network manager itself, possibly that network manager is sending the 'wrong' commands. However, as I couldn't figure out how to work that with network manager, possibly conflicts since network manager is intended to control it via the unix socket? redoing the 'whole' thing by having network manager unmanage the wifi interface is another test, but I did not try that due to the effort involved. 1 Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.