Jump to content

Recommended Posts

Posted

Maybe worth trying OpenWRT - it is built with AP functionality in mind and if it works, assess whether config(s)/build options can be applied to Armbian

Posted

Imho trying OpenWRT isn't a direct 'solution' of a problem. A notion is that 'it works in A OS' and 'doesn't work in B OS' normally won't give a clue to fixing the problem in 'B OS', except for the cases of *strictly a config problem*.

rather if you have A OS with a particular config that works and another A OS that has a config that doesn't work, then one'd be better comparing the 2 different configs between the 2 A OS, it would more likely find the 'config error'.

in theory if it is strictly config error, then you may as well copy over the 'correct' config and it should work.

 

my guesses as it has come this far is that it may not be simply a config problem. i.e. that there is (or at least may be) no problem with configs.

there is 'something else' that cause the problem, and it may not be config.

the thing is we do not know what that 'something else' is.

 

We can't rule out hardware differences, there are different memory sizes for Orange Pi zero 3 ( 1, 1.5, 2, 4 GB) as it has not been discussed here. But even then that is just one of the possible factors.

 

for the record, I've been using hostapd, Armbian on Orange Pi Zero 3, and it is practically my desktop WiFi hotspot, it 'just works', at least that Android connects to it flawlessly,  and yes WPA2 (see prior comments)

It runs for months literally without reboot and offers fast > 100 Mbps (throughput across both wifi and ethernet interfaces) WiiFi5 on 5 ghz band.

And I think (or I observed) that iphones connect just fine ! (we need inputs from other iphone users who have successfully done the same that if that 'just works'. Then maybe it is easier to compare on the same basis.

not easy to narrow down what that 'something else' is.

 

For now, based on prior analysis a few comments prior (especially about the hostapd/wpa_supplicant 'discovery', perhaps rebuild the  Armbian image (kernel + distribution) from source may help !

Still it is a gamble, as I do not know the root cause of it.

 

edit:

@av4625

there is one other thing, and this relates to config

https://gist.github.com/ag88/de02933ba65500376d1ff48e504b1bf3

in my hostapd.conf example I specified channel=0 (that should literally should mean auto selection of channel)

in actual fact, I used a specific channel 

# "a" simply means 5Ghz
hw_mode=a
# the channel to use
channel=36
ieee80211ac=1

 

the relevant channel is selected by running 

sudo iw list

which gives a detailed list of the frequencies / channels that can be set

then simply pick a channel that is legal and that one prefers (e.g. by checking that no other AP visible is using it) and set that in the hostapd.conf as above

if that is the problem, maybe it helps.

it is perhaps overlooked as the assumption is that only WPA/WPA2 is the issue.

 

Posted

If a feature works on the board under OS A and does not under OS B, given both are Linux based, one can rule our HW issue.

By comparing kernel patches, one can rule out drivers, same with kernel configs/build options and lastly userland SW

That's all I meant.

Remember, OpenWRT, DDWRT, etc. are built with networking/AP functionality in mind, have large user base using exactly feature in question and there might be hints on their forums, wiki, etc.

Posted

I'd guess that 

channel=36

specifier in hostapd.conf 2 comments above would likely make a difference.

prior, i stated channel=0 and I'm assuming ACS (automatic channel selection).

I think ACS may not be working after all, hence, it is necessary to specify the channel manually.

the easiest way to list all channels and frequencies is 

sudo iw list

 

and to list APs that are visible accordingly it is 

nmcli dev wifi

or 

sudo iw dev wlan0 scan

I think iw dev wlan0 scan and nmcli dev wifi needs to be done without hostapd or an AP (e.g. on Network Manager) running

 

I think on Android (and/or iphone?) there are also apps available to list visible WiFi APs and their frequencies / channels

even if it conflicts (e.g. 2 AP on the same channel) I'd guess it'd still work, just that there'd be 'interference' and possibly lower throughput.

 

---

blurb:

yes OpenWRT, Armbian, ... are among the earliest 3rd party open sourced implementations to run on Orange Pi Zero 3.

using Armbian (vs OpenWRT) is just my personal preference, partly as it is a complete linux distribution (e.g. debian). One can run various other things in addition to simply using it as a 'router'.

And that deban, ubuntu style apt update ; apt upgrade or apt install xxyy is very mature and setting up many different apps is simply a one liner apt install xxyy.

And not least Ambian build framework is one of the highlights

https://github.com/armbian/build

one can catch up to the (bleeding) 'edge' of Linux if one wants to.

 

another blurb, using SBC (Single board computers) as WiFi hotspot running  open sourced implementations e.g Armbian, OpenWRT etc is 'very significant'.

Well, these days there are dedicated 'mesh' routers, those are likely faster e.g. WiFi 6 etc (cost wise may actually be equal) 
but that running Armbian (etc) means one can literally customize the use including  setting it up as a router / WiFi hotspot and customize the network setup to work around problems that may not be possible on 'standard' consumer box routers.

And in addition running apps, e.g. file server (lan based storage) , web server with apps, stream media, databases (mysql?)  etc  in addition.

 

Posted
8 hours ago, MaxT said:

given both are Linux based, one can rule our HW issue.

 

I wish this would be that simple :) First, all distros are (usually) re-building packages at different time, thus by default bringing different code base. That change can be small (using same main version of kernel) or big (6.1 vs. 6.10 for example). Then. Armbian adds (ATM) 436 general patches to the kernel and we add several 3rd party drivers to the kernel. We actively maintain this kernel, unlike others. Some distributions are using our kernel, while OpenWRT AFAIK not. Which means they use some version of mainline Linux kernel with their own patches. Their focus is networking (protocols), so I would assume they are fixing those things. I doubt they are doing anything related to this hardware (wifi chip) besides adding device tree (if not yet in mainline). Fixing wireless drivers in its core is done by very few people that are not tied to any distribution in particular https://github.com/morrownr/USB-WiFi  https://github.com/kimocoder ... experience will be different, especially in area of this particular hardware.

Posted

Lots of replies here, thanks everyone!

 

I tried specifying the channel, but it didn't help. I also tried 5GHz instead of 2.4GHz "just incase", but that didn't help either.

You can see my config here:

cat /etc/NetworkManager/system-connections/access_point.nmconnection 
[connection]
id=access_point
uuid=4eba9c88-d36f-40bb-a740-a9eeb903ca75
type=wifi
interface-name=wlan0
mdns=2
timestamp=1728918559

[wifi]
band=a
channel=36
mode=ap
ssid=TEST_TEST

[wifi-security]
key-mgmt=wpa-psk
psk=password

[ipv4]
method=shared

[ipv6]
addr-gen-mode=default
method=auto

[proxy]

 

One thing I noticed is that wpa_supplicant is showing UNKNOWN as the key management type which I thought was weird.

sudo wpa_cli status
Selected interface 'wlan0'
bssid=44:fa:6d:94:c1:36
freq=5180
ssid=TEST_TEST
id=0
mode=AP
pairwise_cipher=CCMP+TKIP
group_cipher=TKIP
key_mgmt=UNKNOWN
wpa_state=COMPLETED
ip_address=10.42.0.1
p2p_device_address=46:fa:6d:94:c1:36
address=44:fa:6d:94:c1:36
uuid=82ce0d53-c98a-5bf8-b8a7-89759b194923

 

Haven't had time to try anything else yet

Posted (edited)

FWIW, here's the ansible script I use to set up the Orange Pi Zero 2W we use as our home wireless access point running in 5 Ghz (AC) mode.  It is currently on Armbian 24.11 Debian Bookworm using kernel 6.6.54.  This should work on an Orange Pi Zero 3 since it uses the same CPU and wifi chip.   Note I am using systemd-networkd that netplan uses by default in Armbian's minimal/IOT images, not nmcli. 

 

---
- name: Install networking packages
  apt:
    name:
      - hostapd
      - dnsmasq
    state: present

# setup access point
- name: configure dnsmasq
  file:
    src: dnsmasq.conf
    dest: /etc/dnsmasq.conf
    mode: 0644
  tags:
    - dnsmasq

- name: create dnsmasq.service.d directory if non-existent
  file:
    path: /etc/systemd/system/dnsmasq.service.d
    recurse: true
    state: directory
  tags:
    - dnsmasq

- name: copy fix for systemd-resolved conflict
  when: 
    - ansible_facts.services['systemd-networkd.service'] is defined
    - ansible_facts.services['systemd-networkd.service']['status'] == 'enabled'
  copy:
    src: systemd-resolved-fix.conf
    dest: /etc/systemd/system/dnsmasq.service.d/systemd-resolved-fix.conf
    mode: 0644
  tags:
    - dnsmasq

- name: activate dnsmasq service
  command: systemctl enable dnsmasq.service
  tags:
    - dnsmasq

- name: Set up IPv4 forwarding
  ansible.builtin.copy:
    src: routed-ap.conf
    dest: /etc/sysctl.d/10-routed-ap.conf
    mode: 0644

- name: copy hostapd.conf
  file:
    src: hostapd.conf
    dest: /etc/hostapd/hostapd.conf
    mode: 0644
  tags:
    - hostapd

- name: copy hostapd.service
  file:
    src: hostapd.service
    dest: /etc/systemd/system/hostapd.service
    mode: 0644
  tags:
    - hostapd

# hostapd is masked by default after installation
- name: unmask hostapd.service
  command: systemctl unmask hostapd.service
  tags:
    - hostapd

- name: activate hostapd service
  command: systemctl enable hostapd.service
  tags:
    - hostapd

 

Here's the /etc/dnsmasq.conf file:

 

# disables dnsmasq reading any other files like /etc/resolv.conf
# for nameservers
no-resolv
#IGNORE_RESOLVCONF=yes
#DNSMASQ_EXCEPT="lo"
interface=wlan0

log-queries
log-facility=/var/log/dnsmasq.log
addn-hosts=/etc/hosts
no-dhcp-interface=lo
domain-needed
bogus-priv
dhcp-range=10.10.1.50,10.10.1.199,12h
dhcp-option=3,10.10.1.1
server=1.1.1.1

 

The /etc/systemd/system/dnsmasq.service.d/systemd-resolved-fix.conf file mentioned in the script stops systemd-resolved when dnsmasq is started so it doesn't conflict with dnsmasq:

 

[Unit]
After=systemd-resolved.service

[Service]
ExecStartPre=/usr/bin/systemctl stop systemd-resolved.service
ExecStartPost=/usr/bin/systemctl start systemd-resolved.service

 

The /etc/sysctl.d/10-routed-ap.conf file enables iPv4 and IPv6 address forwarding.  This is required since hostapd is running in routed mode, not bridged:

 

# https://www.raspberrypi.org/documentation/configuration/wireless/access-point-routed.md
# Enable IPv4 routing
net.ipv4.ip_forward=1
# Enable IPv6 routing
#net.ipv6.conf.default.forwarding=1

 

The /etc/hostapd/hostapd.conf file, configured for the wifi chips' capabilities:

 

ssid=<YOUR SSID GOES HERE>
interface=wlan0
hw_mode=g
channel=40
driver=nl80211

logger_syslog=0
logger_syslog_level=0
wpa=2
preamble=1
# Wifi Multi-Media support, also required for full speed on 802.11n/ac/ax
wmm_enabled=1

wpa_passphrase=<YOUR PASSWORD GOES HERE>
wpa_key_mgmt=WPA-PSK
wpa_pairwise=TKIP
rsn_pairwise=CCMP
auth_algs=1
macaddr_acl=0

## IEEE 802.11n
ieee80211n=1
ht_capab=[LDPC][HT40-][HT40+][SHORT-GI-20][SHORT-GI-40][RX-STBC1]
country_code=US
ieee80211d=1
## IEEE 802.11n

## IEEE 802.11a
hw_mode=a
## IEEE 802.11a
  
## IEEE 802.11ac
ieee80211ac=1
vht_capab=[MAX-MPDU-7991][RXLDPC][SHORT-GI-80][SU-BEAMFORMEE][MU-BEAMFORMEE][VHT-TXOP-PS][MAX-A-MPDU-LEN-EXP3]
vht_oper_chwidth=1
vht_oper_centr_freq_seg0_idx=42
## IEEE 802.11ac

# controlling enabled
ctrl_interface=/var/run/hostapd
ctrl_interface_group=0

 

The /etc/systemd/system/hostapd.service file:

 

[Unit]
Description=Advanced IEEE 802.11 AP and IEEE 802.1X/WPA/WPA2/EAP Authenticator
Documentation=man:hostapd(8)
After=network.target
Before=dnsmasq.service
ConditionFileNotEmpty=/etc/hostapd/hostapd.conf
#Wants=dhcpcd.service
#Before=network.target dhcpcd.service wpa_supplicant.service

[Service]
Type=forking
PIDFile=/run/hostapd.pid
Restart=on-failure
RestartSec=2
Environment=DAEMON_CONF=/etc/hostapd/hostapd.conf
EnvironmentFile=-/etc/default/hostapd
ExecReload=/bin/kill -s HUP $MAINPID
ExecStartPre=/usr/bin/ip link set wlan0 down
ExecStartPre=/usr/bin/ip address flush dev wlan0
ExecStartPre=/usr/bin/ip link set wlan0 up
ExecStartPre=/usr/bin/ip addr add 10.10.1.1/24 dev wlan0
ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid $DAEMON_OPTS $DAEMON_CONF

[Install]
WantedBy=multi-user.target

 

Hope this helps.

Edited by jimg
Posted

I downloaded the latest image which has the same versions as you.

This seemed to get a little bit further. I set it up manually using the exact files above just changing ssid and password as I havent used ansible before and couldn't get it to work.

 

I am able to select the AP and type in the password and it seems to connect. But I get a no Wi-Fi symbol, this is no drama as I only want to be able to talk to the OPi using this hotspot to access a server it hosts. But, when I look at the connection, it doesn't seem to have a router/gateway IP. On my OPi Zero LTS where the hotspot works, I can SSH to the gateway IP (10.42.0.1 by default).

 

Another weird thing the IP that my Mac got after connecting started with 169, I would have expected this to be in the range specified in /etc/dnsmasq.conf (dhcp-range=10.10.1.50,10.10.1.199,12h).

I'm not sure if its just how this specific hotspot is configured but I guess yours works better than this. I dunno why, but I find hostapd and dnsmasq a lot more complicated and harder to understand.

 

But I wonder, because this hotspot seemed to accept a password and my Mac showed it as WPA2/WPA3, is it just an option that needs to be set for the nmcli hotspot. Because without a password it works perfectly like I expect and I can SSH to the gateway IP etc etc.

 

I also tried my own nmcli commands on the new image "just incase" but no luck.

Posted

if this is based on hostapd try 

journalctl -u hostapd

to check the connect logs, normally successful connection attempts is quite 'intuitive' e.g. that there is normally a WPA / authentication related message

 

other things that possibly matters include 

  • ip address, that should be provided by dhcp (e.g. dnsmasq)
  • dns server, i think some os (e.g. android at least) tries to connect to some internet web sites (google?) and complains that there is no internet if is not accessible.
    if there is after all no internet, you may need to run a dns to resolve the ap itself if you are accessing it via domain names.
    For accessing the host itself, i'm not too sure if dnsmasq can work as dns and resolve its own domain. Otherwise, accessing the host would likely need to be based on ip address.
    alternatively, I'd think  install and configure avahi (MDNS) which may help to resolve the ap itself as host.local (e.g. orangepizero3.local)
  • interfaces and routing, we normally assume that it is configured and working? but nevertheless it may help to check e.g.
    ip link
    ip -4 add
    ip route

     

 

Posted
Quote

 Another weird thing the IP that my Mac got after connecting started with 169, I would have expected this to be in the range specified in /etc/dnsmasq.conf (dhcp-range=10.10.1.50,10.10.1.199,12h).

I'm not sure if its just how this specific hotspot is configured but I guess yours works better than this. I dunno why, but I find hostapd and dnsmasq a lot more complicated and harder to understand.

 

A 169.x.x.x address is a link-local address and indicates the Orange Pi's DHCP server (i.e., dnsmasq)  isn't running.  As mentioned in the ansible file,  dnsmasq is masked by default on installation.  To get it to function, you have to both unmask and enable it after installation:

 

sudo systemctl unmask dnsmasq.service
sudo systemctl enable dnsmasq.service

 

If you did that and it's still not working, check if dnsmasq is running using:

 

sudo systemctl status dnsmasq.service

 

Check the 'Active' attribute in the output; It should be "active (running)".  If it's not, check the log messages printed at the end of the report's output to determine the cause.  Feel free to post the output here if you need help debugging it.

 

 

 

 

 

 

 

 

 

 

dmsmasq by default is left disabled after installation.  Did you enable the dnsmasq systemd service as mentioned in the ansible file? 

 

Posted

Thanks for the help, my network knowledge is poor as you can likely tell.

 

I did enable dnsmasq like the ansible file does and it seems to be running, but there is a failed log:

● dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
     Loaded: loaded (/lib/systemd/system/dnsmasq.service; enabled; preset: enabled)
    Drop-In: /etc/systemd/system/dnsmasq.service.d
             └─systemd-resolved-fix.conf
     Active: active (running) since Wed 2024-10-16 00:18:11 BST; 18h ago
    Process: 808 ExecStartPre=/etc/init.d/dnsmasq checkconfig (code=exited, status=0/SUCCESS)
    Process: 938 ExecStartPre=/usr/bin/systemctl stop systemd-resolved.service (code=exited, status=0/SUCCESS)
    Process: 941 ExecStart=/etc/init.d/dnsmasq systemd-exec (code=exited, status=0/SUCCESS)
    Process: 946 ExecStartPost=/etc/init.d/dnsmasq systemd-start-resolvconf (code=exited, status=0/SUCCESS)
    Process: 991 ExecStartPost=/usr/bin/systemctl start systemd-resolved.service (code=exited, status=0/SUCCESS)
   Main PID: 945 (dnsmasq)
      Tasks: 1 (limit: 4548)
     Memory: 5.1M
        CPU: 222ms
     CGroup: /system.slice/dnsmasq.service
             └─945 /usr/sbin/dnsmasq -x /run/dnsmasq/dnsmasq.pid -u dnsmasq -r /run/dnsmasq/resolv.conf -7 /etc/dnsmasq.d,.dpkg-dist,.dpkg-old,.dpkg-new --local-service

Oct 16 00:18:09 orangepizero3 systemd[1]: Starting dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server...
Oct 16 00:18:11 orangepizero3 resolvconf[963]: Dropped protocol specifier '.dnsmasq' from 'lo.dnsmasq'. Using 'lo' (ifindex=1).
Oct 16 00:18:11 orangepizero3 resolvconf[963]: Failed to set DNS configuration: Link lo is loopback device.
Oct 16 00:18:11 orangepizero3 systemd[1]: Started dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server.

 

hostapd status:

● hostapd.service - Access point and authentication server for Wi-Fi and Ethernet
     Loaded: loaded (/lib/systemd/system/hostapd.service; enabled; preset: enabled)
     Active: active (running) since Wed 2024-10-16 00:18:10 BST; 18h ago
       Docs: man:hostapd(8)
    Process: 814 ExecStart=/usr/sbin/hostapd -B -P /run/hostapd.pid $DAEMON_OPTS ${DAEMON_CONF} (code=exited, status=0/SUCCESS)
   Main PID: 853 (hostapd)
      Tasks: 1 (limit: 4548)
     Memory: 2.8M
        CPU: 265ms
     CGroup: /system.slice/hostapd.service
             └─853 /usr/sbin/hostapd -B -P /run/hostapd.pid /etc/hostapd/hostapd.conf

Oct 16 00:18:09 orangepizero3 systemd[1]: Starting hostapd.service - Access point and authentication server for Wi-Fi and Ethernet...
Oct 16 00:18:10 orangepizero3 hostapd[814]: wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE
Oct 16 00:18:10 orangepizero3 systemd[1]: Started hostapd.service - Access point and authentication server for Wi-Fi and Ethernet.

 

I don't seem to get any logs from hostapd when trying to join the hotspot, it just shows this:

$ journalctl -fu hostapd
Oct 16 00:18:09 orangepizero3 systemd[1]: Starting hostapd.service - Access point and authentication server for Wi-Fi and Ethernet...
Oct 16 00:18:10 orangepizero3 hostapd[814]: wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE
Oct 16 00:18:10 orangepizero3 systemd[1]: Started hostapd.service - Access point and authentication server for Wi-Fi and Ethernet.

 

ip output:

$ ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: end0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP mode DEFAULT group default qlen 1000
    link/ether 02:00:97:9b:cb:c0 brd ff:ff:ff:ff:ff:ff
3: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
    link/ether 44:fa:6d:94:c1:36 brd ff:ff:ff:ff:ff:ff


$ ip -4 add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: end0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    inet 192.168.178.170/24 metric 100 brd 192.168.178.255 scope global dynamic end0
       valid_lft 839122sec preferred_lft 839122sec


$ ip route
default via 192.168.178.1 dev end0 proto dhcp src 192.168.178.170 metric 100 
192.168.178.0/24 dev end0 proto kernel scope link src 192.168.178.170 metric 100 
192.168.178.1 dev end0 proto dhcp scope link src 192.168.178.170 metric 100

 

Posted

Looks like dnsmasq is running. I get that failed message in my log, too, so you can ignore it.

 

According to your 'ip -4 add' output, it doesn't appear the wlan0 interface is getting assigned the 10.10.1.1 address like it should from the hostapd.service file.  Based on the 'systemctl status hostapd.service' output, the ExecStartPre commands in that file that set the address aren't being run.  What's the output of 'cat /etc/systemd/system/hostapd.service'?

Posted

I have no idea what I did, that file didn't exist. I swear I put it there.

 

I did the last 3 steps of the ansible file again after stopping hostapd and it now works! 🤯

I dunno if its mean't too, but it doesn't share the eth connection, so for example I can't access the internet when connected to it (the Zero LTS I have setup with network manager can without me setting anything up to do that). But I don't care about that anyway as it will live in a car and not be connected over ethernet after I'm finished dev anyway, just thought I'd call it out.

 

Why my original way doesn't work and this does still baffles me 🤷‍♂️ I don't like not understanding why the other way didn't work lol

 

But thank you a lot, I will try and research and learn more about hostapd and dnsmasq now so I understand it better.

Posted

I wont have a chance to look into it all until tomorrow, but does your setup use wpasupplicant? If so that rules that out as being the earlier issue

Posted
4 hours ago, av4625 said:

I have no idea what I did, that file didn't exist. I swear I put it there.

 

 

If you tried creating an access point using  NetworkManager, my guess is it's probably overwriting the dnsmasq.service file.   See if the access point(s) you attempted to create is listed in one of the system connection files:

 

ls /etc/NetworkManager/system-connections

 

If so, delete the offending file(s).

 

If you still have NetworkManager installed, you should also do what @ag123 recommended earlier and create a file so NetworkManager doesn't attempt to control the wlan0 interface:

 

Quote

I added in /etc/NetworkManager/conf.d/99-unmanaged-devices.conf

[keyfile]
unmanaged-devices=interface-name:wlan0

 

 

 

4 hours ago, av4625 said:

Why my original way doesn't work and this does still baffles me 🤷‍♂️ I don't like not understanding why the other way didn't work lol

 

 

I am not surprised.  I generally like NetworkManager for networking, but have rarely succeeded in using it to set up an AP on most boards I've tried in the past.  And, because it's so opaque, it's difficult to debug what's wrong.  That's why I use hostapd + dnsmasq.  It very configurable and easier to debug.

 

3 hours ago, av4625 said:

I wont have a chance to look into it all until tomorrow, but does your setup use wpasupplicant? If so that rules that out as being the earlier issue

 

Yes, it's installed by default on my minimal/IOT image and launched by systemd.  But I think your problem is probably caused by conflicting NetworkManager configuration(s), not wpa_supplicant.

Posted

yes this is useful 

I added in /etc/NetworkManager/conf.d/99-unmanaged-devices.conf

[keyfile]
unmanaged-devices=interface-name:wlan0

 

Network Manager can still manage the end0 (ethernet) interface which is what I did. In fact, I used Network manager to setup a bridge and let hostapd patch wlan0 into the bridge.

And in fact I manage my ip address and services on the bridge itself, i.e. use the bridge as my ip 'interface', all other stuff (dns, dhcp, etc can run on that instead)

 

It is not without issues though, Network Manager and hostapd has a race condition at startup, because hostapd creates the bridge (this is if you use the bridge=br0 configuration) if it is started earlier.

And Network Manager sometimes gets goofy there and disabled the bridge etc.

Hence, I make hostapd start 2 seconds later using /usr/bin/sleep 2 in the hostapd.service file.

 

If using a bridge is not necessarily one's preferred option as the LAN segments becomes all connected.

Then one'd need to setup the sub-nets accordingly and update the routing tables (at least static routing) accordingly, you would need to consider the 'overall' network setup including adjacent routers as well.

One can setup NAT (ip masquadering) so that on the up stream (e.g. ethernet) only a single ip address is used, and that Opi Zero 3 AP does that NAT.

Accordingly there is another trick known as proxy arp.

https://wiki.debian.org/BridgeNetworkConnectionsProxyArp

The main reason I'm using a bridge is actually that dhcp, dns and routing is based on the 'main' router which is not the Opi Zero 3 AP itself, this works rather well in a small e.g. home network with a few devices.

 

what @jimg proposes should be good working configurations with local ip and without the bridge.

 

there could be possible race conditions to look out for though, e.g. that dhcp, dns, dnsmasq, avahi etc has a dependency on the wlan0 interface and probably needs to run after the wlan0 interface (e.g. ip etc ) is setup and up.

 

accordingly, systemd-networkd can be used to setup the network, 

https://wiki.archlinux.org/title/Systemd-networkd

Apparently, it has rather good support for hostapd

https://wiki.archlinux.org/title/Systemd-networkd#[DHCPServer]

one may like to explore this option instead. Though I've not tried it myself and hence can't comment much about it.

It'd be good to 'document' that say in a post (e.g. in tutorials https://forum.armbian.com/forum/40-reviews-tutorials-hardware-hacks/) here,

if one successfully setup the AP with all the necessary services running. e.g. hostapd, dhcp, dhs, dnsmasq etc.

 

accordingly, there is another way to setup the interfaces e.g. in /etc/network/interfaces

https://wiki.debian.org/NetworkConfiguration#A4_ways_to_configure_the_network

this may work better with hostapd setup and can likely co-exist with Network Manager if one used them in combination.

e.g. that the network setup can run first, after that hostapd, dhcp, dns, dnsmasq, avahi etc can run after the dependent wlan0 interface is up.

 

Posted
4 hours ago, ag123 said:

what @jimg proposes should be good working configurations with local ip and without the bridge.

 

I have always use a routed configuration instead of a bridge because I'm always configuring my AP as our home router or subnet router.  If there is no upstream router in front, then you will definitely need to install a firewall too like ufw or firewalld (which I always do).

 

4 hours ago, ag123 said:

systemd-networkd can be used to setup the network, 

 

It's worth noting that Armbian now uses netplan to setup networking each time at boot.  Server/IOT images configure netplan to use systemd-networkd.  Server images use NetworkManager.  To change from systemd-networkd, you need to install NetworkManager, then change the netplan configuration file(s) to use it instead.

 

Interfaces not named or matched in the netplan file or ignored by Netplan, so if you're creating a hotspot with hostapd & dnsmasq, wlan0 should be left out of the configuration files listed in /etc/netplan.

 

systemd-networkd has more limited functionality than NetworkManager when using netplan; e.g., you can use matching rules like 'wlx*' when defining networks with NetworkManager in netplan but not systemd-networkd.

Posted

@jimg thanks.

 

Nothing wrong or against a routed configuration, just that a routed configuration needs the various routers to 'play well together'.

In fact, I preferred a routed configuration as it separates the LAN segments, just that a routed config need more planning e.g. if there are more than a single router.

I'm using bridge config partly as the central router handles dhcp etc.

one of the 'problems' that I confront is ipv6 router advertisements

https://en.wikipedia.org/wiki/Radvd

https://en.wikipedia.org/wiki/IPv6#Stateless_address_autoconfiguration_(SLAAC)

As my isp provides only a /64 'network', I kind of am 'out of options' as IPV6 normally reserves the entire lower 64 bits as the 'host' part.

Hence, it is not possible to subnet the lower /64 network. That leaves practically only bridging as the only option for the subnets.

 

Then that these OPi Zero 3 APs are 'mesh' APs and that a slight benefit here is that using bridges makes them 'auto' configuring, i.e. the same AP can be 'shifted' around to other network points and it 'just works' without re-configuring.

Routing can achieve similar effect, but that a routing daemon is needed, static routing may have some limitations for 'auto' configuring in this respects.

 

I've not tried netplan and I think I should try it out.

Apparently netplan currently, only supports NetworkManager for AP

https://netplan.readthedocs.io/en/stable/netplan-yaml/#properties-for-device-type-wifis

and it seemed the 'workaround', is to only have netplan setup the ip address of the wifi interface

https://eternaltinkering.com/blog/ubuntu-server-wifi-ap.html

hostapd etc would be separate from that. 

 

 

Posted
Quote

If you tried creating an access point using  NetworkManager, my guess is it's probably overwriting the dnsmasq.service file.

I started from a clean install just incase anything I did previously affected it, so NetworkManager is no longer installed.

 

Quote

See if the access point(s) you attempted to create is listed in one of the system connection files:

 

ls /etc/NetworkManager/system-connections

This directory doesn't exist for me now. Although the hotspot does work after reboots now, so it could have just been something I did wrong before but I was trying to be really careful and do. it all as you had in your earlier reply.

 

Quote

but have rarely succeeded in using it to set up an AP on most boards I've tried in the past

I must have just been very lucky with the OPi Zero LTS as it "just worked" and seemed "easy" lol

 

Quote

Network Manager can still manage the end0 (ethernet) interface which is what I did.

Its funny you say this, in my early attempts with network manager, when I listed all connections it never listed the ethernet connection and only my (broken) hotspot or when I connected to my router over wifi it listed that. So it seems like network manager never managed my eth connection, not sure what actually does. 

Posted

@av4625 

here are some of my thoughts, as discussed prior, wpa_supplicant and / or hostapd is The 'library' that does *all* of WPA/WPA2/WPA3

https://w1.fi/wpa_supplicant/devel/

The design goal for wpa_supplicant was to use hardware, driver, and OS independent, portable C code for all WPA functionality
The design goal for hostapd was to use hardware, driver, and OS independent, portable C code for all WPA functionality.

 

That means selecting either wpa_supplicant or hostapd would provide the wifi AP functionality specifically for WPA / WPA2 and authentication.

Using hostapd apparently has 'better' logging as the access attempt is logged 

journalctl -u hostapd

there are some messages, some abstracts from my logs

STA mac_addr IEEE 802.11: associated
STA mac_addr RADIUS: starting accounting session 63AA93B230BE083E
STA mac_addr WPA: pairwise key handshake completed (RSN)
STA mac_addr WPA: group key handshake completed (RSN)
STA mac_addr IEEE 802.11: disassociated

this helps ascertain that the connection / WPA / WPA2 is established and authentication is successful

 

From prior discussions, it seemed NetworkManager uses wpa_supplicant. In my case, I find the lack of logs 'opaque' and lacks info for adequate troubleshooting.

I'm also unsure if I can adequately separate the concerns with Network Manager with an AP, i.e. hostapd itself (for WPA/WPA2 and authentication), then dhcp to provide (to connecting clients) ip address and dns address, ipv6 router advertisements etc and in addition to setup a bridge separate from the wifi interface itself.

And in part, hostapd apparently provides significantly more detailed configuration, in particular for the various features supported by wifi itself.

https://web.mit.edu/freebsd/head/contrib/wpa/hostapd/hostapd.conf

Hence, I choose to use hostapd instead.

However, given those documentations, https://w1.fi/wpa_supplicant/devel/, it'd seem that hostapd and wpa_supplicant are likely equivalent. just that i'm more familiar with hostapd currently.

 

Hence, in my setup. I've Network Manager omit setting up the wifi interface.

 /etc/NetworkManager/conf.d/99-unmanaged-devices.conf

[keyfile]
unmanaged-devices=interface-name:wlan0

 

Network manager, however, is used to setup the bridge and manage the ethernet interface, configured using nmcli.

Then hostapd is configured to patch the wifi interface into the bridge after hostapd is running.

/etc/hostapd/hostapd.conf

bridge=br0

 

Networkmanager configuration of the bridge looks like this

> nmcli c
NAME    UUID                                  TYPE      DEVICE 
bridge  d0fc7d8a-51ea-4c5d-a297-943e2a037cff  bridge    br0    
lo      59201f46-2fff-4f67-9822-7019cea62cf5  loopback  lo     
br-eth  29c02c5c-4d75-4e03-bb71-8a761e076562  ethernet  end0  

> sudo brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.xxyy               yes             end0
                                                        wlan0

Here, wlan0 is patched into the bridge by hostapd. Note the race condition issue discussed 3 comments prior.

 

The ethernet connection should be visible in NetworkManager in the default configuration e.g. as "Wired connection 1"

 

Then to setup the bridge I used a bunch of nmcli commands

https://gist.github.com/ag88/de02933ba65500376d1ff48e504b1bf3

nmcli con down "Wired connection 1"
nmcli con del "Wired connection 1"
nmcli con add connection.id bridge type bridge ifname br0
nmcli con add connection.id br-eth type bridge-slave ifname end0 master br0
#this is for dynamic (dhcp IP address)
#nmcli c modify bridge ipv4.method auto
#this is for fixed ip address, and assume that your gateway router is at 192.168.1.1
nmcli c modify bridge ipv4.method manual ipv4.addresses 192.168.1.10/24 ipv4.gateway 192.168.1.1

In the above I removed the default Ethernet connection and replaced that with a bridge setup.

The above can only be done via a 'usb-uart serial debug' bridge/dongle on the 3 serial pins for the serial console. i.e. you can't work from ssh into the ethernet connection and change the network configs.

 

This is for the bridged setup. For a routed setup, my thoughts are that the 'missing' things are 

  • configure ip address and routing for the wifi (wlan0) interface (this would need to be done outside NetworkManager if it isn't managing it)
  • run a dhcp server to provide connecting clients with ip address and dns address (this can be provided by dnsmasq or a dhcp server (e.g. isc-dhcp-server). 
    (other services to run can included ipv6 router advertisements (radvd or dnsmasq does that), avahi (multi-cast DNS) etc)
  • configure 'upstream' routing / forwarding through the ethernet (end0)

Those are covered to some extent in the prior discussions.

 

If you managed to run a succcessful setup say with hostapd, my guess is that you could likely migrate/convert that into a completely NetworkManager setup which uses wpa_supplicant internally.

It could possibly be 'less verbose' as compared to these setups which requires a lot of additional manual configuration as like above.

 

Posted

@av4625

I tried setting up WiFI AP using Network Manager which in turns uses wpa_supplicant.

The configuration is actually 'much' easier than this current manual method using hostapd.

1st install dnsmasq (without this I found errors in journalctl -u NetworkManager logs saying that dnsmasq is not accessible)

apt install dnsmasq

 

then the following needs to be done using the usb uart serial debug dongle on the 3 serial pins.

to configure the upstream *ethernet* interface it is 

nmcli c add "Wired connection 1" ifname end0 type ethernet

That creates the network manager connection for the ethernet interface and it obtains its address via dhcp

  • Hang / no response while half way working with usb uart serial debug dongle 

Some troubles while working in the usb uart serial debug dongle, it occasionally (quite frequently) hangs for uncertain reasons, no response in terminal.

The terminal app I used is putty

https://www.putty.org/
There is actually 'no solution' to the serial debug hang issue. I'm halfway suspecting that it may be due to loose connections, but I can't prove it.

I used cheap usb-uart dongles like these

https://www.aliexpress.com/w/wholesale-usb-uart.html

  • solution to serial debug hang

 

What I actually did to 'overcome' this is that I first configure the ethernet to work correctly in network manager (as above using nmcli).


after that useful tip, install avahi (mDNS https://en.wikipedia.org/wiki/Multicast_DNS )

apt install avahi-daemon
apt install avahi-utils

then in /etc/avahi/avahi-daemon.conf
[server]
publish-workstation=yes

 then I look for that over the network using avahi-browse -a to search for the board in the lan.

 it is then simple to ssh into that e.g. ssh user@orangepizero3.local

 

The ethernet connection proved to be more stable than the 'usb uart serial debug' monitor route.

 

------

configuring the WiFi AP.

nmcli d wifi hotspot ifname wlan0 ssid testspot password 12345678

The good thing about NetworkManager with this is that it configures and setup the WiFi hotspot, configures all that necessary routing, setup ip masquadering through the other interface ( i.e. ipv4.method = shared ), configures dnsmasq.

Everything with this 'simple looking' command line.

  • devices are unable to connect with / without password

I'm able to reproduce the various troubles that you are encountering. e.g. it is not possible to connect after playing with the various wpa / wpa 2 settings including things like key-mgmt, pairwise, group etc.

I tried specifying 'tkip, ccmp' for both pairwise and group, didn't work.
I run wpa_ctl status like what you see the key-mgmt is 'unknown'.

I set "log_level debug" < yup just this statement in the prompt,

then run journalctl -fu wpa_supplicant.

The trouble is I've troubles connecting, but that nothing shows in the log during my connection attempts.

 

I googled around next, apparently wpa_supplicant has its own large set of knobs (parameters) to play with

https://web.mit.edu/freebsd/head/contrib/wpa/wpa_supplicant/wpa_supplicant.conf

^ what is quite interesting in this example is that key-mgmt do have the various options in network manager, but that in wpa_ctl , and running "status" command shows that to be 'unknown'.

 

  • solution to 'NetworkManager' AP

Actually, I 'don't have a solution'. Rather, I'm not sure where and what to tweak to try to make wpa_supplicant work with Network Manager.

I tried creating a /etc/wpa_supplicant.conf play with some values, more occasional hangs etc, but did not solve the problem, i.e. journalctl -fu wpa_supplicant don't show any entries and I can't connect from my android phone.

 

Then I switched back to my hostapd based setup in prior comment. it 'just works', practically 'no nonsense'

 

The trouble with hostapd based setup is that you have more work to do (unlike that nmcli one liner to create an AP) if you want to run a routed setup as discussed in the prior comment.

I'd guess that you could adapt that 'bridged' setup, e.g. doing that and running dhcp (e.g. dnsmasq or isc-dhcp-server, you would need to configure it separately)  

https://gist.github.com/ag88/de02933ba65500376d1ff48e504b1bf3

could be a possible setup. The catch is that when you connect through ethernet, that dhcp is running on the bridge and if you have another dhcp server in the lan, things can  be somewhat messy.

the other ways would be to do a truly routed setup as discussed in prior comments.

 

 

Configuring the WiFI interface as 'ethernet' in Network manager

 

  • I'm not too sure if it is quite possible to setup the 'wifi' interface as 'ethernet' in network manager (e.g. nmcli). e.g.
nmcli c add "WiFI connection" ifname wlan0 type ethernet ipv4.method manual ipv4.address <IP>/<prefix> ipv4.gateway <GW-address>
  • ^ I'd guess ipv4.method = shared and without those ipv4.address, ipv4.gateway params may be possible with this which would do ip masquadering through the other (ethernet) interface 
    use ip -4 add  and/or ip route, to check what addresses and subnet gets assigned to wifi interface (wlan0) if you used ipv4.method = shared
    That is needed for the dhcp server below. Note check also if network manager 'automatically' configures dnsmasq as dhcp server by using ipv4.method = shared, which would make that extra step to configure dnsnmasq below redundant, unnecessary. 'everything' can be configured in network manager if this works.

I've not tried this, but that if this is feasible, it would save some effort trying to set an ip address and routing for the wifi interface.

  • I'd guess hostapd should still be able to run on top of that as hostapd doesn't bother about the ip and routing stuff. 
    The bridge (bridge=br0) is not needed in hostapd.conf in this case.
  • and with this it is not necessary to 'unmanage' the wifi interface in network manager i.e. that /etc/NetworkManager/conf.d/99-unmanaged-devices.conf is not required
  • And in addition, you would still need to install and configure dhcp (dnsmasq or isc-dhcp-server) to provide the connecting devices with ip address and dns address. 
    note: see that ipv4.method = shared above. This step may not be needed.
  • oh and systemctl disable wpa_supplicant, I'm not too sure if hostapd would conflict with wpa_supplicant
    (I'd guess quite possible, they do pretty much similar and contradictory system calls. Hostapd runs an AP, wpa_supplicant mainly tries to setup a wifi client)

do report on if this is feasible / successful / issues etc if you try this

 

 

 

 

 

Posted
Quote

The configuration is actually 'much' easier than this current manual method using hostapd.

This is exactly why I preferred to use network manager and you don't have to mess with dnsmasq and can use the default resolved and not worry about race conditions with them etc. Its also easy to use mDNS as its just setting a resolved conf value and a option on the network manager AP.

 

Quote

1st install dnsmasq (without this I found errors in journalctl -u NetworkManager logs saying that dnsmasq is not accessible)

dnsmasq-base should be enough, network manager seems to run its own instance of dnsmasq-base.

 

Quote

Hang / no response while half way working with usb uart serial debug dongle

I was also getting this, I also use a cheap uart to usb converter, but never had issues with it before.

 

I have tried some of your previous suggestions too that I hadn't yet got round to yet. I built my own version of armbian, I chose Jammy and a server cli build as this is exactly what is on my working device. I wanted to see if the server image had something extra that I needed and didn't know about. I noticed that all the tiny differences I noticed with the debian minimal image were no longer there, like permissions differences with nmcli and by default on this image network manager manages the ethernet connection.

 

Long story short, I still can't connect to a hotspot with a password on this image. All versions are the same as my working device so it must be a hardware difference.

 

Quote

The design goal for wpa_supplicant was to use hardware, driver, and OS independent, portable C code for all WPA functionality

Probably the "hardware" bit here.

 

I then tried the latest ubuntu server cli image (Oracular) on bleeding edge.  It failed at the nmcli command to bring the connection up. Fails with a wpasupplicant error about taking too long to authenticate. 

Posted

@av4625 

there is one experiment that I did not try which is to play with wpa_supplicant with its own /etc/wpa_supplicant.conf 

if it works, it'd likely point to a problem in network manager itself, possibly that network manager is sending the 'wrong' commands.

 

However, as I couldn't figure out how to work that with network manager, possibly conflicts since network manager is intended to control it via the unix socket?

redoing the 'whole' thing by having network manager unmanage the wifi interface is another test, but I did not try that due to the effort involved.

 

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...

Important Information

Terms of Use - Privacy Policy - Guidelines