CAPSman and DTLS teardown

RouterOS Wireless Networking
1

HI All,

I’ve just started a test setup for CAPS manager. Network consists of:

  • one RB2011UAS-2HnD (will act as Caps manager)
  • one RB333 (will act as Caps client)
    both of them running 6.15 with wireless-fp enabled. They are connected via ethernet link, same subnet with no filtering.

I’ve tried to setup caps using example given in Mikrotik manual.


here is code for caps manager (RB2011):

# jun/23/2014 13:17:31 by RouterOS 6.15
# software id = IHI0-I60U
#
/caps-man security
add authentication-types=wpa2-psk encryption=aes-ccm name=wpa2psk
/caps-man configuration
add channel.band=2ghz-b/g/n channel.frequency=2442 channel.width=20 datapath.bridge=bridge1 datapath.bridge-cost=8 name=master-cfg security=wpa2psk
    security.passphrase=12345678 ssid=master
add datapath.bridge=bridge1 datapath.bridge-cost=8 name=slave-cfg security=wpa2psk security.passphrase=87654321 ssid=slave
/caps-man manager
set enabled=yes
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=master-cfg slave-configurations=slave-cfg

and for caps-client (RB333):

# jun/23/2014 13:18:34 by RouterOS 6.15
# software id = 5TAV-4HIF
#
/interface wireless cap
set bridge=bridge1 caps-man-addresses=10.10.1.252 discovery-interfaces=\
    bridge1 enabled=yes interfaces=muezin-24n

I’ve tried to connect to those networks. Here are my observations:

  1. As long as there are no wireless clients connected manager-ap connection stays stable
  2. Provisioning works OK, all provisioned SSIDS are available
  3. it takes quite a long time for a client to get in
  4. during association I can see that capXX port in RB2011 bridge gets enabled
  5. after a while wireless device gets disconnected with following messages in RB2011 log (I’ve connected device at 13:21):

13:21:58 wireless,debug CAP Run->DtlsTeardown
13:21:58 wireless,info CAP disconnected from muezin-rtr (D4:CA:6D:8D:80:60/7/0)
13:21:58 wireless,debug CAP DtlsTeardown->Idle
13:21:58 wireless,debug CAP discovery target list:
13:21:58 wireless,debug ::ffff:10.10.1.252:5246
13:21:58 wireless,debug ::ffff:255.255.255.255:5246
13:21:58 wireless,debug FF:FF:FF:FF:FF:FF/0/0
13:21:58 wireless,debug CAP Idle->Discover
13:22:01 wireless,debug CAP discovery over, results:
13:22:01 wireless,debug muezin-rtr (::ffff:10.10.1.252:5246)
13:22:01 wireless,debug CAP Discover->Select
13:22:01 wireless,info CAP selected muezin-rtr (::ffff:10.10.1.252:5246)
13:22:01 wireless,debug CAP Select->PMTUDiscover
13:22:01 wireless,debug CAP PMTUDiscover->DtlsSetup
13:23:01 wireless,debug CAP DtlsSetup->DtlsTeardown
13:23:01 wireless,info CAP failed to join muezin-rtr (::ffff:10.10.1.252:5246)
13:23:01 wireless,debug CAP DtlsTeardown->Select
13:23:01 wireless,debug CAP did not find suitable CAPsMAN
13:23:01 wireless,debug CAP Select->Sulking
13:23:06 wireless,debug CAP Sulking->Idle
13:23:06 wireless,debug CAP discovery target list:

If I setup a client with static IP it gets connected, but any client-orginated traffic results in DTLS teardown.

I’ve played with other setups:

  1. using certificates - with the same result
  2. using local forwarding mode - device stays connected, gets IP but quality of transmission is very bad - long packets are broken or lost, short one (like ping, dns) are forwarded mostly ok (only 10-30% packets lost - remember that backend is a 100Mbps eth).
  3. trying different setups that are given in mikrotik’s example - but always the same result: CAPS forwarding results in DTLS teardown, local mode is not reliable.

Unfortunatelly I don’t have other Mikrotik devices to test - so I wonder if anyone got mipsbe and ppc working together in CAPS mode?
It looks like a bug…

regards
Maciej

2

Hi do you already solv this? i have the same problem :frowning:

3

Please upgrade the RouterOS to v6.24 and also consider to move from CAPsMAN v1 to CAPsMAN v2.

4

Hi,
We also have this problem with our network. CAPs connected to CAPsMAN and running OK for a while then all of them get disconnected and connect again. We already upgrade RouterOS to the newest and tried many ways but can not fix it.

We are using CCR1036-8G-2S+ with RouterOS v6.34.3 for CAPsMAN controller. And about 250 pcs RB951UI-2HnD for CAPs with the same RouterOS.

I’m looking forward for a solution.

Regards,