Never use auto.
You don’t know what it will take then.
I set 5500, better results, peak 715, avg 552 after 10 sec. If i run for longer i get same, about 459 Mbps
Hi,
I have many SA Query timeout on this beta with new DELL notebook WiFi AX. I downgraded to 7.10 and SA Query timeout is gone but on this version I had WiFi issue too with not able to join WiFi after a while. This is nightmare I will have to downgrade to 7.8 :///////
How often do you get SA Query timeout ?
Every minute, but I’m on 7.10 now. There is no SA query timeout with the same device.
Try 7.11beta2, i don’t have any problem for now
can you read? all of those issues happend on 7.11beta2…
SA Query Timeout on its own is not an issue, unless it is truly excessive.
In short - this means that the client left the router range, AP sent an information request in order to check, if the client is still present and did not receive an answer. Thus - the client has left the range. Completely normal debug log message - this is not an error or warning. Just an informational message.
In greater detail:
SA Query Timeout is a normal part of wireless behavior. It is a security feature.
SA Query is triggered in the following scenario:
- On AP there is a valid security association for the station
- AP receives an Association request from an already associated station
- AP responds with Association request rejected - “Association Comeback interval” Status Code:30. - this is done in order for AP to understand if the association request came from an attacker, or if it came from a station that got out of range, and was not able to disassociate beforehand.
- AP sends SA Query Request to the station. Using original encryption that was used with the client beforehand. If the client sends SA Query Response, it will mean that the initial association request came from Attacker.
- If the Client doesn’t give SA Query response, it means that the real client got disconnected, or rather was out of range, and didn’t disassociate from AP properly, and restarted association to AP - no attacker is present in this case. And at this point, you will see SA Query Timeout in the log.
That’s just to say that if you notice some timeouts, it’s not necessarily an issue, but if they are constant, especially for a client that was not moved out of range, then a deeper investigation should be done. In such cases, where it’s constant or seems excessive, please create a support ticket, with supout.rif file made after the issue appears, along information about the wireless client and it’s the wireless network card that had this issue.
Sorry, I didn’t read carefully.
hAP ax3: wireless crashed after only 3 days, nobody can’t login… wrong password.
After months of tests for me it is starting to become unnerving, I need a stable product and I think I will evaluate other brands.
It’s a real shame because the wireless performance is excellent.
New supout.rif file attached to SUP-116928
When policy routing is not used and the ip assigned by dns is not local dns, it can be redirected to local dns normally. After policy routing is used, dns cannot be directed to the local.
This is normal in the ros 6 version, and the 7 version has not been fixed yet.
hAP ax3: wifi still not fixed… Very disappointed.
what problem with wifi?
I have noticed that roaming mostly works fine when using WPA2 only (using capsman so roaming between APs) and doesn’t work properly on devices that prefer WPA3 when using WPA2/3 mixed. However sometimes the roaming fails with SA query timeout even on WPA2 only mode. New supout attached to SUP-116463
IKE2 is broken since 7.10, can’t get site to site working properly. Created SUP-117869 two months ago but issue still persists.
Hi,
What happens to him? What is your setup?
Regards,
I’m using Mikrotik spokes to a Cisco hub and phase2 rekey is not working, tunnel breaks and starts again. Support sent me to test some 7.11 alpha releases which won’t even establish the tunnel in the first place (I get INVALID_SYNTAX responses from hub). I’m using more than one policy per spoke.
On 7.9 it worked pretty well…
As a comment to MT problems … upgraded Ruckus Unleashed network to WPA3 firmware and enabled WPA2+WPA3 and then some computers started to have problems with connections. Switched back to WPA2 only solved problems. I think that poor WiFi cards drivers could be a problem.
Hi,
So we’re in the same problem, it seems (SUP-120165).
I am experiencing disconnections every 30 minutes, which matches the “Lifetime” of phase 2 (proposal) even though I have “PFS Pool” set to none.
In previous versions I did not notice this behavior.
IPsec-SA expired before completion of key change.
Regards,
Yes, it looks like we are in the same boat. Are you also using Cisco on one end or is it MKT to MKT for you?
I’m not using PFS because it never worked well between Cisco and Mikrotik. My phase 2 timer is 4 hours, I see new SAs created after the soft timer expires but old SAs don’t get deleted and eventually break the tunnel.