7.14 breaks wifi

xstrid3rx · Tue Mar 26, 2024 9:48 pm

i have an issue that is very strange to me

the below config is from 7.13 it works fine in 7.13 as soon as i upgrade to anything above that the wifi stops functioning

the ssid does not appear on many devices and the devices that does show the ssid refuse to connect they just fail and i get logs that say things like disconnected, key handshake timeout and connection lost, signal strength -33

im at a loss if any one can assist it would be much appreciated

# 2024-03-26 21:25:34 by RouterOS 7.13
# software id = RGSG-4CC8
#
# model = L009UiGS-2HaxD
# serial number = HF309AC6E4Y
/interface bridge
add admin-mac=x:x:x:x:x:x auto-mac=no comment=defconf name=bridge \
    port-cost-mode=short
/interface wifi
set [ find default-name=wifi1 ] configuration.mode=ap .ssid=XPAINX-IOT \
    disabled=no
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/ip pool
add name=dhcp ranges=192.168.50.10-192.168.50.250
/ip dhcp-server
add address-pool=dhcp interface=bridge lease-time=10m name=defconf
/port
set 0 name=serial0
/interface bridge port
add bridge=bridge comment=defconf interface=ether2 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=ether3 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=ether4 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=ether5 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=ether6 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=ether7 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=ether8 internal-path-cost=10 \
    path-cost=10
add bridge=bridge comment=defconf interface=sfp1 internal-path-cost=10 \
    path-cost=10
add bridge=bridge interface=wifi1
add bridge=bridge comment=defconf disabled=yes interface=WAN \
    internal-path-cost=10 path-cost=10
/ip neighbor discovery-settings
set discover-interface-list=LAN
/ipv6 settings
set disable-ipv6=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN

/ip dhcp-server network
add address=192.168.50.0/24 comment=defconf dns-server=192.168.50.253 \
    gateway=192.168.50.254 netmask=24
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.50.254 comment=defconf name=router.lan
/ip firewall address-list
add address=192.168.50.2-192.168.50.254 list=allowed_to_router
add address=0.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=172.16.0.0/12 comment=RFC6890 list=not_in_internet
add address=192.168.0.0/16 comment=RFC6890 list=not_in_internet
add address=10.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=169.254.0.0/16 comment=RFC6890 list=not_in_internet
add address=127.0.0.0/8 comment=RFC6890 list=not_in_internet
add address=224.0.0.0/4 comment=Multicast list=not_in_internet
add address=198.18.0.0/15 comment=RFC6890 list=not_in_internet
add address=192.0.0.0/24 comment=RFC6890 list=not_in_internet
add address=192.0.2.0/24 comment=RFC6890 list=not_in_internet
add address=198.51.100.0/24 comment=RFC6890 list=not_in_internet
add address=203.0.113.0/24 comment=RFC6890 list=not_in_internet
add address=100.64.0.0/10 comment=RFC6890 list=not_in_internet
add address=240.0.0.0/4 comment=RFC6890 list=not_in_internet
add address=192.88.99.0/24 comment="6to4 relay Anycast [RFC 3068]" list=\
    not_in_internet
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
add action=accept chain=input comment="default configuration" \
    connection-state=established,related
add action=accept chain=input src-address-list=allowed_to_router
add action=accept chain=input protocol=icmp
add action=drop chain=input
add action=accept chain=forward comment="Established, Related" \
    connection-state=established,related
add action=drop chain=forward comment="Drop invalid" connection-state=invalid \
    log=yes log-prefix=invalid
add action=drop chain=forward comment=\
    "Drop tries to reach not public addresses from LAN" dst-address-list=\
    not_in_internet in-interface=bridge log=yes log-prefix=!public_from_LAN \
    out-interface=!bridge
add action=drop chain=forward comment=\
    "Drop incoming packets that are not NAT`ted" connection-nat-state=!dstnat \
    connection-state=new in-interface=ether1 log=yes log-prefix=!NAT
add action=jump chain=forward comment="jump to ICMP filters" jump-target=icmp \
    protocol=icmp
add action=drop chain=forward comment=\
    "Drop incoming from internet which is not public IP" in-interface=ether1 \
    log=yes log-prefix=!public src-address-list=not_in_internet
add action=drop chain=forward comment=\
    "Drop packets from LAN that do not have LAN IP" in-interface=bridge log=\
    yes log-prefix=LAN_!LAN src-address=!192.168.50.0/24
add action=accept chain=icmp comment="echo reply" icmp-options=0:0 protocol=\
    icmp
add action=accept chain=icmp comment="net unreachable" icmp-options=3:0 \
    protocol=icmp
add action=accept chain=icmp comment="host unreachable" icmp-options=3:1 \
    protocol=icmp
add action=accept chain=icmp comment=\
    "host unreachable fragmentation required" icmp-options=3:4 protocol=icmp
add action=accept chain=icmp comment="allow echo request" icmp-options=8:0 \
    protocol=icmp
add action=accept chain=icmp comment="allow time exceed" icmp-options=11:0 \
    protocol=icmp
add action=accept chain=icmp comment="allow parameter bad" icmp-options=12:0 \
    protocol=icmp
add action=drop chain=icmp comment="deny all other types"
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
add action=masquerade chain=srcnat comment="HAIRPIN NAT" dst-address=\
    192.168.50.0/24 log-prefix=NAT src-address=192.168.50.0/24
add action=dst-nat chain=dstnat dst-port=6668 protocol=tcp src-address=\
    192.168.50.0/24 src-port=6668 to-addresses=192.168.50.211 to-ports=6668
add action=dst-nat chain=dstnat comment="HOME ASSITANT " dst-address=\
    x.x.x.x dst-port=8123 protocol=tcp to-addresses=192.168.50.211 \
    to-ports=8123
add action=dst-nat chain=dstnat comment="HOME ASSITANT  HTTPS" dst-address=\
    x.x.x.x dst-port=443 protocol=tcp to-addresses=192.168.50.211 \
    to-ports=8123
add action=dst-nat chain=dstnat comment="INVOICE NINJA" dst-address=\
    x.x.x.x dst-port=8003 protocol=tcp to-addresses=192.168.50.14 \
    to-ports=8003
add action=dst-nat chain=dstnat comment=STEAM dst-address=x.x.x.x \
    dst-port=7770-7900 protocol=tcp to-addresses=192.168.50.61 to-ports=\
    7770-7900
add action=dst-nat chain=dstnat comment=STEAM dst-address=x.x.x.x \
    dst-port=7770-7900 protocol=udp to-addresses=192.168.50.61 to-ports=\
    7770-7900
add action=dst-nat chain=dstnat comment=STEAM dst-address=x.x.x.x \
    dst-port=27000-27090 protocol=udp to-addresses=192.168.50.61 to-ports=\
    27000-27090
add action=dst-nat chain=dstnat comment=STEAM dst-address=x.x.x.x \
    dst-port=27000-27090 protocol=tcp to-addresses=192.168.50.61 to-ports=\
    27000-27090
add action=dst-nat chain=dstnat comment=PALWORLD dst-address=x.x.x.x \
    dst-port=8200-8300 protocol=udp to-addresses=192.168.50.61 to-ports=\
    8200-8300
add action=dst-nat chain=dstnat comment=PALWORLD dst-address=x.x.x.x \
    dst-port=8200-8300 protocol=tcp to-addresses=192.168.50.61 to-ports=\
    8200-8300
add action=dst-nat chain=dstnat comment=UT dst-address=x.x.x.x \
    dst-port=60910 protocol=tcp to-addresses=192.168.50.66 to-ports=60910
add action=dst-nat chain=dstnat comment=UT dst-address=x.x.x.x \
    dst-port=60910 protocol=tcp to-addresses=192.168.50.66 to-ports=60910
add action=dst-nat chain=dstnat comment=UT dst-address=x.x.x.x \
    dst-port=60910 protocol=udp to-addresses=192.168.50.66 to-ports=60910
add action=dst-nat chain=dstnat dst-address=x.x.x.x dst-port=8899 \
    protocol=tcp to-addresses=192.168.50.52 to-ports=443
add action=dst-nat chain=dstnat dst-address=x.x.x.x dst-port=8080 \
    protocol=tcp to-addresses=192.168.50.72 to-ports=80
add action=dst-nat chain=dstnat dst-address=x.x.x.x dst-port=8081 \
    protocol=tcp src-port="" to-addresses=192.168.50.71 to-ports=80
/ip service
set telnet disabled=yes
set ftp disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Africa/Johannesburg
/system note
set show-at-login=no
/system routerboard settings
set enter-setup-on=delete-key
/tool mac-server
set allowed-interface-list=LAN
/tool mac-server mac-winbox
set allowed-interface-list=LAN

erlinden · Wed Mar 27, 2024 2:18 pm

What does the logging say? Perhaps activate debug logging on wifi!?

infabo · Wed Mar 27, 2024 3:24 pm

Try 7.13.5

xstrid3rx · Wed Mar 27, 2024 6:32 pm

7.13.5 same result anything above 7.13 breaks it for me

here are debug logs form the only device that even sees the ssid trying to connect

18:21:13 wireless,debug DEBUG: 2C:3B:70:47:B6:94@wifi1 reauthenticating
18:21:14 wireless,debug DEBUG: 2C:3B:70:47:B6:94@wifi1 associated, signal strength -36
18:21:17 wireless,info DEBUG: 2C:3B:70:47:B6:94@wifi1 connected, signal strength -32
18:22:36 wireless,info DEBUG: 2C:3B:70:47:B6:94@wifi1 disconnected, connection lost, signal strength -31
18:22:36 wireless,debug DEBUG: 2C:3B:70:47:B6:94@wifi1 disassociated, connection lost, signal strength -31
18:23:05 wireless,debug DEBUG: 2C:3B:70:47:B6:94@wifi1 reauthenticating
18:23:06 wireless,debug DEBUG: 2C:3B:70:47:B6:94@wifi1 reauthenticating
18:23:23 wireless,debug DEBUG: 2C:3B:70:47:B6:94@wifi1 reauthenticating
18:23:23 wireless,debug DEBUG: 2C:3B:70:47:B6:94@wifi1 associated, signal strength -36
18:23:30 wireless,debug DEBUG: 2C:3B:70:47:B6:94@wifi1 disassociated, key handshake timeout, signal strength -28
18:23:43 wireless,debug DEBUG: 2C:3B:70:47:B6:94@wifi1 reauthenticating
18:23:44 wireless,debug DEBUG: 2C:3B:70:47:B6:94@wifi1 reauthenticating
18:24:01 wireless,debug DEBUG: 2C:3B:70:47:B6:94@wifi1 reauthenticating
18:24:02 wireless,debug DEBUG: 2C:3B:70:47:B6:94@wifi1 reauthenticating
18:24:13 wireless,debug DEBUG: 2C:3B:70:47:B6:94@wifi1 reauthenticating
18:24:14 wireless,debug DEBUG: 2C:3B:70:47:B6:94@wifi1 reauthenticating
18:24:14 wireless,debug DEBUG: 2C:3B:70:47:B6:94@wifi1 associated, signal strength -31
18:24:19 wireless,debug DEBUG: 2C:3B:70:47:B6:94@wifi1 disassociated, connection lost, signal strength -31
18:24:21 wireless,debug DEBUG: 2C:3B:70:47:B6:94@wifi1 reauthenticating

infabo · Wed Mar 27, 2024 7:13 pm

I face a similar issue on 7.13.5 with just one notebook with Intel AX200 chipset. This device is not able to authenticate to 2.4ghz SSID, but connects perfectly to the 5ghz SSID. Both SSIDs share the exact same security configuration. Since your device is 2.4ghz only -> maybe?

xstrid3rx · Wed Mar 27, 2024 7:18 pm

the problem for me is my model = L009UiGS-2HaxD is only 2.4ghz and the only device so far that can see the ssid is my pc non of my phones or any iot devices can even see the ssid

mkx · Wed Mar 27, 2024 7:44 pm

The signal strength, reported with disconnection events (around -30dBm), is very high. Does the same happen when there's some distance between AP and station? Healthy signal strengths are between -50dBm and -60dBm.

xstrid3rx · Wed Mar 27, 2024 7:58 pm

my pc so far the only device that can see the ssid is about 3 meters away from the mikrotik all other devices that would normally connect don't reconnect at all once i upgrade past 7.13.
devices are varying distances away i stay in a duplex so many devices are in other rooms some upstairs and some downstairs just to note again that i have no issues on 7.13 this only happens once i update to any version above 7.13

infabo · Wed Mar 27, 2024 8:39 pm

Try to set the country according to your location. In 7.13.1 the default country changed to Latvia (was United States before). So maybe this is something your devices don't like.

7.14 breaks wifi

7.14 breaks wifi

Re: 7.14 breaks wifi

Re: 7.14 breaks wifi

Re: 7.14 breaks wifi

Re: 7.14 breaks wifi

Re: 7.14 breaks wifi

Re: 7.14 breaks wifi

Re: 7.14 breaks wifi

Re: 7.14 breaks wifi

Who is online