Community discussions

MikroTik App
 
kris11
just joined
Topic Author
Posts: 14
Joined: Wed Dec 08, 2021 10:05 am

CAPsMAN with open wireless network (hotspot)

Thu Dec 09, 2021 9:36 am

I'm configuring a hotspot on our new CRS328-24P-4S+ router. The hostspot is a slave configuration without any security configured:
[admin@MikroTik] /caps-man configuration<SAFE> export hide-sensitive 
# dec/09/2021 08:33:16 by RouterOS 6.48.5
# software id = Z28R-MV5A
#
# model = CRS328-24P-4S+
/caps-man configuration
add country=hungary datapath.bridge=bridge datapath.vlan-mode=no-tag name=Config_WORK security.authentication-types=wpa-psk,wpa2-psk ssid=budavar-iroda
add country=hungary datapath.bridge=bridge datapath.vlan-id=20 datapath.vlan-mode=use-tag name=media security.authentication-types=wpa2-psk ssid=budavar-media
add country=hungary datapath.bridge=bridge datapath.vlan-id=30 datapath.vlan-mode=use-tag name=office security.authentication-types=wpa2-psk ssid=budavar-office
add country=hungary datapath.bridge=bridge datapath.vlan-id=10 datapath.vlan-mode=use-tag name=hotspot security.authentication-types="" ssid=budavar-hotspot
/caps-man provisioning
add action=create-dynamic-enabled master-configuration=Config_WORK slave-configurations=hotspot,media,office
The three networks with security enabled work without any issue, only connection to the `hotspot` WLAN is not possible.

Any ideas what this can be?
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 724
Joined: Tue Dec 17, 2019 1:08 pm

Re: CAPsMAN with open wireless network (hotspot)

Thu Dec 09, 2021 9:48 am

Godd Morning again,

This is wrong :
add country=hungary datapath.bridge=bridge datapath.vlan-id=10 datapath.vlan-mode=use-tag name=hotspot security.authentication-types=""

The export should be :
add country=hungary datapath.bridge=bridge datapath.vlan-id=10 datapath.vlan-mode=use-tag name=hotspot
 
kris11
just joined
Topic Author
Posts: 14
Joined: Wed Dec 08, 2021 10:05 am

Re: CAPsMAN with open wireless network (hotspot)

Thu Dec 09, 2021 1:48 pm

Unfortunately it still doesn't fly, I need to massage it further.

NetworkManager keeps re-connecting:

Dec 9 12:27:41 capella wpa_supplicant[782]: wlp1s0: SME: Trying to authenticate with de:2c:6e:0c:0b:e2 (SSID='budavar-hotspot' freq=2412 MHz)
Dec 9 12:27:41 capella kernel: [154636.306652] wlp1s0: authenticate with de:2c:6e:0c:0b:e2
Dec 9 12:27:41 capella NetworkManager[166577]: <info> [1639049261.0503] device (wlp1s0): supplicant interface state: scanning -> authenticating
Dec 9 12:27:41 capella NetworkManager[166577]: <info> [1639049261.0504] device (p2p-dev-wlp1s0): supplicant management interface state: scanning -> authenticating
Dec 9 12:27:41 capella kernel: [154636.327059] wlp1s0: send auth to de:2c:6e:0c:0b:e2 (try 1/3)
Dec 9 12:27:41 capella wpa_supplicant[782]: wlp1s0: Trying to associate with de:2c:6e:0c:0b:e2 (SSID='budavar-hotspot' freq=2412 MHz)
Dec 9 12:27:41 capella NetworkManager[166577]: <info> [1639049261.0776] device (wlp1s0): supplicant interface state: authenticating -> associating
Dec 9 12:27:41 capella NetworkManager[166577]: <info> [1639049261.0777] device (p2p-dev-wlp1s0): supplicant management interface state: authenticating -> associating
Dec 9 12:27:41 capella kernel: [154636.354061] wlp1s0: authenticated
Dec 9 12:27:41 capella kernel: [154636.357596] wlp1s0: associate with de:2c:6e:0c:0b:e2 (try 1/3)
Dec 9 12:27:41 capella kernel: [154636.394435] wlp1s0: RX AssocResp from de:2c:6e:0c:0b:e2 (capab=0x401 status=0 aid=1)
Dec 9 12:27:41 capella wpa_supplicant[782]: wlp1s0: Associated with de:2c:6e:0c:0b:e2
Dec 9 12:27:41 capella wpa_supplicant[782]: wlp1s0: CTRL-EVENT-CONNECTED - Connection to de:2c:6e:0c:0b:e2 completed [id=0 id_str=]
Dec 9 12:27:41 capella kernel: [154636.419764] wlp1s0: associated
Dec 9 12:27:41 capella wpa_supplicant[782]: bgscan simple: Failed to enable signal strength monitoring
Dec 9 12:27:41 capella wpa_supplicant[782]: wlp1s0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Dec 9 12:27:41 capella NetworkManager[166577]: <info> [1639049261.1498] device (wlp1s0): supplicant interface state: associating -> completed
Dec 9 12:27:41 capella NetworkManager[166577]: <info> [1639049261.1499] device (wlp1s0): Activation: (wifi) Stage 2 of 5 (Device Configure) successful. Connected to wireless network "budavar-hotspot"
Dec 9 12:27:41 capella NetworkManager[166577]: <info> [1639049261.1500] device (p2p-dev-wlp1s0): supplicant management interface state: associating -> completed
Dec 9 12:27:41 capella NetworkManager[166577]: <info> [1639049261.1519] device (wlp1s0): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed')
Dec 9 12:27:41 capella NetworkManager[166577]: <info> [1639049261.1529] dhcp4 (wlp1s0): activation: beginning transaction (timeout in 45 seconds)
Dec 9 12:27:41 capella avahi-daemon[743]: Joining mDNS multicast group on interface wlp1s0.IPv6 with address fe80::6c54:41f9:86e4:30c.
Dec 9 12:27:41 capella avahi-daemon[743]: New relevant interface wlp1s0.IPv6 for mDNS.
Dec 9 12:27:41 capella avahi-daemon[743]: Registering new address record for fe80::6c54:41f9:86e4:30c on wlp1s0.*.

and then

Dec 9 12:28:26 capella NetworkManager[166577]: <warn> [1639049306.5909] dhcp4 (wlp1s0): request timed out
Dec 9 12:28:26 capella NetworkManager[166577]: <info> [1639049306.5911] dhcp4 (wlp1s0): state changed unknown -> timeout
Dec 9 12:28:26 capella NetworkManager[166577]: <info> [1639049306.5913] device (wlp1s0): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed')
Dec 9 12:28:26 capella NetworkManager[166577]: <warn> [1639049306.5943] device (wlp1s0): Activation: failed for connection 'budavar-hotspot'
Dec 9 12:28:26 capella NetworkManager[166577]: <info> [1639049306.5951] device (wlp1s0): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed')
Dec 9 12:28:26 capella avahi-daemon[743]: Withdrawing address record for fe80::6c54:41f9:86e4:30c on wlp1s0.
Dec 9 12:28:26 capella avahi-daemon[743]: Leaving mDNS multicast group on interface wlp1s0.IPv6 with address fe80::6c54:41f9:86e4:30c.
Dec 9 12:28:26 capella avahi-daemon[743]: Interface wlp1s0.IPv6 no longer relevant for mDNS.
Dec 9 12:28:26 capella NetworkManager[166577]: <info> [1639049306.6682] dhcp4 (wlp1s0): canceled DHCP transaction
Dec 9 12:28:26 capella NetworkManager[166577]: <info> [1639049306.6683] dhcp4 (wlp1s0): state changed timeout -> done
Dec 9 12:28:26 capella kernel: [154681.946485] wlp1s0: deauthenticating from de:2c:6e:0c:0b:e2 by local choice (Reason: 3=DEAUTH_LEAVING)
Dec 9 12:28:26 capella wpa_supplicant[782]: wlp1s0: CTRL-EVENT-DISCONNECTED bssid=de:2c:6e:0c:0b:e2 reason=3 locally_generated=1
Dec 9 12:28:26 capella NetworkManager[166577]: <info> [1639049306.6883] device (wlp1s0): supplicant interface state: completed -> disconnected
Dec 9 12:28:26 capella wpa_supplicant[782]: wlp1s0: CTRL-EVENT-REGDOM-CHANGE init=CORE type=WORLD
Dec 9 12:28:26 capella NetworkManager[166577]: <info> [1639049306.6883] device (p2p-dev-wlp1s0): supplicant management interface state: completed -> disconnected

But I assume it can be something beyond DHCP as if I assign manually an IP to the wireless interface on the workstation it still cannot communicate.

And what I see is that the dynamic cap appears on /interface bridge vlan 10 so the router sees that the workstation is connected.

Image

🤔
 
kris11
just joined
Topic Author
Posts: 14
Joined: Wed Dec 08, 2021 10:05 am

Re: CAPsMAN with open wireless network (hotspot)

Thu Dec 09, 2021 5:03 pm

The difficult thing is that if I enable authentication then all of a sudden it starts working. Connection, DHCP, everything.

Very strange.
 
kris11
just joined
Topic Author
Posts: 14
Joined: Wed Dec 08, 2021 10:05 am

Re: CAPsMAN with open wireless network (hotspot)

Thu Dec 09, 2021 5:38 pm

I tried to add an access list in Capsman that lets any mac to connect... no success
I sniffed traffic on the dynamic cap interface... only ipv6 traffic, nothing relevant, even DHCP requests don't turn up
I tried disabling all configurations except hotspot (maybe you can't have configs with and without authentication at the same time)... no success
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 724
Joined: Tue Dec 17, 2019 1:08 pm

Re: CAPsMAN with open wireless network (hotspot)

Thu Dec 09, 2021 10:33 pm

Good Evening Kris,

I wasn't able to reproduce the Error...
I was able to connect to the "unsecure" Network and get an IP-Address


Could you maybe Export the Configuration again ?
(/export hide-sensitive file=anynameyouwish)
 
kris11
just joined
Topic Author
Posts: 14
Joined: Wed Dec 08, 2021 10:05 am

Re: CAPsMAN with open wireless network (hotspot)

Fri Dec 10, 2021 8:56 am

Thanks for looking at this!

This morning I was thinking about upgrading the router to 7.x stable
You do not have the required permissions to view the files attached to this post.
 
kris11
just joined
Topic Author
Posts: 14
Joined: Wed Dec 08, 2021 10:05 am

Re: CAPsMAN with open wireless network (hotspot)

Fri Dec 10, 2021 7:35 pm

Today's update: I still couldn't connect from the workstation, but all of a sudden I saw a client out of the blue in the DHCP leases... meaning for some clients it works ?!

I'd say lets park this now, I'll need to arrange somebody on site to debug this with me.
 
ConnyMercier
Forum Veteran
Forum Veteran
Posts: 724
Joined: Tue Dec 17, 2019 1:08 pm

Re: CAPsMAN with open wireless network (hotspot)

Fri Dec 10, 2021 7:36 pm

O.K !
 
kris11
just joined
Topic Author
Posts: 14
Joined: Wed Dec 08, 2021 10:05 am

Re: CAPsMAN with open wireless network (hotspot)

Tue Apr 05, 2022 11:24 am

So this topic is still with me, interestingly it impacts only Ubuntu/Linux clients, various mobile devices can connect.

Again:
- as soon as i change the network security in Capsman, everything works
- there is traffic on the interfaces on the Linux box, I see both RX/TX increasing
- with tcpudump i see unanswered ARPs/DHCP initiated by the Linux box not answered by the router
- I see router LLDP as well

I know it is most probably something Linux related, but any hints are appreciated.
 
kris11
just joined
Topic Author
Posts: 14
Joined: Wed Dec 08, 2021 10:05 am

Re: CAPsMAN with open wireless network (hotspot)

Sat Apr 09, 2022 10:32 pm

Apparently Android and Windows devices can connect to the hotspot, only iOS and Linux devices have the problem. I did some sniffing, but it didn't help too much:

- DHCP client packets cannot be seen on the router
- If I manually assign IP I see the incoming packets on the router but nothing is sent back

I clearly see the device in the CAPsMAN registration table.

If it was a firewall issue then how can it be that other OS/devices work well?

I'm totally clueless.

Who is online

Users browsing this forum: Vyizis and 25 guests