Community discussions

MikroTik App
 
t83oleg
just joined
Topic Author
Posts: 8
Joined: Fri Nov 09, 2018 8:51 am

mikrotik disconnected, key handshake timeout, signal strength -95

Thu Feb 02, 2023 10:08 pm

Hi all
can someone tell me what this error is and where to look?

mikrotik disconnected, key handshake timeout, signal strength -95

the router is located in a one-room apartment. are you kidding me? the password is correct since this situation is treated by reconnecting to the wifi network. What now?

Thanks


here is my config
# feb/02/2023 22:58:07 by RouterOS 7.7
# software id = YVFU-0ZQA
#
# model = RBD53iG-5HacD2HnD
# serial number = E7290D7E74A8
/interface bridge
add admin-mac=08:55:31:F6:FA:EB auto-mac=no comment=defconf name=bridge
/interface lte
set [ find default-name=lte1 ] disabled=yes
/interface list
add comment=defconf name=WAN
add comment=defconf name=LAN
/interface wifiwave2 channel
add name=channel_2GHz
add name=channel_5GHz
/interface wifiwave2 security
add name=sec_2GHz
add name=sec_5GHz
/interface wifiwave2 configuration
add channel=channel_2GHz name=cfg_2GHz security=sec_2GHz
add channel=channel_5GHz name=cfg_5GHz security=sec_5GHz
/interface wifiwave2
set [ find default-name=wifi1 ] channel=channel_2GHz channel.band=2ghz-n \
    .frequency=2412 .skip-dfs-channels=disabled .width=20/40mhz \
    configuration=cfg_2GHz configuration.country=Russia .mode=ap .ssid=\
    MikroTik-F6FAEF_2GHz .tx-power=17 disabled=no name=wifi_2GHz security=\
    sec_2GHz security.authentication-types=wpa2-psk,wpa3-psk \
    .group-key-update=1h .wps=disable
set [ find default-name=wifi2 ] channel=channel_5GHz channel.band=5ghz-ac \
    .frequency=5180 .skip-dfs-channels=disabled .width=20/40/80mhz \
    configuration=cfg_5GHz configuration.country=Russia .mode=ap .ssid=\
    MikroTik-F6FAF0_5GHz .tx-power=17 disabled=no name=wifi_5GHz security=\
    sec_5GHz security.authentication-types=wpa2-psk,wpa3-psk \
    .group-key-update=1h .wps=disable
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.254
/ip dhcp-server
add address-pool=dhcp interface=bridge name=defconf
/interface bridge port
add bridge=bridge comment=defconf interface=ether2
add bridge=bridge comment=defconf interface=ether3
add bridge=bridge comment=defconf interface=ether4
add bridge=bridge comment=defconf interface=ether5
add bridge=bridge comment=defconf interface=wifi_2GHz
add bridge=bridge comment=defconf interface=wifi_5GHz
/ip neighbor discovery-settings
set discover-interface-list=none protocol=""
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
add interface=lte1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=\
    192.168.88.0
/ip dhcp-client
add comment=defconf interface=ether1
/ip dhcp-server network
add address=192.168.88.0/24 comment=defconf dns-server=192.168.88.1 gateway=\
    192.168.88.1
/ip dns
set allow-remote-requests=yes
/ip dns static
add address=192.168.88.1 comment=defconf name=router.lan
/ip firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=accept chain=input comment=\
    "defconf: accept to local loopback (for CAPsMAN)" dst-address=127.0.0.1
add action=drop chain=input comment="defconf: drop all not coming from LAN" \
    in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" \
    ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" \
    ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" \
    connection-state=established,related hw-offload=yes
add action=accept chain=forward comment=\
    "defconf: accept established,related, untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \
    connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" \
    ipsec-policy=out,none out-interface-list=WAN
/ip service
set telnet address=192.168.88.0/24 disabled=yes
set ftp address=192.168.88.0/24 disabled=yes
set www address=192.168.88.0/24
set ssh address=192.168.88.0/24 disabled=yes
set api address=192.168.88.0/24 disabled=yes
set winbox address=192.168.88.0/24
set api-ssl address=192.168.88.0/24 disabled=yes
/ip upnp
set allow-disable-external-interface=yes enabled=yes
/ip upnp interfaces
add interface=bridge type=internal
add interface=ether1 type=external
/ipv6 firewall address-list
add address=::/128 comment="defconf: unspecified address" list=bad_ipv6
add address=::1/128 comment="defconf: lo" list=bad_ipv6
add address=fec0::/10 comment="defconf: site-local" list=bad_ipv6
add address=::ffff:0.0.0.0/96 comment="defconf: ipv4-mapped" list=bad_ipv6
add address=::/96 comment="defconf: ipv4 compat" list=bad_ipv6
add address=100::/64 comment="defconf: discard only " list=bad_ipv6
add address=2001:db8::/32 comment="defconf: documentation" list=bad_ipv6
add address=2001:10::/28 comment="defconf: ORCHID" list=bad_ipv6
add address=3ffe::/16 comment="defconf: 6bone" list=bad_ipv6
/ipv6 firewall filter
add action=accept chain=input comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=\
    invalid
add action=accept chain=input comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=input comment="defconf: accept UDP traceroute" port=\
    33434-33534 protocol=udp
add action=accept chain=input comment=\
    "defconf: accept DHCPv6-Client prefix delegation." dst-port=546 protocol=\
    udp src-address=fe80::/10
add action=accept chain=input comment="defconf: accept IKE" dst-port=500,4500 \
    protocol=udp
add action=accept chain=input comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=input comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=input comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=input comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
add action=accept chain=forward comment=\
    "defconf: accept established,related,untracked" connection-state=\
    established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" \
    connection-state=invalid
add action=drop chain=forward comment=\
    "defconf: drop packets with bad src ipv6" src-address-list=bad_ipv6
add action=drop chain=forward comment=\
    "defconf: drop packets with bad dst ipv6" dst-address-list=bad_ipv6
add action=drop chain=forward comment="defconf: rfc4890 drop hop-limit=1" \
    hop-limit=equal:1 protocol=icmpv6
add action=accept chain=forward comment="defconf: accept ICMPv6" protocol=\
    icmpv6
add action=accept chain=forward comment="defconf: accept HIP" protocol=139
add action=accept chain=forward comment="defconf: accept IKE" dst-port=\
    500,4500 protocol=udp
add action=accept chain=forward comment="defconf: accept ipsec AH" protocol=\
    ipsec-ah
add action=accept chain=forward comment="defconf: accept ipsec ESP" protocol=\
    ipsec-esp
add action=accept chain=forward comment=\
    "defconf: accept all that matches ipsec policy" ipsec-policy=in,ipsec
add action=drop chain=forward comment=\
    "defconf: drop everything else not coming from LAN" in-interface-list=\
    !LAN
/system clock
set time-zone-autodetect=no
/system clock manual
set time-zone=+03:00
/system leds settings
set all-leds-off=immediate
/system ntp client
set enabled=yes
/system ntp client servers
add address=0.ru.pool.ntp.org
add address=1.ru.pool.ntp.org
add address=2.ru.pool.ntp.org
add address=3.ru.pool.ntp.org
/system script
add dont-require-permissions=no name=script1 owner=chudnoechudo policy=\
    ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/\
    ip firewall mangle\
    \n add chain=forward action=change-mss new-mss=clamp-to-pmtu passthrough=n\
    o tcp-flags=syn protocol=tcp in-interface=ether1 tcp-mss=1300-65535 log=no\
    "
/tool mac-server
set allowed-interface-list=none
/tool mac-server mac-winbox
set allowed-interface-list=none
/tool mac-server ping
set enabled=no

hope help)
Last edited by BartoszP on Thu Apr 13, 2023 5:34 pm, edited 1 time in total.
Reason: Use proper tags: quote to quote, code for code - keep forum tidy
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: mikrotik disconnected, key handshake timeout, signal strength -95

Fri Feb 03, 2023 4:59 am

try this:

upgrade to the latest version
width=20 (both)
frequency= Freq.Usage - fine the best channel (both)
 
t83oleg
just joined
Topic Author
Posts: 8
Joined: Fri Nov 09, 2018 8:51 am

Re: mikrotik disconnected, key handshake timeout, signal strength -95

Fri Feb 03, 2023 9:46 am

5 meters from the router, turn on the channel width of 20, but then we need 40 and 80, and for that kind of money, if you don’t use all the functionality, why then do it for the house, then they would do it for offices and powder their brains for everyone .... it remains only to say mikrotiku nakidate in vrotik)))) crutches are made shorter all the time!!!
 
User avatar
nichky
Forum Guru
Forum Guru
Posts: 1275
Joined: Tue Jun 23, 2015 2:35 pm

Re: mikrotik disconnected, key handshake timeout, signal strength -95

Fri Feb 03, 2023 11:26 am

5 meters from the router, turn on the channel width of 20
what is the outout on that, any issus?
 
t83oleg
just joined
Topic Author
Posts: 8
Joined: Fri Nov 09, 2018 8:51 am

Re: mikrotik disconnected, key handshake timeout, signal strength -95

Fri Feb 03, 2023 12:35 pm

unfortunately the situation has not changed for the better
 
optio
Long time Member
Long time Member
Posts: 655
Joined: Mon Dec 26, 2022 2:57 pm

Re: mikrotik disconnected, key handshake timeout, signal strength -95

Sat Feb 04, 2023 9:24 pm

I also had issues with 5Ghz, problem was interference with other frequencies. ROS automatic frequency selection did not help, so I used application (inSSIDer on MacOS) to scan wifi channels and found best channel which will not overlap with channels in range.
See table https://en.wikipedia.org/wiki/List_of_W ... j/n/ac/ax) for finding which frequency belongs to channel.
Find best channel and set it's frequency manually.

My wlan settings for channel 60:
 5  R ;;; 5 GHz
      name="wlan2" mtu=1500 l2mtu=1600 mac-address=<mac_addr> arp=enabled interface-type=IPQ4019 
      mode=ap-bridge ssid="<ssid>" frequency=5300 band=5ghz-onlyac channel-width=20/40/80mhz-eeCe 
      secondary-frequency="" scan-list=5290-5310 wireless-protocol=802.11 vlan-mode=no-tag vlan-id=1 
      wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no bridge-mode=enabled 
      default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 
      hide-ssid=no security-profile=eap-tls compression=no
 
Promets
just joined
Posts: 3
Joined: Tue Jun 20, 2023 6:22 pm

Re: mikrotik disconnected, key handshake timeout, signal strength -95

Sun Jul 09, 2023 11:52 pm

the problem still continues

Version 7.10.1
 
dgallentine
just joined
Posts: 1
Joined: Fri Oct 13, 2023 6:30 pm

Re: mikrotik disconnected, key handshake timeout, signal strength -95

Fri Oct 13, 2023 6:38 pm

Also seeing this issue still. Have on multiple AX2's from 7.6 up to 7.10.1. Waiting to see if it continues with 7.11, haven't gotten any feedback yet.
 
K0NCTANT1N
newbie
Posts: 47
Joined: Thu Jun 08, 2023 9:35 pm

Re: mikrotik disconnected, key handshake timeout, signal strength -95

Wed Oct 18, 2023 1:26 pm


1. Upgrade in 7.11.2
2. Accusations no place in this community
3. If you don't know how, don't try it
4. Find information for example in YouTube, available in Russian

Who is online

Users browsing this forum: No registered users and 71 guests