Menu
What's new
By:
Filters Better Search

68U+Merlin WDS issues+possible feature request

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

D

David R.

New Around Here
Hello,

We have two AC-RT68U routers with the most recent released Merlin firmware (380.65) and have been having some consistent issues with WDS. This may or may not be an issue with the firmware, per se, but perhaps some changes to the firmware could help with it.

The problem is periodic disconnects, typically about twice a day or so, of the link between the two routers. All of the normal setup recommendations have been followed, and WDS generally works very well, except that it will randomly disconnect. It will always reconnect, but it always takes 8-10 minutes to do so. This was measured by writing a shell script on one of the client machines to monitor the connection and determine the frequency and length of the outages. The link is on 5GHz, and I've tried various bandwidths (40 and 80MHz), and both upper- and lower-band channels, and the result is the same - one or two disconnects per day which take 8-10 minutes to reconnect on their own. I have not tried putting the link on 2.4GHz, as 2.4GHz is far too crowded in this location.

I'm currently running some experiments with router placement to see if the disconnects are related to interference or to something in the internal implementation. In either case, however, while occasional disconnects can occur in the real world, the real problem is that it is taking 8-10 minutes for the routers to notice that the connection is down and reconnect. Generally, if a laptop or other client disconnects for some reason, the driver or firmware notices immediately and attempts to reconnect.

So here's the feature request part. There appears to be some process or loop in the router that eventually notices that the WDS link has gone down and reconnects it, but would it be possible to pull this checking in from ~10 minutes to something at least in the order of a few seconds, similar to what occurs on most clients when they lose a connection. I don't know if the detection of the link being down is handled in the firmware or in the hardware, so there may not be anything that can be done, but I thought I would throw it out there and ask.

Thanks..
 
Note that WDS is completely unsupported. The only reason the feature is there is because I don't remove any of the original firmware features, otherwise I would have removed it as it's completely unsecure.
 
RMerlin said:
Note that WDS is completely unsupported. The only reason the feature is there is because I don't remove any of the original firmware features, otherwise I would have removed it as it's completely unsecure.
Click to expand...

Thanks for the reply. I wasn't aware of that, I'll take it to mean there's probably no interest in looking into the problem. That's fine, I can try to solve it with user scripts or something, I just thought it would be cleaner if there was a modification to existing code.

I'm hoping you can elaborate on your last comment, though. WDS has traditionally not supported stronger encryption, but the hardware/firmware in the AC68U supports WPA Personal/AES, which should be sufficiently secure. Is there an additional security issue that would be good to know about outside of that? (In general, WDS seems to be something that hard to find a lot of detailed information about.)

Thanks..
 
David R. said:
Thanks for the reply. I wasn't aware of that, I'll take it to mean there's probably no interest in looking into the problem. That's fine, I can try to solve it with user scripts or something, I just thought it would be cleaner if there was a modification to existing code.

I'm hoping you can elaborate on your last comment, though. WDS has traditionally not supported stronger encryption, but the hardware/firmware in the AC68U supports WPA Personal/AES, which should be sufficiently secure. Is there an additional security issue that would be good to know about outside of that? (In general, WDS seems to be something that hard to find a lot of detailed information about.)

Thanks..
Click to expand...

Real WDS only supports Open or WEP encryption. While there are some custom implementation that claim to support WPA2, they do so by disabling some of the important security features of WPA2, such as the key rotation, leading to a false sense of security. A WPA-based WDS isn't as secure as a proper WPA2 connection.
 
RMerlin said:
they do so by disabling some of the important security features of WPA2, such as the key rotation, leading to a false sense of security. A WPA-based WDS isn't as secure as a proper WPA2 connection.
Click to expand...

interesting , i wasnt aware of that , there is also the issue that wpa 2 implementation of wds is quite brand / manufacturer specific as in you need 2 of the same brand and in most cases 2 of the same model for it to work even then

why the OP would be using wds over having one of the rt-ac68u in repeater mode is another question
 
pete y testing said:
interesting , i wasnt aware of that , there is also the issue that wpa 2 implementation of wds is quite brand / manufacturer specific as in you need 2 of the same brand and in most cases 2 of the same model for it to work even then
Click to expand...

Enabling WDS didn't disable the key rotation setting in the firmware GUI, I can set it to 0 (disabled) or to a non-zero number of seconds. I currently have it set to something a bit longer than the default. I suppose it's possible that the key rotation setting is being ignored in WDS mode, despite not being disabled in the GUI. I'm not expert enough at it to know how to check if that's happening. The two routers are identical, both with Merlin firmware.

Also, @pete y testing , I'm fairly new to WDS, and comments in the firmware GUI seem to imply that WDS and repeater mode are the same thing. I'm open to better/different solutions (especially if the routers might be ignoring security settings), so based on your comment, I'm wondering if that's not actually an accurate statement, or maybe an oversimplification. Currently, my setup is that the main (WAN-connected) router is in "hybrid" mode (which allows it to accept both WDS and client connections on the 5GHz radio), and the remote one in "WDS only" mode, which only allows the WDS connection on 5GHz, and client connections on 2.4GHz and the wired LAN.

I don't immediately see any other way in the GUI of connecting the two routers over a wireless link other than WDS. If there is something fundamentally different and more secure that is available using the command line or user scripts, I'd be interested in looking into it.

Thanks..
 
Last edited:
That sounds interesting. I hadn't heard of media mode. It took a while to find it, but I see it now in administration->operating mode.

It sounds like it's intended to bridge wired media servers onto the wireless network but disables use as an AP at the same time. This is actually very similar to how I have WDS currently setup. Maybe I'll give it a try, perhaps it will be more reliable than the WDS link has been and has better security, the only drawback being if you want the remote unit to also be an AP.
 
OK, I'll try it out. I also notice that repeater mode is also set from that page. It's a little embarrassing I didn't notice these things before, I'm used to DD-WRT where they're in the wireless setup section rather than being off by themselves. There may be some more options to get where I want to be.
 
Just a followup in case anyone stumbles upon this thread trying to get WDS working well.

In the end, repeater mode worked better than WDS, so thanks to folks who suggested that.

After researching the security a little more, I don't think there's a serious issue with WDS as long as the specific implementation lets you use WPA2 with AES (CCMP) and doesn't disable group key rotation, which seem to be the case for the RT68; but the repeater mode connection is more reliable and easier to set up, dropped connections appear to get reestablished in seconds instead of minutes, and since it repeats both the ethernet ports and WIFI, there doesn't seem to be any functional difference compared to WDS. At least for simple use cases, it appears to be a full replacement for WDS on this router.
 
I really, really think the question needs to be answered.;)

The question in this whole thread is
"is WDS the SAME as Repeater Mode?"
and from that
"so WDS is insecure, what about Repeater mode?"
From inference, from the talk above, I kind of assume Repeater mode is secure, BUT I would really like a reply to that to clarify.

It really is hard to find info on these questions, surprisingly.....:(
 
You must log in or register to reply here.

Similar threads

mekki
Solved UPDATE: No longer required. See thread. - [Feature request] Option for DHCP Query Frequency Backoff Mode
2 3 4
Replies
76
Views
4K
thiggins
thiggins
Q
[Feature Request] Schedule DoS Protection state and/or whitelist option
Replies
5
Views
244
ColinTaylor
C
G
wifi devices get disconnected from router/aimesh single iphoneXS/15 pro triggers this when coming home
Replies
15
Views
701
Gravityz
G
M
[WAN feature request] GT-AXE16000 use 2.5G port as LAN and use 2 1GB ports for dual wan
Replies
14
Views
859
Wisiwyg
W
G
ddns request error, please try again
Replies
6
Views
360
joe2l
J

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 848 (members: 18, guests: 830)
Top