-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On Sat, 23 Oct 2021, Uwe Sauter wrote:
From my experience, tcpdump connects to the interface and you will see
all traffic regardless of firewall settings, given you have the
permissions.
In your case I'd first verify that layer 2 is working correctly (layer
2 is ethernet or wifi). So I'd use the utilities provided by
"wpa_supplicant" or "iw" to see if the "hardware connection" is
working as expected.
If your wifi card didn't connect on layer 2 it has no reasons to
configure layer 3 (IP, IPv6) and above.
Well, layer 2 works, if it is needed for connections between the client
and the access point.
Layer 2 should already see mac addresses, right? Can you point me to a
command, which scans on layer 2 for all macs? I seem to only find how to
see the available access points (which works as expected) and using nmap
to ping around - which fails as expected :-/
Do you know any command to query the interface regarding routing
information (similar to what `ip route` does on layer 3 for the whole
machine)?
On layer 2 there is no routing. That's the reason why you need to configure a
default route and possibly static routes.
Unfortunately I'm not very experienced in debugging wifi but I'd probably
start to investigate using some sniffer, e.g. Kismet [1] (not a
recommendation, just the first reasonable search result).
One hunch though: was there any update to hostapd that might have enabled
WPA3? This might be the totally wrong direction but I've read on multiple
occasions that old hardware (e.g. Android tablets from 2012) and WPA3-enabled
APs don't work well together.
There's nothing wpa3-specific in the hostapd.conf, but I faintly remember
considering to enable wpa3, but probably never actually did - and
definitely not in the time range, when the inter-client communication
broke. Just to be sure, I added "wpa_key_mgmt=WPA-PSK WPA-PSK-SHA256"
(e.g. no "SAE", there) to /etc/hostapd.conf without success.
What I now did to make things just work, is: removing routes for
192.168.1.0/24 on wlan0 of the clients and adding a route for
192.168.1.13/32 only - so now packages use the default route "via
192.168.1.13" and traverse the access point at this address (which is
also the router) and get routed on layer 3 there to the right target.
(packets will be subject to firewall rules on the router, which is not a
problem)
Does someone have any suggestions on how to publish this route via dhcp?
Currently, it looks to me, like the "192.168.1.0/24 dev wlan0" route is
automatically added due to the subnet mask of "255.255.255.0" - and I
probably cannot change the latter, as the dhcp server actually should
server this very subnet on wifi.
The dynamic part of the dhcpd.conf looks like:
- ---8<---8<---8<---8<---
subnet 192.168.1.0 netmask 255.255.255.0 {
range 192.168.1.20 192.168.1.254;
option broadcast-address 192.168.1.255;
option routers 192.168.1.13;
option rfc3442 24, 192, 168, 0, 192, 168, 1, 13, 0, 192, 168, 1, 13;
}
- --->8--->8--->8--->8---
and the pseudo-static part looks like:
- ---8<---8<---8<---8<---
host raspi0 {
hardware ethernet de:ad:be:ef:42:42;
fixed-address 192.168.1.2;
option routers 192.168.1.13;
option rfc3442 24, 192, 168, 0, 192, 168, 1, 13, 0, 192, 168, 1, 13;
}
- --->8--->8--->8--->8---
Regards,
Uwe
regards,
Erich
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEE3p92iMrPBP64GmxZCu7JB1Xae1oFAmF1FUgACgkQCu7JB1Xa
e1oBpBAArlHWvLsaCsY62dzi8Zl3TdBKwqRwkVLV/oZfZQhjI3KDcjzED7Ih/mpl
8iDy+BaAqbvNM79qPwPc8rQ3eldOMEf5tyd9Y/LeefVVWwdno4Of6I0UAeXL1o8A
j68fnf5kgT2J0uDwCwR+oCoxvcOE06BezPLm3acD52w2uScU0uKoJGwnKtpVSdjD
sG0taHrzZPpdcUkrJYPYv3aDdDbMbcz1Vn3obg2GYKI/QBm+Q1UGqaC3buVAqJIw
Z4jz8aoG0sugHuBUUXHM7LOEtaTsYu8NKRwTa1CkI6keRb3xEile1dA4jOOK5cgc
kYXrI+xCLm0T3OzcGrvpz8mQCxTx2n8g0IuIIisB1Y3JlXVsiM8CvC3NsEtp+gXs
dY8t12pbG65NgxrAnTYeigCDGrKwc2IxiaDE2Mhu4LyXr+CqxcLm5kBvpAxVzHOz
9aYEoRkrtIXuDBZoP2cxjQ7tAFvYID3Z14T80KDJuD9WRzNVOosSuWtAnHHPsp6o
aZrNI5sp4vXkeJDdHroqI6cF0/v5a+WKoV4c87TioEq5C+xBGgGtFO32GKQ3CqGo
1OJYPUpu2jgbetDTtWbDmnzGknZw92nfB9IwI5++dY/FQj+djd5LgD5f58D60nKm
kHp9cb5ZpX5jKJtEWiZJri9HaxhxXIZm9Wn0zy13uoZG8FzaPqU=
=gz96
-----END PGP SIGNATURE-----