We have upgraded the community system as part of the upgrade a password reset is required for all users before login in.

How to disable AP?



  • @Zheng-Han I'm curious, is this actually hard-coded in the driver, or are you just talking about your WiFi-configuration tools not being to do this? If it's actually hard-coded in the driver..... šŸ˜–


  • administrators

    It's hard coded in the MediaTek driver šŸ˜ž

    There is an opensource version of the wifi driver, however it's very buggy we haven't being able to get it working reliably



  • @Zheng-Han said in How to disable AP?:

    It's hard coded in the MediaTek driver šŸ˜ž

    Hah, that's just effing terrible! No wonder, then!

    There is an opensource version of the wifi driver, however it's very buggy we haven't being able to get it working reliably

    Yeah, I use the F/OSS-driver in my firmwares and it sure doesn't perform nearly as well as the proprietary driver. On the other hand, it actually supports all the features one might expect from a modern WiFi-driver, including being built on the proper mac80211-stack.

    Anyways, spanks for the response!



  • This is extremely disappointing. Basically it makes the device 5000000% unsecure.



  • @Zheng-Han said in How to disable AP?:

    You can't just disable the AP and keep wifi client. You will have to disable wifi all together or make AP SSID hidden

    Thank you for the reply. How to hide AP SSID?



  • @Stefano-P. , check out the uci tool (don't just edit config files ... the source of mistakes is to big, with uci you will be on the saver side):

    https://lede-project.org/docs/user-guide/introduction_to_lede_configuration
    https://lede-project.org/docs/user-guide/wifi_configuration

    hidden | boolean | no | 0 | Turns off SSID broadcasting if set to 1

    Tanti saluti Luciano S.



  • @Luciano-S. Ti ringrazio! šŸ™‚



  • @Luciano-S. said in How to disable AP?:

    @Stefano-P. , check out the uci tool (don't just edit config files ... the source of mistakes is to big, with uci you will be on the saver side):

    https://lede-project.org/docs/user-guide/introduction_to_lede_configuration
    https://lede-project.org/docs/user-guide/wifi_configuration

    hidden | boolean | no | 0 | Turns off SSID broadcasting if set to 1

    Tanti saluti Luciano S.

    For me the hidden flag did not work. Luciano, did it work for you

    Grazie



  • @Francesco-Pessolano , yes:

    uci show
    uci set wireless.default_radio0.hidden='1'
    uci commit
    uci reload_config
    reboot
    ...
    result:
    wireless.default_radio0=wifi-iface
    wireless.default_radio0.device='radio0'
    wireless.default_radio0.network='lan'
    wireless.default_radio0.mode='ap'
    wireless.default_radio0.ssid='Omega-####'
    wireless.default_radio0.encryption='psk2'
    wireless.default_radio0.key='thisismysecret'
    wireless.default_radio0.hidden='1'
    

    But i'm testing a LEDE image.



  • @Luciano-S @Francesco-Pessolano It worked for me. (Reboot needed)



  • you mean you can reboot this thing? reboot for me does not work
    anyhow I tried to set

    wireless.@wifi-iface[0].hidden='true'

    but it did nothing, There is no default radio on the standard os



  • @Francesco-Pessolano this is what I did:

    1. uci set wireless.@wifi-iface[0].hidden='1'
    2. uci commit
    3. reload_config
    4. reboot
      Since 'hidden' value is set to 1, when my Omega boot up the AP ssid is hidden as expected.


  • I will try even if everytime i do reload_config it stalls everything and i need to turn off and on

    Overall, i am happy with this chip ... i only wish there was more support especially on the source codes



  • @Zheng-Han hiding the AP doesn't really do anything. You can still see the signal and the wifi mac and proceed with attacks as usuall, but more concerning, it's using up that valuable wifi spectrum for no reason.
    I can see all my neighbor's hidden ssids, wmacs and all with an app on my phone. Mine's a $2 app called WiFi Analyzer --- but there's free ones.

    Whatever.

    Requires further testing, but I seemed to have killed the AP with:

    iwpriv ra0 set Channel=0 # dead now

    I wonder if it's a hidden driver setting or a bug or something; but it seems to have worked.

    note that uci set wireless.ra0.channel=0 does NOT work. You have to iwpriv or the channel seems to be hardcoded at 11...



  • I definitively agree, i truly hate to have the on and have a bck door not protected from my router



  • After further testing, it appears still to be working... so I went source diving and found mainly the problem is in the /lib/wifi/ralink.sh -- it seems intentionally or by bug to lookup the apcli0 channel and overwrite whatever you put in wireless.ra0.channel -- or possibly looks up the channel of the AP the client connects to and overwrites the AP channel with that (for whatever reason).

    But the client works fine on channel 0 iff you set only the ra0 channel to 0.

    So I made a new setting and kludged it in rudely just above the part where it sets the channel for the ra0 dev with iwpriv.

    Note that applying this patch, while allowing uci set wireless.ra0.ra0_only_channel 0, will also prevent opkg from being able to update the ralink-wifi-mt76x8 package; possibly leaving you with no ralink drivers installed. Be sure to copy the ipk to /root/ if you plan to use this patch so you can rescue the system over serial... or just factory reset or whatever, that seems pretty painless.

    --- ralink.sh-orig  2017-02-14 17:43:04.885469047 -0500
    +++ ralink.sh-mine  2017-02-14 17:50:07.826365772 -0500
    @@ -598,8 +598,15 @@
                 
                    set_wifi_up "$vif" "$ifname"
            done
    -   
    -   [ "$channel" != "auto" ] && iwpriv $device set Channel=$channel
    +
    +   # I made a slightly difference settings space so I could have a
    +   # different channel for each device.
    +   # 
    +   # use uci set wireless.ra0.ra0_only_channel 0 to disable AP
    +
    +   config_get ${device}_only_channel $device mah_only_channel $channel
    +
    +   [ "$channel" != "auto" ] && iwpriv $device set Channel=$mah_only_channel
            iwpriv $device set MaxStaNum=$maxassoc
     }


  • @Paul-Miller I tried your way but without luck. ApCliEnable automatically fails to '0' for some reason and I can't keep my STA link...

    I set the ssid and password to random strings of maximum length and hided the network, seems like this works



  • @Himura-Kazuto agreed. I'm sure this worked at one point ā€¦ a while later, I discovered it nolonger worked, or I imagined it or something. Maybe I was on a different firmware version (and have no idea which)? Who knows.

    I shelved the omega2. It's a pile. It's neat as a novelty, but overall it's a pile. I'm using other devices instead.



  • So is it confirmed that the WiFi access point on the Omega2 cannot be disabled? If that's the case, this is a dealbreaker.

    Paul: Which device did you end up using?



  • With the proprietary driver the Omega2 ships with - sadly, yes, the AP is always on.

    But with the open source mt76 driver, disabling the AP is no problem.

    And note that mt76 has matured a lot since this thread started a year ago! As a true open source project, there are people working steadily to improve it. There are updates every few weeks to make it better. For my needs, mt76 has become stable enough already many months ago. And it is a much cleaner setup, using standard cfg80211. I like it way better than these sad proprietary chunks of code tied to a specific kernel version and thus blocking all other progress!


Log in to reply
 

Looks like your connection to Community was lost, please wait while we try to reconnect.