Omega2+ fails to connect to wifi
@Scott-Horsley thanks! I wasn't able to reproduce your config - for me, the change from option mode '9' to 'sta' doesn't change a thing. I still get "wlan1: disconnected, unicast key exchange timeout" in router logs.
However, I made some observations that might help you move forward:
- with option mode 'sta' and security profile on Mikrotik set to default (open - no password), my Onion2 connects to wifi (!)
- I also observed only ICMP traffic passing through
- it seems to be a local firewall issue, as Mikrotik sniffing shows no outbound attempts
- you can disable Onion firewall by /etc/init.d/firewall stop, but it doesn't change a thing - the only traffic that the router receives is ICMP and ARP, but not TCP
@Scott-Horsley further observations:
- firewall is controlled by fw3 which in turn controls iptables
- flushing iptables (iptables -F) does not solve the problem
- a device connected to the Omega can connect to the Internet but DNS won't work (seems to be an issue with Omega's NAT config)
- if you instruct iptables to log outbound traffic (iptables -t filter -A OUTPUT -o apcli0 -j LOG), then dmesg actually shows those missing packets that don't arrive to the router
Seems like there is a second firewall layer after iptables are applied.
Scott Horsley last edited by
@Michal-Rok thanks for the feedback, sorry it got you no further either.
Yep, I disabled the firewall entirely, even as far as removing the rc startup link and rebooting with no change. iptables -L shows nothing at all at this point (what you'd expect really). I tried forcing the wlan interface into the bridge (br-wlan) also with no change at all. I disabled dnsmasq and forced the resolution to Google (220.127.116.11) with, of course, no change either (which you'd expect as nothing appears to arrive on the router itself).
Was there a reference anywhere to what the "option mode '9'" (or 'sta') does and any other options relating to this area of the config? I searched on anything WRT but didn't show anything about the ralink unit so was rather roadblocked at that point.
One other point that I noted was that I needed to ensure my channel was low in order to work at all, almost like the AU flag wasn't being used. Not a huge deal as a quick scan on the MT suggested 6 was the best channel for me but changing from AU to US and/or back didn't seem to change anything at all.
As far as running with no security, I might try that trick and see if I can get any ideas of what is happening.
I originally tried connecting to my mobiles hotspot to get running and that worked, then modified the config to suite the MT, hoping that the initial config was doing something more when it was first coming online but as mentioned by a few others, that made no difference either.
Frustration to say the least.
Has anybody had any luck with a USB wifi adaptor and an MT on these units?
I love my MT(s, I have a few running in the house) so a decision to swap them isn't going to fly and I'd rather just accept that the Omega isn't for me than contemplate the alternative.
@Scott-Horsley I was suspecting that some default firewall kicks in when Omega's software sees an open, unencrypted wifi network. But that assumes you're running an open network too, but I'm reading this wasn't the case.
I wasn't able to reproduce your observations regarding encryption - for me, Omega never connects to a WPA2PSK/AES network.
Scott Horsley last edited by
@Michal-Rok Seems rather inconsistent if that is the case, I originally couldn't connect with anything of course, this configuration I can reproduce directly after a firstboot -y, sync.... which means it's certainly working.
My SSID and Passphrase are really simple words only, ECLIPSE being the SSID (as referenced, and strangely, I blanked out in the SSID box), but the password may as well be abc123 with how simple it is.
I'm dumping my MT config for the information it may or may not share with regards to this. I'm running RouterOS v6.39.2 (stable) at this time.
[scott@ap2] > /interface wireless print where name=wlan-ECLIPSE Flags: X - disabled, R - running 0 R name="wlan-ECLIPSE" mtu=1500 l2mtu=1600 mac-address=XX:XX:XX:XX:XX:XX arp=enabled interface-type=Atheros AR9300 mode=ap-bridge ssid="ECLIPSE" frequency=channel-6 band=2ghz-b/g/n channel-width=20mhz scan-list=default wireless-protocol=any vlan-mode=no-tag vlan-id=1 wds-mode=disabled wds-default-bridge=none wds-ignore-ssid=no bridge-mode=enabled default-authentication=yes default-forwarding=yes default-ap-tx-limit=0 default-client-tx-limit=0 hide-ssid=no security-profile=profile-ECLIPSE compression=no [scott@ap2] > /interface wireless security-profiles print where name=profile-ECLIPSE Flags: * - default 0 name="profile-ECLIPSE" mode=dynamic-keys authentication-types=wpa2-psk unicast-ciphers=aes-ccm group-ciphers=aes-ccm wpa-pre-shared-key="xxxxx" wpa2-pre-shared-key="xxxxx" supplicant-identity="MikroTik" eap-methods=passthrough tls-mode=no-certificates tls-certificate=none mschapv2-username="" mschapv2-password="" static-algo-0=none static-key-0="" static-algo-1=none static-key-1="" static-algo-2=none static-key-2="" static-algo-3=none static-key-3="" static-transmit-key=key-0 static-sta-private-algo=none static-sta-private-key="" radius-mac-authentication=no radius-mac-accounting=yes radius-eap-accounting=no interim-update=0s radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username radius-mac-caching=disabled group-key-update=5m management-protection=disabled management-protection-key=""
@Scott-Horsley can you please post results of /interface wireless export here? It will show just the non-default parameters and might make it easier to reproduce.
@Scott-Horsley well done! Setting
option mode 'sta'
worked for me!
@Alex-Thow are you also experiencing an issue with firewall or do you have full connectivity?
@Michal-Rok full connectivity. Though on reboot it doesn't connect to wifi...in etc/config/wireless the ApCliEnable is being reset to '0'! I have to connect via serial port to set to '1' and restart wifi. I need to sort that next!
This is what I did to get my Omega2p (0.1.5 b130) working with SKY Q Hub using WPA2PSK/AES in UK.
Basically, after configuring the wireless connection with the wifisetup tool (from serial console) I needed to edit the /etc/config/wireless and set the country to UK and ApCliEnable to 1.
config wifi-device 'ra0' option type 'ralink' option mode '9' option channel 'auto' option txpower '100' option ht '20' option country 'UK' option disabled '0' config wifi-iface option device 'ra0' option network 'wlan' option mode 'ap' option encryption 'psk2' option key '12345678' option ssid 'Omega-XXXX' option ApCliSsid 'SKYFECB3' option ApCliPassWord 'XXX' option ApCliEncrypType 'AES' option ApCliAuthMode 'WPA2PSK' option ApCliEnable '1' config wifi-config option ssid 'SKYFECB3' option encryption 'WPA2PSK' option key 'XXX'
But every reboot I need to set ApCliEnable to 1 after I uploaded to "0.1.10 b160" version. And sometimes the wifi connects, sometimes not. Maybe I'll downgrade to "0.1.5 b130" version.
It is incredible how buggy is this device.
@Alex-Thow, I can confirm that this is happening to me in the Omega2+ 0.1.10 b160.
@Mikaël-PIRIO Thanks for this solution which you provided, it works for me now.
Kegozo last edited by Kegozo
@Diego-Sueiro and @Alex-Thow, it happens to me too in the Omega2+ 0.1.10 b160. With this firmware never boot completly and omega led is blinking all the time.
I have installed other firmware and it works fine (led stop blinking and remain solid), saving all data and configurations but when I upgrated to last version, never works anymore.
Any solution for this firmware @administrators ?
Finally got my Omega2 to reliably work with Mikrotik wifi in WPA2PSK-AES mode!
Here's the trick: as discovered earlier by @Scott-Horsley the option mode 'sta' allows connecting to AP, but does not allow any useful transmission. I found out that if you switch to mode '9' (original setting) following a successful connection in mode 'sta', without reboot, it will work!
Try this on a clean Omega:
- set your SSID, password and mode with the following commands:
uci set wireless.@wifi-iface.ApCliSsid='yourssid' uci set wireless.@wifi-iface.ApCliPassWord='yourpassword' uci set wireless.ra0.mode='sta' uci commit
- then edit /etc/rc.local to include: (before the "exit 0" line)
/sbin/uci set wireless.ra0.mode=9 /usr/bin/nr
Do not commit the mode=9, you need config file to remain set to mode='sta'. Reboot to try out.
ps. in an out-of-the-box Omega2, this will skip the installation wizard and you'll need to install the Console manually
I finally seem to have got mine connecting to wifi now on each reboot (still can't quite believe it!).
Here's my etc/config/wireless:
config wifi-device 'ra0' option type 'ralink' option mode 'sta' option channel 'auto' option ht '20' config wifi-iface option device 'ra0' option network 'wlan' option mode 'ap' option ssid 'Omega-831B' option encryption 'psk2' option key '12whatevr' option ApCliAuthMode 'WPA2PSK' option ApCliEncrypType 'AES' option ApAuthMode 'WPA2PSK' option ApCliSsid 'ap7411' option ApCliPassWord '123yadayada' option ApCliEnable '1'
I don't know what most of these do but they all seem to matter and the ORDER also seems to matter! (for some). Specifically ApAuthMode I tried right after key but it didn't like it!
No "config wifi-config"...reqd info is in the iface.
device mode 'sta' works for me. Could also try ap or adhoc. '9' just didn't do it for me!
Anyway, now that I've posted this it'll probably break so speak to ya soon!
Changing option mode '9' to option mode 'sta' lets the option ApCliEnable '1' to persist across reboots.
This is beyond frustrating and idiotic . I have been modifying small routers with DD-WRT for years, setting up everything in config files, without the aid of any web or graphical interface.
I have ~15 years experience with linux and unix systems , yet for the past four days i'm banging my head against the monitor , setting up a device that is supposed to be "beginner friendly" .
This is bad engineering to say the least, and disrespect for the people who bought this device .
Do not consider this post as a rant, but rather a wake up call for those who built and sell this device .
Either stick to your claim that this device is beginner friendly, of say the goddam truth that even expert level will find this difficult and confusing.
And for the love of god, write BIG on the disclaimer "WE DO NOT HAVE DOCUMENTATION" . Besides an youtube clip and some truly misleading tutorials, there is nothing useful.
Advanced documentation on config files ? - We don't have that ! The documentation you published is NOT accurate !!
Thank you, and please excuse my angry post, but your device got me on this level ..
@Alex-Thow I tried your config.. In my case, it doesn't work no matter what router i use ( i have 10 various routers, and i had the patience to test them all.. two times in a row ) .
So can you please elaborate a bit on your setup ?
I have found the issue with the web setup and the real reason why no one seems to be able to connect the device to any wireless network. What i did, in steps, so anyone can reproduce .
1 - Reset the device to factory defaults ( VERY IMPORTANT if you tested and failed to setup wireless before ).
2 - immediately after successful boot, connect to the WIFI AP that Omega2+ sets up, but DO NOT connect to the web setup.
3 - log-in to SSH or serial console, and edit /etc/config/wireless ( vi /etc/config/wireless ).
4 - Remove the line 'option country 'US' . If you will read the OPENWRT documentation, you will see that this setting is NOT mandatory, but it has an adverse effect for anyone that has the router set to any NON-US country. Apparently, the devs from Onion live under the impression that there is only US in this world.....
Save the file ..
5 - reboot the device, connect to the wireless AP set by the device, and run the web setup. For me it was successful , but i will gladly help anyone, as the admins from Onion seem to be clueless ...
@Scott-Horsley I can confirm this working on my mikrotik router, after 48+ hours of frustration and head-banging against the monitor . Great job !!