[Solved] Unable to configure wireless interface in access point mode via Web GUI

[hartmut]

Hello all,

I'm new to OPNsense, having it installed on an APU2 with 4GB RAM and 16GB SSD. My WLAN Card is an Atheros AR9280 which is well supported by FreeBSD in HOSTAP mode. However, I'm unable to configure this in the Web GUI.

To check the driver support, I started the card in AP mode using the following commands:

Code Select Expand

# ifconfig ath0_wlan0 destroy
# ifconfig wlan0 create wlandev ath0 wlanmode hostap
# ifconfig wlan0 name ath0_wlan0
# ifconfig ath0_wlan0 list caps
drivercaps=4f8def41<STA,FF,IBSS,PMGT,HOSTAP,AHDEMO,TXPMGT,SHSLOT,SHPREAMBLE,MONITOR,MBSS,WPA1,WPA2,BURST,WME,WDS,TXFRAG>
...
# ifconfig ath0_wlan0 inet 192.168.2.1 netmask 255.255.255.0 ssid myssid mode 11g channel 6


The myssid WLAN was then detected by wireless clients (however they were unable establish a connection).

BTW, using the command line even a second interface ath0_wlan1 can be created in AP mode on the same WLAN card with a different SSID:

Code Select Expand

ath0_wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 04:f0:21:96:b5:fc
inet6 fe80::6f0:21ff:fe96:b5fc%ath0_wlan0 prefixlen 64 scopeid 0x8
inet 192.168.2.1 netmask 0xffffff00 broadcast 192.168.2.255
groups: wlan
ssid myssid channel 6 (2437 MHz 11g) bssid 04:f0:21:96:b5:fc
regdomain FCC country US ecm authmode OPEN privacy OFF txpower 30
scanvalid 60 protmode CTS wme burst dtimperiod 1 -dfs
media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng <hostap>
status: running
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
ath0_wlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 04:f0:21:96:b5:fc
inet 192.168.3.1 netmask 0xffffff00 broadcast 192.168.3.255
inet6 fe80::6f0:21ff:fe96:b5fc%ath0_wlan1 prefixlen 64 scopeid 0x9
groups: wlan
ssid myotherssid channel 9 (2452 MHz 11g ht/40-) bssid 04:f0:21:96:b5:fc
regdomain FCC country US ecm authmode OPEN privacy OFF txpower 30
scanvalid 60 protmode CTS ampdulimit 64k ampdudensity 8 shortgi -ldpc
wme burst dtimperiod 1 -dfs
media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng <hostap>
status: running
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>


After several failed configuration attempts I hoped that the problem was that the ath0_wlan0 interface is created in infrastructure mode on boot. So I destroyed and created it in HOSTAP mode using the above commmands (without assigning an address or SSID), then used the opnsense shell to assign it to OPT2.

However, although the Web GUI allowed me to configure it in Access Point mode, the result was the same as before: After the page refresh the access point settings were no longer displayed. They were also not set on the interface (after applying the saved changes - no SSID, no IP address and regulatory domain settings unchanged):

Code Select Expand

ath0_wlan0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 04:f0:21:96:b5:fc
groups: wlan
ssid "" channel 6 (2437 MHz 11g)
regdomain FCC country US ecm authmode OPEN privacy OFF txpower 30
scanvalid 60 protmode CTS wme burst dtimperiod 1 -dfs bintval 0
media: IEEE 802.11 Wireless Ethernet autoselect <hostap> (autoselect <hostap>)
status: no carrier
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>


They indeed seem completely lost: In config.xml there is only

Code Select Expand

    <opt2>
      <if>ath0_wlan0</if>
      <descr>WIFI</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>192.168.2.1</ipaddr>
      <subnet>24</subnet>
    </opt2>


and the SSID cannot be found also in any of the config directories I know of:

Code Select Expand

# grep -r myssid /etc         
# grep -r myssid /usr/local/etc
#


I also wonder why the Wireless Devices page does not allow the selection of the interface mode when creating additional wireless interfaces. Only infrastructure interfaces can be created.

What is the correct procedure to configure the WLAN card in access point mode? And is there a way to use the card's/driver's capability of handling mutliple hostap interfaces?

Sincerely,
Hartmut

[hartmut]

I'll answer my own question.

After doing a fresh install of the latest OPNsense 21.1 and then of the oldest available version 19.7 without any success regarding the Access Point problem, I installed pfSense. Initially, pfSense did not show any wireless interface at all, and so I learned that one has to configure the wireless clone interfaces first on the Wireless Devices Web GUI page. (I do not remember what I did on my first install when doing the initial interface assignments in the installer, but apparently there happened something strange, resulting in a wireless clone that did not show up on the Wireless Devices page.) I had no problem creating any number of access points on my WLE200NX card and configuring them.

With two access points fully configured the wireless section of pfSense looked like this:

Code Select Expand

<wireless>
<clone>
<if>ath0</if>
<mode>hostap</mode>
<descr></descr>
<cloneif>ath0_wlan0</cloneif>
</clone>
<clone>
<if>ath0</if>
<mode>hostap</mode>
<descr></descr>
<cloneif>ath0_wlan1</cloneif>
</clone>
<interfaces>
<ath0>
<standard>11ng</standard>
<protmode>off</protmode>
<channel>4</channel>
<distance></distance>
<regdomain>etsi</regdomain>
<regcountry>CH</regcountry>
<reglocation>indoor</reglocation>
</ath0>
</interfaces>
</wireless>


As we can see, the common wireless settings configured with the Access Points were also persisted. I had never seen this in the OPNsense configuration before, where I had instead:

Code Select Expand

  <wireless>
    <clone/>
  </wireless>


Armed with the knowledge I gathered with pfSense I then did a fresh install of OPNsense 21.1, following the rule to not do anything wireless related until I get to the Web GUI's Wireless Devices page. Alas, creating a wireless clone in Access Point mode there was not possible: No selection element to choose the mode is shown on the page. (This is in heavy contrast to the fact that on the Wireless Devices page a column "Mode" is displayed.)

I then substituted the config.xml's wireless section with the one from pfSense using an editor. As it turned out, this was all what was necessary to get the Access Point functionality of OPNsense working: After that, the interfaces could be configured in Access Point mode on their respective pages without any problems.

It appears to me that what is broken in OPNsense is only the interfaces_wireless_edit.php page. Looking at its source code, there is indeed no input element for mode, instead there is a hidden field:

Code Select Expand

<input type="hidden" name="mode" value="<?=isset($pconfig['mode']) ? $pconfig['mode'] : 'bss' ?>" />

This is strange since upon creating a new clone, where could a previous value for 'mode' come from? The page seems to be broken since September 2015 (commit https://github.com/opnsense/core/commit/cf343609d03594f160466fa3acbca8e5e57b0750#diff-99e73e1cfe052dd5e053341cc71186436b116372ee4dee01fdf8bed19ff8856e).

I don't know what was the motivation for this change, but what I can see is that until then the mode could be selected on two pages (this one and interfaces.php), what is clearly an inconsistency, inherited from pfSense. It was, I think, resolved in the wrong direction however: The wireless clone's mode should be selected once upon creation and be readonly on the interface configuration page. A less logical alternative (since it would prevent creating several clones in batch and then configuring them all - at least WLE200NX does not permit more than one bss clone, and the clones are all created as bss) would possibly be to update the clone in the wireless section from this page. Currently the interfaces.php page, however, does not even persist any of the wireles stuff when given a wireless section with an empty clone like shown above. The interfaces look like ordinary wired interfaces after save and thus are unusable:

Code Select Expand

    <opt2>
      <if>ath0_wlan0</if>
      <descr>WIFI</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>192.168.2.1</ipaddr>
      <subnet>24</subnet>
    </opt2>


A correct configuration instead would look like this:

Code Select Expand

    <opt2>
      <if>ath0_wlan0</if>
      <wireless>
        <channel>4</channel>
        <protmode>off</protmode>
        <regcountry>CH</regcountry>
        <regdomain>etsi</regdomain>
        <reglocation>indoor</reglocation>
        <standard>11ng</standard>
        <mode>hostap</mode>
        <wpa>
          <macaddr_acl/>
          <auth_algs>1</auth_algs>
          <wpa_mode>2</wpa_mode>
          <wpa_key_mgmt>WPA-PSK</wpa_key_mgmt>
          <wpa_pairwise>CCMP TKIP</wpa_pairwise>
          <wpa_group_rekey>60</wpa_group_rekey>
          <wpa_gmk_rekey>3600</wpa_gmk_rekey>
          <passphrase>mypassphrase</passphrase>
          <ext_wpa_sw/>
          <ieee8021x/>
          <enable>1</enable>
        </wpa>
        <wme/>
        <wep>
          <key/>
        </wep>
        <hidessid/>
        <pureg>
          <enable>1</enable>
        </pureg>
        <puren/>
        <ieee8021x/>
        <ssid>myssid</ssid>
        <authmode/>
        <txpower/>
        <auth_server_addr/>
        <auth_server_port/>
        <auth_server_shared_secret/>
        <auth_server_addr2/>
        <auth_server_port2/>
        <auth_server_shared_secret2/>
        <apbridge/>
        <turbo/>
      </wireless>
      <descr>WIFI</descr>
      <enable>1</enable>
      <spoofmac/>
      <ipaddr>192.168.2.1</ipaddr>
      <subnet>24</subnet>
    </opt2>


Sincerely,
Hartmut

[MrG]

I can confirm this issue. But I would not call it Solved... This should be fixed.

[dbass81]

 Thank you hartmut for this detailed information!  I also have to configure the ath0 interface via the command line to get it working in hostap mode.  This needs to be fixed in the WebGUI!