I’m looking into setting up a WIFI access point on my pcengines APU2C4 router. Following the WiFi: Enable support for 5GHz AccesPoints with DFS thread on Phabricator and @alain fabulous work on getting a Compex WLE600VX card with the ath10 chipset up and running, I’m having issues changing the regulatory domain for the wifi card.
While the T452 thread covers the implementation of the ath10k on vyos 1.2 Crux by using the outdated method of compiling your own kernel, I’m trying to get the same wifi card up and running on vyos-1.3-rolling-latest.iso. Thanks to the vyos developers move towards buster as the underlying version of debian and the use of the upstream kernel, the card is properly detected without further adjustments:
dmesg | grep ath10*
[ 26.904062] ath10k_pci 0000:04:00.0: pci irq msi oper_irq_mode 2 irq_mode 0 reset_mode 0
[ 27.348793] ath10k_pci 0000:04:00.0: qca988x hw2.0 target 0x4100016c chip_id 0x043222ff sub 0000:0000
[ 27.348802] ath10k_pci 0000:04:00.0: kconfig debug 0 debugfs 0 tracing 0 dfs 0 testmode 0
[ 27.349453] ath10k_pci 0000:04:00.0: firmware ver 10.2.4-1.0-00045 api 5 features no-p2p,raw-mode,mfp,allows-mesh-bcast crc32 ccbd5104
[ 27.410228] ath10k_pci 0000:04:00.0: board_file api 1 bmi_id N/A crc32 bebc7c08
[ 28.596927] ath10k_pci 0000:04:00.0: htt-ver 2.1 wmi-op 5 htt-op 2 cal otp max-sta 128 raw 0 hwcrypto 1
[ 90.523437] ath10k_pci 0000:04:00.0: pdev param 0 not supported by firmware
[ 92.355298] ath10k_pci 0000:04:00.0: pdev param 0 not supported by firmware
lspci -v
04:00.0 Network controller: Qualcomm Atheros QCA986x/988x 802.11ac Wireless Network Adapter
Flags: bus master, fast devsel, latency 0, IRQ 56
Memory at f7600000 (64-bit, non-prefetchable) [size=2M]
Expansion ROM at f7800000 [disabled] [size=64K]
Capabilities: [40] Power Management version 2
Capabilities: [50] MSI: Enable+ Count=1/8 Maskable+ 64bit-
Capabilities: [70] Express Endpoint, MSI 00
Capabilities: [100] Advanced Error Reporting
Capabilities: [140] Virtual Channel
Capabilities: [160] Device Serial Number 00-00-00-00-00-00-00-00
Kernel driver in use: ath10k_pci
Kernel modules: ath10k_pci
The wifi card still needs the additional steps of rebuilding wireless-regdb as documented in T452:
- On a Jessie build machine, do:
A.sudo apt-get build-dep crda wireless-regdb
B.git clone git://git.kernel.org/pub/scm/linux/kernel/git/sforshee/wireless-regdb.git
C.cd wireless-regdb
D.vim db.txt
E. Restrict regdom settings for your country according to local law! For Germany, this means
disabling channels greater 140 by prepending a # to the line:#(5725 - 5875 @ 80), (25 mW)
F.make
G.fakeroot checkinstall -D --install=no make install
2. copy deb package to vyos
3. On a VyOS instance, do:
A. install package on vyos:dpkg -i <your-wireless-regdb-package.deb>
B.reboot
With the hostapd
sourced and configure
set the output of sudo iw reg get
sill looks like this
country 98: DFS-UNSET
(2402 - 2472 @ 40), (N/A, 20), (N/A)
(5170 - 5250 @ 80), (N/A, 23), (N/A), NO-OUTDOOR, AUTO-BW
(5250 - 5330 @ 80), (N/A, 20), (0 ms), NO-OUTDOOR, DFS, AUTO-BW
(5490 - 5725 @ 160), (N/A, 23), (0 ms), DFS
(57240 - 66000 @ 2160), (N/A, 40), (N/A)
phy#0
country US: DFS-FCC
(2402 - 2472 @ 40), (N/A, 30), (N/A)
(5170 - 5250 @ 80), (N/A, 23), (N/A), AUTO-BW
(5250 - 5330 @ 80), (N/A, 23), (0 ms), DFS, AUTO-BW
(5490 - 5730 @ 160), (N/A, 23), (0 ms), DFS
(5735 - 5835 @ 80), (N/A, 30), (N/A)
(57240 - 71000 @ 2160), (N/A, 40), (N/A)
cat show interfaces wireless wlan0
wireless wlan0 {
address 192.168.1.1/24
channel 36
description WIFI
hw-id 04:f0:21:41:80:a3
mode ac
physical-device phy0
security {
wpa {
cipher CCMP
mode wpa2
passphrase ****
}
}
ssid test1
type access-point
}
I’m able to connect to the wifi access-point but the regulatory domain is not set to DE: cat iw dev wlan0 info
Interface wlan0
ifindex 5
wdev 0x1
addr 04:f0:21:41:80:a3
ssid test1
type AP
wiphy 0
channel 36 (5180 MHz), width: 20 MHz, center1: 5180 MHz
txpower 23.00 dBm
multicast TXQ:
qsz-byt qsz-pkt flows drops marks overlmt hashcol tx-bytes tx-packets
0 0 10 0 0 0 0 1734 10
/etc/modprobe.d/cfg80221.conf /etc/default/crda
also look like mentioned in T452
hostapd
hostapd configuration file for CompexWLE600VX
interface=wlan0
driver=nl80211
ctrl_interface=/var/run/hostapd_wlan0
ctrl_interface_group=0IEEE 802.11
ssid=test1
hw_mode=a
channel=36
max_num_sta=32
auth_algs=1
disassoc_low_ack=1DFS
ieee80211d=1
ieee80211h=1
country_code=DE
local_pwr_constraint=3IEEE 802.11n
ieee80211n=1
ht_capab=[HT20][HT40+][HT40-][MAX-AMSDU-7935][SMPS-STATIC][LDPC][SHORT-GI-20][SHORT-GI-40][TX-STBC][RX-STBC1][DSSS_CCK-40]IEEE 802.11ac
ieee80211ac=1
vht_oper_chwidth=1
vht_capab=[MAX-MPDU-11454][RXLDPC][SHORT-GI-80][TX-STBC-2BY1][RX-STBC-1][MAX-A-MPDU-LEN-EXP3][RX-ANTENNA-PATTERN][TX-ANTENNA-PATTERN][BF-ANTENNA-2][SOUNDING-DIMENSION-2][VHT-LINK-ADAPT3]WPA/IEEE 802.11ac
wpa=2
wpa_passphrase=****
wpa_key_mgmt=WPA-PSK
rsn_pairwise=CCMP
wpa_ptk_rekey=600vht_oper_centr_freq_seg0_idx=42
beacon_int=100
dtim_period=2
rts_threshold=2347
macaddr_acl=0
ignore_broadcast_ssid=0hostapd event logger configuration
logger_syslog=-1
logger_syslog_level=2
logger_stdout=-1
logger_stdout_level=2TX queue parameters
tx_queue_data3_aifs=7
tx_queue_data3_cwmin=15
tx_queue_data3_cwmax=1023
tx_queue_data3_burst=0
tx_queue_data2_aifs=3
tx_queue_data2_cwmin=15
tx_queue_data2_cwmax=63
tx_queue_data2_burst=0
tx_queue_data1_aifs=1
tx_queue_data1_cwmin=7
tx_queue_data1_cwmax=15
tx_queue_data1_burst=3.0
tx_queue_data0_aifs=1
tx_queue_data0_cwmin=3
tx_queue_data0_cwmax=7
tx_queue_data0_burst=1.5WMM
wmm_enabled=1
uapsd_advertisement_enabled=1
wmm_ac_bk_cwmin=4
wmm_ac_bk_cwmax=10
wmm_ac_bk_aifs=7
wmm_ac_bk_txop_limit=0
wmm_ac_bk_acm=0
wmm_ac_be_aifs=3
wmm_ac_be_cwmin=4
wmm_ac_be_cwmax=10
wmm_ac_be_txop_limit=0
wmm_ac_be_acm=0
wmm_ac_vi_aifs=2
wmm_ac_vi_cwmin=3
wmm_ac_vi_cwmax=4
wmm_ac_vi_txop_limit=94
wmm_ac_vi_acm=0
wmm_ac_vo_aifs=2
wmm_ac_vo_cwmin=2
wmm_ac_vo_cwmax=3
wmm_ac_vo_txop_limit=47
wmm_ac_vo_acm=0
eapol_key_index_workaround=0
eap_server=0
own_ip_addr=127.0.0.1
configure
System Management
set system time-zone Europe/Berlin
##########################################################################
Ethernet Interfaces, DHCP and DNS Server
##########################################################################
Set Interface WAN
set interfaces ethernet eth0 address ‘10.10.10.10/24’
set interfaces ethernet eth0 description ‘WAN’
set interfaces ethernet eth0 duplex auto
set interfaces ethernet eth0 smp-affinity auto
set interfaces ethernet eth0 speed auto
set interfaces ethernet eth0 pppoe 0 default-route auto
set interfaces ethernet eth0 pppoe 0 mtu 1492
set interfaces ethernet eth0 pppoe 0 name-server auto
set interfaces ethernet eth0 pppoe 0 user-id [email protected]
set interfaces ethernet eth0 pppoe 0 password somethingSet Interface LAN
set interfaces ethernet eth1 address ‘192.168.0.1/24’
set interfaces ethernet eth1 description ‘LAN’Enable SSH
set service ssh port ‘22’
Set DHCP-Server LAN
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 default-router ‘192.168.0.1’
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 dns-server ‘192.168.0.1’
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 domain-name ‘internal-network’
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 lease ‘86400’
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 range 0 start ‘192.168.0.9’
set service dhcp-server shared-network-name LAN subnet 192.168.0.0/24 range 0 stop ‘192.168.0.254’Set DNS-Server LAN
set service dns forwarding cache-size ‘0’
set service dns forwarding listen-address ‘192.168.0.1’
set service dns forwarding name-server ‘8.8.8.8’
set service dns forwarding name-server ‘8.8.4.4’
set service dns forwarding allow-from ‘0.0.0.0/0’Set NAT LAN
set nat source rule 100 outbound-interface ‘eth0’
set nat source rule 100 source address ‘192.168.0.0/24’
set nat source rule 100 translation address masquerade##########################################################################
WIFI Interface, DHCP and DNS Server
##########################################################################
Set Interface WLAN
set system wifi-regulatory-domain DE
set interfaces wireless wlan0 description ‘WIFI’
set interfaces wireless wlan0 address ‘192.168.1.1/24’
set interfaces wireless wlan0 type access-point
set interfaces wireless wlan0 channel 36
set interfaces wireless wlan0 mode ac
set interfaces wireless wlan0 ssid ‘test1’
set interfaces wireless wlan0 security wpa mode wpa2
set interfaces wireless wlan0 security wpa cipher CCMP
set interfaces wireless wlan0 security wpa passphrase ‘****’Set DHCP-Server WIFI
set service dhcp-server shared-network-name WIFI authoritative
set service dhcp-server shared-network-name WIFI subnet 192.168.1.0/24 default-router ‘192.168.1.1’
set service dhcp-server shared-network-name WIFI subnet 192.168.1.0/24 dns-server ‘192.168.1.1’
set service dhcp-server shared-network-name WIFI subnet 192.168.1.0/24 domain-name ‘internal-wifi’
set service dhcp-server shared-network-name WIFI subnet 192.168.1.0/24 lease ‘86400’
set service dhcp-server shared-network-name WIFI subnet 192.168.1.0/24 range 0 start ‘192.168.1.10’
set service dhcp-server shared-network-name WIFI subnet 192.168.1.0/24 range 0 stop ‘192.168.1.254’Set DNS-Server WIFI
set service dns forwarding listen-address ‘192.168.1.1’
Set NAT WIFI
set nat source rule 200 outbound-interface ‘eth0’
set nat source rule 200 source address ‘192.168.1.0/24’
set nat source rule 200 translation address masquerade##########################################################################
Firewall rules
##########################################################################
Set Firewall WAN
set firewall name WAN-IN default-action ‘drop’
set firewall name WAN-IN rule 10 action ‘accept’
set firewall name WAN-IN rule 10 state established ‘enable’
set firewall name WAN-IN rule 10 state related ‘enable’Set Firewall LAN
set firewall name WAN-LAN default-action ‘drop’
set firewall name WAN-LAN rule 10 action ‘accept’
set firewall name WAN-LAN rule 10 state established ‘enable’
set firewall name WAN-LAN rule 10 state related ‘enable’
set firewall name WAN-LAN rule 20 action ‘accept’
set firewall name WAN-LAN rule 20 icmp type-name ‘echo-request’
set firewall name WAN-LAN rule 20 protocol ‘icmp’
set firewall name WAN-LAN rule 20 state new ‘enable’Set SSH access
set firewall name WAN-LAN rule 30 action ‘drop’
set firewall name WAN-LAN rule 30 destination port ‘22’
set firewall name WAN-LAN rule 30 protocol ‘tcp’
set firewall name WAN-LAN rule 30 recent count ‘4’
set firewall name WAN-LAN rule 30 recent time ‘60’
set firewall name WAN-LAN rule 30 state new ‘enable’
set firewall name WAN-LAN rule 31 action ‘accept’
set firewall name WAN-LAN rule 31 destination port ‘22’
set firewall name WAN-LAN rule 31 protocol ‘tcp’
set firewall name WAN-LAN rule 31 state new ‘enable’Apply Firewall policies
set interfaces ethernet eth0 firewall in name ‘WAN-IN’
set interfaces ethernet eth0 firewall local name ‘WAN-LAN’
Anyone got an idea why my configuration does apply or finds some mistake in it?
Edit: I’m using vyos-1.3-rolling-202001150217-amd64.iso
Edit2: @admins Sorry for double posting this thread. Please delete the other one