Possible tp-link issues/Access Points have constant connection with n-use1-devs-gw.tplinkcloud.com
-
Hello fellow Netgate community members,
I recently purchased a new AP, however during testing I have found that the brand new out of the box device seems to always have a constant connection to ...
n-use1-devs-gw.tplinkcloud.com
Keep in mind it was running non stop. This is only the AP system however there was enough data passed to something called tplinkcloud that it does cause some areas for concern.
This if it is a update repo should not have a constant connection correct?
I have since disabled all communication with that.
What would require so many different IP addresses and constant links?? The AP seems to be acting on its own without users and making calls to a cloud service without user approval.
Please be warned, my AP is the .2 so I have no browser running on it as it is only in AP bridge mode and yet it still is connecting to something else and passing traffic....
If an AP is in bridge mode why would it still pass traffic to tplinkcloud without user approval. Some might say this is in direct violation of CCPA and GDPR. Any update would only connect once the user starts the update and over gigabit speeds it should never require a constant connection to its cloud platform right? Tell me what you think about this. I found a nifty way to protect your privacy rights and override this also.
It is simple just create a block everything except the firewall connection for the AP it should need anything but the firewall outside of that the other addresses can be utilized still with the DHCP set on the link side (firewall).
Stay vigilant
Could be a regional data sovereignty issue and a product is shipping and still acting out the regulations for where that device is manufactured. I don't know.
CCPA in our region does protect user privacy laws.
With that said the device works great once you block out the constant connections to cloud services that are not used or activated.
-
@JonathanLee Does this model of AP have some cloud management feature and if so, is it enabled? Could it be a firmware check? I don't allow my solitary AP access to the WAN even though I trust it (OpenWRT). It doesn't need to.
-
https://community.tp-link.com/en/business/forum/topic/525328
The following EAP firmware version released last week (on June 9, 2022) have added support to disable cloud-connection behavior.
unifi can be disabled as well, etc..
You can for sure just block how your doing it, but when things send out stuff you don't want them to - its better to disable as the device if possible vs just letting them bang their head against the wall putting noise on the wire and filling up logs with spam..
-
I have model TL-WA1201. It was on sale for $30!! A gigabit AP with Wireless AC for $30 dollars in this day and age unheard of right??
-
@JonathanLee glad your happy, but it doesn't do vlans prob should of put the 30 bucks towards an AP that can do vlans to be honest.
Can you put dd-wrt or openwrt on it - then you would have vlans, and it sure wouldn't be phoning home..
looks like maybe, what hardware version 2, 3, 3.6? And sale price being low, prob the old v2 hardware. So you should be able to put openwrt on it.
-
@johnpoz Cool what an amazing find, it runs AC and it can run OpenWRT, this is new to me I have not seen OpenWRT yet, will this make the system better over it's stock stuff?
-
@JonathanLee Pretty much given.. And it should add the ability to do vlans, unless the hardware can not actually support them which is rare... I didn't read all the details, just that it was supported.
Back in the day when I was running just soho router, before I found pfsense I always ran dd-wrt or openwrt..
-
@johnpoz I got the new AP after the internal compex card could no longer run without rebooting once it started running full tilt on pfSense. I have the SG-2100 so I also can't see the swap partition without a usb drive set up for swap use. I will research it more however with finals I can't have it reboot right now. Also I remember you were very anti using the built in wifi support with freebsd for pfSense. I loved it. Again, I never got it to max out until I got my new fiber line, after that it would reboot on its own, something is causing kernel panics and rebooting.
x0: 0 x1: ffff00009c600000 ($d.6 + 999bb068) x2: 84 x3: 4 x4: 1 x5: ffff000097280840 ($d.6 + 9463b8a8) x6: 0 x0: 0 x7: 100 x1: ffff00009c600000 x8: ffff000000ad0114 ($d.6 + 999bb068) (generic_bs_r_4 + 0) x2: 80f4 x9: ffff000000acff6c x3: 4 (generic_bs_barrier + 0) x4: 1 x10: 88 x5: ffff000096fdd000 x11: 5c0 ($d.6 + 94398068) x12: 1 x13: 1 x6: 100 x14: 285f x7: ffff00009723684c x15: 2af8 ($d.6 + 945f18b4) x16: 2878 x17: 0 x8: ffff000000ad0114 x18: ffff000097280850 (generic_bs_r_4 + 0) ($d.6 + 9463b8b8) x9: ffff000000acff6c x19: ffff000096feb000 (generic_bs_barrier + 0) ($d.6 + 943a6068) x10: 3e8 x20: ffff00009c600000 x11: 10624dd3 ($d.6 + 999bb068) x12: 64 x21: 84 x13: 0 x22: ffff00000213aa80 x14: 186a0 (memmap_bus + 0) x15: 8003bed3 x23: ffff00009c236a74 x16: ffffa00025b97200 ($d.6 + 995f1adc) x24: ffffa000019efc80 x17: ffffa0000275019a x25: 0 x26: 0 x18: ffff0000403c0770 x27: ffff000002192e98 ($d.6 + 3d77b7d8) (Giant + 18) x19: ffff000096feb000 x28: ffffa000019efc80 ($d.6 + 943a6068) x20: ffff00009c600000 x29: ffff000097280850 ($d.6 + 999bb068) ($d.6 + 9463b8b8) x21: 80f4 sp: ffff000097280850 x22: ffff00000213aa80 lr: ffff000000167114 (memmap_bus + 0) (ath_hal_reg_read + cc) x23: ffff000096fef544 elr: ffff000000ad0118 ($d.6 + 943aa5ac) (generic_bs_r_4 + 4) x24: ffff000096feb000spsr: 45 ($d.6 + 943a6068) far: ffff00009c600084 x25: ffff000096fef544 ($d.6 + 999bb0ec) ($d.6 + 943aa5ac) x26: 0 x27: 7530 x28: 754a x29: ffff0000403c0770 ($d.6 + 3d77b7d8) sp: ffff0000403c0770 lr: ffff000000167114 (ath_hal_reg_read + cc) elr: ffff000000ad0118 (generic_bs_r_4 + 4) spsr: 20000045 far: ffff00009c6080f4 ($d.6 + 999c315c) timeout stopping cpus panic: Unhandled EL1 external data abort cpuid = 1 time = 1714888984 KDB: enter: panic [ thread pid 12 tid 100070 ] Stopped at kdb_enter+0x44: undefined f907c27f db:0:kdb.enter.default> textdump set textdump set db:0:kdb.enter.default> capture on db:0:kdb.enter.default> run pfs db:1:pfs> bt Tracing pid 12 tid 100070 td 0xffff00009c22c600 db_trace_self() at db_trace_self db_stack_trace() at db_stack_trace+0x11c db_command() at db_command+0x358 db_script_exec() at db_script_exec+0x1a4 db_command() at db_command+0x358 db_script_exec() at db_script_exec+0x1a4 db_script_kdbenter() at db_script_kdbenter+0x58 db_trap() at db_trap+0xf4 kdb_trap() at kdb_trap+0x284 handle_el1h_sync() at handle_el1h_sync+0x10 --- exception, esr 0 $d.6() at 0xffff000097000a63 db:1:pfs> show registers spsr 0x600000c5 x0 0x12 x1 0xa x2 0x4 x3 0xa x4 0xffff000000ad0244 generic_bs_w_4 x5 0x50 x6 0xffff00000067adec kvprintf+0x470 x7 0xd5 x8 0x1 x9 0x9f067a1c30d67fd2 x10 0xffff0000023d9000 nfsheur+0x5480 x11 0xfefefefefefefeff x12 0xffff000097000a63 x13 0xfeff00ff0100 x14 0 x15 0 x16 0 x17 0 x18 0xffff000097280560 x19 0xffff000002433000 epoch_array+0x1280 x20 0xffff000002401eb0 vpanic.buf x21 0xffff00009c22c600 x22 0 x23 0xffff000002401000 proc_id_reapmap+0x2870 x24 0xffffa000019efc80 x25 0 x26 0 x27 0xffff000002192e98 Giant+0x18 x28 0xffffa000019efc80 x29 0xffff000097280560 lr 0xffff000000673a68 kdb_enter+0x40 elr 0xffff000000673a6c kdb_enter+0x44 sp 0xffff000097280560 kdb_enter+0x44: undefined f907c27f db:1:pfs> show pcpu cpuid = 1 dynamic pcpu = 0x3eb20180 curthread = 0xffff00009c22c600: pid 12 tid 100070 critnest 1 "pcib0,0: ath0" curpcb = 0xffff000097280b40 fpcurthread = 0xffff0000e1a86200: pid 29607 "snort" idlethread = 0xffff000040ebb800: tid 100004 "idle: cpu1" curvnet = 0 db:1:pfs> run lockinfo db:2:lockinfo> show locks No such command; use "help" to list available commands db:2:lockinfo> show alllocks No such command; use "help" to list available commands db:2:lockinfo> show lockedvnods Locked vnodes db:1:pfs> acttrace Tracing command clock pid 2 tid 100029 td 0xffff000096fb5c00 (CPU 0) sched_switch() at sched_switch+0x868 mi_switch() at mi_switch+0x100 version() at version+0x12c Tracing command intr pid 12 tid 100070 td 0xffff00009c22c600 (CPU 1) db_trace_self() at db_trace_self _db_stack_trace_all() at _db_stack_trace_all+0xe8 db_command() at db_command+0x358 db_script_exec() at db_script_exec+0x1a4 db_command() at db_command+0x358 db_script_exec() at db_script_exec+0x1a4 db_script_kdbenter() at db_script_kdbenter+0x58 db_trap() at db_trap+0xf4 kdb_trap() at kdb_trap+0x284 handle_el1h_sync() at handle_el1h_sync+0x10 --- exception, esr 0 $d.6() at 0xffff000097000a63 db:1:pfs> ps pid ppid pgrp uid state wmesg wchan cmd 80015 92122 412 0 S nanslp 0xffff00000240378d sleep 77724 44890 26 0 S nanslp 0xffff00000240378c sleep 80274 87627 86665 100 S sbwait 0xffff0000df9e844c perl 54117 87627 86665 100 S sbwait 0xffff0000dfa4e8cc perl 53941 87627 86665 100 S sbwait 0xffff0000df9e6d4c perl 18551 18369 17397 0 S piperd 0xffff0000e14be998 sh 18369 17397 17397 0 S wait 0xffffa0008ee11540 sh 18181 17397 17397 0 S (threaded) sshg-blocker 100326 S piperd 0xffff0000e14bd000 sshg-blocker 100376 S nanslp 0xffff00000240378c sshg-blocker 18028 17397 17397 0 S piperd 0xffff0000e14be110 sshg-parser 17703 17397 17397 0 S piperd 0xffff0000e14666c0 cat 17397 47272 17397 0 Ss wait 0xffffa00099a58000 sh 17327 1 17327 0 Ss+ ttyin 0xffffa00000e604b0 getty 92236 87627 86665 100 S sbwait 0xffff0000dfa5c8cc squidGuard 92108 87627 86665 100 S sbwait 0xffff0000dfa5ed4c squidGuard 91847 87627 86665 100 S sbwait 0xffff0000dfa5db4c squidGuard 91544 87627 86665 100 S sbwait 0xffff0000df9edb4c squidGuard 29607 1 29607 0 Rs (threaded) snort 100336 RunQ snort 100374 S nanslp 0xffff00000240378d snort 100375 S sbwait 0xffff0000dfa6844c snort 57228 87627 86665 100 S select 0xffffa00059604dc0 pinger 56920 87627 86665 100 S sbwait 0xffff0000dfa0cd4c perl 56138 87627 86665 100 S sbwait 0xffff0000df9f4d4c perl 54293 87627 86665 100 S sbwait 0xffff0000dfa168cc perl 51257 87627 86665 100 S sbwait 0xffff0000dfa05b4c perl 50784 87627 86665 100 S sbwait 0xffff0000dfa6bb4c perl 49572 87627 86665 100 S sbwait 0xffff0000df9f56cc squidGuard 48859 87627 86665 100 S sbwait 0xffff0000df9f5fcc squidGuard u47486 87627c86665 n10: USha d dsbLa txt0rfalfdata abfr8c squidGuime psqui=Gu d▒TIM-1.0 WTMI-devel-1.0.0-1115f12 WTMI: system early-init SVC REV: 5, CPU VDD voltage: 1.225V
-
@johnpoz It has version 3.6 would that work with the OpenWRT software built for version 2? It looks like the same device
-
@JonathanLee There are hardware changes, its quite possible 3.6 hardware is not supported at this time.. I did a query for 3 and 3.6 and seems people were asking about it.
You would need to check with their forums.
-
https://forum.openwrt.org/t/tl-wa1201-v3-6/197094
Done let's see what they say about the V3.6.
Plus if they have info on turning off cloud calls for US users.
-
@johnpoz I shipped it back so I can get one that will allow me to install OpenWRT on it so I can disable the cloud call outs.
-
OpenWRT took my Archer A9 from 300mbps to 30mbps it does not fully support 2.4ghz only 5ghz right now for my version
-
@JonathanLee said in Possible tp-link issues/Access Points have constant connection with n-use1-devs-gw.tplinkcloud.com:
Archer A9
huh - there is no way you were getting 300mbps real world speeds on 2.4.. Just not possible Unless your talking AX 2.4, and then yeah 300 would be possible.. Is your client AX? Other than Iot devices not sure what device these days would be talking on 2.4 to be honest.
300 is possible as a PHY, but its not real world speeds.
Why did you pick up an A9 if your plans were to put openwrt on it, it says right on their page that 2.4 is unsupported on that model.
https://openwrt.org/toh/hwdata/tp-link/tp-link_archer_a9_v6
Unsupported Functions: WiFi 2.4GHz
Just get a real AP and call it a day.. I show the unifi U6 like for 99$, or the U6+ for 129 which is 4 streams vs 2..
-
@johnpoz it was false advertising they had it as number one for use with OpenWrt. Weird right it works good in WiFi G speeds, the developers want the logs off it, but I set it back to tp link firmware with TFTP already. I am gonna configure it again. OpenWrt is good stuff
-
@JonathanLee said in Possible tp-link issues/Access Points have constant connection with n-use1-devs-gw.tplinkcloud.com:
OpenWrt is good stuff
I agree - but that hardware that doesn't have 2.4 fully functional in openwrt and you want/need 2.4 kind of makes it not good stuff..
Who advertised as number 1 for openwrt.. openwrt doesn't really make recommendations on hardware to use.. What the hell do you think a company is going to say about their product.. Yeah its number one for "anything" they want to say..
Again - get yourself a real AP not something you have to put 3rd party on to even make it usable and call it a day..
Openwrt is great for if you have some soho wifi router laying around and you want to make actual use of it.. And openwrt will allow it to do xyz, vlans for one is the big one that none of the native firmware supports even when their hardware does..
I rarely have to even think about my APs - they work, I never have to reboot them, the only time I do is when I upgrade their firmware. Really the only time I Play with them is want to try a new feature they implemented - like when you could finally do vlan assigned by radius.. Yeah got it work, and then thought have no actually need for it other than being only to broadcast one ssid and have devices join different vlans.. Its cool and all - but in to be honest not really needed.. My ssids and vlans all ready setup, why complex it up, etc.
I played with the ppsk when they enabled that - again slick.. might be useful.. But then again everything already setup, no reason to complex it up.
If you want to play with openwrt - great more power to you, completely agree its some great stuff. But get some AP to play with it on, get another AP that actually provides your network its wifi..
-
I have a working zenarmor/sensei netmap setup. It can more than likely block all of that noise. My WAPs do that too if I connect them through a VPN in Windows ICS, but magically stop when connected to pfSense or OPNsense running zenarmor. Not to say they are always working properly, but the tls inspection is great. Zenarmor automatically binds all tls to a single thread. Maybe crowdsec would work great too idk
-
@johnpoz thank you again for the OpenWRT recommendation. It is amazing, I have it running on an Archer C7. Never going back to the stock firmware it is amazing. I am perplexed at how they got that to run on such a small set of code. Just wow!! (I still love my pfSense never leaving it) but I got to tell you OpenWRT can hold its own with the 7000+ packages even my favorite Squid is on it.