Iphone looses conection to wi-fi pfesense 2.4.4-RELEASE-p3 (amd64)

johnpoz

@hugoeyng said in Iphone looses conection to wi-fi pfesense 2.4.4-RELEASE-p3 (amd64):

TL-841ND

that is a router, not an AP... You have given no info of how you set it up when you say you connect it, so for all we know you have some sort of nat going on where this devices wan is the same as its lan, etc. etc.

If you want to use that device as just an AP, then connect it to your lan network via one of its LAN ports, turn off its dhcpd and give it an IP on your lan network, etc.

And again - pfsense has ZERO to do with your wireless client connecting to the wireless network - ZERO!!! And if asking if someone has sim issues you should be asking on tplink forum - or at min given the make and model of whatever crap device your using to see if other users using same device..

hugoeyng

@stephenw10
"That's a router. Is it running as a router still or in some sort of Access Point mode?"

• it is running in "some sort of Access Point mode"

"When the iphones disconnect what actually disconnects? They loose wifi? Or just connectivity across it?"

The IPhone wi-fi icon stays "on" most of the time but without Internet connection.

Today I am "behiand" another firewall, based on FreeBSD too. The same behavior occurs.

Again, I am not claiming or supposing the problem is FreeBSD, or pfSense. But ...

hugoeyng

@johnpoz said in Iphone looses conection to wi-fi pfesense 2.4.4-RELEASE-p3 (amd64):

that is a router, not an AP... You have given no info of how you set it up when you say you connect it, so for all we know you have some sort of nat going on where this devices wan is the same as its lan, etc. etc.
If you want to use that device as just an AP, then connect it to your lan network via one of its LAN ports, turn off its dhcpd and give it an IP on your lan network, etc.
And again - pfsense has ZERO to do with your wireless client connecting to the wireless network - ZERO!!! And if asking if someone has sim issues you should be asking on tplink forum - or at min given the make and model of whatever crap device your using to see if other users using same device..

"If you want to use that device as just an AP, then connect it to your lan network via one of its LAN ports, turn off its dhcpd and give it an IP on your lan network, etc."

It is running like you described.

Thank you for your kind reply. :)

johnpoz

normally internet prob has to do with dns - most all of these mobile devices check for a specific dns query, and then try and access something specific to tell if they have internet or not..

Why don't you test the very basics - can you ping pfsense lan IP... hurricane electric makes an app that allows for you to do simple dns queries and pings and such on your iphone.

If I recall it tries to open
https://www.apple.com/library/test/success.html

Maybe your device is detecting a bad IPv6 network and trying to use that, which doesn't actually have internet, etc.

Pfsense can not tell the difference between an android or wireless asus laptop and or your iphone.. It can not even tell if the device is wireless or not... It doesn't care!! If your having issues with some device then you need to troubleshoot the specifics of the problem..

First thing to do is actually validate you can even talk to pfsense - ping its lan IP from your device!! This free app works on iphone to do basic troubleshooting and give you info.
https://networktools.he.net/

Can your device do dns query? Are you running something like IPS or pfblocker that could mess with how some iphone detects internet? Are you running any captive portal?

Also many devices can have issues coming out of standby, etc.. what specific make and model and os version are you running. If you can not ping pfsense lan IP then its your wireless. If you can ping pfsense lan IP - then you need to look to what else could be causing your device to think it doesn't have internet.. dns? Are you running proxy or captive portal, etc.

But if you can not ping pfsense lan IP - then no nothing is going to work..

hugoeyng

@johnpoz First of all, thank you for so detaild answer.

I can ping pfSense from my device (IPhone).

Reading your explanation I think that the most probably, in order, is:

1. "can have issues coming out of standby". When th display is on (in use), it seems that the problem does not occur.

2. "Maybe your device is detecting a bad IPv6 network". I considered checking the two options bellow.

3. " Are you running proxy?" I am using Squid Proxy.

4. "Can your device do dns query?" Yes. Rules on pfSense forces only pfSense DNS.

johnpoz

Those first 2 options prefer and ipv6 dns entries has nothing to do with client using ipv6 to go to the internet..

As to proxy.. Do you have the issue if you turn off the proxy? Are you running transparent or explicit?

You do understand when using a proxy - the proxy does the dns lookup.. But how is it your forcing traffic that is destined to pfsense lan address out a "balanco" gateway??? That makes NO sense!!!

hugoeyng

@johnpoz I use transparent proxy. I Tried to disable proxy and also bypass my IP. Nothing help.

I will try to change frequency in AP. I should tried it earlier.

johnpoz

@hugoeyng

I don't see how a client could use pfsense as dns - when you force it out a gateway!!! That rule is just not right.. There should be no gateway set on the rule that allows access to pfsense.

stephenw10

I agree, there should not be a gateway set on that rule.

johnpoz

which could cause all kinds of problems with devices that try its local dns first for checking if internet, and then later check say hard coded 8.8.8.8 or some other public dns..

your rule states hey if trying to go to local IP for dns - shove it out your gateway.. So how would it actually get to your lan IP?

To be honest your rules as listed would break dns completely.. I don't see how anything would work for dns with those rules. You would have to be using explict proxy for internet to work.. or maybe you have floating rules that override those rules?

hugoeyng

@johnpoz I disabled the rules during some days and nothing changed.

The rules:

The first "pass" port 53 (DNS) only to pfSense DNS

The second "block" any external DNS

I copied that from the forum.

I will try to change the Wireless "channel" to "11" instead of "13"

stephenw10

That can definitely be a problem. Some devices cannot 'see' 12 and 13 even if they should be set to allow that in your region.
That usually just stops things connecting at all but I guess I could imagine some code doing something odd there.

Steve

JKnott

@stephenw10 said in Iphone looses conection to wi-fi pfesense 2.4.4-RELEASE-p3 (amd64):

That can definitely be a problem. Some devices cannot 'see' 12 and 13 even if they should be set to allow that in your region.
That usually just stops things connecting at all but I guess I could imagine some code doing something odd there.

Set it even lower than that. Those double wide 40 MHz channels take up so much bandwidth they're way out of band on the upper channels. The channel numbers are normally for the lower of the 2 channels, with the other 5 higher. So, if you pick 11, the upper channel will try to be on 16, which doesn't exist. On the other hand, if you pick 1, then the 2nd channel will be on 6.

Regardless, using 40 MHz channels on 2.4 GHz is a bad idea, if you have neighbours, as it takes up so much of the spectrum.

johnpoz

40 on 2.4 is not standard - and no you shouldn't have it enabled to be honest.

It going to cause you nothing be grief.. .Turn it off..

All you have is 2.4? You don't have 5 or AC even? Your iphone is AC - unless its really really freaking old..

JKnott

@johnpoz said in Iphone looses conection to wi-fi pfesense 2.4.4-RELEASE-p3 (amd64):

40 on 2.4 is not standard - and no you shouldn't have it enabled to be honest.

It's part of the spec but, as I mentioned, shouldn't be used if you have neighbours within range.

Check the O'Reilly book 802.11n: A Survival Guide, pg 32 for details. The author of the book, Matthew Gast, is one of the IEEE 802.11 engineers.

johnpoz

It is not a standard setting... everything you read every says on 2.4 to only use 20.. Apple clearly calls out to use 20.

https://support.apple.com/bg-bg/HT202068
Recommended settings for Wi-Fi routers and access points

These Wi-Fi router (or Wi-Fi base station) settings are for all Mac computers and iOS devices. They provide the best performance, security, and reliability when using Wi-Fi.

Use 20MHz channels in the 2.4GHz band. Using 40MHz channels in the 2.4GHz band can cause performance and reliability issues with your network, especially in the presence of other Wi-Fi networks and other 2.4GHz devices. A 40MHz channel might also cause interference and issues with other devices that use this band, such as Bluetooth devices, cordless phones, and neighboring Wi-Fi networks.

JKnott

@johnpoz said in Iphone looses conection to wi-fi pfesense 2.4.4-RELEASE-p3 (amd64):

se 20MHz channels in the 2.4GHz band. Using 40MHz channels in the 2.4GHz band can cause performance and reliability issues with your network, especially in the presence of other Wi-Fi networks and other 2.4GHz devices.

As I said, it's in the spec and I also said not to use it if you have neighbours, as it takes up 2 of the 3 "clear" channels. The other issues can occur with either 20 or 40 MHz channels. Perhaps you'd like to tell Matthew Gast he's wrong.

I'd also take the IEEE's word over Apple's, as they're the ones who write the specs.

johnpoz

Not saying its not in the spec, I am saying it not standard to Fing use it without issues... JFC dude!!!

I don't need to tell anyone anything - you should freaking know that i has issue just read anything you google about 2.4 and 40 mhz - google it if you don't believe me!!

here 2 second google
https://www.smallnetbuilder.com/wireless/wireless-features/31743-bye-bye-40-mhz-mode-in-24-ghz-part-1

Using 40 on 2.4 might be fine if you Live out on a freaking farm, and nobody is around.. And your device clearly supports it - but I have to ask if you want more speed WTF you using 2.4 in the first place.. You should be on AC if what you want is speed, and if he has an iphone I have to believe it supports AC - unless its freaking ancient!

My point to bringing what apple says - is he clearly states in his subject that he has iphone, and that is what he is having issues with..

JKnott

@johnpoz said in Iphone looses conection to wi-fi pfesense 2.4.4-RELEASE-p3 (amd64):

Not saying its not in the spec, I am saying it not standard to Fing use it without issues... JFC dude!!!

Did you an any point see me recommend using 40 MHz channels? I merely pointed out that the OP shouldn't be using the upper channels, as it would place part of the signal well out of band and also he shouldn't even be using 40 MHz channels.

From my first post: "Regardless, using 40 MHz channels on 2.4 GHz is a bad idea, if you have neighbours, as it takes up so much of the spectrum."

If you read that book I referred to, you will find the IEEE 802.11 committee, which Matthew Gast is a member of, discussed this issue and decided to allow 40 MHz channels on 2.4 GHz, for those situations where interference was not an issue, hence my comments about neighbours. The book does not recommend using 40 MHz channels, only states that it's allowed.

BTW, re Googling, as a member of the 802.11 committee, Matthew Gast is a primary source. Google is not. Please read his 802.11 books. I have read all of them.

hugoeyng

Hello men!

Thank you all for the heated discussion. It was very fruitful for me.

I changed channel to "2" and 20MHz. I am using iPhone (6s) for hours without loosing connection.

The only thing I noticed is that the "max tx rate" in this situation can not be set above 130Mbps. At least in this AP.