Possible tp-link issues/Access Points have constant connection with n-use1-devs-gw.tplinkcloud.com

JonathanLee

Hello fellow Netgate community members,

I recently purchased a new AP, however during testing I have found that the brand new out of the box device seems to always have a constant connection to ...

n-use1-devs-gw.tplinkcloud.com

Keep in mind it was running non stop. This is only the AP system however there was enough data passed to something called tplinkcloud that it does cause some areas for concern.

This if it is a update repo should not have a constant connection correct?

I have since disabled all communication with that.

What would require so many different IP addresses and constant links?? The AP seems to be acting on its own without users and making calls to a cloud service without user approval.

Please be warned, my AP is the .2 so I have no browser running on it as it is only in AP bridge mode and yet it still is connecting to something else and passing traffic....

If an AP is in bridge mode why would it still pass traffic to tplinkcloud without user approval. Some might say this is in direct violation of CCPA and GDPR. Any update would only connect once the user starts the update and over gigabit speeds it should never require a constant connection to its cloud platform right? Tell me what you think about this. I found a nifty way to protect your privacy rights and override this also.

It is simple just create a block everything except the firewall connection for the AP it should need anything but the firewall outside of that the other addresses can be utilized still with the DHCP set on the link side (firewall).

Stay vigilant

Could be a regional data sovereignty issue and a product is shipping and still acting out the regulations for where that device is manufactured. I don't know.

CCPA in our region does protect user privacy laws.

With that said the device works great once you block out the constant connections to cloud services that are not used or activated.

darcey

@JonathanLee Does this model of AP have some cloud management feature and if so, is it enabled? Could it be a firmware check? I don't allow my solitary AP access to the WAN even though I trust it (OpenWRT). It doesn't need to.

johnpoz

@JonathanLee

https://community.tp-link.com/en/business/forum/topic/525328

The following EAP firmware version released last week (on June 9, 2022) have added support to disable cloud-connection behavior.

unifi can be disabled as well, etc..

You can for sure just block how your doing it, but when things send out stuff you don't want them to - its better to disable as the device if possible vs just letting them bang their head against the wall putting noise on the wire and filling up logs with spam..

JonathanLee

I have model TL-WA1201. It was on sale for $30!! A gigabit AP with Wireless AC for $30 dollars in this day and age unheard of right??

johnpoz

@JonathanLee glad your happy, but it doesn't do vlans prob should of put the 30 bucks towards an AP that can do vlans to be honest.

Can you put dd-wrt or openwrt on it - then you would have vlans, and it sure wouldn't be phoning home..

looks like maybe, what hardware version 2, 3, 3.6? And sale price being low, prob the old v2 hardware. So you should be able to put openwrt on it.

JonathanLee

@johnpoz Cool what an amazing find, it runs AC and it can run OpenWRT, this is new to me I have not seen OpenWRT yet, will this make the system better over it's stock stuff?

johnpoz

@JonathanLee Pretty much given.. And it should add the ability to do vlans, unless the hardware can not actually support them which is rare... I didn't read all the details, just that it was supported.

Back in the day when I was running just soho router, before I found pfsense I always ran dd-wrt or openwrt..

JonathanLee

@johnpoz I got the new AP after the internal compex card could no longer run without rebooting once it started running full tilt on pfSense. I have the SG-2100 so I also can't see the swap partition without a usb drive set up for swap use. I will research it more however with finals I can't have it reboot right now. Also I remember you were very anti using the built in wifi support with freebsd for pfSense. I loved it. Again, I never got it to max out until I got my new fiber line, after that it would reboot on its own, something is causing kernel panics and rebooting.

 x0:                0
  x1: ffff00009c600000 ($d.6 + 999bb068)
  x2:               84
  x3:                4
  x4:                1
  x5: ffff000097280840 ($d.6 + 9463b8a8)
  x6:                0
  x0:                0
  x7:              100
  x1: ffff00009c600000  x8: ffff000000ad0114 ($d.6 + 999bb068)
 (generic_bs_r_4 + 0)
  x2:             80f4
  x9: ffff000000acff6c  x3:                4
 (generic_bs_barrier + 0)
  x4:                1
 x10:               88
  x5: ffff000096fdd000 x11:              5c0
 ($d.6 + 94398068) x12:                1

 x13:                1
  x6:              100
 x14:             285f
  x7: ffff00009723684c x15:             2af8
 ($d.6 + 945f18b4) x16:             2878

 x17:                0
  x8: ffff000000ad0114 x18: ffff000097280850 (generic_bs_r_4 + 0)
 ($d.6 + 9463b8b8)
  x9: ffff000000acff6c x19: ffff000096feb000 (generic_bs_barrier + 0)
 ($d.6 + 943a6068)
 x10:              3e8
 x20: ffff00009c600000 x11:         10624dd3 ($d.6 + 999bb068)

 x12:               64
 x21:               84
 x13:                0
 x22: ffff00000213aa80 x14:            186a0
 (memmap_bus + 0)
 x15:         8003bed3
 x23: ffff00009c236a74 x16: ffffa00025b97200 ($d.6 + 995f1adc)

 x24: ffffa000019efc80 x17: ffffa0000275019a
 x25:                0

 x26:                0
 x18: ffff0000403c0770 x27: ffff000002192e98 ($d.6 + 3d77b7d8)
 (Giant + 18)
 x19: ffff000096feb000 x28: ffffa000019efc80 ($d.6 + 943a6068)

 x20: ffff00009c600000 x29: ffff000097280850 ($d.6 + 999bb068)
 ($d.6 + 9463b8b8)
 x21:             80f4
  sp: ffff000097280850
 x22: ffff00000213aa80  lr: ffff000000167114 (memmap_bus + 0)
 (ath_hal_reg_read + cc)
 x23: ffff000096fef544 elr: ffff000000ad0118 ($d.6 + 943aa5ac)
 (generic_bs_r_4 + 4)
 x24: ffff000096feb000spsr:               45
 ($d.6 + 943a6068) far: ffff00009c600084
 x25: ffff000096fef544 ($d.6 + 999bb0ec) ($d.6 + 943aa5ac)

 x26:                0
 x27:             7530
 x28:             754a
 x29: ffff0000403c0770 ($d.6 + 3d77b7d8)
  sp: ffff0000403c0770
  lr: ffff000000167114 (ath_hal_reg_read + cc)
 elr: ffff000000ad0118 (generic_bs_r_4 + 4)
spsr:         20000045
 far: ffff00009c6080f4 ($d.6 + 999c315c)
timeout stopping cpus
panic: Unhandled EL1 external data abort
cpuid = 1
time = 1714888984
KDB: enter: panic
[ thread pid 12 tid 100070 ]
Stopped at      kdb_enter+0x44: undefined       f907c27f
db:0:kdb.enter.default> textdump set
textdump set
db:0:kdb.enter.default>  capture on
db:0:kdb.enter.default>  run pfs
db:1:pfs> bt
Tracing pid 12 tid 100070 td 0xffff00009c22c600
db_trace_self() at db_trace_self
db_stack_trace() at db_stack_trace+0x11c
db_command() at db_command+0x358
db_script_exec() at db_script_exec+0x1a4
db_command() at db_command+0x358
db_script_exec() at db_script_exec+0x1a4
db_script_kdbenter() at db_script_kdbenter+0x58
db_trap() at db_trap+0xf4
kdb_trap() at kdb_trap+0x284
handle_el1h_sync() at handle_el1h_sync+0x10
--- exception, esr 0
$d.6() at 0xffff000097000a63
db:1:pfs>  show registers
spsr                0x600000c5
x0                        0x12
x1                         0xa
x2                         0x4
x3                         0xa
x4          0xffff000000ad0244  generic_bs_w_4
x5                        0x50
x6          0xffff00000067adec  kvprintf+0x470
x7                        0xd5
x8                         0x1
x9          0x9f067a1c30d67fd2
x10         0xffff0000023d9000  nfsheur+0x5480
x11         0xfefefefefefefeff
x12         0xffff000097000a63
x13             0xfeff00ff0100
x14                          0
x15                          0
x16                          0
x17                          0
x18         0xffff000097280560
x19         0xffff000002433000  epoch_array+0x1280
x20         0xffff000002401eb0  vpanic.buf
x21         0xffff00009c22c600
x22                          0
x23         0xffff000002401000  proc_id_reapmap+0x2870
x24         0xffffa000019efc80
x25                          0
x26                          0
x27         0xffff000002192e98  Giant+0x18
x28         0xffffa000019efc80
x29         0xffff000097280560
lr          0xffff000000673a68  kdb_enter+0x40
elr         0xffff000000673a6c  kdb_enter+0x44
sp          0xffff000097280560
kdb_enter+0x44: undefined       f907c27f
db:1:pfs>  show pcpu
cpuid        = 1
dynamic pcpu = 0x3eb20180
curthread    = 0xffff00009c22c600: pid 12 tid 100070 critnest 1 "pcib0,0: ath0"
curpcb       = 0xffff000097280b40
fpcurthread  = 0xffff0000e1a86200: pid 29607 "snort"
idlethread   = 0xffff000040ebb800: tid 100004 "idle: cpu1"
curvnet      = 0
db:1:pfs>  run lockinfo
db:2:lockinfo> show locks
No such command; use "help" to list available commands
db:2:lockinfo>  show alllocks
No such command; use "help" to list available commands
db:2:lockinfo>  show lockedvnods
Locked vnodes
db:1:pfs>  acttrace

Tracing command clock pid 2 tid 100029 td 0xffff000096fb5c00 (CPU 0)
sched_switch() at sched_switch+0x868
mi_switch() at mi_switch+0x100
version() at version+0x12c

Tracing command intr pid 12 tid 100070 td 0xffff00009c22c600 (CPU 1)
db_trace_self() at db_trace_self
_db_stack_trace_all() at _db_stack_trace_all+0xe8
db_command() at db_command+0x358
db_script_exec() at db_script_exec+0x1a4
db_command() at db_command+0x358
db_script_exec() at db_script_exec+0x1a4
db_script_kdbenter() at db_script_kdbenter+0x58
db_trap() at db_trap+0xf4
kdb_trap() at kdb_trap+0x284
handle_el1h_sync() at handle_el1h_sync+0x10
--- exception, esr 0
$d.6() at 0xffff000097000a63
db:1:pfs>  ps
  pid  ppid  pgrp   uid  state   wmesg   wchan               cmd
80015 92122   412     0  S       nanslp  0xffff00000240378d  sleep
77724 44890    26     0  S       nanslp  0xffff00000240378c  sleep
80274 87627 86665   100  S       sbwait  0xffff0000df9e844c  perl
54117 87627 86665   100  S       sbwait  0xffff0000dfa4e8cc  perl
53941 87627 86665   100  S       sbwait  0xffff0000df9e6d4c  perl
18551 18369 17397     0  S       piperd  0xffff0000e14be998  sh
18369 17397 17397     0  S       wait    0xffffa0008ee11540  sh
18181 17397 17397     0  S       (threaded)                  sshg-blocker
100326                   S       piperd  0xffff0000e14bd000  sshg-blocker
100376                   S       nanslp  0xffff00000240378c  sshg-blocker
18028 17397 17397     0  S       piperd  0xffff0000e14be110  sshg-parser
17703 17397 17397     0  S       piperd  0xffff0000e14666c0  cat
17397 47272 17397     0  Ss      wait    0xffffa00099a58000  sh
17327     1 17327     0  Ss+     ttyin   0xffffa00000e604b0  getty
92236 87627 86665   100  S       sbwait  0xffff0000dfa5c8cc  squidGuard
92108 87627 86665   100  S       sbwait  0xffff0000dfa5ed4c  squidGuard
91847 87627 86665   100  S       sbwait  0xffff0000dfa5db4c  squidGuard
91544 87627 86665   100  S       sbwait  0xffff0000df9edb4c  squidGuard
29607     1 29607     0  Rs      (threaded)                  snort
100336                   RunQ                                snort
100374                   S       nanslp  0xffff00000240378d  snort
100375                   S       sbwait  0xffff0000dfa6844c  snort
57228 87627 86665   100  S       select  0xffffa00059604dc0  pinger
56920 87627 86665   100  S       sbwait  0xffff0000dfa0cd4c  perl
56138 87627 86665   100  S       sbwait  0xffff0000df9f4d4c  perl
54293 87627 86665   100  S       sbwait  0xffff0000dfa168cc  perl
51257 87627 86665   100  S       sbwait  0xffff0000dfa05b4c  perl
50784 87627 86665   100  S       sbwait  0xffff0000dfa6bb4c  perl
49572 87627 86665   100  S       sbwait  0xffff0000df9f56cc  squidGuard
48859 87627 86665   100  S       sbwait  0xffff0000df9f5fcc  squidGuard
u47486 87627c86665  n10: USha d  dsbLa txt0rfalfdata abfr8c  squidGuime
 psqui=Gu
d▒TIM-1.0
WTMI-devel-1.0.0-1115f12
WTMI: system early-init
SVC REV: 5, CPU VDD voltage: 1.225V

JonathanLee

@johnpoz It has version 3.6 would that work with the OpenWRT software built for version 2? It looks like the same device

johnpoz

@JonathanLee There are hardware changes, its quite possible 3.6 hardware is not supported at this time.. I did a query for 3 and 3.6 and seems people were asking about it.

You would need to check with their forums.

JonathanLee

@johnpoz

https://forum.openwrt.org/t/tl-wa1201-v3-6/197094

Done let's see what they say about the V3.6.

Plus if they have info on turning off cloud calls for US users.

JonathanLee

@johnpoz I shipped it back so I can get one that will allow me to install OpenWRT on it so I can disable the cloud call outs.

JonathanLee

OpenWRT took my Archer A9 from 300mbps to 30mbps it does not fully support 2.4ghz only 5ghz right now for my version

johnpoz

@JonathanLee said in Possible tp-link issues/Access Points have constant connection with n-use1-devs-gw.tplinkcloud.com:

Archer A9

huh - there is no way you were getting 300mbps real world speeds on 2.4.. Just not possible Unless your talking AX 2.4, and then yeah 300 would be possible.. Is your client AX? Other than Iot devices not sure what device these days would be talking on 2.4 to be honest.

300 is possible as a PHY, but its not real world speeds.

Why did you pick up an A9 if your plans were to put openwrt on it, it says right on their page that 2.4 is unsupported on that model.

https://openwrt.org/toh/hwdata/tp-link/tp-link_archer_a9_v6

Unsupported Functions: WiFi 2.4GHz

Just get a real AP and call it a day.. I show the unifi U6 like for 99$, or the U6+ for 129 which is 4 streams vs 2..

JonathanLee

@johnpoz it was false advertising they had it as number one for use with OpenWrt. Weird right it works good in WiFi G speeds, the developers want the logs off it, but I set it back to tp link firmware with TFTP already. I am gonna configure it again. OpenWrt is good stuff

johnpoz

@JonathanLee said in Possible tp-link issues/Access Points have constant connection with n-use1-devs-gw.tplinkcloud.com:

OpenWrt is good stuff

I agree - but that hardware that doesn't have 2.4 fully functional in openwrt and you want/need 2.4 kind of makes it not good stuff..

Who advertised as number 1 for openwrt.. openwrt doesn't really make recommendations on hardware to use.. What the hell do you think a company is going to say about their product.. Yeah its number one for "anything" they want to say..

Again - get yourself a real AP not something you have to put 3rd party on to even make it usable and call it a day..

Openwrt is great for if you have some soho wifi router laying around and you want to make actual use of it.. And openwrt will allow it to do xyz, vlans for one is the big one that none of the native firmware supports even when their hardware does..

I rarely have to even think about my APs - they work, I never have to reboot them, the only time I do is when I upgrade their firmware. Really the only time I Play with them is want to try a new feature they implemented - like when you could finally do vlan assigned by radius.. Yeah got it work, and then thought have no actually need for it other than being only to broadcast one ssid and have devices join different vlans.. Its cool and all - but in to be honest not really needed.. My ssids and vlans all ready setup, why complex it up, etc.

I played with the ppsk when they enabled that - again slick.. might be useful.. But then again everything already setup, no reason to complex it up.

If you want to play with openwrt - great more power to you, completely agree its some great stuff. But get some AP to play with it on, get another AP that actually provides your network its wifi..

HLPPC

@JonathanLee

I have a working zenarmor/sensei netmap setup. It can more than likely block all of that noise. My WAPs do that too if I connect them through a VPN in Windows ICS, but magically stop when connected to pfSense or OPNsense running zenarmor. Not to say they are always working properly, but the tls inspection is great. Zenarmor automatically binds all tls to a single thread. Maybe crowdsec would work great too idk

JonathanLee

@johnpoz thank you again for the OpenWRT recommendation. It is amazing, I have it running on an Archer C7. Never going back to the stock firmware it is amazing. I am perplexed at how they got that to run on such a small set of code. Just wow!! (I still love my pfSense never leaving it) but I got to tell you OpenWRT can hold its own with the 7000+ packages even my favorite Squid is on it.