DD-WRT Kong Mod for NETGEAR R7000 2017-01-03 - Virtual wireless issue

9 posts / 0 new
Last post
Pebsuk
Pebsuk's picture
DD-WRT Kong Mod for NETGEAR R7000 2017-01-03 - Virtual wireless issue

I flashed the router to the above version of DD-WRT with no issues and made PureVPN the default gateway again with no issues.

The 2.4GHz and 5GHz Wifi options are both working perfectly.

I'd atually like to create a GUEST wifi so followed the various tutorials to create a virtual wifi adaptor,  but whatever I do I cannot connect to this virtual wifi as it states incorrect password and if I set it to no security it then says "no internet"

Any suggestions please?

 

 

c.thomas
c.thomas's picture
What version are you using? 

What version are you using?  Im still using r29300, and guest wifi doesn't seem to be compatible with the 2.4Ghz broadcast.  The router will go berserk and lose

connectivity to the internet on one of my 5Ghz broadcasts.  But, the 5Ghz vap is great!  So, I guess Im also asking a question:  Are 2.4Ghz "isolated AP" guest wifi

broadcasts problematic with my build, hardware, or just plain not supported in DD WRT due to overcrowding on the band?

aaabcv
aaabcv's picture
I have the same problem.

I have the same problem. "Virtual Interfaces" created in WiFi settings cannot work properly. I cannot connect to 2.4GHz guest WiFi and 5GHz as well. It seems like a bug.

R7000 v3.0-r31100M kongac (01/08/17)

waise
waise's picture
same proble with vitural

same proble with vitural interfaces. when i creat vaps, it wont show on the bridge table no matter what i did. i think there is bug with download date 01/08/17 kongac. i switched back to v3.0-r30645m kongac date 09/18/16. which has been working great so far for me.

 

ferret0511
ferret0511's picture
I had the same issue in

I had the same issue in previous builds. Try adding the following to your iptables ruleset:

# Enable NAT on the WAN port to correct a bug in builds over 17000
iptables -t nat -I POSTROUTING -o `get_wanface` -j SNAT --to `nvram get wan_ipaddr`
FuShiLu
FuShiLu's picture
Yes this does seem buggered.

Yes this does seem buggered. I have noticed that no matter the security level set, connection thinks its WEP.

FuShiLu
FuShiLu's picture
And no 2.4 does not seem to

And no 2.4 does not seem to function so I guess the guests get the best!

FuShiLu
FuShiLu's picture
And no matter what secure

And no matter what secure option you pick, password no matter the variation is not accepted. Bugger.

FuShiLu
FuShiLu's picture
Well damn, solved it, even

Well damn, solved it, even for 2.4GHz, just follow Kongs simplified seup and then add these Firewall rules

 

#Allow guest bridge access to Internet

 iptables -I FORWARD -i br1 -m state --state NEW -j ACCEPT
 iptables -I FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
#Block access between private and guest
 iptables -I FORWARD -i br0 -o br1 -m state --state NEW -j DROP
 iptables -I FORWARD -i br1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
#NAT to make Internet work
 iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
#Block torrent and p2p
 iptables -I FORWARD -p tcp -s 192.168.10.0/24 -m connlimit --connlimit-above 50 -j DROP
 iptables -I FORWARD -p ! tcp -s 192.168.10.0/24 -m connlimit --connlimit-above 25 -j DROP
#Block guest access to router services
 iptables -I INPUT -i br1 -p tcp --dport telnet -j REJECT --reject-with tcp-reset
 iptables -I INPUT -i br1 -p tcp --dport ssh -j REJECT --reject-with tcp-reset
 iptables -I INPUT -i br1 -p tcp --dport www -j REJECT --reject-with tcp-reset
 iptables -I INPUT -i br1 -p tcp --dport https -j REJECT --reject-with tcp-reset

Which I came across on this site http://blog.danjoannis.com/?p=1362

 

This allowed the password and internet to work as desired.