Cannot connect mobile phone to RUTX11's Wifi

7wells · May 15, 2024, 5:56pm

Dear Teltonika Experts,

Suddenly, without having a clue why, I cannot connect my mobile phone to my RUTX11 via Wifi (neither 2G nor 5G Wifi radio).

When connecting, I see the mobile phone briefly listed under Status > Wireless > Interfaces in the RUTX11 WebGUI, but with just a dash (-) under Hostname. After a few seconds, my phone shows that it disconnected from the RUTX11, and also the entry from the WebGUI disappears again.

I tried both settings on my Wifi phone, i.e. DHCP (and on my RUTX11 static and dynamic DHCP) and also static with an IP (192.168.11.2) for my mobile phone to be on the same subnet as my RUTX11 (192.168.11.1).

Can you please give me a hint, how/where I can find some details why this happens? I am not even sure if it is related to DHCP or not, but no hostname is ever provided, as it seems, to the connecting client (phone).

Is there a log I can check that has more details? Via CLI/ssh?

My RUTX11 is connected via Wifi and WireGuard with my home router (Fritzbox 7490), which is the gateway (192.168.178.1), main DHCP (192.168.178.0/24) and also DNS (if that matters in this context).

In my RUTX11 WireGuard settings, I have “Allowed IPs: 192.168.178.0/24” under the peer settings (i.e. connection to my home router). Likewise, in my home router WireGuard settings, I have “Allowed IPs: 192.168.11.0/24” under the peer settings (i.e. connection to my RUTX11 router). This seems ok, does it?

From my PC (192.168.178.x), which is connected via LAN cable to my home router (192.168.178.1), I have full access to my RUTX11 (192.168.11.1) WebGUI, despite they are on different subnets. I assume that this works because of the WireGuard connection between both routers, which is fine.

However, I wonder why I cannot connect my mobile phone (and I tried another one, too, without success) to my RUTX11. It works as usual when connecting to my home router’s Wifi, so it’s not the phone, I guess. The RUTX11 is just 1m away.

I can provide more information if deemed meaningful.

Thank you so much for helping out!

TeWe · May 15, 2024, 6:34pm

Did you make sure not to use randomized MAC addresses on your mobile phone when connecting to your Wifi?
In case you’re using an iPhone, make sure “Private Wi-Fi Address” is disabled:

7wells · May 15, 2024, 9:07pm

No private MAC is used. In fact, the RUTX11 WebGUI even shows the correct MAC which I can also see on my Android phone, and I even entered the MAC under static leases. But no hostname shows up.

Do you have any further ideas, e.g. checking some logs with more details about why the WiFi connection gets closed again after a few seconds? I didn’t know where I could find that, but I can access my RUTX11 console, if that helps. From there, I would need a bit more help about which logs could be of interest.

Thanks for your patience and help!

Marijus · May 16, 2024, 5:44am

Hello,

To determine the root cause of this issue, we’ll need the troubleshoot file. Since it contains private information, we’ll handle it on a separate platform. Instructions for accessing it have been sent to the email you registered for this forum.

Best regards,

7wells · May 16, 2024, 6:48pm

Thanks for offering further help!

I would like to fill in the form, but I don’t know what I should enter in these 2 fields (both are mandatory):

Community support form ticket ID
Ticket description

Furthermore, where can I attach/upload the log file that I created via the RUTX11 WebGUI > Troubleshoot?

7wells · May 16, 2024, 7:11pm

@Marijus

Now I found the following in the system log right after I (unsuccessfully) tried to connect my mobile phone via 2G Wifi with my RUTX11 (mobile phone MAC and accounting session ID redacted):

Thu May 16 20:57:56 2024 kern.warn kernel: [75423.147833] ath10k_ahb a000000.wifi: Invalid VHT mcs 15 peer stats
Thu May 16 20:59:25 2024 daemon.info hostapd: wlan0: STA 3c:19:5e:xx:xx:xx IEEE 802.11: associated (aid 1)
Thu May 16 20:59:25 2024 daemon.notice hostapd: wlan0: AP-STA-CONNECTED 3c:19:5e:xx:xx:xx auth_alg=sae
Thu May 16 20:59:25 2024 kern.notice RUTX11_2G: WiFi client connected: 3C:19:5E:xx:xx:xx
Thu May 16 20:59:25 2024 daemon.info hostapd: wlan0: STA 3c:19:5e:xx:xx:xx RADIUS: starting accounting session D2xx1BxxE3xx9Bxx
Thu May 16 20:59:25 2024 daemon.info hostapd: wlan0: STA 3c:19:5e:xx:xx:xx WPA: pairwise key handshake completed (RSN)
Thu May 16 20:59:25 2024 daemon.notice hostapd: wlan0: EAPOL-4WAY-HS-COMPLETED 3c:19:5e:xx:xx:xx
Thu May 16 20:59:25 2024 daemon.err dnsmasq[10776]: failed to send packet: Required key not available
...
Thu May 16 20:59:26 2024 daemon.err dnsmasq[10776]: failed to send packet: Required key not available
Thu May 16 20:59:45 2024 daemon.warn dnsmasq[10776]: possible DNS-rebind attack detected: myserver.fritz.box
Thu May 16 20:59:45 2024 daemon.err dnsmasq[10776]: failed to send packet: Required key not available
...
Thu May 16 20:59:48 2024 daemon.err dnsmasq[10776]: failed to send packet: Required key not available
Thu May 16 20:59:50 2024 daemon.warn dnsmasq[10776]: possible DNS-rebind attack detected: myserver.fritz.box
Thu May 16 20:59:50 2024 daemon.err dnsmasq[10776]: failed to send packet: Required key not available

There are many more of the “Required key not available” rows.

I have no idea what the “possible DNS-rebind attack detected” means. The myserver.fritz.box is my own local Synology DiskStation that serves (among other things) a virtual machine running Pi-Hole, which is my DNS. I don’t assume that this is the root cause for my Wifi connection problems and likely something for a separate investigation in my own. If you have some hints for me about these “DNS-rebind attacks”, please let me know.

Now do you have an idea if the (other) messages in the system log are connected with my problem, especially what the “Required key not available” means?

Is it maybe WireGuard-related? I have not changed anything there, though. I have WireGuard only between RUTX11 and Fritzbox router, i.e. on my mobile phone, there is no WireGuard, nor any other VPN running. There is IPSec but not active (confirmed).

Thanks a lot for your patience and help!

Marijus · May 20, 2024, 8:51am

Hello,

Currently, it seems there’s an issue with the DNS service. When it says possible DNS-rebind attack detected: myserver.fritz.box, it typically indicates either multiple DNS servers or a similar problem. My suggestion is to check the RUTX11 DNS configuration settings. Even better, try disconnecting Pi-hole temporarily. This will isolate RUTX11 as the single DNS server. After that, check if the connection is restored.

The “Failed to send packet” issue is related to the same DNS service, specifically: Thu May 16 20:59:26 2024 daemon.err dnsmasq[10776]: failed to send packet: Required key not available. Because same dnsnasq daemon is responsible for this error.

Kind regards,

system · May 30, 2024, 5:56pm

This topic was automatically closed after 15 days. New replies are no longer allowed.