[arch-general] hostapd + ap_isolate
u34 at net9.ga
u34 at net9.ga
Fri Oct 22 22:12:17 UTC 2021
Erich Eckner via arch-general <arch-general at lists.archlinux.org> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
> Hi fellow-archers,
> I'm running a software accesspoint with hostapd for several years now.
> Since some weeks, clients cannot talk to each other directly anymore, also
> IPv6 broke (the latter might be related, but I'm currently trying to solve
> the former issue). Unfortunately, I cannot assure, that both happened at
> the same time. Also, I cannot correlate it to any updates or config
> The tech stack is:
> + hostapd (spans two wifi: a normal and a guest net)
> + dhcpd (for ipv4)
> + radvd (for ipv6)
> + iptables (for routing)
> - ---8<---8<---8<---
> - --->8--->8--->8---
> ipv4 works fine in the following directions:
> + from access point to any client and vice versa
> + from any client to any permitted target beyond the access point
> but it fails between wifi clients directly.
> The only config change, which I did within the last 6 months, is adding
> the second wifi on wlp0s12_0. However, I'm pretty sure, that at least IPv6
> was not immediately broken.
> Ipv4-routes and -addresses on the clients look fine, tcpdump shows no
> packages when trying to ping other wifi clients (is it normal to not see
> outgoing packages in case of failure? - seems strange, but was the same,
> when pinging some bogus address from the access point).
Does the following quote, copied from
they can only see outbound packets the firewall passes through:
Perhaps you should disable the firewall, or loosen it, while debugging.
> Originally, I added "ap_isolate=1" to the config of wlp0s12_0 to isolate
> guest wifi clients from each other - and I'm pretty sure, I did test it,
> and it did work (and did not break connectivity between wlp0s12 clients).
> However, during testing now, I even removed that directive without
> Does anyone have an idea, where else I could look?
> -----BEGIN PGP SIGNATURE-----
> -----END PGP SIGNATURE-----
More information about the arch-general