Forgot to add my updated configs in case they can assist at all for anyone who
might wanna help get to the bottom of this
## Here are the configs
$ cat /etc/hostname.athn0
mediaopt hostap
nwid funkyAP
wpakey funkypassword
up
$ cat /etc/hostname.em0
dhcp
$ cat /etc/hostname.em1
up
$ cat /etc/hostname.vether0
inet 192.168.4.1 255.255.255.0
$ cat /hostname.bridge0
add vether0
add em1
add athn0
blocknonip vether0
blocknonip em1
blocknonip athn0
$ cat /etc/pf.conf
int_if="{ vether0 em1 athn0 }"
table <martians> { 0.0.0.0/8 10.0.0.0/8 127.0.0.0/8 169.254.0.0/16 \
172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 224.0.0.0/3 \
192.168.0.0/16 198.18.0.0/15 198.51.100.0/24 \
203.0.113.0/24 }
set block-policy drop
set loginterface egress
set skip on lo0
match in all scrub (no-df random-id max-mss 1440)
match out on egress inet from !(egress:network) to any nat-to (egress:0)
block in quick on egress from <martians> to any
block return out quick on egress from any to <martians>
block all
pass out quick inet
pass in on $int_if inet
pass in on egress inet proto tcp from any to (egress) port 22
$ cat /etc/dhcpd.conf
subnet 192.168.4.0 netmask 255.255.255.0 {
option routers 192.168.4.1;
option domain-name-servers 192.168.2.1;
range 192.168.4.2 192.168.192.168.4.20;
}
$ cat /var/unbound/etc/unbound.conf
server:
interface: 192.168.4.1
interface: 127.0.0.1
access-control: 192.168.4.0/24 allow
do-not-query-localhost: no
hide-identity: yes
hide-version: yes
forward-zone:
name: "."
forward-addr: 8.8.8.8
$ cat /etc/resolv.conf
nameserver 127.0.0.1
-------- Original Message --------
Subject: Re: AP using AR9287 working yesterday, broken today.. How to diagnose?
Local Time: 5 March 2017 1:05 AM
UTC Time: 5 March 2017 00:05
From: s...@stsp.name
To: tec...@protonmail.com
misc@openbsd.org <misc@openbsd.org>
On Sat, Mar 04, 2017 at 03:43:16PM -0500, tec...@protonmail.com wrote:
> Hello,
>
> My access point uses an Atheros AR9287 and I'm failing to figure out why it's
> not working right. My other wireless devices can see the access point but get
> immediately disconnected from it.
>
> Last night I had set up a bridged AP with using the 'Building a Router' guide
> at https://www.openbsd.org/faq/pf/example1.html but replacing each of the
> different configuration changes for my athn0 WIFI interface instead of the
> em3/em4 as I have em0/em1/athn0.
>
> I have tried connecting to it with a static IP and using DHCP.. both methods
> just disconnect me immediately. I have triple checked passwords and made sure
> that the pf.conf rules are good. Any help would be massively appreciated.
> Thanks
>
> p.s. The LAN interface works just fine
This sounds like a configuration error.
Your report is missing some important details, such as dmesg and ifconfig -A.
>
> ## Here are the configs
>
> $ cat /etc/hostname.athn0
> mediaopt hostap
> nwid funkyAP
> wpakey funkypassword
> up
>
> $ cat /etc/hostname.em0
> inet 192.168.1.150 255.255.255.0
>
> $ cat /etc/hostname.em1
> up
>
> $ cat /etc/hostname.vether0
> inet 192.168.2.1 255.255.255.0
>
> $ cat /hostname.bridge0
> add vether0
> add em1
> add athn0
> blocknonip vether0
> blocknonip em1
> blocknonip athn0
>
> $ cat /etc/pf.conf
> int_if="{ vether0 em1 athn0 }" table <martians> { 0.0.0.0/8 10.0.0.0/8
> 127.0.0.0/8 169.254.0.0/16 \ 172.16.0.0/12 192.0.0.0/24 192.0.2.0/24
> 224.0.0.0/3 \ 192.168.0.0/16 198.18.0.0/15 198.51.100.0/24 \ 203.0.113.0/24 }
> set block-policy drop set loginterface egress set skip on lo0 match in all
> scrub (no-df random-id max-mss 1440) match out on egress inet from
> !(egress:network) to any nat-to (egress:0) block in quick on egress from
> <martians> to any block return out quick on egress from any to <martians>
> block all pass out quick inet pass in on $int_if inet pass in on egress inet
> proto tcp from any to (egress) port 22
>
>
> $ cat /etc/dhcpd.conf
> subnet 192.168.2.0 netmask 255.255.255.0 { option routers 192.168.2.1; option
> domain-name-servers 192.168.2.1;
> range 192.168.2.2 192.168.192.168.2.20;
> }
>
> $ cat /var/unbound/etc/unbound.conf
>
> server:
> interface: 192.168.2.1
> interface: 127.0.0.1
> access-control: 192.168.2.0/24 allow
> do-not-query-localhost: no
> hide-identity: yes
> hide-version: yes
>
> forward-zone:
> name: "."
> forward-addr: 8.8.8.8
>
> $ cat /etc/resolv.conf
