Re: AP using AR9287 working yesterday, broken today.. How to diagnose?

[Stefan Sperling]

On Sat, Mar 04, 2017 at 03:43:16PM -0500, tec...@protonmail.com wrote:
> Hello,
> 
> My access point uses an Atheros AR9287 and I'm failing to figure out why it's 
> not working right. My other wireless devices can see the access point but get 
> immediately disconnected from it.
> 
> Last night I had set up a bridged AP with using the 'Building a Router' guide 
> at https://www.openbsd.org/faq/pf/example1.html but replacing each of the 
> different configuration changes for my athn0 WIFI interface instead of the 
> em3/em4 as I have em0/em1/athn0.
> 
> I have tried connecting to it with a static IP and using DHCP.. both methods 
> just disconnect me immediately. I have triple checked passwords and made sure 
> that the pf.conf rules are good. Any help would be massively appreciated. 
> Thanks
> 
> p.s. The LAN interface works just fine

This sounds like a configuration error.

Your report is missing some important details, such as dmesg and ifconfig -A.

> 
> ## Here are the configs
> 
> $ cat /etc/hostname.athn0
> mediaopt hostap
> nwid funkyAP
> wpakey funkypassword
> up
> 
> $ cat /etc/hostname.em0
> inet 192.168.1.150 255.255.255.0
> 
> $ cat /etc/hostname.em1
> up
> 
> $ cat /etc/hostname.vether0
> inet 192.168.2.1 255.255.255.0
> 
> $ cat /hostname.bridge0
> add vether0
> add em1
> add athn0
> blocknonip vether0
> blocknonip em1
> blocknonip athn0
> 
> $ cat /etc/pf.conf
> int_if="{ vether0 em1 athn0 }" table <martians> { 0.0.0.0/8 10.0.0.0/8 
> 127.0.0.0/8 169.254.0.0/16 \ 172.16.0.0/12 192.0.0.0/24 192.0.2.0/24 
> 224.0.0.0/3 \ 192.168.0.0/16 198.18.0.0/15 198.51.100.0/24 \ 203.0.113.0/24 } 
> set block-policy drop set loginterface egress set skip on lo0 match in all 
> scrub (no-df random-id max-mss 1440) match out on egress inet from 
> !(egress:network) to any nat-to (egress:0) block in quick on egress from 
> <martians> to any block return out quick on egress from any to <martians> 
> block all pass out quick inet pass in on $int_if inet pass in on egress inet 
> proto tcp from any to (egress) port 22
> 
> 
> $ cat /etc/dhcpd.conf
> subnet 192.168.2.0 netmask 255.255.255.0 { option routers 192.168.2.1; option 
> domain-name-servers 192.168.2.1;
> range 192.168.2.2 192.168.192.168.2.20;
> }
> 
> $ cat /var/unbound/etc/unbound.conf
> 
> server:
> interface: 192.168.2.1
> interface: 127.0.0.1
> access-control: 192.168.2.0/24 allow
> do-not-query-localhost: no
> hide-identity: yes
> hide-version: yes
> 
> forward-zone:
> name: "."
> forward-addr: 8.8.8.8
> 
> $ cat /etc/resolv.conf