@bpwl1 have you tried the new 4.3.24 firmware?
https://dl.gl-inet.com/router/sft1200/stable
Heh no! Didn't see that upgrade, was only following the 4.7.2beta for improvements. There were lots of improvements in 4.7.2beta. (but with power and DFS problem)
Are the same improvements to be expected in 4.3.24 ??? (This is a lower version number, will 4.7.2 improvements be there then?)
Ok will certainly check. AFAIK 4.3.21 had no low power or DFS channel problem, but MPDU and connection stability with multiple BSSID, and too strict hotplug actions with MWAN3. So I'm a bit confused with the 4.3.24 release notes.
Waw ... will need some time to figure out where we are with this.
- looks like a 4.3.21 upgrade (4.7.2beta features missing)
- But 27 dBm stonger than 4.7.2beta, forgot exact power numbers for 4.3.21)
- This starts DFS radar detect !? Country in LUCI is still US? Power cfr LUCI is 20 dBm , don't believe this, LOG says different things.
Mon Feb 10 07:03:32 2025 daemon.notice hostapd: wlan1: interface state DFS->ENABLED
Mon Feb 10 07:03:32 2025 daemon.notice hostapd: wlan1: AP-ENABLED
Mon Feb 10 07:03:32 2025 kern.warn kernel: [ 536.088647] lmac[1] final dsss power is 27 ofdm power is 27
Next day:
OK time to do a little test today, have to remember what where the issues with 4.3.21.
SFT1200 helps me remember it in the first minutes of the test already, for the bad reason, problems come back ..
Here is the first: SFT1200 confused by beacon information.
Mon Feb 10 16:23:13 2025 daemon.info lua: (...pkg-mips_siflower/gl-sdk4-repeater/usr/sbin/repeater:1239) connected to 'bpacrt_5G(48:a9:8a:d7:eb:46)' channel: 100, spent 2s
Mon Feb 10 16:23:14 2025 user.notice mwan3[18202]: Execute ifup event on interface wwan (wlan-sta0)
Mon Feb 10 16:23:15 2025 user.notice mwan3[18202]: Starting tracker on interface wwan (wlan-sta0)
Mon Feb 10 16:23:15 2025 user.notice mwan3track[15761]: Stopping mwan3track for interface "wwan"
Mon Feb 10 16:23:18 2025 user.info mwan3rtmon[2419]: Detect rtchange event.
Mon Feb 10 16:23:19 2025 user.notice firewall: Reloading firewall due to ifup of wwan (wlan-sta0)
Mon Feb 10 16:23:20 2025 user.notice relay: Reloading relay due to connected of wwan (wlan-sta0)
Mon Feb 10 16:23:20 2025 user.notice relay: Reloading relay due to ifup of wwan (wlan-sta0)
Mon Feb 10 16:27:07 2025 authpriv.info dropbear[27136]: Child connection from 192.168.8.142:59458
Mon Feb 10 16:27:20 2025 authpriv.notice dropbear[27136]: Password auth succeeded for 'root' from 192.168.8.142:59458
Mon Feb 10 16:37:42 2025 daemon.notice wpa_supplicant[17836]: wlan-sta0: CTRL-EVENT-DISCONNECTED bssid=48:a9:8a:d7:eb:46 reason=1 locally_generated=1
Mon Feb 10 16:37:42 2025 daemon.info lua: (...pkg-mips_siflower/gl-sdk4-repeater/usr/sbin/repeater:548) <3>CTRL-EVENT-DISCONNECTED bssid=48:a9:8a:d7:eb:46 reason=1 locally_generated=1
Mon Feb 10 16:37:42 2025 kern.warn kernel: [ 1222.047585] lmac[1] vif working channel(100) is different from channel(0) of received beacon frame, notify that we are lost!
Mon Feb 10 16:37:42 2025 kern.warn kernel: [ 1222.058867] lmac[1] {CTXT-1} unlink from {VIF-3}: status=4 nb_vif=2
Mon Feb 10 16:37:42 2025 kern.info kernel: [ 1222.059386] hb-fmac 17800000.wifi-hb wlan-sta0: Del key for vif(3), key index : 0
Mon Feb 10 16:37:42 2025 kern.info kernel: [ 1222.073422] hb-fmac 17800000.wifi-hb wlan-sta0: Del key for vif(3), key index : 1
Mon Feb 10 16:37:42 2025 kern.info kernel: [ 1222.081056] hb-fmac 17800000.wifi-hb wlan-sta0: Del key for vif(3), key index : 2
Mon Feb 10 16:37:42 2025 kern.info kernel: [ 1222.088827] hb-fmac 17800000.wifi-hb wlan-sta0: Del key for vif(3), key index : 3
Mon Feb 10 16:37:42 2025 kern.info kernel: [ 1222.096360] hb-fmac 17800000.wifi-hb wlan-sta0: Del key for vif(3), key index : 4
Mon Feb 10 16:37:42 2025 kern.info kernel: [ 1222.103984] hb-fmac 17800000.wifi-hb wlan-sta0: Del key for vif(3), key index : 5
Mon Feb 10 16:37:42 2025 daemon.notice netifd: Network device 'wlan-sta0' link is down
Mon Feb 10 16:37:42 2025 daemon.notice netifd: Interface 'wwan' has link connectivity loss
Mon Feb 10 16:37:43 2025 daemon.info lua: (...pkg-mips_siflower/gl-sdk4-repeater/usr/sbin/repeater:548) <3>CTRL-EVENT-SCAN-STARTED
Mon Feb 10 16:37:43 2025 kern.warn kernel: [ 1222.191737] lmac[1] final dsss power is 27 ofdm power is 27
Mon Feb 10 16:37:43 2025 daemon.notice netifd: wwan (18137): udhcpc: received SIGTERM
Blockquote
Does GL.inet ever test their device firmware? Only against other GL.inet???
Take some AP, 5GHz on 40 MHz wide channel, 56dBm signal. Connect GL.inet (2S/40MHz,400Mbps real interface rate)... get good Speedtest speed on the ethernet port. (My ISP only gives 50Mbps , and I get it full speed via GL.inet repeater uplink, and ethernet client connect.
As repeater the config of the 5GHz client wifi setting is defined by the uplink. However the bandwidth is not the same (but is set to 20MHz), just get 3Mbps download on 5GHz wifi-link, and 2 Mbps on 2.4GHz wifi-link with 144Mbps interface rate. Quite a repeater dramatic bad performance. Expected half or 40%, not 5% performance of the single connection.
OK lets remove the ISP.
Download from my NAS on my home network. Via SFT1200 uplink (2S/40MHz,400Mbps interface rate) and Wifi 5GHz client (173Mbps interface rate) gives 15Mbps data, ethernet client 256Mbps data, with that 5GHz uplink through the SFT1200.
Just as reference , same test with Cudy TR1200 (similar travel router, but only 100Mbps ethernet)
5GHz , same AP, same SSID, same connection, 2S/40MHz/400Mbps. Cudy follows channel 100 and correctly copies the 40MHz bandwidth. WISP mode (= router + NAT)
5GHz AP : 400Mbps interface rate, 300Mbps dynamic MCS rate at AP, -62dBm signal at AP.
5GHz client show 400Mbps at PC. [Windows PC only shows max MCS rate, never real time actual rate]
Effective Data rate 120Mbps (118-125Mbps)
Idem with ethernet setup as client link: 99Mbps data rate
Idem with 2.4GHz client connect (2S/20MHz/144Mbps at PC)
[Windows PC only shows max MCS rate, never real time actual rate]
Effective 80Mbps data rate (71-87Mbps)
So comparing, while using that 5GHz uplink with 400Mbps MCS data rate
PC Client rate (interface/GL.inet SFT1200 - Cudy TR1200)
(5GHz / 15Mbps - 120Mbps)
(ethernet / 256Mbps - 99Mbps)
(2.4GHz /8Mbps - 80Mbps)
OK. Moving back to the beta version. Nothing usefull here with this regular version.
After moving and checking if DFS and power would still be there ...
It's not, and LUCI proves again to live in a parallel world.
Uplink still shows channel 100, client shows channel 36.
And that uplink LUCI info is clearly wrong with the dB power setting 127dBm , waw, "microwave oven/drone gun" power.
Not a fair test with such a weak signal (dropped to single stream, and lower MCS giving 120Mbps interface rate, missing 1 in 3 packets per CCQ, this AP still sends 40MHz bandwidth, on channel 36, SFT forced itself to 20 MHz, but still only getting 3Mbps on this connection is too low). Forcing it to 40MHz with LUCI brings just a little more)
2 Likes
Hi All. Just checking in to confirm this is now working with the latest firmware? Im using a E750 and plan to cruise on MSC so i want to make sure im good to go or need i need to run the code listed above?
The new firmware does absolutely nothing on MSC cruises, works perfectly fine on Royal Caribbean Ships. MSC also has the NordVPN website blocked on board (maybe other vpns as well I didn't check as I pay for NordVPN). I successfully connected my router after many different configurations. Here is what finally worked for me on board MSC World America. Before getting on the ship, setup a vpn config file so that the router once connected on board will allow all devices to access the internet. If you do not do this, the only way to access NordVPN from my phone to download the config files in my case was to use the TOR browser on my iPhone to download the config files from NordVPN.
- Once getting on board you will need to activate the internet package on one of your devices through their MSC for Me App.
- Go to settings on your iPhone change private wifi address to fixed and make note of the MAC Address (Wi-Fi Address), IP, Subnet Mask and Default Gateway (Router on iPhone) that the cruise ship network assigned your device.
- Now disconnect the device from the MSC Wi-Fi from the settings on your iPhone (not the MSC for Me App) and connect it to your personal router.
- Now setup your personal router as a repeater manually and input the settings you noted to spoof your router with your device settings. In the advance settings of repeater switch the band selection to 2.4GHz (makes the repeater use only the 2.4GHz for repeating the signal) and always connect your devices to the 5GHz band.
- Make sure your VPN is also enabled at this point. Otherwise you will not be able to access the internet from the devices even though the router is successfully connected. (My suspicion is they are blocking internet access to the router if there is no VPN connected) I also switched the packet size on the router to the same size as the ships network (61) and that didn't work either (for the admins to figure out why a vpn is necessary to access the internet). I will be experimenting with another router brand in the future to see if the results are the same and report back. I was using the GL-MT1300 for this setup with the latest firmware.
- Your personal router should now be successfully connected to their network and allowing all devices connected to access the internet.
Also note that if you want to setup the router in the cabin and leave it there and you want to leave the cabin and connect your phone again to the ships wifi to move around the ship you will need to go into the personal router and disable the connection if not you will not be able to connect back with the phone to the ships network as you will have the phone and router clashing on the ships network.
I had the ships network disconnect my router once or twice in 7 days of usage. All I had to do was disconnect the router, reconnect my phone to their wifi and use their app to disable and re enable the internet connection. Then disconnect the phone from their wifi and reconnect my router to their network. A small inconvenience but I was able to use 4 devices off of one internet plan. I took my google tv and was able to stream 720p perfectly fine 2 phones and a laptop.
Hope this helps! Have Fun Cruising!
2 Likes
My suspicion is that internet is blocked if the TTYL is not the one the network expects (and the TTYL from the MSC network is always set to 1 causing routers to drop it, if before they route it to a connected device).
By enabling a VPN from the router itself, all the traffic will actually come from the router itself, instead of the router routing the traffic from the connected devices to the MSC network.
Seems MSC networks are a bitch to repeat...
Yes you are absolutely right about using the VPN to make all the devices seem as one. It is a bitch but this method works 100% for anyone looking to do this on MSC. Its thievery that they want to charge $140 per device. Regardless thanks for the input and good luck to everyone wanting to try it on MSC. I promise its way easier on any other ship. This was the first place I encountered a network so strict. At the end of the day there will always be a way around the restrictions.
1 Like
Hi there,
I'm a MSC cruise right now and I did it a bit different to make it work:
-
Enabled in my iphone the feature of rotary mac address in private wifi direction option. That gave me a mac address I will later on clon in Beryl AX.
-
Activated the internet package in MSC for Me. Alternatively in login.mscwifi.com .
-
With Internet already activated, configured the iphone's mac address in Beryl AX as clone on the wifi interface. This allowed me to connect with Beryl AX to the cruise network.
-
Unconfigured the iphone private wifi address and set to fixed or deactivated. This allowed me to use the iphone in the cruise with the MSC for Me app for reservations and chat.
-
Now Beryl AX has the internet package and the connection to internet. In my case I'm launching a Wireguard tunnel directly outside towards an endpoint of my control that listens on port 443 to trick network devices acting over the connection in the cruise. It works like a charm.
Regards.
3 Likes
Does anyone know if the simple GL-300N (mango v2) router has this fix? Looks like last firmware from march 2025 is only 4.3.x and not >4.7.2.....
Good Job! Thats another way of doing it. I just made it as simple as possible for anyone to follow my steps. Enjoy cruising and surfing lol
The MT1300 has the firmware 4.3.25! That’s the router I used. Using your router as a repeater on MSC will require a VPN. There is no fix in the firmware. There is no other way around it.
Thanks - I have a VPN installed onto my MT-300N (Mango v2 yellow box) router so as long as I have that VPN set to autoconnect and then connect the router (in extender mode) to the MSC wifi first then all will work?
Follow my steps and you will be able to connect without a problem. You have to spoof your router with the settings from the device that enabled the internet package in order for the router to connect to their network then you activate the VPN and all is well.
Follow these steps:
2 Likes
Thanks for such a detailed write up! You’re doing everyone here a great service.
1 Like
Thanks everybody for the tips.
I've pre prepared some VPN configs to various providers etc. but I do want to try the TTL thing.
AsI understood MSC uses 1 so anything behind a hotspot gets dropped. Does this mean I have to set it to 2 on the Router? And how do I do that? IPtables seem to be replaced by NFtables so how do I set the correct TTL?
uci batch <<- __EOF
add firewall rule
rename firewall.@rule[-1]='custom_ttl'
set firewall.custom_ttl.name='Set TTL to 64'
set firewall.custom_ttl.src='wan'
set firewall.custom_ttl.proto='ip'
set firewall.custom_ttl.target='ACCEPT'
set firewall.custom_ttl.ttl='64'
reorder firewall.custom_ttl='1'
set firewall.custom_ttl.enabled='1'
__EOF
uci commit firewall && /etc/init.d/firewall restart
1 Like
Thanks I just realized there is a TTL option in the GUI with the latest update too. In Wireshark I can see 63 for a TCP packet when set to 64. I think I should be set with this and will report back after the cruise
2 Likes
I'd still save the above shell snippet just in case. It's better to have it & not need it than need it & not have it.
uci show firewall
Interesting trick with the wireguard tunnel on port 433. All TTL tests and other tests by MSC fail, because all is hidden and protected in the tunnel. The communication seen by MSC is indeed only between this device (the router) and the internet. Traffic session is actually terminated in the GL.inet router , MSC cannot know it is forwarded from that (tunnel) point onwards.
1 Like
Just to tell my experience: So idk how they’re doing it but TTL (2/64/65) didn’t work at all (GUI / Command) but as many mentioned VPN is a reliable workaround.
There’s a certain big internet company which offers a warp fast free wireguard config if you know where to look for or just using a Proton VPN free config also worked. Port didn’t matter in my testing.
TLDR how I connected the router: Turned off iPhone private address -> connected to ship wifi -> activated it. Disabled auto join and turned on fixed mac address. Then used the real mac from the iPhone in the router gui to connect to the ship wifi. With VPN turned on all devices behind had working internet
1 Like
I'm glad you eventually got a link. It wouldn't surprise me if all this thread's contents/tips/techniques is outdated tomorrow by the way everything everywhere all at once keeps changing. Such is life... 'specially in tech.