I recently bought an Opal as part of some testing I was doing. They went well enough that I then bought a Beryl AX to run the same tests.
The primary goal was to test VPN connectivity back to an OPNsense firewall. In doing so I configured Wireguard and OpenVPN VPNs. On the Opal these all work as expected with no issues.
On the Beryl there are a number of issues (with the firmware as shipped, with 4.6.9 and 4.7 beta).
When scanning for WiFi networks the Beryl reports 2.4G for a number of networks I have running in the office (Unifi 6E WAP's) or from Android hot-spot's (both OnePlus Wi-FI 6 Android 14 devices) which are running 2.4G & 5G.
Where it does not report a mixed network I am unable to connect to the 5g Wi-Fi and if I set an Android hot-spot to 5g only the Beryl does not see the network.
While both Wireguard and OpenVPN VPNs run on the Beryl there is a DNS issue with Wireguard. It looks similar to Wireguard DNS issues reported for earlier versions of firmware. I have iterated though the various Network/DNS options and not found a working combination.
If I run the OpenVPN connection DNS resolves correctly, after which any cached DNS entries are available to a subsequent Wireguard connection (as expected).
Does the oneplus hotspot 5G SSID display in the list?
ra0 reports as 2.4g so none of the 5G networks are listed.
Looking at rax0 I can see a list of 7 networks on channels between 36 and 60 some of which are hidden.
If not, what the hotspot channel is? Can it change the hotspot channel to CH36?
From my UniFi console I can currently see 19 5G (103 2.4G) networks.
All of the 5G networks are on channels between 153 and 161 (including my office networks).
What are not listed on the console are the networks on channels 36 to 60
I.e the Beryl reports the low channels and my console the high ones.
As for Android it will allow selection of any of the supported bands but no longer allows channel configuration. IIRC it used to.
I could force channel selection, but that won't be an option when out in the wild so it will be interesting to know what the restrictions on 5g are and why the Opal works OK (I might look at that later).
Regarding the DNS issue, is it your self-hosted DNS server, public or in VPN network?
The DNS is provided by the OPNsense firewall for the road warrior clients. This WG server has been running since 2020 and is in 24/7 use by all WG clients away from the office. The firewalls DNS uses local resources for the internal network lookups and resolves to well known public servers for external lookups.
On the Beryl I ran iwpriv apclix0 get_site_survey on a one minute loop.
After lunch I noticed it started to pick up a network on channel 108
apclix0 get_site_survey:
Total=8
No Ch SSID BSSID Security Rssi Siganl(%)W-Mode ExtCH NT SSID_Len WPS DPID BcnRept MWDSCap MDId FToverDS RsrReqCap
0 36 XXXXXXXX 80:72:15:37:bc:1d WPA2PSK/AES -87 7 11a/n/ac ABOVE In 8 YES NO NO
1 36 XXXXXXXX 90:02:18:4d:2f:02 WPA2PSK/AES -93 0 11a/n/ac ABOVE In 8 YES NO NO
2 36 XXXXXXXX 80:75:1f:dd:3d:95 WPA2PSK/AES -98 0 11a/n/ac ABOVE In 8 YES NO NO
3 48 82:d6:d0:85:a5:27 WPA2PSK/AES -85 13 11a/n NONE In 0 YES NO NO
4 52 e8:76:40:53:45:b3 WPA2PSK/AES -98 0 11a/n/ac/ax ABOVE In 0 NO NO NO
5 52 XXXXXXXX e8:76:40:53:45:b5 WPA2PSKWPA3PSK/AES -98 0 11a/n/ac/ax ABOVE In 8 YES NO NO
6 60 XXXXXXXXXXX a6:91:b1:f7:70:cb WPA2PSK/AES -96 0 11a/n/ac ABOVE In 11 YES NO NO
7 108 XXXXXXXXXXXXXX d6:35:1d:06:9c:f5 WPA2PSK/AES -99 0 11a/n/ac ABOVE In 14 YES NO NO
I then ran bandwith optimisation on my UniFi network which reassigned some of the WAP to channels <100.
apclix0 get_site_survey:
Total=14
No Ch SSID BSSID Security Rssi Siganl(%)W-Mode ExtCH NT SSID_Len WPS DPID BcnRept MWDSCap MDId FToverDS RsrReqCap
0 36 XXXXXXXX 90:02:18:4d:2f:02 WPA2PSK/AES -92 0 11a/n/ac ABOVE In 8 YES NO NO
1 36 XXXXXXXX 80:75:1f:dd:3d:95 WPA2PSK/AES -98 0 11a/n/ac ABOVE In 8 YES NO NO
2 36 XXXXXXXX 80:72:15:37:bc:1d WPA2PSK/AES -86 10 11a/n/ac ABOVE In 8 YES NO NO
3 44 12:59:32:0e:4f:15 WPA2PSK/AES -89 2 11a/n NONE In 0 YES NO NO
4 44 be:d7:d4:59:12:0e WPA2PSK/AES -81 23 11a/n NONE In 0 YES NO NO
5 44 MYNET3 ea:38:83:25:6c:62 WPA2PSK/AES -36 100 11a/n/ac/ax ABOVE In 10 NO NO NO
6 44 MYNET1 ee:38:83:25:6c:62 WPA2PSK/AES -36 100 11a/n/ac/ax ABOVE In 4 NO NO NO
7 44 MYNET2 f2:38:83:25:6c:62 WPA2PSK/AES -36 100 11a/n/ac/ax ABOVE In 4 NO NO NO
8 44 f6:38:83:25:6c:62 WPA2PSK/AES -36 100 11a/n/ac/ax ABOVE In 0 NO NO NO
9 44 fa:38:83:25:6c:62 WPA2PSK/AES -36 100 11a/n/ac/ax ABOVE In 0 NO NO NO
10 48 82:d6:d0:85:a5:27 WPA2PSK/AES -86 10 11a/n NONE In 0 YES NO NO
11 52 XXXXXXXX e8:76:40:53:45:b5 WPA2PSKWPA3PSK/AES -99 0 11a/n/ac/ax ABOVE In 8 YES NO NO
12 52 e8:76:40:53:45:b3 WPA2PSK/AES -98 0 11a/n/ac/ax ABOVE In 0 NO NO NO
13 60 XXXXXXXXXXX a6:91:b1:f7:70:cb WPA2PSK/AES -96 0 11a/n/ac ABOVE In 11 YES NO NO
These could be seen within the GUI so I connected to one of my networks.
Having done this I rebooted the Beryl and re-scanned. I could still see the same networks. However via ssh the Beryl was now reporting WiFi networks with channels ranging from 36 to 161.
apclix0 get_site_survey:
Total=26
No Ch SSID BSSID Security Rssi Siganl(%)W-Mode ExtCH NT SSID_Len WPS DPID BcnRept MWDSCap MDId FToverDS RsrReqCap
0 36 XXXXXXXX 90:02:18:4d:2f:02 WPA2PSK/AES -95 0 11a/n/ac ABOVE In 8 YES NO NO
1 36 SKYABB7A 90:02:18:c3:f2:4b WPA2PSK/AES -101 0 11a/n/ac ABOVE In 8 YES NO NO
2 36 XXXXXXXX 80:75:1f:dd:3d:95 WPA2PSK/AES -99 0 11a/n/ac ABOVE In 8 YES NO NO
3 36 XXXXXXXX 80:72:15:37:bc:1d WPA2PSK/AES -90 0 11a/n/ac ABOVE In 8 YES NO NO
4 44 12:59:32:0e:4f:15 WPA2PSK/AES -87 7 11a/n NONE In 0 YES NO NO
5 44 be:d7:d4:59:12:0e WPA2PSK/AES -81 23 11a/n NONE In 0 YES NO NO
6 44 MYNET3 ea:38:83:25:6c:62 WPA2PSK/AES -35 100 11a/n/ac/ax ABOVE In 10 NO NO NO
7 44 MYNET1 ee:38:83:25:6c:62 WPA2PSK/AES -35 100 11a/n/ac/ax ABOVE In 4 NO NO NO
8 44 MYNET2 f2:38:83:25:6c:62 WPA2PSK/AES -35 100 11a/n/ac/ax ABOVE In 4 NO NO NO
9 44 f6:38:83:25:6c:62 WPA2PSK/AES -35 100 11a/n/ac/ax ABOVE In 0 NO NO NO
10 44 fa:38:83:25:6c:62 WPA2PSK/AES -35 100 11a/n/ac/ax ABOVE In 0 NO NO NO
11 48 82:d6:d0:85:a5:27 WPA2PSK/AES -86 10 11a/n NONE In 0 YES NO NO
12 60 XXXXXXXXXXX a6:91:b1:f7:70:cb WPA2PSK/AES -95 0 11a/n/ac ABOVE In 11 YES NO NO
13 108 XXXXXXXXXXXXXX d6:35:1d:06:9c:f5 WPA2PSK/AES -100 0 11a/n/ac ABOVE In 14 YES NO NO
14 153 AndroidNet b2:0c:09:c0:19:e8 WPA2PSK/AES -51 99 11a/n/ac/ax BELOW In 9 NO NO NO
15 161 MYNET3 ea:38:83:26:1f:93 WPA2PSK/AES -74 39 11a/n/ac/ax BELOW In 10 NO NO NO
16 161 MYNET1 ee:38:83:26:1f:93 WPA2PSK/AES -74 39 11a/n/ac/ax BELOW In 4 NO NO NO
17 161 MYNET2 f2:38:83:26:1f:93 WPA2PSK/AES -74 39 11a/n/ac/ax BELOW In 4 NO NO NO
18 161 f6:38:83:26:1f:93 WPA2PSK/AES -74 39 11a/n/ac/ax BELOW In 0 NO NO NO
19 161 fa:38:83:26:1f:93 WPA2PSK/AES -74 39 11a/n/ac/ax BELOW In 0 NO NO NO
20 161 MYNET3 ea:38:83:25:d7:29 WPA2PSK/AES -59 78 11a/n/ac/ax BELOW In 10 NO NO NO
21 161 MYNET1 ee:38:83:25:d7:29 WPA2PSK/AES -59 78 11a/n/ac/ax BELOW In 4 NO NO NO
22 161 MYNET2 f2:38:83:25:d7:29 WPA2PSK/AES -59 78 11a/n/ac/ax BELOW In 4 NO NO NO
23 161 f6:38:83:25:d7:29 WPA2PSK/AES -59 78 11a/n/ac/ax BELOW In 0 NO NO NO
24 161 fa:38:83:25:d7:29 WPA2PSK/AES -59 78 11a/n/ac/ax BELOW In 0 NO NO NO
25 161 aa:b5:7c:e7:c8:d0 WPA2PSK/AES -99 0 11a/n NONE In 0 YES NO NO
I still only see a single mode reported for my mixed networks. But it looks like a step in the right direction.
I won't be able to do any testing until I get back to my office. Currently at sea.
IIRC for the UK I would expect to see 5GHz channels ranging from 32 to 173.
The Beryl regularly detects networks running on channels below 96. Occasionally detects networks on channel 100 and on only once detected channels above 100.
This would be in contrast to the Opal which shows all active channels.
As noted I'm currently at sea and have spent a couple of days looking at the Wireguard DNS issue.
One of the notable diagnostics is that a dig @dns.se.rv.erwww.domain.com resolves over the OpenVPN link. While it reports ;; communications error to dns.se.rv.er#53: connection refused when running over the Wireguard VPN.
At the far-end firewall I'm logging all traffic for this VPN instance and DNS lookups are not seen.
Also this is not a routing issue as when I use a local hosts file on my PC the remote addresses are reachable.
I'm currently in Barcelona on a guest internet connection.
What I have found is that while DNS resolves over the Wireguard connection it does not continue to do so. Looking into this further this is not so much an issue with DNS but with search domains.
Initially DNS was resolving correctly for those lookups that would normally resolve when the search domains are referenced. The Beryl has been left on continuously since I arrived at the apartment and restarting it has not resolved the issue. Though I've deliberately not powered it down at the moment.
To test if this is a near-end or a far-end issue I connected my laptop ( a new-build Linux system with no added entries to the hosts file ) to the same Wi-Fi and used a WG profile with the same DNS configuration. This worked. I also checked against my mobile hot-spot, remembering to clear the local DNS cache between each connection.
Please upgrade the latest beta firmware v4.7.4 and test it one more.
If the WG still has the DNS issue, please export an issue syslog and send it to me through PM.