Network connection problems



  • I have finally got everything installed and my Duet WiFi is up and running. I love the silent steppers! šŸ™‚

    However, the network connection seems to be highly unstable. One minute, everything works great and the web interface is quick. The next minute, I completely lose access to the printer and the web interface refuses to connect. If I wait a minute or two, it's back up and runningā€¦ for a minute or so. It keeps going down and back up, it seems. The printer is a few meters from the access point and the RSSI seems fine. I check RSSI either by connecting over USB or by asking the access point, and both indicate it's roughly between -45 and -65 dBm.

    Any ideas?



  • I'm still finding my connection to be fairly unreliable. AJAX timeouts vary randomly from five minutes to five hours apart.



  • I have plenty of other WiFi devices that work very well, so my network shouldn't be the problem. I might try mounting the Duet further from the metal extrusions and see if that helps.



  • I think the default ESP code isn't super great (DC42 hasn't rewritten it yet). There were some older posts (stuff by mhackney and others) where they used wireshark and other monitoring programs to track down devices that were clogging up the network. Also if you have a dual band network, try to keep as much of your stuff on the 5ghz band that you can, it helps a bit I think too.



  • I mounted the Duet in a different position, but it made no difference. A lot of the time, my printer isn't usable. I might try the Wireshark thing, but if that doesn't work, I'll have to go back to my old 0.8.5, I guess šŸ˜ž



  • Have a look at your router firmware settings (accessible through a local IP such as 192.168.0.1). I've dealt with a lot of crappy wifi networks in the past, and the solution is always in some obscure settings somewhere. There are so many protocols for interference management, multiple transmission frequencies, quality of service mechanismsā€¦ if you start googling what they mean, you can unravel the mystery that is consumer wifi and attempt getting better performance.

    Many times I have noticed it has to do with apple computers or devices like iphones. They have very agressive/weird policies that seem to inundate networks with bullshit. I used to live in a place where you could tell when certain people would be nearby, because their iphone interfered with the network so much netflix would hiccup.

    This is one of the reasons I despise the choice of having wifi as the only connectivity option... even given a perfect network and if the Duet is perfect, outside interference can bring it to a crashing halt... nevermind that everything the printer is doing is being broadcast for anyone who wishes to intercept it....



  • @bot:

    nevermind that everything the printer is doing is being broadcast for anyone who wishes to intercept itā€¦.

    WPA2 is not very easily hacked/intercepted. Everything I've read says at least a decade for brute forcing a typical 10 char password, on a single PC. Of course dictionary attacks would speed this up, but only weak passwords are vulnerable to that.

    If someone got onto a consumer WPA2 network, there's a lot more interesting traffic to sniff than 3D printer control.

    It shouldn't be possible for anything to be damaged by any firmware setting on a 3D printer either - if a printer has powerful enough heaters to reach dangerous temperatures, it is a failed FET away from danger - and (extremely rare) FET failure is still a whole lot more likely than some hacker randomly getting into a network and trying to damage your printer.

    Having a preference for wired connections is one thing, and I get that. So does T3P3, who are considering a wired version of the Duet Wifi. Wireless vs wired is trading some (small) amount of reliability for convenience, always has been. But unless I'm missing something here, the network security concern is a non-issue.



  • Has anyone attempted to piggyback an ENC28J60 Ethernet interface to the ESP yet? I've read that's supposed to be a workable combo.

    I already have a few spare ENC28J60 breakout boards on-hand for an FPGA based Software Defined Radio project I've been tinkering with so I'd be happy to try if the ESP firmware were modded to support it.

    And for what it's worth I get AJAX timeouts all the time on my older wired Duet 0.6 running recent firmware. When I was running earlier firmware this never happened, but the SD uploads would stop at 100% and never complete instead. So I guess my point is the above issues may not be related to the actual wireless connection (OSI layer 1/2 stuff) at all, and could be an issue in the ESP's IP stack or the application server it's running. Although this is all pure speculationā€¦



  • @elmoret:

    So does T3P3, who are considering a wired version of the Duet Wifi..

    I don't wish to beat a dead horseā€¦but will this version have telnet support too? šŸ˜‰ If so, sign me up!



  • @elmoret:

    @bot:

    nevermind that everything the printer is doing is being broadcast for anyone who wishes to intercept itā€¦.

    WPA2 is not very easily hacked/intercepted. Everything I've read says at least a decade for brute forcing a typical 10 char password, on a single PC. Of course dictionary attacks would speed this up, but only weak passwords are vulnerable to that.

    If someone got onto a consumer WPA2 network, there's a lot more interesting traffic to sniff than 3D printer control.

    It shouldn't be possible for anything to be damaged by any firmware setting on a 3D printer either - if a printer has powerful enough heaters to reach dangerous temperatures, it is a failed FET away from danger - and (extremely rare) FET failure is still a whole lot more likely than some hacker randomly getting into a network and trying to damage your printer.

    Having a preference for wired connections is one thing, and I get that. So does T3P3, who are considering a wired version of the Duet Wifi. Wireless vs wired is trading some (small) amount of reliability for convenience, always has been. But unless I'm missing something here, the network security concern is as non-issue.

    I'm fairly certain it's basically trivial to hack a consumer wifi network, wpa2 or not. It's certainly not trivial for everyone (hell, I couldn't do it) but for someone who wished to and knew how to, it would be easy.

    My main concern over security is that I wish to deploy printers into a range of environments that could sometimes be sensitive to security concerns. Your answer is not acceptable in these cases. Certainly, disabling the broadcast is a solution, but at the cost of a great deal of functionality that is wanted.

    Sure, wired networks can also be accessed by anyone who may wish to, but there is a physical barrier (if set up properly). Short of operating a wifi network in a lead bunker, there is no such physical barrier with wifi.

    As far as I'm aware, it's not hard to intercept the encrypted data that is being broadcast and decrypt it at a later date.



  • @bot:

    I'm fairly certain it's basically trivial to hack a consumer wifi network, wpa2 or not. It's certainly not trivial for everyone (hell, I couldn't do it) but for someone who wished to and knew how to, it would be easy.

    Do you have a source for this? I'd genuinely like to read up on it - everything I've seen and worked with shows WPA2 to be solid. Banks use AES encryption, just like WPA2. If you've come across evidence of the contrary, I'm genuinely interested. I'm not trying to start an argument here.

    @bot:

    As far as I'm aware, it's not hard to intercept the encrypted data that is being broadcast and decrypt it at a later date.

    Yes, a key is needed to decrypt - and as previously mentioned, that's ~a decade on a high end single processor machine. And that's with very fast algorithms, several orders of magnitude faster than aircrack-ng, or faster than WPA2 keys can be generated in general really.

    Aircrack-ng running on a typical high end CPU can do about 10k keys/sec. But a 10 char password has 5.3e+19 possible combinations. That would mean 170,793,732 years to guarantee the key is generated. Dictionary attacks are faster, but you aren't using dictionary words in your passwords, right? šŸ™‚

    So that leaves supercomputers. So what's the endgame here? NSA frees up some time on their supercomputers to attempt to decrypt the data on a consumer level printer?

    WPA2-AES is good enough for HIPAA regulations (medical regulations).

    WEP is a different story, I've cracked that before personally on my own network as an exercise.



  • Don't forget guys, if you REALLY want ethernet, you can hook up an Octopi on ethernet to talk to the Duet via USB just like any other control board. Costs you an extra $35 and a little setup time. Not as clean, but still functional, and better in some ways like if you want integral camera support or onboard slicing. The Duet Wifi web interface is mostly the same functionality as Octoprint anyway.

    I do really want the wifi to be more stable, but it's still a solid control board option even if you entirely removed the wifi and web interface.



  • @elmoret:

    ā€¦ consumer level printer...

    No, not on a consumer level printer. I am not personally worried about thisā€¦ but I want to use the duet in printers that I will provide to clients who will use them in environments where this is absolutely not acceptable.... how hard is that for you to understand? I've said such before.

    Imagine a 3d printer in a military research facility. Why couldn't that be run with a duet? Because of wifi.



  • @bot:

    @elmoret:

    ā€¦ consumer level printer...

    No, not on a consumer level printer. I am not personally worried about thisā€¦ but I want to use the duet in printers that I will provide to clients who will use them in environments where this is absolutely not acceptable.... how hard is that for you to understand? I've said such before.

    Imagine a 3d printer in a military research facility. Why couldn't that be run with a duet? Because of wifi.

    Because as previously mentioned, cracking WPA2 is actually quite difficult. Hell, government emails are protected with less.

    But if it bothers you, I guess you could drill a hole through the ESP8266 and run an Octopi, like Rcarlyle so kindly suggested. If its mil spec, they won't mind the extra $30 for a Rpi2. Actually, they're more likely to mind that the firmware is open source, but that applies to all versions of the Duetā€¦

    Here's evidence of WPA2 passing DoD requirements. And here.

    Could you provide some sources for WPA2 being trivial to hack, please?



  • I think you're much more likely to run into a "no unapproved wifi devices or access points" rule than a "no wifi" rule. Same basic effect though, unless you can get the IT department to audit and approve the Duet Wifi for access to the network.

    My office (at a large company you've heard of) does regular audits and scans to remove unauthorized access points, and won't allow anything but IT-managed devices to connect to the official wifi. It's all done via security certificatesā€¦ I wouldn't know how to connect a device to the wifi myself if I wanted to. I wouldn't be able to use the Duet Wifi there without one of the non-wifi control options. I'd imagine that's fairly common in the corporate and government world.



  • @RCarlyle:

    My office (at a large company you've heard of) does regular audits and scans to remove unauthorized access points, and won't allow anything but IT-managed devices to connect to the official wifi. It's all done via security certificatesā€¦ I wouldn't know how to connect a device to the wifi myself if I wanted to. I wouldn't be able to use the Duet Wifi there without one of the non-wifi control options. I'd imagine that's fairly common in the corporate and government world.

    In all the places I've worked with rules like this, you can't connect unapproved ethernet devices either.



  • I really want to use WiFi. This isn't the 90s, and I don't need more cables. I have plenty of other WiFi devices like computers, phones, speakers, power switches, media players and printers. They all work very well and I'm getting speeds of at least around 25-30 MB/s and I download from the Internet regularly at around 10-12 MB/s. Every device works fine except for Duet.



  • Any chance you have a non FCC approved power supply, tomasf? Just thinking EM interference might play a role here.


  • administrators

    Tomasf I think you are going to need to get wireshark or similar out and see if you can see where the issue is, the M122 also gives some diagnostic information. A good starting point is to determine if the network connection is dropping out completely, or the webserver on the ESP 8266



  • Elmoret, I use the power supply I got with the Kossel mini kit from T3P3, which I think is originally from Dell, so it should be fine, I guess.



  • I did try Wireshark, but didn't see much of interest. Suddenly, packets couldn't be delivered. When the Duet came back online after a couple of minutes of being unreachable, it sent DHCP packets to acquire an IP address.


  • administrators

    Hi tomasf

    The Dell power supplies we use have been fine on out DuetWifi powered printers, I don't think that is the issue.

    Its interesting that you saw the DuetWifi completely drop off the network (to the point that it had to require an IP address when it re-connected). This sounds different to the issue we had with an older firmware version where there were AJAX timeouts in the server but the network connection remained up. In the wireshark logs did you see an excessive amount of traffic from any other device - maybe flooding the network?

    I know its a pain but another option is to temporarily disable other devices on the network and then bring them back on one by one to see if one causes the DuetWifi to start dropping out.

    Finally another thing to try is to see if the network connection is maintained if there is a steady stream of traffic to the DuetWifi, you could try pinging it regularly (ie in windows use the -t flag on ping). This is not meant to be a fix but rather to try and see if the DuetWifi network connection remains established if there is a stream of traffic.



  • @elmoret:

    @RCarlyle:

    My office (at a large company you've heard of) does regular audits and scans to remove unauthorized access points, and won't allow anything but IT-managed devices to connect to the official wifi. It's all done via security certificatesā€¦ I wouldn't know how to connect a device to the wifi myself if I wanted to. I wouldn't be able to use the Duet Wifi there without one of the non-wifi control options. I'd imagine that's fairly common in the corporate and government world.

    In all the places I've worked with rules like this, you can't connect unapproved ethernet devices either.

    If there is a wired connection, the printer can be kept off the real network and only used on a separate 3d printer network, with the PCs that slice and monitor, but without connecting to any other sensitive network.

    With wifi, the same can be achieved but while broadcasting all the data. You keep thinking that a) this is a consumer application we're worried about and b) we're connecting everything to the same network we do our top-secret banking onā€¦. no.

    I don't understand why you keep trying to defend strawman scenarios when there is a perfectly legitimate need for a duet with no wifi. A consumer with an i3 in their basement? Yeah, who cares. The cases where it matters are fringe cases, and they are few and far between. This is why I'm willing to pay a premium for a wired version.

    Also, the encryption is all fine and dandy, but as with all encryption standards, their weakest point is the human element. In the environments I'm concerned with, social engineering/espionage would be a real possibility, and much more efficient than a brute force cracking attempt. By requiring physical access, knowing a simple password and intercepting the broadcast would not be enough.



  • @bot:

    With wifi, the same can be achieved but while broadcasting all the data. You keep thinking that a) this is a consumer application we're worried about and b) we're connecting everything to the same network we do our top-secret banking onā€¦. no.

    No, I don't "keep thinking that". I've given examples of how WPA2-AES meets standards for both medical and military/DoD use. What other "fringe case" are you considering?

    @bot:

    Also, the encryption is all fine and dandy, but as with all encryption standards, their weakest point is the human element. In the environments I'm concerned with, social engineering/espionage would be a real possibility, and much more efficient than a brute force cracking attempt. By requiring physical access, knowing a simple password and intercepting the broadcast would not be enough.

    Why would the password be allowed to be simple?

    Espionage of the wifi password is a "real possibility", but espionage of the STL isn't?

    Wifi only broadcasts a couple hundred feet indoors. If you're that close to a printer in a military building, you've already been cleared by security.

    All of this is a moot point with RCarlyle's suggestion anyway.



  • There sure is an awful lot of speculation going on in this wired vs WiFi argument when it comes to security. For what it's worth, I manage my companies' global WiFi infrastructure and in my opinion any modern WiFi deployment can be just as secure as your average Ethernet port if not more so. In addition to run-of-the-mill WPA, any commercial access point will support 802.1x EAP certificates (sometimes even issued in the form of physical smart cards providided after gaining security clearance) as well as putting every client on their own NAT segment so they can't even see or communicate with other clients connected to the same WiFi network. Small business/commercial WiFi security has become INCREDIBLY robust in recent years and if deployed by someone who knows what their doing should be the least of anyone's worries.

    And please pardon any typos, I typed this on my cell phoneā€¦


Log in to reply