Access to local resources throughout wifi

Hello,

i could need some help in configuring my openwrt settings. I am using an Xiaomi Redmi Router AX6S flashed with OpenWrt 22.03.0 as an wifi access point. It is connected to my main router (192.168.0.1) by a networkcable. If i connect to the Xiaomi router via a networkcable, i can access the web an all my local resources (192.168.0.247). But when i connect to it via wifi, i can only access the web.

Where did a made a mistake within the settings?

cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd48:f0a7:f22b::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        option ipv6 '0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.0.2'
        option gateway '192.168.0.1'
        list dns '192.168.0.1'

cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/18000000.wmac'
        option band '2g'
        option htmode 'HT20'
        option channel 'auto'
        option cell_density '0'
        option country 'US'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 's1'
        option encryption 'psk2'
        option key 'k1'

config wifi-device 'radio1'
        option type 'mac80211'
        option path '1a143000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
        option band '5g'
        option htmode 'HE160'
        option channel 'auto'
        option country 'US'
        option cell_density '0'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 's2'
        option encryption 'psk2'
        option key 'k2'

cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option leasetime '12h'
        option dhcpv4 'server'
        option ignore '1'
        option start '100'
        option limit '70'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

It appears that you are using your AX6S as a dumb ap, so there should be no difference between connecting to wifi via this device as compared to connecting to the wired network directly.

Let's verify a few things:

• what is the main router?
• what firmware is the main router using?
• what physical port on the main router connects to the A6XS?
• what physical port is in use on the A6XS?
• Does the problem occur with all of your wifi devices?

And for at least one of your devices, what does your wifi client have for the IP configuration?

• is it DHCP or static IP?
• what is the IP address, subnet mask, DNS server, and router/gateway for that device?

Hi psherman,

the main router is called "Vodafone Station" and runs an proprietary firmware.

Vodafone Station Port 1 - Netgear ProSafe GS105E Port 1 (Input) - Netgear ProSafe GS105E Port 2 (Output) - A6XS Port 1

Yes the problem occurs with all devices connected over wifi.

All devices get their ip address throughout dhcp.

Thank you for the help

ipconfig

   Verbindungsspezifisches DNS-Suffix:
   IPv6-Adresse. . . . . . . . . . . : 2a02:***
   IPv6-Adresse. . . . . . . . . . . : 2a02:***
   Temporäre IPv6-Adresse. . . . . . : 2a02:***
   Verbindungslokale IPv6-Adresse  . : fe80::4e1:5751:84e6:64f%16
   IPv4-Adresse  . . . . . . . . . . : 192.168.0.24
   Subnetzmaske  . . . . . . . . . . : 255.255.255.0
   Standardgateway . . . . . . . . . : fe80::10:18ff:feee:ccc4%16
                                       192.168.0.1

Can you try the following experiment:

• unplug the ethernet cable from the A6XS and plug in a computer with an ethernet port (GS105E port 2 > ethernet port on computer).
• Make sue wifi is disabled on that computer.
• run the same tests with local and internet connectivity.

here are the results:

i connected the laptop with an networkcable (+ disabled wifi) and can access the web and all local resources

ipconfig

   Verbindungsspezifisches DNS-Suffix:
   IPv6-Adresse. . . . . . . . . . . : 2a02:***
   IPv6-Adresse. . . . . . . . . . . : 2a02:***
   Temporäre IPv6-Adresse. . . . . . : 2a02:***
   Verbindungslokale IPv6-Adresse  . : fe80::fff6:b44b:27ac:9628%31
   IPv4-Adresse  . . . . . . . . . . : 192.168.0.196
   Subnetzmaske  . . . . . . . . . . : 255.255.255.0
   Standardgateway . . . . . . . . . : fe80::10:18ff:feee:ccc4%31
                                       192.168.0.1

What version of OpenWrt is running on the A6XS? You mentioned it was 22.02.0, but let's double check.

ubus call system board

ubus call system board

{
        "kernel": "5.10.138",
        "hostname": "OpenWrt",
        "system": "ARMv8 Processor rev 4",
        "model": "Xiaomi Redmi Router AX6S",
        "board_name": "xiaomi,redmi-router-ax6s",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.0",
                "revision": "r19685-512e76967f",
                "target": "mediatek/mt7622",
                "description": "OpenWrt 22.03.0 r19685-512e76967f"
        }
}

Ok... thanks

Here's my recommendation...
Update to the latest (22.03.2 as of this writing), and do not keep settings during the upgrade. This will reset the router to defaults during the upgrade process. Disconnect the A6XS from the network as soon as the upgrade is done (or even before you run the upgrade), and make sure your computer is connected to the A6XS via ethernet.

Then, follow the dumb AP documentation I linked earlier, or just perform the following steps:

• set your desired SSID + password and enable wifi
• change the IP address of the LAN address (192.168.0.2) and add the gateway and dns
• disable the DHCP server for the lan (i.e. set to ignore)

reboot the A6XS and then connect it to the network and try again.

Ok thank you psherman,

i will try this tomorrow evening. I need to get to work within the next half an hour and cant risk leaving the rest of the familiy without wifi, but thanks.

no problem. Let us know if this fixes the issue.

I updated to the OpenWrt Version 22.03.3.
But no help. I still cant connect to the local resources when i am connected through wifi.
Any other ideas?