Hi,
I'm a begginer in OpenWRT. I already have a working network, with my personal network and a guest network that is separated from mine. I just installed Adguard home using https://openwrt.org/docs/guide-user/services/dns/adguard-home#installation.
It works correctly for my network but not for the guest network. I don't know how to make it work for both. Here is my configuration, if you have any answer to give I'm all ears.
Another problem I'm having is that OpenWRT itself doesn't have access to the internet. I can't download opkg packages for example. How can I fix that ?
By the way, if you see some errors or bad things in my configuration, don't hesitate to correct it, I don't understand everything in it. (the sendops are there to connect to my ISP network). Thanks in advance and have a great day.
root@OpenWrt:/etc/config# cat network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '64'
option ip6ifaceid '::cafe'
option ipaddr '192.168.1.1'
config interface 'wan6'
option proto 'dhcpv6'
option device 'wan.832'
option reqprefix 'auto'
option reqaddress 'none'
option defaultreqopts '0'
option sendopts '11:private 15:FSVDSL_livebox.Internet.softathome.livebox4 16:private 17:private'
option reqopts '11 17 23 24'
option noclientfqdn '1'
option noacceptreconfig '1'
option clientid 'private' # X correspond à la MAC de votre box après 00030001, ça sera également votre DUID.
config interface 'wan4'
option proto 'dhcp'
option device 'wan.832'
option hostname '*'
option broadcast '1'
option vendorid 'sagem'
option reqopts '1 3 6 15 28 51 58 59 90 119 125'
option sendopts '77:private 90:private'
#option norelease '1'
option clientid 'private' # MAJ 11/12/22, bientot necessaire, X correspond à la mac de la box après 01
config device
option name 'wan.832'
option type '8021q'
option ifname 'wan'
option vid '832'
list egress_qos_mapping '1:0'
list egress_qos_mapping '0:6'
list egress_qos_mapping '6:6'
option macaddr 'private'
config device
option name 'eth0'
config device
option type 'bridge'
option name 'br-guest'
config interface 'guest'
option proto 'static'
option device 'br-guest'
option ipaddr '192.168.3.1'
option netmask '255.255.255.0'
root@OpenWrt:/etc/config# cat firewall
config defaults
option synflood_protect '1'
option input 'DROP'
option output 'DROP'
option forward 'DROP'
option flow_offloading '1'
option flow_offloading_hw '1'
config include 'orange_rules'
option enabled '1'
option type 'nftables'
option path '/etc/nftables.d/nft-prio6-rules.include'
option position 'chain-append'
option chain 'mangle_postrouting'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option family 'ipv4'
option input 'DROP'
option forward 'DROP'
option masq '1'
list network 'wan4'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
option src 'wan6'
list src_ip 'fc00::/6'
list dest_ip 'fc00::/6'
config rule
option name 'Allow-MLD'
option proto 'icmp'
option family 'ipv6'
option target 'ACCEPT'
option src 'wan6'
list src_ip 'fe80::/10'
config rule
option name 'Allow-ICMPv6-Input'
option proto 'icmp'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
list icmp_type 'bad-header'
list icmp_type 'destination-unreachable'
list icmp_type 'echo-reply'
list icmp_type 'echo-request'
list icmp_type 'neighbour-advertisement'
list icmp_type 'neighbour-solicitation'
list icmp_type 'packet-too-big'
list icmp_type 'router-advertisement'
list icmp_type 'router-solicitation'
list icmp_type 'time-exceeded'
list icmp_type 'unknown-header-type'
option src 'wan6'
config rule
option name 'Allow-ICMPv6-Forward'
option dest '*'
option proto 'icmp'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
option src 'wan6'
list icmp_type 'bad-header'
list icmp_type 'destination-unreachable'
list icmp_type 'echo-reply'
list icmp_type 'echo-request'
list icmp_type 'packet-too-big'
list icmp_type 'parameter-problem'
list icmp_type 'time-exceeded'
list icmp_type 'unknown-header-type'
config zone
option name 'wan6'
option output 'ACCEPT'
option family 'ipv6'
list device 'wan.832'
option forward 'ACCEPT'
option input 'DROP'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan6'
config forwarding
option src 'wan6'
option dest 'lan'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'HTTP'
list proto 'tcp'
option src 'wan'
option src_dport '80'
option dest_ip '192.168.1.36'
option dest_port '80'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'HTTPS'
list proto 'tcp'
option src 'wan'
option src_dport '443'
option dest_ip '192.168.1.36'
option dest_port '443'
config zone
option name 'guest'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'guest'
config forwarding
option src 'guest'
option dest 'wan'
config forwarding
option src 'guest'
option dest 'wan6'
config rule
option name 'Allow-DNS-Guest'
option src 'guest'
option dest_port '53'
option target 'ACCEPT'
config rule
option name 'Allow-DHCP-Guest'
option family 'ipv4'
list proto 'udp'
option src 'guest'
option src_port '68'
option dest_port '67'
option target 'ACCEPT'
config redirect 'adguardhome_dns_53'
option src 'lan'
option proto 'tcp udp'
option src_dport '53'
option target 'DNAT'
option name 'Adguard Home'
option dest 'lan'
option dest_port '53'
root@OpenWrt:/etc/config# cat dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
option noresolv '0'
option cachesize '1000'
option rebind_protection '0'
option port '54'
list server '192.168.1.1'
config dhcp 'lan'
option interface 'lan'
option start '10'
option limit '50'
option leasetime '12h'
option dhcpv4 'server'
option ra 'server'
list ra_flags 'none'
list dhcp_option '6,192.168.1.1'
list dhcp_option '3,192.168.1.1'
list dns '2a01:cb05:89be:1400::cafe'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config host
option name 'DietPi'
option dns '1'
option mac 'DC:A6:32:0D:EF:12'
option ip '192.168.1.36'
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '150'
option leasetime '12h'
config host
option name 'wled-WLED'
option ip '192.168.1.50'
option mac '84:F3:EB:21:B3:62'
root@OpenWrt:/etc/config# cat wireless
config wifi-device 'radio0'
option type 'mac80211'
option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
option band '2g'
option channel 'auto'
option country 'FR'
option cell_density '0'
option htmode 'HT40'
config wifi-device 'radio1'
option type 'mac80211'
option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0+1'
option band '5g'
option channel 'auto'
option country 'FR'
option cell_density '0'
option htmode 'HE80'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option key 'choucroute2310!'
option ssid 'OpenWRT5'
option ieee80211w '1'
option encryption 'sae-mixed'
config wifi-iface 'wifinet1'
option device 'radio0'
option mode 'ap'
option key 'choucroute2310!'
option network 'lan'
option ssid 'OpenWRT24'
option encryption 'sae-mixed'
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'le wifi du voisin'
option encryption 'none'
option isolate '1'
option network 'guest'