AP doesn't have internet connection

My Comfast AP Device can't access to the internet, I tried pinging Google for testing the connection. But it shows a "Bad Address" error. Anything else are only just locally accessible through my Wi-Fi Vendo Machine with Internet Access on the Router.

In a Nutshell:

  • Wi-Fi Clients on Comfast :white_check_mark:
  • Internet Connection from Main Router to Comfast :white_check_mark:
  • DHCP Access to Internet on Comfast :white_check_mark:
  • Static Access to OpenWRT on Comfast :white_check_mark:
  • Wired Static Access to OpenWRT on Comfast :white_check_mark:
  • Internet Connection for OpenWRT for PKG Install and Firmware Updates on Comfast :x:

not sure what this means, but if you're using a static IP, did you configure a default GW and DNS on the Comfast ?

Hopefully we can help get you to a point where you can run package installations.
Firmware updates do not happen through the opkg system.... they use the sysupgrade functions.

Also, regarding upgrades:

Upgrading packages (via the CLI opkg upgrade command or the LuCI Upgrade... button) can result in major problems. It is generally highly discouraged, unless you know what you are doing or if there is specific instruction to do so.

To help you solve your issue:

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

No, DHCP is just a Dynamic or Pre-Configured IP Address. (Whatever it says it's automatically given IP Address on newly connected user device)

I don't want my Customer Clients accessing OpenWrt Panel with 192.168.x.x Static Address and they will stay on 10.0.0.1 URL Address, Which is for the Wi-Fi Vendo they are connected. (A Portal Login per se)

They can access the Internet, But in a time limit on how much they insert some coins. (Something like a Mobile Hotspot on a Convenience Store and offering an Internet Connection for cents or quarters.)

What subnets are you using for each interface?
I suggest you paste the cat's @psherman asked for

I'm on it, It will take some time before closing the Wi-Fi Vendo as there's customers connected for internet. (It would be bad if I closed their connections, While they have allotted time.)

  • ubus call system board
{
        "kernel": "4.14.180",
        "hostname": "Piso Wifi Manila",
        "system": "Qualcomm Atheros QCA9533 ver 2 rev 0",
        "model": "COMFAST CF-E355AC v1",
        "board_name": "cf-e355ac-v1",
        "release": {
                "distribution": "OpenWrt",
                "version": "19.07.3",
                "revision": "r11063-85e04e9f46",
                "target": "ar71xx/generic",
                "description": "OpenWrt 19.07.3 r11063-85e04e9f46"
        }
}
  • cat /etc/config/network
config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd9b:5fa3:e9fe::/48'

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        option ifname 'eth0 eth1'
        option ipaddr '192.168.x.x'
        option gateway '192.168.x.1'
        list dns '8.8.8.8'
        list dns '8.8.4.4'
  • cat /etc/config/wireless
config wifi-device 'radio0'
        option type 'mac80211'
        option hwmode '11g'
        option path 'platform/qca953x_wmac'
        option htmode 'HT20'
        option channel 'auto'
        option country 'US'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option encryption 'none'
        option wds '1'
        option ssid 'Comfast-OpenWrt'
        option disabled '1'

config wifi-iface 'wifinet1'
        option ssid 'Wi-Fi Connection Test'
        option device 'radio0'
        option mode 'ap'
        option disabled '1'
        option key 'xxxxxxxx'
        option encryption 'psk-mixed'
        option wpa_disable_eapol_key_retries '1'
        option skip_inactivity_poll '1'
        option isolate '1'

config wifi-iface 'wifinet2'
        option encryption 'none'
        option device 'radio0'
        option mode 'ap'
        option disabled '1'
        option ssid 'Piso Wifi Manila'

config wifi-iface 'wifinet3'
        option device 'radio0'
        option mode 'ap'
        option ssid 'Piso Wifi Manila_1'
        option encryption 'none'
        option network 'lan'
        option isolate '1'

config wifi-iface 'wifinet4'
        option device 'radio0'
        option mode 'ap'
        option ssid 'Piso Wifi Manila_2'
        option encryption 'none'
        option network 'lan'
        option isolate '1'

config wifi-iface 'wifinet5'
        option ssid 'Personal'
        option encryption 'psk2'
        option device 'radio0'
        option mode 'ap'
        option key 'xxxxxxxx'
        option network 'lan'
        option wpa_disable_eapol_key_retries '1'
  • cat /etc/config/dhcp
config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option ignore '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'
  • cat /etc/config/firewall
config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'any'
        option reload '1'

config redirect
        option src 'lan'
        option name 'Libreswan-L2TP-EWalletPayWall'
        option src_dport '4627'
        option target 'DNAT'
        option dest_ip '10.0.0.1'
        option dest 'lan'

Yikes... this is old. 19.07 has been EOL and unsupported for a while now. It doesn't appear that this device is supported in any more recent versions, but at least you could upgrade to 19.07.10. But keep in mind that 19.07 is old and has many known security vulnerabilities. It really shouldn't be used anymore -- please consider getting newer hardware that is properly supported by modern versions of OpenWrt.

You have over-redacted the information here... there is no need to hide the RFC1918 addresses (i.e. 192.168.x.x -- providing the real values here will not compromise your security).

Meanwhile, because you are running a version that is so old, I cannot remember if the syntax of your network interface is valid or not. ifname and bridge statements don't belong in the network interface stanzas anymore, but I can't honestly recall when that deprecation/change was made.

If nobody recalls, your best bet would be to reset the device to defaults and then post that config. While you're at it, you can upgrade to 19.07.10.

That said, from the router (via ssh), what happens when you ping:

  • 192.168.x.1 <--- this is the main gateway on your network; replace x with whatever the correct subnet is.
  • 64.226.122.113
  • openwrt.org

Unfortunately, This OpenWrt Firmware is modified and I don't think there's a compatible version on my Comfast EW-73.

No idea why the official Comfast Firmware just bricked and even flashing with latest version of it, I'm just stucked on OpenWrt with some good features and surpassing limit on what Comfast Firmware can do.

The YouTube Link where I download OpenWrt for Comfast EW-73

Gateway IP Address for OpenWrt: 192.168.123.254

About that accessing OpenWrt through LAN Router, Its IP Address to Comfast EW-73 seems broken even I put my PC in Static Address, I don't know if this was messed up by "Who Modified Each Settings", Just to run OpenWrt on Comfast. (For Emergency Situation like Bricked AP and Other Purposes)

  • I just tugged off the Comfast AP from the Wi-Fi Vendo and putting its Network Cable to my PC, Instead of plugging it directly to the Main Router and the neighbors can access the Internet while fixing the AP.

Option Gateway is 192.168.123.1

In that case, you probably need to be talking to the people/company who modified the firmware. Unless the full extent of their modifications are known, it makes the system a black box and it may, by design or circumstance, not operate the way OpenWrt would otherwise be expected to run.

I'm not exactly sure what you've done here... but if the subnet/address is incorrect, that would obviously explain the problem.

Again, not totally following how your neighbors can access the internet.... I assume there must be another AP.

At this point, you should be checking the connectivity to the main gateway to ensure the cable and physical infrastructure is working as well as the correct address. You can do this using your computer since it sounds like you unplugged your AP and connected your computer instead.

Probably, Because the Main Router IP Address is 192.168.1.1 and the Comfast AP is different.
I'll give some updates very soon

Yup... that will do it.

Change the lan address, gateway, and dns to match the proper network address range and you should be good.

That said, if the firmware has been customized, it's possible you won't be able to install any additional packages... depends on the details about what they did and if the kernel version matches exactly with what was used for 19.07.3.

Current Settings:

Protocol: Static Address
Bring Up on Boot: Yes
IPv4 Address: 192.168.123.254
IPv4 Netmask: 255.255.255.0
IPv4 Gateway: 192.168.123.1
IPv4 Broadcast: 192.168.123.255 (Greyed/Blank)
Custom DNS 8.8.8.8 / 8.8.4.4
  • IPv6 is Disabled

Now my plan is to switch the protocol into DHCP Client to recognize the Main Router as Internet with an IP Address of 192.168.1.10 or 192.168.1.15 (Having a same IP Address with 192.168.1.1 will conflict both AP and the Main Router), Then I will put everything back into Static for OpenWrt Panel Access and DHCP for all devices connected on Comfast AP after installing Libreswan L2TP for Vouchers Paywall or similar on Mikrotik.

  • This is One-Shot Attempt (First Try) and there's no second chance to fix the AP, Pressing the Reset Button on Comfast won't bring everything back to defaults as it goes Bricked and I don't want to climb up the roof.