AP, Wifi no access to rest of network or internet

stevedh · February 13, 2023, 10:15am

I did search and find others with similar issues, although resolved didnt seem to provide a solution to my problem.

I installed OpenWrt on my Zyxel NWA50AX yesterday, all seemed to work ok, but Wireless devices were not being given ip addresses, and if I assigned one statically on the device, I was unable to ping anything else on the same network and nothing could ping it.
Using diagnostics on the AP, I can ping the gateway, but I can't ping the static ip I set on the connected wifi device.

I cleared the settings and tried to set it up as close to default as possible

using:
Firmware Version OpenWrt 22.03.3 r20028-43d71ad93e / LuCI openwrt-22.03 branch git-22.361.69894-438c598

this is the log... not very helpful, is there a way to log more info as it just shows it connecting to the wifi.

Tue Jan  3 01:14:29 2023 daemon.notice hostapd: wlan0: AP-ENABLED
Tue Jan  3 01:14:30 2023 daemon.notice netifd: Wireless device 'radio0' is now up
Tue Jan  3 01:14:30 2023 daemon.notice netifd: Network device 'wlan0' link is up
Tue Jan  3 01:14:31 2023 daemon.info dnsmasq[1]: read /etc/hosts - 4 addresses
Tue Jan  3 01:14:31 2023 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 0 addresses
Tue Jan  3 01:14:31 2023 daemon.info dnsmasq[1]: read /tmp/hosts/odhcpd - 0 addresses
Tue Jan  3 01:15:17 2023 daemon.info hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
Tue Jan  3 01:15:17 2023 daemon.info hostapd: wlan0: STA xx:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
Tue Jan  3 01:15:17 2023 daemon.notice hostapd: wlan0: AP-STA-CONNECTED 50:2b:73:db:15:74
Tue Jan  3 01:15:17 2023 daemon.info hostapd: wlan0: STA xx:xx:xx:xx:xx:xx WPA: pairwise key handshake completed (RSN)
Tue Jan  3 01:15:17 2023 daemon.notice hostapd: wlan0: EAPOL-4WAY-HS-COMPLETED xx:xx:xx:xx:xx:xx

Network:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option packet_steering '1'
	option ula_prefix 'fdfb:ebd7:a6ab::/48'

config interface 'lan'
	option proto 'dhcp'
	option device 'lan'

config device
	option name 'lan'
	option ipv6 '0'

Wireless:

config wifi-device 'radio0'
	option type 'mac80211'
	option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
	option channel '1'
	option band '2g'
	option htmode 'HE20'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'psk2'
	option key 'testtest'

config wifi-device 'radio1'
	option type 'mac80211'
	option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0+1'
	option channel '36'
	option band '5g'
	option htmode 'HE80'
	option cell_density '0'
	option disabled '1'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'psk2'
	option key 'testtest'
	option disabled '1'

As far as I can tell I'm not using the firewall, but here it is anyway.

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

frollic · February 13, 2023, 10:19am

the /etc/config/network file looks stripped ?

reset and use https://openwrt.org/docs/guide-user/network/wifi/dumbap

lleachii · February 13, 2023, 10:21am

You don't have a static IP set on the AP, if thays what you meant.
Does it get an IP

How many clients exist on LAN?
Is the main router OpenWrt too?
Did you disable DHCP?

I agree. It'll probably be better to reset and not strip your config as such.

stevedh · February 13, 2023, 1:01pm

Hi, Fixed it, thanks for the reply.

I wrote a long reply answering all your questions.
Got to the bit about resetting, although I had only done it a few hours ago. I did it again.
but this time didn't change the interface from br_lan to lan.

I think origionaly didn't use br-lan for some reason as when I 1st tried I didn't see the option of DHCP client. I have checked again and its there, so I was just blind

anyway my network config should have looked like this.

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option packet_steering '1'
	option ula_prefix 'xxxx:xxxx:xxxx::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan'

config interface 'lan'
	option device 'br-lan'
	option proto 'dhcp'

system · February 23, 2023, 1:02pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.