I have a weird problem, I hope somebody can help. It came with OpenWrt 23.XX.YY version I had no issues running 22.XX.YY before. I have three devices at home, all three running OpeWrt. One of them is the router, the other two is set as dummy APs. I have VLANs for segregating IoT from LAN but otherwise it's a normal setup. I have a server at my home, provides a few things like samba, ssh etc. If I connect with my phone or laptop to the router's wifi I can access the server (they sits on the same subnet). However if I move downstairs and my phone/laptop connects to one of the AP then I no longer able to access the server. If i restart the router and stay close to the AP so no disconnect then I can access the server. If my end device connects to the router and then one of the AP, then it stops working again. It drives me crazy. Any suggestions what that might be?
Did you upgrade both devices, or just one of them (if one, which one)?
What physical ports on each device are used to connect the two devices to each other? Is there anything in-between (such as a switch)?
Without configs, it is basically impossible to guess what might be going wrong.
Let's take a look at the configs from both devices:
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
I did yes, although I surprised that none of the extra packages were kept so I needed to install everything again to the router. APs were ok as I have no extra packages
Upgraded all three
Router-LAN, AP-WAN
I will get you the configs shortly. I realized that due to the upgrade the APs got dhcp, firewall re-enabled. I disabled them and did a roaming test. So far it works. Will circle back tomorrow. Thanks
Depending on your devices, this may be a problem... some devices have gone through a major transition (swconfig > DSA) and the configs are not compatible.
For a dumb AP, the typical 'recipe' recommends using the lan port. There is usually no issue to use the wan port instead, but you need to make sure it is properly configured.
I had DSA before so that should not be an issue. I compared the configs with diff and the old configs looked legit so kept them. WAN is configured to act as LAN and it was good before so I doubt that. I am testing the setup now after a few changes. If it works tomorrow then certainly it is going to be the longest period since the 23 upgrade.
For a few hours sometimes the whole day I can access everything on my network, no matter which device I am connected to, so things just work. However a few hours or at some cases a day later I can no longer access my server or one of the AP. I cannot even ping them, I get host unreachable error. I can still ping and access the router and one of the AP I am connected to. If I move close to the router andended up connected to its Wifi then I can access everything again. If I reboot the router then everything works until it does not. Here are the commands you asked:
Router config:
{
"kernel": "5.15.137",
"hostname": "router",
"system": "MediaTek MT7621 ver:1 eco:3",
"model": "ASUS RT-AC65P",
"board_name": "asus,rt-ac65p",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.2",
"revision": "r23630-842932a63d",
"target": "ramips/mt7621",
"description": "OpenWrt 23.05.2 r23630-842932a63d"
}
}
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
option ipv6 '0'
config interface 'lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option delegate '0'
option ipv6 '0'
option device 'br-lan.11'
config device
option name 'wan'
option macaddr '40:b0:76:3f:43:80'
config interface 'wan'
option device 'wan'
option proto 'pppoe'
option username 'user'
option password 'password'
option peerdns '0'
option ipv6 '0'
list dns '9.9.9.9'
list dns '149.112.112.112'
option metric '10'
config interface 'wanb'
option proto 'dhcp'
option device 'eth1'
option metric '20'
option peerdns '0'
list dns '9.9.9.9'
list dns '149.112.112.112'
option hostname '*'
config bridge-vlan
option device 'br-lan'
option vlan '11'
list ports 'lan1:t'
list ports 'lan2:t'
list ports 'lan3:t'
list ports 'lan4:t'
config bridge-vlan
option device 'br-lan'
option vlan '100'
list ports 'lan1:t'
list ports 'lan2:t'
list ports 'lan3:t'
list ports 'lan4:t'
config interface 'IOT'
option proto 'static'
option device 'br-lan.100'
option ipaddr '192.168.100.1'
option netmask '255.255.255.0'
option type 'bridge'
option gateway '192.168.1.1'
option delegate '0'
config interface 'vpn0'
option proto 'wireguard'
option listen_port '51820'
list addresses '192.168.200.1/24'
list dns '192.168.1.1'
option mtu '1280'
option private_key 'key'
option delegate '0'
config wireguard_vpn0
option description 's23'
option public_key 'key'
option private_key 'key'
list allowed_ips '192.168.200.2/32'
option route_allowed_ips '1'
option endpoint_port '51820'
option persistent_keepalive '25'
config wireguard_vpn0
option description 'laptop'
list allowed_ips '192.168.200.3/32'
option route_allowed_ips '1'
option endpoint_port '51820'
option persistent_keepalive '25'
option private_key 'key'
option public_key 'key'
config wifi-device 'radio0'
option type 'mac80211'
option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
option band '2g'
option cell_density '0'
option country 'HU'
option htmode 'HT20'
option channel '1'
config wifi-device 'radio1'
option type 'mac80211'
option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
option band '5g'
option cell_density '0'
option country 'HU'
option htmode 'VHT80'
option channel '48'
config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'ap'
option ssid 'wlan.X'
option encryption 'psk2'
option network 'lan'
option macfilter 'deny'
option key ''
option ieee80211r '1'
option mobility_domain '123F'
option ft_over_ds '0'
option ft_psk_generate_local '1'
config wifi-iface 'wifinet1'
option device 'radio1'
option mode 'ap'
option ssid 'wlan.X'
option encryption 'psk2'
option network 'lan'
option macfilter 'deny'
option key ''
option ieee80211r '1'
option mobility_domain '123F'
option ft_over_ds '0'
option ft_psk_generate_local '1'
config wifi-iface 'wifinet3'
option device 'radio0'
option mode 'ap'
option ssid 'bzs_iot'
option encryption 'psk2'
option key ''
option network 'IOT'
option macfilter 'deny'
list maclist '38:F7:3D:D8:43:8B'
list maclist '8A:7C:43:00:4B:2C'
list maclist 'A2:CA:1B:92:11:E9'
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
list rebind_domain 'plex.direct'
config dhcp 'lan'
option interface 'lan'
option limit '150'
option dhcpv4 'server'
option start '10'
option leasetime '7d'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'IOT'
option interface 'IOT'
option start '10'
option limit '100'
option leasetime '7d'
list dhcp_option '6,192.168.1.1'
config dhcp 'vpn0'
option interface 'vpn0'
option ignore '1'
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
list rebind_domain 'plex.direct'
config dhcp 'lan'
option interface 'lan'
option limit '150'
option dhcpv4 'server'
option start '10'
option leasetime '7d'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'IOT'
option interface 'IOT'
option start '10'
option limit '100'
option leasetime '7d'
list dhcp_option '6,192.168.1.1'
config dhcp 'vpn0'
option interface 'vpn0'
option ignore '1'
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option drop_invalid '1'
option flow_offloading '1'
option flow_offloading_hw '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'vpn0'
option log '1'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option input 'DROP'
option forward 'DROP'
list network 'wan'
list network 'wanb'
option log '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'bcp38'
option type 'script'
option path '/usr/lib/bcp38/run.sh'
config zone
option output 'ACCEPT'
option name 'iot'
list network 'IOT'
option input 'DROP'
option forward 'DROP'
config forwarding
option src 'lan'
option dest 'iot'
config forwarding
option src 'iot'
option dest 'wan'
config rule
option src 'iot'
option target 'ACCEPT'
option dest_port '53 67 68 123'
option name 'Allow-iot_dhcp_dns_ntp'
config rule
list proto 'icmp'
option src 'iot'
option target 'ACCEPT'
option name 'Allow-iot_icmp'
config rule
option src 'iot'
list dest_ip '192.168.1.12'
option target 'ACCEPT'
option dest 'lan'
option dest_port '32400'
option name 'Allow-tv_to_plex'
list src_ip '192.168.100.30'
list src_ip '192.168.100.31'
config rule
option name 'Allow-mDNS'
list proto 'udp'
list dest_ip '224.0.0.251'
option dest_port '5353'
option target 'ACCEPT'
option src 'iot'
config rule
option name 'Allow-Chromecast-TCP'
list proto 'tcp'
option src 'iot'
option dest 'lan'
option target 'ACCEPT'
option dest_port '8443 8008-8009'
config rule
option name 'Allow-Chromecast-UDP'
list proto 'udp'
option src 'iot'
option dest 'lan'
option target 'ACCEPT'
option dest_port '1-61000'
config include
option path '/etc/config/firewall.user'
option fw4_compatible '1'
config redirect
option dest 'lan'
option target 'DNAT'
list proto 'udp'
option src 'wan'
option src_dport '51820'
option dest_ip '192.168.200.1'
option dest_port '51820'
option name 'VPN'
option family 'ipv4'
AP1
{
"kernel": "5.15.137",
"hostname": "ap1",
"system": "MediaTek MT7621 ver:1 eco:3",
"model": "ASUS RT-AC85P",
"board_name": "asus,rt-ac85p",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.2",
"revision": "r23630-842932a63d",
"target": "ramips/mt7621",
"description": "OpenWrt 23.05.2 r23630-842932a63d"
}
}
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'wan'
option ipv6 '0'
config interface 'lan'
option ipv6 '0'
option proto 'dhcp'
option device 'br-lan.11'
option force_link '1'
option delegate '0'
config bridge-vlan
option device 'br-lan'
option vlan '11'
list ports 'wan:t'
config bridge-vlan
option device 'br-lan'
option vlan '100'
list ports 'lan1:u*'
list ports 'wan:t'
config interface 'IOT'
option device 'br-lan.100'
option proto 'none'
option delegate '0'
config wifi-device 'radio0'
option type 'mac80211'
option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
option band '2g'
option htmode 'HT20'
option cell_density '0'
option country 'HU'
option channel '6'
config wifi-device 'radio1'
option type 'mac80211'
option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
option band '5g'
option htmode 'VHT80'
option cell_density '0'
option country 'HU'
option channel '157'
config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'ap'
option ssid 'wlan.X'
option encryption 'psk2'
option network 'lan'
option key ''
option macfilter 'deny'
option ieee80211r '1'
option mobility_domain '123F'
option ft_over_ds '0'
option ft_psk_generate_local '1'
config wifi-iface 'wifinet1'
option device 'radio1'
option mode 'ap'
option ssid 'wlan.X'
option encryption 'psk2'
option network 'lan'
option key ''
option macfilter 'deny'
option ieee80211r '1'
option mobility_domain '123F'
option ft_over_ds '0'
option ft_psk_generate_local '1'
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'bzs_iot'
option encryption 'psk2'
option key ''
option network 'IOT'
option macfilter 'deny'
list maclist '8A:7C:43:00:4B:2C'
list maclist '38:F7:3D:D8:43:8B'
list maclist 'A2:CA:1B:92:11:E9'
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
AP2
{
"kernel": "5.15.137",
"hostname": "ap2",
"system": "MediaTek MT7621 ver:1 eco:3",
"model": "ASUS RT-AC85P",
"board_name": "asus,rt-ac85p",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.2",
"revision": "r23630-842932a63d",
"target": "ramips/mt7621",
"description": "OpenWrt 23.05.2 r23630-842932a63d"
}
}
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'wan'
option ipv6 '0'
config interface 'lan'
option ipv6 '0'
option proto 'dhcp'
option device 'br-lan.11'
option force_link '1'
option delegate '0'
config bridge-vlan
option device 'br-lan'
option vlan '11'
list ports 'wan:t'
config bridge-vlan
option device 'br-lan'
option vlan '100'
list ports 'wan:t'
config interface 'IOT'
option device 'br-lan.100'
option proto 'none'
option delegate '0'
config wifi-device 'radio0'
option type 'mac80211'
option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
option band '2g'
option htmode 'HT20'
option cell_density '0'
option country 'HU'
option channel '11'
config wifi-device 'radio1'
option type 'mac80211'
option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
option band '5g'
option htmode 'VHT80'
option cell_density '0'
option country 'HU'
option channel '149'
config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'ap'
option ssid 'wlan.X'
option encryption 'psk2'
option network 'lan'
option key ''
option macfilter 'deny'
option ieee80211r '1'
option mobility_domain '123F'
option ft_over_ds '0'
option ft_psk_generate_local '1'
config wifi-iface 'wifinet1'
option device 'radio1'
option mode 'ap'
option ssid 'wlan.X'
option encryption 'psk2'
option network 'lan'
option key ''
option macfilter 'deny'
option ieee80211r '1'
option mobility_domain '123F'
option ft_over_ds '0'
option ft_psk_generate_local '1'
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'bzs_iot'
option encryption 'psk2'
option key ''
option network 'IOT'
option macfilter 'deny'
list maclist '38:F7:3D:D8:43:8B'
list maclist '8A:7C:43:00:4B:2C'
list maclist 'A2:CA:1B:92:11:E9'
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
option input 'DROP'
option output 'ACCEPT'
option forward 'DROP'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
As I said earlier I dont recall having this problem on 22.X.Y. Thanks for looking at it.
Unrelated to your main issue, but still shoudl be fixed... remove the endpoint port from these:
I'd recommend removing option 6 from the IOT DHCP server.
Then on both the router and the AP, I would strongly recommend that you remove the 802.11r related items entirely as well as the mac filter -- both of these things could cause problems.
Make all those changes, reboot each device, and test again.
So rebooted all three devices. Today started my day, moved my laptop and phone around the house and issue still persist. If I am connected to one of the AP I cannot access anything on the local network other then the AP I am connected to and the router but cannot even ping the other AP or the server as I get destination host unreachable error. Any further suggestion?
PING 192.168.1.4 (192.168.1.4): 56 data bytes
64 bytes from 192.168.1.4: seq=0 ttl=64 time=1.075 ms
64 bytes from 192.168.1.4: seq=1 ttl=64 time=0.792 ms
Ping AP2 from the router
PING 192.168.1.5 (192.168.1.5): 56 data bytes
64 bytes from 192.168.1.5: seq=0 ttl=64 time=1.129 ms
64 bytes from 192.168.1.5: seq=1 ttl=64 time=0.821 ms
Ping end_client from the router
PING 192.168.1.19 (192.168.1.19): 56 data bytes
64 bytes from 192.168.1.19: seq=0 ttl=64 time=375.687 ms
64 bytes from 192.168.1.19: seq=1 ttl=64 time=197.379 ms
64 bytes from 192.168.1.19: seq=2 ttl=64 time=417.367 ms
Ping end_end client from AP1
PING 192.168.1.19 (192.168.1.19): 56 data bytes
64 bytes from 192.168.1.19: seq=0 ttl=64 time=148.804 ms
64 bytes from 192.168.1.19: seq=1 ttl=64 time=379.652 ms
64 bytes from 192.168.1.19: seq=2 ttl=64 time=43.280 ms
PING 192.168.1.15 (192.168.1.15): 56 data bytes
64 bytes from 192.168.1.15: seq=0 ttl=64 time=158.413 ms
64 bytes from 192.168.1.15: seq=1 ttl=64 time=167.518 ms
64 bytes from 192.168.1.15: seq=2 ttl=64 time=98.656 ms
So it seems like latency is awful on wifi, despite i am on 2.4ghz or 5ghz but that's just one thing (5Ghz isn't too busy) the other thing is for some reason after a sudden i cannot reach some devices connected to the network unless they are on the router and not on one of the AP.
I rebooted the router again, everything is normal including the ICMP latency. It will brake again based on history. Has anyone experienced something like that before?
Those two options are in conflict with each other. (ignore is the old syntax, which corresponds to dhcpv4 'disabled' in the new syntax). You need to be sure that no DHCP service is active on the APs. That can lead to network problems after a time because clients pick up incorrect information from the extra DHCP server. The only DHCP server in the network should be on the main router.
I just tested this (IPv4 only) with a default config of 23.05.2 on an all-in-one wifi router. I disabled the DHCP server using LuCI (with the expectation that LuCI changes will implement the latest syntax standards). The result was the following:
DHCP server - before
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
Therefore, I don't believe that (at least for 23.05):
ignore is actually considered old syntax:
if it is old syntax, the underlying calls that LuCI makes should be updated
ignore and dhcpv4 'server' are in conflict with each other
ignore works as expected and disables the DHCP server.
The
This does not work as expected (tested without the ignore line). In my test just now, the client device did not get an IP for a while, but eventually (maybe 30 seconds later). To be precise, it got an IP immediately after I reconnected ethernet, and maybe 5-10 seconds later it dropped the IPv4 address. Then it was able to get a lease a short time later (~30 seconds). I have no idea why this was the case. (for reference, the IPv6 lease came up as expected). I'm not sure if this is a bug or if ignore is still actually required.
Maybe 23.05's behavior is different than snapshot and eventually 24.xx. Do you know?
EIDT: Another thing to note -- the DHCP server settings as shown in LuCI does not have a way to set the IPv4 server (or per your suggestion, disabled) field in general. If it is set to disabled in the text configuration, there is no way to see that in LuCI, and the ignore interface box remains unchecked.
This is not the recommended approach. The lan dhcp server should be explicitly disabled via the config file. I recommend using the option ignore '1' method, unless/until there is a different method/syntax known to work (@mk24 may have more information about this)
