Cannot connect the default OpenWrt 5g network after connecting OpenWrt router to my ISP router

5g + country

Using the LuCI interface, wireless scan & join + enabling default AP + defining a language is .. NOT working

Please not that using LuCI it's only updating the country code for the wifi-device 'radio0' (not for the config wifi-iface)

{
  "kernel": "5.10.176",
  "hostname": "OpenWrt",
  "system": "Qualcomm Atheros QCA956X ver 1 rev 0",
  "model": "TP-Link RE450 v3",
  "board_name": "tplink,re450-v3",
  "rootfs_type": "squashfs",
  "release": {
    "distribution": "OpenWrt",
    "version": "22.03.5",
    "revision": "r20134-5f15225c1e",
    "target": "ath79/generic",
    "description": "OpenWrt 22.03.5 r20134-5f15225c1e"
  }
}

config interface 'loopback'
  option device 'lo'
  option proto 'static'
  option ipaddr '127.0.0.1'
  option netmask '255.0.0.0'

config globals 'globals'
  option ula_prefix 'fd3b:f6b0:52d2::/48'

config device
  option name 'br-lan'
  option type 'bridge'
  list ports 'eth0'

config interface 'lan'
  option device 'br-lan'
  option proto 'static'
  option netmask '255.255.255.0'
  option ip6assign '60'
  option ipaddr '192.168.20.1'

config interface 'wwan'
  option proto 'dhcp'


config wifi-device 'radio0'
  option type 'mac80211'
  option path 'pci0000:00/0000:00:00.0'
  option channel '36'
  option band '5g'
  option htmode 'VHT80'
  option cell_density '0'
  option country 'FR'

config wifi-iface 'default_radio0'
  option device 'radio0'
  option network 'lan'
  option mode 'ap'
  option ssid 'OpenWrt'
  option encryption 'none'

config wifi-device 'radio1'
  option type 'mac80211'
  option path 'platform/ahb/18100000.wmac'
  option channel '1'
  option band '2g'
  option htmode 'HT20'
  option disabled '1'

config wifi-iface 'default_radio1'
  option device 'radio1'
  option network 'lan'
  option mode 'ap'
  option ssid 'OpenWrt'
  option encryption 'none'

config wifi-iface 'wifinet2'
  option device 'radio0'
  option mode 'sta'
  option network 'wwan'
  option ssid 'boom'
  option encryption 'psk2'
  option key 'secret'


config dnsmasq
  option domainneeded '1'
  option boguspriv '1'
  option filterwin2k '0'
  option localise_queries '1'
  option rebind_protection '1'
  option rebind_localhost '1'
  option local '/lan/'
  option domain 'lan'
  option expandhosts '1'
  option nonegcache '0'
  option authoritative '1'
  option readethers '1'
  option leasefile '/tmp/dhcp.leases'
  option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
  option nonwildcard '1'
  option localservice '1'
  option ednspacket_max '1232'

config dhcp 'lan'
  option interface 'lan'
  option start '100'
  option limit '150'
  option leasetime '12h'
  option dhcpv4 'server'
  option dhcpv6 'server'
  option ra 'server'
  list ra_flags 'managed-config'
  list ra_flags 'other-config'

config dhcp 'wan'
  option interface 'wan'
  option ignore '1'

config odhcpd 'odhcpd'
  option maindhcp '0'
  option leasefile '/tmp/hosts/odhcpd'
  option leasetrigger '/usr/sbin/odhcpd-update'
  option loglevel '4'


config defaults
  option syn_flood '1'
  option input 'ACCEPT'
  option output 'ACCEPT'
  option forward 'REJECT'

config zone
  option name 'lan'
  option input 'ACCEPT'
  option output 'ACCEPT'
  option forward 'ACCEPT'
  list network 'lan'

config zone
  option name 'wan'
  option input 'REJECT'
  option output 'ACCEPT'
  option forward 'REJECT'
  option masq '1'
  option mtu_fix '1'
  list network 'wan'
  list network 'wan6'
  list network 'wwan'

config forwarding
  option src 'lan'
  option dest 'wan'

config rule
  option name 'Allow-DHCP-Renew'
  option src 'wan'
  option proto 'udp'
  option dest_port '68'
  option target 'ACCEPT'
  option family 'ipv4'

config rule
  option name 'Allow-Ping'
  option src 'wan'
  option proto 'icmp'
  option icmp_type 'echo-request'
  option family 'ipv4'
  option target 'ACCEPT'

config rule
  option name 'Allow-IGMP'
  option src 'wan'
  option proto 'igmp'
  option family 'ipv4'
  option target 'ACCEPT'

config rule
  option name 'Allow-DHCPv6'
  option src 'wan'
  option proto 'udp'
  option dest_port '546'
  option family 'ipv6'
  option target 'ACCEPT'

config rule
  option name 'Allow-MLD'
  option src 'wan'
  option proto 'icmp'
  option src_ip 'fe80::/10'
  list icmp_type '130/0'
  list icmp_type '131/0'
  list icmp_type '132/0'
  list icmp_type '143/0'
  option family 'ipv6'
  option target 'ACCEPT'

config rule
  option name 'Allow-ICMPv6-Input'
  option src 'wan'
  option proto 'icmp'
  list icmp_type 'echo-request'
  list icmp_type 'echo-reply'
  list icmp_type 'destination-unreachable'
  list icmp_type 'packet-too-big'
  list icmp_type 'time-exceeded'
  list icmp_type 'bad-header'
  list icmp_type 'unknown-header-type'
  list icmp_type 'router-solicitation'
  list icmp_type 'neighbour-solicitation'
  list icmp_type 'router-advertisement'
  list icmp_type 'neighbour-advertisement'
  option limit '1000/sec'
  option family 'ipv6'
  option target 'ACCEPT'

config rule
  option name 'Allow-ICMPv6-Forward'
  option src 'wan'
  option dest '*'
  option proto 'icmp'
  list icmp_type 'echo-request'
  list icmp_type 'echo-reply'
  list icmp_type 'destination-unreachable'
  list icmp_type 'packet-too-big'
  list icmp_type 'time-exceeded'
  list icmp_type 'bad-header'
  list icmp_type 'unknown-header-type'
  option limit '1000/sec'
  option family 'ipv6'
  option target 'ACCEPT'

config rule
  option name 'Allow-IPSec-ESP'
  option src 'wan'
  option dest 'lan'
  option proto 'esp'
  option target 'ACCEPT'

config rule
  option name 'Allow-ISAKMP'
  option src 'wan'
  option dest 'lan'
  option dest_port '500'
  option proto 'udp'
  option target 'ACCEPT'

I wonder if this is something related to TP-Link + OpenWrt ; but I don't have any other hardware to flash for now

I checked my repeater's working config.

Packages that have to be installed for this configuration work: The relayd package is required and luci-proto-relay is optional but I would advise to install this one too.
Everything else is OpenWrt vanilla.

Topology:

Main router → wifi 5 (ac) → dap-x-1860 (OpenWrt snapshot r22573-72780e3eac) → wifi 6 (ax) → Client PC

ubus call system board

	"kernel": "5.15.106",
	"hostname": "OpenWRT_D-Link_dap_x1860",
	"system": "MediaTek MT7621 ver:1 eco:3",
	"model": "D-Link DAP-X1860 A1",
	"board_name": "dlink,dap-x1860-a1",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "SNAPSHOT",
		"revision": "r22573-72780e3eac",
		"target": "ramips/mt7621",
		"description": "OpenWrt SNAPSHOT r22573-72780e3eac"

cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'xxxx:xxxx:xxxx::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'
	option gateway '192.168.178.81'

config interface 'Bridge'
	option proto 'relay'
	option ipaddr '192.168.178.81'
	list network 'lan'
	list network 'wwan'

config device
	option name 'phy1-sta0'

config device
	option name 'phy1-ap0'

config device
	option name 'eth0'

config interface 'wwan'
	option proto 'static'
	option ipaddr '192.168.178.81'
	option netmask '255.255.255.0'
	option gateway '192.168.178.1'
	option broadcast '192.168.178.255'
	list dns '192.168.178.1'

cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
	option band '2g'
	option htmode 'HE20'
	option channel '6'
	option cell_density '0'
	option country 'DE'
	option disabled '1'

config wifi-device 'radio1'
	option type 'mac80211'
	option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0+1'
	option band '5g'
	option country 'DE'
	option cell_density '0'
	option channel '40'
	option htmode 'HE80'
	option txpower '23'
	option beacon_int '101'

config wifi-iface 'wifinet2'
	option device 'radio1'
	option mode 'sta'
	option ssid 'main-router'
	option encryption 'psk2'
	option key 'not-my-password'
	option network 'wwan'

config wifi-iface 'wifinet1'
	option device 'radio1'
	option mode 'ap'
	option ssid 'dap-x1860_5G'
	option encryption 'psk2'
	option key 'not-my-password'
	option network 'lan'

This is a snapshot config and I don't know if it is compatible with the stable version.

May it be of any help to you.

Thanks for the reply @ThiloteE ! All those previous tests were running on OpenWrt 22.03.5 r20134-5f15225c1e, I'm gonna try the last snapshot release for sure.

5 minutes later : flashing from LuCI to openwrt-ath79-generic-tplink_re450-v3-squashfs-sysupgrade.bin without keeping the conf. Mhh, cannot open http://openwrt.lan/ from the browser anymore (while I can PING openwrt.lan(OpenWrt.lan (fd15:aea8:be9b::1)) 56 data bytes). Restarting the OpenWrt router, same issue.

Scanning with a nmap openwrt.lan is returning open ports 22 (ssh) and 53 (domain). Opening a shell with a ssh root@openwrt.lan is working :

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt SNAPSHOT, r22768-7bfe7e0676
 -----------------------------------------------------

Ok my fault, looks like "On development snapshots firmware, LuCI (Web Interface) has to be installed manually" (source)

So in the next steps I would need to manually connect this OpenWrt router to my ISP router, so I can install LuCI from the command line .. or simply getting inspirated by your configuration files; but I feel more comfortable using LuCI hehe.

successfully 2g connecting OpenWrt to my ISP router

• Opening a shell with ssh root@openwrt.lan

• Editing the wireless config with vi /etc/config/wireless

• Enabling the 2g radio (radio1, in my case) (which I know was working) with a dd on the option disabled '1' line

• Adding a new iface for this radio :

  config wifi-iface 'wifinet2'
  option device 'radio1'
  option mode 'sta'
  option network 'wwan'
  option ssid 'my-isp-router-ssid'
  option encryption 'psk2'
  option key 'my-isp-router-password'
  

• Write & Quit Vi

• Editing the network config with a vi /etc/config/network

  • Changing the OpenWrt lan IP to 192.168.2.1 :

    config interface 'lan'
      option device 'br-lan'
      option proto 'static'
      option ipaddr '192.168.2.1'
      option netmask '255.255.255.0'
      option ip6assign '60'
    

  • Adding a new "wwan" interface :

    config interface 'wwan'
      option proto 'dhcp'
    

• Write & Quit Vi

• Restarting interfaces with a service network reload

• Pinging something from the OpenWrt router : all good (3 packets transmitted, 3 packets received, 0% packet loss)

• Checking the lan IP from my computer client with a ip route ls, I see the 192.168.2.1 IP.

• And my computer client is also able to see the OpenWrt AP

manually installing LuCI

Following « LuCI essentials » from the official wiki

• opkg update
• opkg install luci
• Opening desktop client browser to http://openwrt.lan : working

disabling 2g client + default AP with LuCI

Has said in the title ...

My wireless config is now :

config wifi-device 'radio0'
  option type 'mac80211'
  option path 'pci0000:00/0000:00:00.0'
  option channel '36'
  option band '5g'
  option htmode 'VHT80'
  option disabled '1'

config wifi-iface 'default_radio0'
  option device 'radio0'
  option network 'lan'
  option mode 'ap'
  option ssid 'OpenWrt'
  option encryption 'none'

config wifi-device 'radio1'
  option type 'mac80211'
  option path 'platform/ahb/18100000.wmac'
  option channel '1'
  option band '2g'
  option htmode 'HT20'
  option disabled '1'

config wifi-iface 'default_radio1'
  option device 'radio1'
  option network 'lan'
  option mode 'ap'
  option ssid 'OpenWrt'
  option encryption 'none'
  option disabled '1'

config wifi-iface 'wifinet2'
  option device 'radio1'
  option mode 'sta'
  option network 'wwan'
  option ssid 'boom2'
  option encryption 'psk2'
  option key 'secret'
  option disabled '1'

enabling 5g default AP with LuCI

Has said in the title ...

My computer client is now able to see that AP with a nmcli -f NAME,SSID,BSSID,MODE,CHAN,FREQ,RATE,SIGNAL,BARS,SECURITY,IN-USE device wifi

Result :

NAME   SSID            BSSID              MODE   CHAN  FREQ      RATE        SIGNAL  BARS  SECURITY  IN-USE 
AP[1]  OpenWrt         A1:A1:A1:A1:A1:A1  Infra  36    5180 MHz  405 Mbit/s  100     ▂▄▆█  --               

adding 5g client with LuCI

• on the 5g radio, clicking on the "Scan" button
  • hmm, funny, just one 5g wireless AP found, not mine
  • disabling 5g default AP
  • scanning again
  • still just one 5g wireless AP found
  • rebooting OpenWrt with LuCI
  • found my ISP AP, Join, Add, Save & Apply
  • enabling again 5g default AP
• but my computer client is not able to see that AP with a nmcli -f NAME,SSID,BSSID,MODE,CHAN,FREQ,RATE,SIGNAL,BARS,SECURITY,IN-USE device wifi

debug cat /etc/config/wireless :

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/ahb/18100000.wmac'
	option channel '1'
	option band '2g'
	option htmode 'HT20'
	option disabled '1'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'
	option disabled '1'

config wifi-iface 'wifinet2'
	option device 'radio1'
	option mode 'sta'
	option network 'wwan'
	option ssid 'boom2'
	option encryption 'psk2'
	option key 'secret'
	option disabled '1'

config wifi-iface 'wifinet3'
	option device 'radio0'
	option mode 'sta'
	option network 'wwan'
	option ssid 'boom'
	option encryption 'psk2'
	option key 'secret'

I think you are still using dump-ap config.

config interface 'wwan'
  option proto 'dhcp'

you could try to replace the above with static config.
Have you actually set up the (relayd) bridge? I am not talking about br-lan.

I've done another test, and I really think that the problem is the 5g radio

What I want ?

ISP Router → wifi 5g ac → OpenWrt → wifi 5g ac → Desktop client

How ?

Following the official wiki/doc : Wi-Fi extender / repeater / bridge configuration

1. Erasing the OpenWrt configuration partition

2. Opening a shell to ssh root@openwrt.lan

3. Enabling Wi-Fi 5g interface :

   uci set wireless.@wifi-device[0].disabled="0"
   uci commit wireless
   wifi
   

   I can now see the OpenWrt 5g AP from my Desktop client

4. Finding my interfaces with a ifconfig, my interface is called phy0-ap0

5. Listing wireless networks in range with iw dev phy0-ap0 scan

   • only 1 AP found and not my ISP's (I should get 3 more AP)

   • rebooting the OpenWrt router (just in case) : still just 1 AP found

   • activating the other radio, the Wi-Fi 2g interface (because I need to know if this other radio can list all AP or not) :

     uci set wireless.@wifi-device[1].disabled="0"
     uci commit wireless
     wifi
     

   • Listing 2g wireless networks in range with iw dev phy1-ap0 scan

     • all AP found

I will not go further, as it really looks like my TP-LINK 5g radio is having issues.

What do you guys are thinking about this ?

Country code must be set to reach full 5 GHz performance. When not set, operation is limited only to what is legal anywhere in the world, which excludes many channels.

Set both radios to the same country.

Following @mk24 directions, here are more tests :

factory reset

• firstboot && reboot now

radio 5g

uci set wireless.@wifi-device[0].disabled="0"; \
uci set wireless.@wifi-device[0].country="FR"; \
uci commit wireless; \
wifi;

reboot now

iw dev phy0-ap0 scan | grep SSID;

All 5g AP found !

radio 2g

uci set wireless.@wifi-device[1].disabled="0"; \
uci set wireless.@wifi-device[1].country="FR"; \
uci commit wireless; \
wifi;

iw dev phy1-ap0 scan | grep SSID;

All 2g AP found

Debug

ubus call system board; \
cat /etc/config/network; \
cat /etc/config/wireless; \
cat /etc/config/dhcp; \
cat /etc/config/firewall;

{
  "kernel": "5.15.110",
  "hostname": "OpenWrt",
  "system": "Qualcomm Atheros QCA956X ver 1 rev 0",
  "model": "TP-Link RE450 v3",
  "board_name": "tplink,re450-v3",
  "rootfs_type": "squashfs",
  "release": {
    "distribution": "OpenWrt",
    "version": "SNAPSHOT",
    "revision": "r22768-7bfe7e0676",
    "target": "ath79/generic",
    "description": "OpenWrt SNAPSHOT r22768-7bfe7e0676"
  }
}

config interface 'loopback'
  option device 'lo'
  option proto 'static'
  option ipaddr '127.0.0.1'
  option netmask '255.0.0.0'

config globals 'globals'
  option ula_prefix 'fdc2:34b7:fe98::/48'

config device
  option name 'br-lan'
  option type 'bridge'
  list ports 'eth0'

config interface 'lan'
  option device 'br-lan'
  option proto 'static'
  option ipaddr '192.168.1.1'
  option netmask '255.255.255.0'
  option ip6assign '60'


config wifi-device 'radio0'
  option type 'mac80211'
  option path 'pci0000:00/0000:00:00.0'
  option channel '36'
  option band '5g'
  option htmode 'VHT80'
  option disabled '0'
  option country 'FR'

config wifi-iface 'default_radio0'
  option device 'radio0'
  option network 'lan'
  option mode 'ap'
  option ssid 'OpenWrt'
  option encryption 'none'

config wifi-device 'radio1'
  option type 'mac80211'
  option path 'platform/ahb/18100000.wmac'
  option channel '1'
  option band '2g'
  option htmode 'HT20'
  option disabled '0'
  option country 'FR'

config wifi-iface 'default_radio1'
  option device 'radio1'
  option network 'lan'
  option mode 'ap'
  option ssid 'OpenWrt'
  option encryption 'none'


config dnsmasq
  option domainneeded '1'
  option boguspriv '1'
  option filterwin2k '0'
  option localise_queries '1'
  option rebind_protection '1'
  option rebind_localhost '1'
  option local '/lan/'
  option domain 'lan'
  option expandhosts '1'
  option nonegcache '0'
  option cachesize '1000'
  option authoritative '1'
  option readethers '1'
  option leasefile '/tmp/dhcp.leases'
  option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
  option nonwildcard '1'
  option localservice '1'
  option ednspacket_max '1232'
  option filter_aaaa '0'
  option filter_a '0'

config dhcp 'lan'
  option interface 'lan'
  option start '100'
  option limit '150'
  option leasetime '12h'
  option dhcpv4 'server'
  option dhcpv6 'server'
  option ra 'server'
  option ra_slaac '1'
  list ra_flags 'managed-config'
  list ra_flags 'other-config'

config dhcp 'wan'
  option interface 'wan'
  option ignore '1'

config odhcpd 'odhcpd'
  option maindhcp '0'
  option leasefile '/tmp/hosts/odhcpd'
  option leasetrigger '/usr/sbin/odhcpd-update'
  option loglevel '4'

config defaults
  option syn_flood  1
  option input    REJECT
  option output    ACCEPT
  option forward    REJECT
# Uncomment this line to disable ipv6 rules
#  option disable_ipv6  1

config zone
  option name    lan
  list   network    'lan'
  option input    ACCEPT
  option output    ACCEPT
  option forward    ACCEPT

config zone
  option name    wan
  list   network    'wan'
  list   network    'wan6'
  option input    REJECT
  option output    ACCEPT
  option forward    REJECT
  option masq    1
  option mtu_fix    1

config forwarding
  option src    lan
  option dest    wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
  option name    Allow-DHCP-Renew
  option src    wan
  option proto    udp
  option dest_port  68
  option target    ACCEPT
  option family    ipv4

# Allow IPv4 ping
config rule
  option name    Allow-Ping
  option src    wan
  option proto    icmp
  option icmp_type  echo-request
  option family    ipv4
  option target    ACCEPT

config rule
  option name    Allow-IGMP
  option src    wan
  option proto    igmp
  option family    ipv4
  option target    ACCEPT

# Allow DHCPv6 replies
# see https://github.com/openwrt/openwrt/issues/5066
config rule
  option name    Allow-DHCPv6
  option src    wan
  option proto    udp
  option dest_port  546
  option family    ipv6
  option target    ACCEPT

config rule
  option name    Allow-MLD
  option src    wan
  option proto    icmp
  option src_ip    fe80::/10
  list icmp_type    '130/0'
  list icmp_type    '131/0'
  list icmp_type    '132/0'
  list icmp_type    '143/0'
  option family    ipv6
  option target    ACCEPT

# Allow essential incoming IPv6 ICMP traffic
config rule
  option name    Allow-ICMPv6-Input
  option src    wan
  option proto  icmp
  list icmp_type    echo-request
  list icmp_type    echo-reply
  list icmp_type    destination-unreachable
  list icmp_type    packet-too-big
  list icmp_type    time-exceeded
  list icmp_type    bad-header
  list icmp_type    unknown-header-type
  list icmp_type    router-solicitation
  list icmp_type    neighbour-solicitation
  list icmp_type    router-advertisement
  list icmp_type    neighbour-advertisement
  option limit    1000/sec
  option family    ipv6
  option target    ACCEPT

# Allow essential forwarded IPv6 ICMP traffic
config rule
  option name    Allow-ICMPv6-Forward
  option src    wan
  option dest    *
  option proto    icmp
  list icmp_type    echo-request
  list icmp_type    echo-reply
  list icmp_type    destination-unreachable
  list icmp_type    packet-too-big
  list icmp_type    time-exceeded
  list icmp_type    bad-header
  list icmp_type    unknown-header-type
  option limit    1000/sec
  option family    ipv6
  option target    ACCEPT

config rule
  option name    Allow-IPSec-ESP
  option src    wan
  option dest    lan
  option proto    esp
  option target    ACCEPT

config rule
  option name    Allow-ISAKMP
  option src    wan
  option dest    lan
  option dest_port  500
  option proto    udp
  option target    ACCEPT


### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
#  option src    lan
#  option src_ip  192.168.45.2
#  option dest    wan
#  option proto  tcp
#  option target  REJECT

# block a specific mac on wan
#config rule
#  option dest    wan
#  option src_mac  00:11:22:33:44:66
#  option target  REJECT

# block incoming ICMP traffic on a zone
#config rule
#  option src    lan
#  option proto  ICMP
#  option target  DROP

# port redirect port coming in on wan to lan
#config redirect
#  option src      wan
#  option src_dport  80
#  option dest      lan
#  option dest_ip    192.168.16.235
#  option dest_port  80
#  option proto    tcp

# port redirect of remapped ssh port (22001) on wan
#config redirect
#  option src    wan
#  option src_dport  22001
#  option dest    lan
#  option dest_port  22
#  option proto    tcp

### FULL CONFIG SECTIONS
#config rule
#  option src    lan
#  option src_ip  192.168.45.2
#  option src_mac  00:11:22:33:44:55
#  option src_port  80
#  option dest    wan
#  option dest_ip  194.25.2.129
#  option dest_port  120
#  option proto  tcp
#  option target  REJECT

#config redirect
#  option src    lan
#  option src_ip  192.168.45.2
#  option src_mac  00:11:22:33:44:55
#  option src_port    1024
#  option src_dport  80
#  option dest_ip  194.25.2.129
#  option dest_port  120
#  option proto  tcp

To be continued ...

factory reset

• firstboot && reboot now

network IP

uci set network.lan.ipaddr="192.168.2.1"; \
uci set network.wwan="interface"; \
uci set network.wwan.proto="dhcp"; \
uci commit network; \
/etc/init.d/network restart;

2g

uci set wireless.@wifi-device[1].disabled="0"; \
uci set wireless.@wifi-device[1].country="FR"; \
uci set wireless.@wifi-iface[1].ssid="OpenWrt2"; \
uci commit wireless; \
wifi reload;

(No need to reboot)

OpenWrt2 SSID AP found (from Desktop client)

iw dev phy1-ap0 scan | grep SSID;

All outside 2g AP found (from OpenWrt router)

uci set wireless.wifinet2="wifi-iface"; \
uci set wireless.wifinet2.device="radio1"; \
uci set wireless.wifinet2.mode="sta"; \
uci set wireless.wifinet2.network="wwan"; \
uci set wireless.wifinet2.ssid="isp-ssid"; \
uci set wireless.wifinet2.encryption="psk2"; \
uci set wireless.wifinet2.key="secret"; \
uci commit wireless; \
wifi reload;

OpenWrt connected to ISP router in 2,4GHz (from ISP router)
OpenWrt can ping outside domain name
OpenWrt2 SSID AP (still) found (from Desktop client)

5g

uci set wireless.@wifi-device[0].disabled="0"; \
uci set wireless.@wifi-device[0].country="FR"; \
uci set wireless.@wifi-iface[0].ssid="OpenWrt5"; \
uci commit wireless; \
wifi reload;

(This time, OpenWrt needs to reboot)

reboot now

OpenWrt5 SSID AP found (from Desktop client)

iw dev phy0-ap0 scan | grep SSID;

No outside AP found (from OpenWrt router)

uci set wireless.wifinet1="wifi-iface"; \
uci set wireless.wifinet1.device="radio0"; \
uci set wireless.wifinet1.mode="sta"; \
uci set wireless.wifinet1.network="wwan"; \
uci set wireless.wifinet1.ssid="isp-ssid"; \
uci set wireless.wifinet1.encryption="psk2"; \
uci set wireless.wifinet1.key="secret"; \
uci commit wireless; \
wifi reload;

(Rebooting OpenWrt, just in case)

reboot now

OpenWrt connected to ISP router in 5GHz (from ISP router)
OpenWrt can ping outside domain name
OpenWrt5 SSID AP is now missing (from Desktop client)

debug

ubus call system board; \
cat /etc/config/network; \
cat /etc/config/wireless; \
cat /etc/config/dhcp; \
cat /etc/config/firewall;

{
  "kernel": "5.15.110",
  "hostname": "OpenWrt",
  "system": "Qualcomm Atheros QCA956X ver 1 rev 0",
  "model": "TP-Link RE450 v3",
  "board_name": "tplink,re450-v3",
  "rootfs_type": "squashfs",
  "release": {
    "distribution": "OpenWrt",
    "version": "SNAPSHOT",
    "revision": "r22768-7bfe7e0676",
    "target": "ath79/generic",
    "description": "OpenWrt SNAPSHOT r22768-7bfe7e0676"
  }
}

config interface 'loopback'
  option device 'lo'
  option proto 'static'
  option ipaddr '127.0.0.1'
  option netmask '255.0.0.0'

config globals 'globals'
  option ula_prefix 'fdc3:f269:e1de::/48'

config device
  option name 'br-lan'
  option type 'bridge'
  list ports 'eth0'

config interface 'lan'
  option device 'br-lan'
  option proto 'static'
  option ipaddr '192.168.2.1'
  option netmask '255.255.255.0'
  option ip6assign '60'

config interface 'wwan'
  option proto 'dhcp'


config wifi-device 'radio0'
  option type 'mac80211'
  option path 'pci0000:00/0000:00:00.0'
  option channel '36'
  option band '5g'
  option htmode 'VHT80'
  option disabled '0'
  option country 'FR'

config wifi-iface 'default_radio0'
  option device 'radio0'
  option network 'lan'
  option mode 'ap'
  option ssid 'OpenWrt5'
  option encryption 'none'

config wifi-device 'radio1'
  option type 'mac80211'
  option path 'platform/ahb/18100000.wmac'
  option channel '1'
  option band '2g'
  option htmode 'HT20'
  option disabled '0'
  option country 'FR'

config wifi-iface 'default_radio1'
  option device 'radio1'
  option network 'lan'
  option mode 'ap'
  option ssid 'OpenWrt2'
  option encryption 'none'

config wifi-iface 'wifinet2'
  option device 'radio1'
  option mode 'sta'
  option network 'wwan'
  option ssid 'isp-ssid'
  option encryption 'psk2'
  option key 'secret'

config wifi-iface 'wifinet1'
  option device 'radio0'
  option mode 'sta'
  option network 'wwan'
  option ssid 'isp-ssid'
  option encryption 'psk2'
  option key 'secret'


config dnsmasq
  option domainneeded '1'
  option boguspriv '1'
  option filterwin2k '0'
  option localise_queries '1'
  option rebind_protection '1'
  option rebind_localhost '1'
  option local '/lan/'
  option domain 'lan'
  option expandhosts '1'
  option nonegcache '0'
  option cachesize '1000'
  option authoritative '1'
  option readethers '1'
  option leasefile '/tmp/dhcp.leases'
  option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
  option nonwildcard '1'
  option localservice '1'
  option ednspacket_max '1232'
  option filter_aaaa '0'
  option filter_a '0'

config dhcp 'lan'
  option interface 'lan'
  option start '100'
  option limit '150'
  option leasetime '12h'
  option dhcpv4 'server'
  option dhcpv6 'server'
  option ra 'server'
  option ra_slaac '1'
  list ra_flags 'managed-config'
  list ra_flags 'other-config'

config dhcp 'wan'
  option interface 'wan'
  option ignore '1'

config odhcpd 'odhcpd'
  option maindhcp '0'
  option leasefile '/tmp/hosts/odhcpd'
  option leasetrigger '/usr/sbin/odhcpd-update'
  option loglevel '4'

config defaults
  option syn_flood  1
  option input    REJECT
  option output    ACCEPT
  option forward    REJECT
# Uncomment this line to disable ipv6 rules
#  option disable_ipv6  1

config zone
  option name    lan
  list   network    'lan'
  option input    ACCEPT
  option output    ACCEPT
  option forward    ACCEPT

config zone
  option name    wan
  list   network    'wan'
  list   network    'wan6'
  option input    REJECT
  option output    ACCEPT
  option forward    REJECT
  option masq    1
  option mtu_fix    1

config forwarding
  option src    lan
  option dest    wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
  option name    Allow-DHCP-Renew
  option src    wan
  option proto    udp
  option dest_port  68
  option target    ACCEPT
  option family    ipv4

# Allow IPv4 ping
config rule
  option name    Allow-Ping
  option src    wan
  option proto    icmp
  option icmp_type  echo-request
  option family    ipv4
  option target    ACCEPT

config rule
  option name    Allow-IGMP
  option src    wan
  option proto    igmp
  option family    ipv4
  option target    ACCEPT

# Allow DHCPv6 replies
# see https://github.com/openwrt/openwrt/issues/5066
config rule
  option name    Allow-DHCPv6
  option src    wan
  option proto    udp
  option dest_port  546
  option family    ipv6
  option target    ACCEPT

config rule
  option name    Allow-MLD
  option src    wan
  option proto    icmp
  option src_ip    fe80::/10
  list icmp_type    '130/0'
  list icmp_type    '131/0'
  list icmp_type    '132/0'
  list icmp_type    '143/0'
  option family    ipv6
  option target    ACCEPT

# Allow essential incoming IPv6 ICMP traffic
config rule
  option name    Allow-ICMPv6-Input
  option src    wan
  option proto  icmp
  list icmp_type    echo-request
  list icmp_type    echo-reply
  list icmp_type    destination-unreachable
  list icmp_type    packet-too-big
  list icmp_type    time-exceeded
  list icmp_type    bad-header
  list icmp_type    unknown-header-type
  list icmp_type    router-solicitation
  list icmp_type    neighbour-solicitation
  list icmp_type    router-advertisement
  list icmp_type    neighbour-advertisement
  option limit    1000/sec
  option family    ipv6
  option target    ACCEPT

# Allow essential forwarded IPv6 ICMP traffic
config rule
  option name    Allow-ICMPv6-Forward
  option src    wan
  option dest    *
  option proto    icmp
  list icmp_type    echo-request
  list icmp_type    echo-reply
  list icmp_type    destination-unreachable
  list icmp_type    packet-too-big
  list icmp_type    time-exceeded
  list icmp_type    bad-header
  list icmp_type    unknown-header-type
  option limit    1000/sec
  option family    ipv6
  option target    ACCEPT

config rule
  option name    Allow-IPSec-ESP
  option src    wan
  option dest    lan
  option proto    esp
  option target    ACCEPT

config rule
  option name    Allow-ISAKMP
  option src    wan
  option dest    lan
  option dest_port  500
  option proto    udp
  option target    ACCEPT


### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
#  option src    lan
#  option src_ip  192.168.45.2
#  option dest    wan
#  option proto  tcp
#  option target  REJECT

# block a specific mac on wan
#config rule
#  option dest    wan
#  option src_mac  00:11:22:33:44:66
#  option target  REJECT

# block incoming ICMP traffic on a zone
#config rule
#  option src    lan
#  option proto  ICMP
#  option target  DROP

# port redirect port coming in on wan to lan
#config redirect
#  option src      wan
#  option src_dport  80
#  option dest      lan
#  option dest_ip    192.168.16.235
#  option dest_port  80
#  option proto    tcp

# port redirect of remapped ssh port (22001) on wan
#config redirect
#  option src    wan
#  option src_dport  22001
#  option dest    lan
#  option dest_port  22
#  option proto    tcp

### FULL CONFIG SECTIONS
#config rule
#  option src    lan
#  option src_ip  192.168.45.2
#  option src_mac  00:11:22:33:44:55
#  option src_port  80
#  option dest    wan
#  option dest_ip  194.25.2.129
#  option dest_port  120
#  option proto  tcp
#  option target  REJECT

#config redirect
#  option src    lan
#  option src_ip  192.168.45.2
#  option src_mac  00:11:22:33:44:55
#  option src_port    1024
#  option src_dport  80
#  option dest_ip  194.25.2.129
#  option dest_port  120
#  option proto  tcp

If the following comment is to be believed, dhcp for dumb ap config is unstable: OpenWrt 22.03.5 fifth service release - #88 by 72105

Try static config.

I am talking about

config interface 'wwan'
  option proto 'dhcp'

Thanks for the follow up
You think that the « unstable DHCP » has something to do with this

OpenWrt5 SSID AP is now missing (from Desktop client)

yes, maybe?

The config that works for me is also configured statically, without dhcp:

config interface 'wwan'
	option proto 'static'
	option ipaddr '192.168.178.81'
	option netmask '255.255.255.0'
	option gateway '192.168.178.1'
	option broadcast '192.168.178.255'
	list dns '192.168.178.1'