Hi,
Just configured a new installation of opewrt and seems like my device are completely isolated from each other. I cannot ping them, also my ipv6 doesn't seem to be working. I tried to isolate unsucessufully. Any ideas? Although configs are pretty standard somethings seems off and I couldn't spot it.
network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdd8:7a1f:b741::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.120.1'
config device
option name 'wan'
option macaddr '62:38:e0:b9***'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
option hostname '*'
config interface 'wan6'
option proto '6to4'
config interface 'wg0'
option proto 'wireguard'
option private_key '*****'
option listen_port '****'
list addresses '10.14.0.1/24'
config wireguard_wg0
list allowed_ips '10.14.0.3/32'
option route_allowed_ips '1'
option persistent_keepalive '25'
config interface 'vpns'
option proto 'none'
option device 'vpns0'
firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option synflood_protect '1'
option forward 'REJECT'
config zone 'lan'
option name 'lan'
list device 'vpns+'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'vpns'
list network 'wg'
list network 'wg0'
config zone 'wan'
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
option forward 'REJECT'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Allow SSL OpenConnect'
option dest_port '****'
option target 'ACCEPT'
option src 'wan'
config rule
option name 'Allow Wireguard'
list proto 'udp'
option src 'wan'
option dest_port '****'
option target 'ACCEPT'
config rule
option name 'Block DNS'
option src '*'
option dest_port '53'
option target 'DROP'
option dest '*'
option enabled '0'
config redirect
option target 'DNAT'
option name 'Xbox'
option src 'wan'
option dest 'lan'
option src_dport '49621'
config rule 'oc'
option name 'Allow-OpenConnect'
option src 'wan'
option dest_port '***'
option proto 'tcp udp'
option target 'ACCEPT'
Is this wired, wireless, or both? Have all of your devices gotten an address in the correct network (relevant if you changed your router's LAN address) -- they should all be in the 192.168.120.0/24 network. Check at least 2 of the devices that cannot talk to each other.
all wireless, only WAN is wired. All devices are getting ip and have internet connection.
Every device can ping router and router can ping it back. But in the network with any laptop, I cannot find the printer (which has an ip and internet connection), connect my laptop over remote desktop, or ping any other device.
Thank for info.. This is ironic..Stubby..
Please.. ubus call system board
I just recently, Sunday Night, uninstalled Stubby and remove all instances of IPV6.. I didn't have this problem you have.. I'm chasing something else down.
Is there any chance you can move into/back to stable?
See if there are any hints here:
ip route show default
/$ ip route show default
default dev wg0 scope link
default via aaa.bbb.ccc.ddd dev eth1 src aaa.bbb.ccc.ddd metric 10
10.0.0.0/8 dev wg0 scope link src 10.14.0.2
## truncated ##
192.168.33.0/24 dev br-lan scope link src 192.168.33.1
Fundamentally, there is nothing on the router/AP that will prevent L2 connections between client computers except for wifi client isolation. That feature is not enabled in your config file, so unless something is wrong under the hood, nothing else should be able to do this.
That said, there is one other possible situation -- if your computer(s) are using Windows, it is possible that the Windows Firewall has engaged such that it is blocking all connections on the LAN because it doesn't recognize the network (it treats the network like a public/untrusted wifi network).
@psherman can see I'm phishing and I appreciate his redirect. The network rules here seem to be ignored, especially so if your router's diag fails ping.
I'm having a similar problem. From the OpenWRT device, I cannot ping my laptop.
But it can ping the gateway and my laptop can ping the OpenWRT device. Also local HTTP traffic to/from my laptop works. I get this same result whether OpenWRT is using DHCP or static IP. I also get the same result whether wired or wireless connection to my router/gateway.