Cant access LAN routers excepting main

Hello,

have the following problem, and it is that if I directly connect the router that has OpenWRT to the PC, it lets me see the other routers that I have connected, however, if I connect to the main Wifi (192.168.1.1), I only access the main router, I don't see any of the others that I have connected (7/8)

Main Router IP (The one that gives me network): 192.168.1.1
Secondary Router IP (same model as the main one, for testing): 192.168.1.2
IP Router with OpenWRT: 192.168.1.3 (It is connected to main wifi and it has network connection)
Mikrotik AP Antenna IP (For country house): 192.168.1.4
Mikrotik CPE Antenna IP (To receive the signal from the previous one): 192.168.1.5
IP X86 miniPC (I don't have it yet): It will have the IP 192.168.6
Country house Router IP: 192.168.1.7
IP Router for testing Livebox: 192.168.1.8

The problem comes from the fact that if I am directly connected to the OpenWRT router, I see and access all the mentioned IPs, but if, for example, I connect with a laptop to the main network (192.168.1.1, wifi), I do not see any IP of the mentioned above.

The question is, how do I connect all the routers via wifi so that regardless of where they are in the house, I can access them?

Connected to main Wifi (192.168.1.1) from laptop

Connected via Ethernet to main router and OpenWRT via Ethernet with another NIC:

If disconnect OpenWRT NIC cant see anything but main router (192.168.1.1) (obvioulsly)

I have only one DHCP server active in 192.168.1.1 at the moment.

Whats the right configuration to do this connection between all of the routers? No matter if it is Wifi or Ethernet.

Dont know if i forget to mention something, please, let me know if it is and sorry for the inconvenience.

Thanks.

The above information does not indicate which interface on each device has the IP address shown. And as a result, it is difficult to identify which firewall and routing rules, if any, might affect what you're trying to achieve.

I suggest using something like https://www.diagrams.net/ to create a shoddy diagram quickly, just like I do. The old "picture paints a thousand words" adage definitely applies here.

In addition, the contents of /etc/config/network and /etc/config/firewall from each OpenWRT device may also be informative for anyone of a mind to try to help.

1 Like

as @iplaywithtoys said, it is really hard to understand your network topology, and that is critical if you're going to get a resolution.

However, I am going to guess that you have connected the lan of the main (1st) router to the wan of the next (2nd) router... that would require that the lan of the 2nd router is operating as a router, not a dumb AP. From the main lan (i.e router 1), the firewall on router 2 will prevent access to the router itself and also to the downstream devices. If this is the case with your topology, you should instead be running your downstream routers as dumb APs.

1 Like

Well, not good at all but i did this...

I just want, from the Gateway (192.168.1.1), access all the routers/APs i have, configured, or not.

I dont know if you meant this.

Thank you for the diagram.

What is not clear, though, is how each of the other routers are connected (via the wan or lan port), and then the configuration of those devices. Can you add that to the diagram or at least tell us what port is being used on each of the secondary devices?

Only one router appears to be running OpenWrt (the one that is 192.168.1.3) -- is that the case? How is it currently configured?

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

They connect through the LAN ports, for now. What I would like to do is have APs distributed throughout the house.

In the secondary routers, the Router with OpenWRT is being connected to any port, that is, the 192.168.1.2 to LAN2 of 192.168.1.3, the 192.168.1.2 WAN port to LAN3 of 192.168.1.3, the 192.168.1.8 to LAN3 and of 192.168.1.3 and LAN1 is where i connect the OpenWRT Router (192.168.1.3) to my PC. I don't know if I explain myself.

Copy of commands you ask for:

cat /etc/config/network

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd12:57cf:d2f6::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'
        list ports 'eth0.1'
        list ports 'eth0.2'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.1.3'

config interface 'wan'
        option device 'eth0.2'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '2 3 4 5 0t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '1 0t'

config interface 'wwan'
        option proto 'dhcp'

cat /etc/config/wireless

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'pci0000:00/0000:00:00.0'
        option channel '36'
        option band '5g'
        option htmode 'VHT80'
        option disabled '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/ahb/18100000.wmac'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option cell_density '0'

config wifi-iface 'wifinet0'
        option device 'radio1'
        option mode 'ap'
        option ssid 'OpenWrt_Radio1'
        option encryption 'psk2'
        option key 'XXXXXXX'
        option network 'lan'
        option disassoc_low_ack '0'

config wifi-iface 'wifinet1'
        option device 'radio1'
        option mode 'sta'
        option network 'wwan'
        option ssid 'XXXXXX'
        option encryption 'psk2'
        option key 'XXXXXXX'

cat /etc/config/dhcp

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option ednspacket_max '1232'
        list server '192.168.1.1'
        list server '8.8.8.8'
        list server '8.8.4.4'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option ignore '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

cat /etc/config/firewall

root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'
        list network 'wwan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

If you need something more, tell me, and thanks for your replies.

Your description seems to be contradictory.

contradicts the next statement:

But meanwhile, your configuration appears to be problematic...

These things should not all be in a bridge together among other possible problems.

Let's do this...
Please reset your OpenWrt router to defaults. Then configure the following before you connect it to your network:

  • set the lan address to 192.168.1.3
  • disable the DHCP server on the lan network
  • set your wifi country code
  • set your wifi SSID name
  • set your wifi security type
  • set your wifi password
  • enable wifi

Then plug the OpenWrt router into your main router using the lan ports only (do not use the wan port -- if you want to use this, we can make a modification to make this work).

At this point, your router should be a "dumb AP" and should both serve as a transparent wifi AP and be accessible from your main network.

Thats the point, i want to have another SSID for each AP "wirelessly", like an AP Bridge, i reach to have internet but only in the OpenWRT router with this configuration, if connect anything at any LAN port or wireless radio, i dont get internet, again, only the OpenWRT router has internet access. P.e, i want to carry this router to another side and i need it to connect the main router via wireless and have internet access. All of this, in the same net (192.168.1.0)

I have the possibility to connect the X86 device i bought via ethernet, but anyways i dont see the possibilities of configure it (X86 or not) via wifi and have access to every device in the net.

Did you do what I recommended:

Now that I re-read this, are you trying to make each device connect to the main router with a wireless backhaul? If so, this complicates things considerably.

Good morning, is this really that complicated that I want to do? Or maybe I'm not explaining myself well enough? I want to prepare the network so that when the X86 arrives today, I can have the vast majority of the devices ready. To do this, I need to connect them all to a main device that is the one that provides the internet, and then (testing first) change the configuration to x86, which will be the one that handles the routing, dhcp, dns, Mac filters, etc, etc. but as I said, I need, right now, that all the devices go out to the internet through the current OpenWRT, so that later, it is simply changing the IP from 3 to 6.

It is that hard enough?

I have managed to do this many times with TP-Link firmwares and there has been no problem, of course TP-Link is not even remotely similar to OpenWRT

Just in case, when I have a gap, I'll download Cisco packet tracer and I'll make you a really cool diagram of what I want to do.

But you haven’t answered key questions that I asked.

  1. are these wired to the main router/network or are they using wireless baxkhaul?

  2. if wired, you have to follow my earlier advice about resetting and configuring exactly as I recommended. Your current config is wrong.

  3. did you use the wan ports on any of the APs?

  4. are they all openwrt, or is it just one device?

Sorry but i dont know the meaning of "baxkhaul" (im spanish sorry, technician things are hard to me :zipper_mouth_face:)

At the moment, they are all wired, but what i need is to connect them wirelessly

No, not necessarily from my view

At the moment, only one has OpenWRT (192.168.1.3), but i will receive a X86 device today that will have OpenWRT to manage 600mbps connection.

Edit: I am making a schema of the network that I have/want to have right now, I will post it as soon as I finish it

Doing this wirelessly will be much harder and much lower performance. You will need to reset your router and start over, but the details of how you need to configure the device will depend on the rest of the devices.
You have a picture with 7 APs (plus the main router). What are they (brand/model) and are they all running openwrt??

Here is the fully map of my entire network

Check notes, at the right of the image. The device icons probably don't match, but that's what Cisco Packet Tracer allows me to do

It is possible that I leave something of what you have asked me, if so, tell me

PD: In the image you have the models of the devices

That's a reasonable diagram, and helps the viewer to picture the layout. However, there is a vital piece of information missing: which interface on each device has the IP address shown in the diagram. This is important because OpenWRT is a router, which means it transmits information between two entirely separate subnets.

If both subnets have the same address scheme then it will be... challenging to make this work, to say the least.

While it's not necessarily impossible to have a working network with duplicated subnet addresses, doing so successfully is a more advanced topic outside the scope of this discussion.

If you can provide the contents of /etc/config/network (and, optionally, /etc/config/firewall - belt-and-braces, y'know) from every OpenWRT device, labelled to show which device each configuration is for, it will help readers work out if you're looking at a cabling issue, a configuration issue, a routing issue, or a firewall issue.

The second diagram is showing a much more complex topology than your earlier one. But I only see one OpenWrt device in the network... is the problem specific to that device?

1 Like

I will do it when i have time, i have a work travel right now, but, interfaces are not relevant at my point of view, that diagram is what i want to achieve... if possible

thats correct, i think is an OpenWRT related problem, i had same topology with another firmwares and it works properly...

So you problably need to use relayd to get a wireless-to-wireless bridge to work as you're showing. relayd is known to be a bit finicky, and amounts to something of a hack.

WDS or 802.11s/mesh or BATMAN could be options, but I think those will only work reliably if you're using OpenWrt across all of the devices in the oval (and it appears there is only one).

Generally speaking, if there is any option to use wired connections instead of wireless, that is going to provide a much better experience and far better performance.