Can't access LuCI via wifi

pcardoso73 · January 25, 2022, 4:15pm

Hi all,
My name is Pedro and this is my first post here.

I have installed Openwrt in my PLUSNET Hub One [router from an UK internet provider]. Opening LuCI webpage is only possible, when directly connected to the router by cable.
I've been through the forum and tried many approaches but nothing worked.

Please note that I have the following setup:
BT Smart Hub connected to the internet and the router with Openwrt connected wirelessly to the BT router.
The PLUSNET router is able to obtain its IP from the BT one (192.168.1.199).
I can ping the router and the router can ping all the network, as well.
Now, if I try to access the LuCI page or use ssh, it replies with "refused to connect".

Any thoughts?

Thanks in advance.
Best regards,
Pedro

AashishAS · January 25, 2022, 4:43pm

Check if you flashed a snapshot as snapshots don't have luci by default.
Also disconnect your openwrt device from the home hub and then try to access luci as both it's lan and wan being on 192.168.1.x subnet may be creating problems. Openwrt uses 192.168.1.1 by default.

trendy · January 25, 2022, 4:47pm

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; uci export uhttpd; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; netstat -nlp | grep 80

pcardoso73 · January 25, 2022, 5:00pm

trendy:

ubus call system board; \
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; uci export uhttpd; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; netstat -nlp | grep 80

Hi,
Here you have it. The Openwrt router is 192.168.1.144 and the other one is 192.168.1.254.
Thanks

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
5: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.1.144/24 brd 192.168.1.255 scope global wlan1
       valid_lft forever preferred_lft forever
default via 192.168.1.254 dev wlan1  src 192.168.1.144 
192.168.1.0/24 dev wlan1 scope link  src 192.168.1.144 
broadcast 127.0.0.0 dev lo table local scope link  src 127.0.0.1 
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1 
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1 
broadcast 192.168.1.0 dev wlan1 table local scope link  src 192.168.1.144 
local 192.168.1.144 dev wlan1 table local scope host  src 192.168.1.144 
broadcast 192.168.1.255 dev wlan1 table local scope link  src 192.168.1.144 
0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default 
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1705/uhttpd
tcp        0      0 fe80::da7d:7fff:feed:bd36:53 :::*                    LISTEN      1259/dnsmasq
tcp        0      0 fe80::d87d:7fff:feed:bd36:53 :::*                    LISTEN      1259/dnsmasq
tcp        0      0 :::80                   :::*                    LISTEN      1705/uhttpd
udp        0      0 fe80::da7d:7fff:feed:bd36:53 :::*                                1259/dnsmasq
udp        0      0 fe80::d87d:7fff:feed:bd36:53 :::*                                1259/dnsmasq

pcardoso73 · January 25, 2022, 5:01pm

Hi,
Well, I've flashed the correct firmware. Please notice that LuCI works if connected using a cable.
Pedro

trendy · January 25, 2022, 7:38pm

You pasted only the commands of the last line. We need them all.

slh · January 26, 2022, 2:41am

Follow
https://openwrt.ebilan.co.uk/viewtopic.php?f=7&t=266
for a comprehensive guide about your device. Keep in mind that OpenWrt defaults the wireless to off after the initial flashing, you first need to configure and enable it.

pcardoso73 · January 28, 2022, 5:21pm

Hi,
Please find below the full log.
Many thanks
Pedro

ubus call system board; \
> uci export network; uci export wireless; \
/etc> uci export dhcp; uci export firewall; \
u; n> head -n -0 /etc/firewall.user; uci export uhttpd; \
> ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; netstat -nlp | grep 80
{
	"kernel": "5.4.143",
	"hostname": "OpenWrt",
	"system": "xRX200 rev 1.2",
	"model": "BT Home Hub 5A",
	"board_name": "bt,homehub-v5a",
	"release": {
		"distribution": "OpenWrt",
		"version": "21.02.0",
		"revision": "r16279-5cc0535800",
		"target": "lantiq/xrx200",
		"description": "OpenWrt 21.02.0 r16279-5cc0535800"
	}
}
package network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdec:983f:8d89::/48'

config atm-bridge 'atm'
	option vpi '1'
	option vci '32'
	option encaps 'llc'
	option payload 'bridged'
	option nameprefix 'dsl'

config dsl 'dsl'
	option annex 'a'
	option tone 'av'
	option ds_snr_offset '0'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config device
	option name 'eth0.1'
	option macaddr 'd8:7d:7f:ed:bd:34'

config interface 'lan'
	option device 'wlan1'
	option proto 'static'
	option netmask '255.255.255.0'
	option gateway '192.168.1.1'
	option dns '192.168.1.1'
	option ipaddr '192.168.1.2'

config device
	option name 'dsl0'
	option macaddr 'd8:7d:7f:ed:bd:35'

config interface 'wan'
	option device 'dsl0'
	option proto 'pppoe'
	option username 'username'
	option password 'password'
	option ipv6 '1'
	option type 'bridge'

config interface 'wan6'
	option device '@wan'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option ports '6t 4 2 0 1'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '6t 5'
	option vid '2'

config interface 'wwan'
	option proto 'dhcp'

config device
	option name 'wlan1-1'

config device
	option name 'wlan1'

package wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option channel '36'
	option hwmode '11a'
	option path 'pci0000:01/0000:01:00.0/0000:02:00.0'
	option htmode 'VHT80'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option mode 'ap'
	option encryption 'none'
	option network 'wan'
	option ssid 'OpenWrt_5G'

config wifi-device 'radio1'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option path 'pci0000:00/0000:00:0e.0'
	option htmode 'HT20'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option encryption 'none'
	option ssid 'OpenWrt'

config wifi-iface 'wifinet2'
	option device 'radio1'
	option mode 'sta'
	option network 'wwan'
	option ssid 'PIMbt'
	option encryption 'psk2'
	option key 'Pec@1973'
	option disabled '0'

package dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option ra 'hybrid'
	option dhcpv6 'hybrid'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

package firewall

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'
	list network 'wwan'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'Support-UDP-Traceroute'
	option src 'wan'
	option dest_port '33434:33689'
	option proto 'udp'
	option family 'ipv4'
	option target 'REJECT'
	option enabled 'false'

config rule
	option src 'wan'
	option proto 'tcp'
	option dest_port 'ssh'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config rule
	option src 'wan'
	option target 'ACCEPT'
	option proto 'tcp'
	option dest_port '22'

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
package uhttpd

config uhttpd 'main'
	list listen_http '0.0.0.0:80'
	list listen_http '[::]:80'
	list listen_https '0.0.0.0:443'
	list listen_https '[::]:443'
	option redirect_https '0'
	option home '/www'
	option rfc1918_filter '1'
	option max_requests '3'
	option max_connections '100'
	option cert '/etc/uhttpd.crt'
	option key '/etc/uhttpd.key'
	option cgi_prefix '/cgi-bin'
	list lua_prefix '/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
	option script_timeout '60'
	option network_timeout '30'
	option http_keepalive '20'
	option tcp_keepalive '1'
	option ubus_prefix '/ubus'

config cert 'defaults'
	option days '730'
	option key_type 'ec'
	option bits '2048'
	option ec_curve 'P-256'
	option country 'ZZ'
	option state 'Somewhere'
	option location 'Unknown'
	option commonname 'OpenWrt'

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
5: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.1.199/24 brd 192.168.1.255 scope global wlan1
       valid_lft forever preferred_lft forever
6: wlan1-1: <BROADCAST,MULTICAST> mtu 1500 qdisc noqueue state DOWN qlen 1000
    inet 192.168.1.2/24 brd 192.168.1.255 scope global wlan1-1
       valid_lft forever preferred_lft forever
default via 192.168.1.254 dev wlan1  src 192.168.1.199 
192.168.1.0/24 dev wlan1 scope link  src 192.168.1.199 
broadcast 127.0.0.0 dev lo table local scope link  src 127.0.0.1 
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1 
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1 
broadcast 192.168.1.0 dev wlan1 table local scope link  src 192.168.1.199 
local 192.168.1.2 dev wlan1-1 table local scope host  src 192.168.1.2 
local 192.168.1.199 dev wlan1 table local scope host  src 192.168.1.199 
broadcast 192.168.1.255 dev wlan1 table local scope link  src 192.168.1.199 
0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default 
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      1706/uhttpd
tcp        0      0 127.0.0.1:53            0.0.0.0:*               LISTEN      2800/dnsmasq
tcp        0      0 192.168.1.199:53        0.0.0.0:*               LISTEN      2800/dnsmasq
tcp        0      0 192.168.1.2:53          0.0.0.0:*               LISTEN      2800/dnsmasq
tcp        0      0 :::80                   :::*                    LISTEN      1706/uhttpd
tcp        0      0 ::1:53                  :::*                    LISTEN      2800/dnsmasq
tcp        0      0 fe80::da7d:7fff:feed:bd36:53 :::*                    LISTEN      2800/dnsmasq
tcp        0      0 fe80::da7d:7fff:feed:bd37:53 :::*                    LISTEN      2800/dnsmasq
udp        0      0 127.0.0.1:53            0.0.0.0:*                           2800/dnsmasq
udp        0      0 192.168.1.199:53        0.0.0.0:*                           2800/dnsmasq
udp        0      0 192.168.1.2:53          0.0.0.0:*                           2800/dnsmasq
udp        0      0 0.0.0.0:67              0.0.0.0:*                           2800/dnsmasq
udp        0      0 ::1:53                  :::*                                2800/dnsmasq
udp        0      0 fe80::da7d:7fff:feed:bd36:53 :::*                                2800/dnsmasq
udp        0      0 fe80::da7d:7fff:feed:bd37:53 :::*                                2800/dnsmasq

trendy · January 28, 2022, 8:27pm

The main problem is that you have subnet conflict. Both wlan1 and wlan1-1 have IP in 192.168.1.0/24
Further down the list, there are these 2 rules with allowing ssh from wan. Did you add them in an effort to make it work?
Then you have assigned the 5G band to the wan interface.
I am not sure to which one you are connected, but this is not a correct way to configure the device. I suggest you take a backup of what you have configured, reset the device to defaults, and start configuring the device from scratch. This way you have both 2,4 and 5GHz bands bridged to the lan interface and you only need to configure the uplink correctly.

pcardoso73 · January 28, 2022, 8:35pm

Thanks for the reply.
Yes, I've added the rules, as you guessed, to make it work.
Another piece of information that might be useful is that, everytime I restart the network with the command "/etc/init.d/network restart" the webpage opens normally.

How do I reset to the defaults? Can I do this by just pressing the reset button in the router, or do I have to re-flash the router?
Thanks,
Pedro

trendy · January 28, 2022, 8:49pm

This is a glitch. The main problem is the IP conflict. It doesn't always know where to send packets for 192.168.1.0/24, to lan or wwan?

System-> Backup/Flash.