Hello everyone, I faced a pretty strange problem for me, so I’m searching for help.
Also i’m noob in the questions of networks, so sorry for me being silly.
I was trying to install and configure v2raya (actually I was trying to migrate from shadowsocks to vless) and while installing packages I got the famous “wget returned 4” error. After that I lost the ability to go anywhere besides my domain region without VPN, example: google.com, but I can still ping it with v4 and can’t with v6. To go here and white this I’m using Hidify (on a local machine, not on a router btw), connected to my vless + reality, so I got access to google and all that is banned in my country. Also I some how can reach google and etc through my phone connected to the same router without VPN, but can’t access resources banned in my country.
Also I do not know if the provider supports IPv6, as I’m not the owner and so on and etc.
If I try to GET to google.com through Postman without VPN I got ECONNREFUSED error, It’s all OK with VPN, turned on on local machine.
I suppose installing packages overwrites some configs or whatever and may be the problem is with DNS, but I don’t know where to dig.
Router: ASUS TUF-AX4200
Firmware: 23.05.4 240807 / LuCI openwrt-23.05 branch git-23.118.79121-6fb185f
Kernel: 5.15.162
Some network settings:
root@OpenWrt:~# uci show network
network.loopback=interface
network.loopback.device='lo'
network.loopback.proto='static'
network.loopback.ipaddr='####'
network.loopback.netmask='####'
network.globals=globals
network.globals.ula_prefix='####'
network.@device[0]=device
network.@device[0].name='br-lan'
network.@device[0].type='bridge'
network.@device[0].ports='lan1' 'lan2' 'lan3' 'lan4'
network.@device[1]=device
network.@device[1].name='lan1'
network.@device[1].macaddr='####'
network.@device[2]=device
network.@device[2].name='lan2'
network.@device[2].macaddr='####'
network.@device[3]=device
network.@device[3].name='lan3'
network.@device[3].macaddr='####'
network.@device[4]=device
network.@device[4].name='lan4'
network.@device[4].macaddr='####'
network.lan=interface
network.lan.device='br-lan'
network.lan.proto='static'
network.lan.ipaddr='192.168.2.1'
network.lan.netmask='####'
network.lan.ip6assign='60'
network.@device[5]=device
network.@device[5].name='eth1'
network.@device[5].macaddr='####'
network.wan=interface
network.wan.device='eth1'
network.wan.proto='pppoe'
network.wan.username='####'
network.wan.password='####'
network.wan.ipv6='auto'
network.wan6=interface
network.wan6.device='eth1'
network.wan6.proto='dhcpv6'
network.wan6.reqaddress='try'
network.wan6.reqprefix='auto'
Instead of some values I write ‘####’ cause I don’t know if it’s safe and secure to show them, can tell im if it’s requested and necessary, as well as anything else that helps you with diagnosting my issue.
Also I read about upstream DNS provider, but do not know if it’s a good idea.
Thanks for looking and for help to everybody.
First install luci-app-attendedsysupgrade and upgrade to a supported version.
DO NOT MASK INTERNAL IP ADDRESSES
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):
Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
Thanks for your reply. Sorry, but I don’t really know what of those adresses are internal.
I installed luci-app-attendedsysupgrade through software tab in LuCi GUI. (Can get how it downloaded).
In text below I edited, MACs, passwords and keys, ula_prefix.
ipaddrs and netmaska are intact (I suppose those are internals).
root@OpenWrt:~# ubus call system board
{
"kernel": "5.15.162",
"hostname": "OpenWrt",
"system": "ARMv8 Processor rev 4",
"model": "ASUS TUF-AX4200",
"board_name": "asus,tuf-ax4200",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.4",
"revision": "r24012-d8dd03c46f",
"target": "mediatek/filogic",
"description": "23.05.4 240807"
}
}
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'ca31:5f54:821d::/56'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config device
option name 'lan1'
option macaddr '44:5a:44:c6:a3:f4'
config device
option name 'lan2'
option macaddr '44:5a:44:c6:a3:f4'
config device
option name 'lan3'
option macaddr '44:5a:44:c6:a3:f4'
config device
option name 'lan4'
option macaddr '44:5a:44:c6:a3:f4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'eth1'
option macaddr '44:5a:44:c6:a3:f4'
config interface 'wan'
option device 'eth1'
option proto 'pppoe'
option username 'username'
option password 'password'
option ipv6 'auto'
config interface 'wan6'
option device 'eth1'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/18000000.wifi'
option channel '1'
option band '2g'
option htmode 'HE20'
option disabled '0'
option country 'US'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'ssid'
option encryption 'psk2'
option key 'key'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc/18000000.wifi+1'
option channel '36'
option band '5g'
option htmode 'HE20'
option disabled '0'
option country 'US'
option cell_density '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'ssid_5G'
option encryption 'psk2'
option key 'key'
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
option confdir '/tmp/dnsmasq.d'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
root@OpenWrt:~#
EDIT: typos
Please re=read the request.