Can't get over with proper routing

Hello,

I have new OpenWRT setup on Proxmox as a VM, on which I have 3 devices:
eth0 (on Proxmox VLAN tag 1)
eth1 (VLAN tag 6)
phy0-sta0 (pci-passthrough of the Intel AX210)

eth0 is configured as static IP 192.168.1.208 and through this interface I'm connecting to it's GUI.

eth1 is configured with static IP of 192.168.6.1 and had DHCP, which works fine.

phy0-sta0 is in wifi client mode, connected to the AP.
It has an IP via DHCP (let's assume 192.168.8.100)

Here's the issue.

When I don't connect phy0-sta0 to wifi - the "ip route" looks like this:

default via 192.168.1.1 dev eth0 proto static
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.208
192.168.6.0/24 dev eth1 proto kernel scope link src 192.168.6.1

Once I connect to wifi - it changes to:

default via 192.168.8.1 dev phy0-sta0 proto static src 192.168.8.100
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.208
192.168.6.0/24 dev eth1 proto kernel scope link src 192.168.6.1
192.168.8.0/24 dev phy0-sta0 proto kernel scope link src 192.168.8.100

at the moment OpenWRT connects to wifi - I can no longer access it :confused: I have to shutdown the wifi and restart network for the route to return to previous shape.

What I'd want is - I want the wifi network be available only for the VLAN6.
VLAN1 is only to access OpenWRT.

/etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdbd:1dd8:4ef1::/48'

config interface 'lan'
        option device 'eth0'
        option proto 'static'
        option ipaddr '192.168.1.208'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '192.168.1.1'
        list dns '192.168.1.6'
        option delegate '0'
        option metric '0'
        option defaultroute '0'

config interface 'wwan'
        option proto 'dhcp'
        option device 'phy0-sta0'

config device
        option name 'phy0-sta0'

config route
        option interface 'lan'
        option target '192.168.1.0/0'
        option gateway '192.168.1.1'

config interface 'VLAN6_new'
        option proto 'static'
        option device 'eth1'
        option ipaddr '192.168.6.1'
        option netmask '255.255.255.0'
        option gateway '192.168.8.100'
        option defaultroute '0'

/etc/config/firewall

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wwan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option src 'wan'
        option dest_port '80'
        option proto 'tcp'
        option target 'ACCEPT'

config zone
        option name 'VLAN6'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'VLAN6_new'

config forwarding
        option src 'VLAN6'
        option dest 'wan'

config forwarding
        option src 'wan'
        option dest 'VLAN6'

config include 'pbr'
        option fw4_compatible '1'
        option type 'script'
        option path '/usr/share/pbr/pbr.firewall.include'

I don't know already if my issue is the interface config, gateway, routing or firewall... or all together

Fixed with help from IRC channel !

The issue was - I was accessing OpenWRT from VLAN2, through 192.168.1.1 Gateway.

When OpenWRT connected to to wifi - it changed it default route from 192.168.1.1 to 192.168.8.1.
Since OpenWRT wasn't a member of VLAN2 - it didn't know how to reach VLAN2, so it used default route.

Adding a static route for VLAN2 pointing 192.168.1.1 solved the issue.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.