I have two routers using dd-wrt to form a wireless bridge (ethernet at either end), not using the WAN at all.
When anything is connected to the base WDS session, no one can connect to the web ui on the base unit. The message I get is the connection was closed.
The router is a TP-Link Archer C7 v1.0. Here's where it gets interesting, the problem doesn't seem to be with the config, it's something specific to the firmware on that particular router. I'm using a D-Link at the other end, and it works fine. I reflashed both of them, reset all settings and reversed the roles, the problem follows the TP-Link router, not the config (if it's the WDS client it has the same issue - once the bridge is up connections to port 80/443 on the router are blocked).
Even without using WDS, if I connect a regular client to the base WDS system (the TP-Link), can't get to the web UI. Without even rebooting, if I disconnect everything from the wireless on the TP-Link, I can get to the web ui.
I can post config files and logs if anyone wants to check on that.
Here's a basic rundown - I will make a chart if I can find a free tool.
Ethernet clients (dhcp assigned from 192.168.0.1) <-Cat5-> Ethernet LAN ports on D-LINK DIR-835 A1 running OpenWrt 21.02.2 on 192.168.0.253 <-802.11n-> 5GHz Wireless LAN "OpenWRT" with WDS configured <-> TP Link Archer C7 rev 1.0 on 192.168.0.254 <-Cat5-> Ethernet (LAN side) connected to ISP Modem/Router 192.168.0.1 (DNS and DHCP)
DNS/DHCP is disabled on OpenWRT units, WAN port is unused.
So the "base" unit is the TP-Link, everyone can connect to the wireless on it including the WDS Client (the D-Link router). Once connected, I can get to the webUI on the "client" router (D-Link) just fine, so all network traffic seems to be passed just fine. I just can't get to the web server.
confirming my understanding... you are unable to access the TP-Link device via the WDS setup when the D-Link is connected. But if you take down the D-Link device, you can reach the TP-Link, correct?
Have you tried connecting by ethernet to the TP-Link device (as a test) while WDS is connected? Can you reach the web interface when you do that? The idea is to understand if this is an issue with the wireless connection or if the WDS connection is killing your access entirely.
Good question and WDS is indeed shutting down the entire thing. When I try to connect via ethernet to the TP-Link web server the same result happens. I can try disabling WDS and connecting then.
The funny thing is I reversed the roles of the two devices, and the problem follows the hardware, not the configuration. When I use the TP-Link as the wireless client, as soon as the client is connected to the wireless, can't get to the web interface via ethernet or wireless either.
let's see the complete configuration of your TP-Link device...
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
I found this is nothing to do with the wireless/WDS stuff. Above I have the TP-Link (which is actually rev 2) configured hopefully just as AP duties, WAN is disconnected, DHCP is not enabled on the LAN interfaces
ISP modem - 192.168.0.1
| - ethernet LAN1
TP-Link OpenWRT - 192.168.0.254
| - ethernet LAN2
Linux PC - 192.168.0.201
As soon as the 'br-lan' gets traffic going, I get connection refused by the TP-Link device on web ports and even SSH. I can ping the IP though. Even without wireless clients connected, it still dies. If I disconnect LAN1 to the ISP router/rest of devices, within about 30 seconds I can connect to the WebUI again. It seems even routing ethernet traffic is a problem, not wireless.
To confirm, you are using the one of the lan ports on this device, right? (you've said this a few times, just want to confirm it once more).
Also, have you 100% verified that nothing else on the network is using 192.168.0.254 (and further that it is outside the DHCP pool from your main router)?
You may want to change the DHCP lan server to look like this:
Mixed mode doesn't always work well, so I typically recommend making this WPA2 (PSK) rather than sae-mixed, but that will not affect the wired connectivity for a host directly connected to the ethernet ports on this device, so that's probably not directly related.
since you're not using the wan port, this is not needed and can be deleted.
I tried that 443 firewall rule to see if it would help, it did not. I will make the wireless security changes.
But... the issue is the IP address. It belongs to the ISP's router although it's not documented and I don't know what it's used for. I thought the problem followed the TP-Link device both in "Master" and "Client" mode for WDS, but failed to notice I used the same IP for it all of this time.
The ISP modem/router is a Hitron unit. It's IP for gateway/management is 192.168.0.1, but it indeed is using 254 as well.
I confirmed this by dumping arp tables. It really confused me because the TP-Link OpenWRT device didn't stop responding instantly, but after a short while of the entire network being up. I'm guessing that's a factor of whenever there is another arp request for 192.168.0.254.
Not related to OpenWRT at all! Now I'm digging into why this is. Looks like the only open port on it is 45514, and it responds to ICMP requests, that's it.
Sorry if I wasn't clear... These were not necessarily expected to solve the issue, but rather some general advice. If sae-mixed actually works in your situation, you can keep it as is... but many people end up having issues, so the fix is often to roll back to wpa2.
That is supremely annoying! It is unusual for a consumer router like this to use two IPs on the same network, so I wouldn't have guessed it directly. However, the general idea of another device inadvertently conflicting is why I had said this
A really quick and easy (but not 100% reliable test) is to do a ping test to the address with your device powered off... if you get a response, something else is clearly using the address you are trying to use. ARP tables and other discovery methods obviously also work, so that was great thinking. Despite the annoyance towards that ISP box, I'm glad you were able to find the problem... now you can use another address (maybe 253) and you should be good.
If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
I assigned the device 192.168.0.252 and it works perfectly now. 192.168.0.253 was assigned to my WDS client router so I can bridge desktops without WiFi to the other (TP-LInk) device. Weirdly if you look at the arp cache, the ISP's router has wildly different MAC address for the .254 vs the known .1 for the device.
Also, good call on just using WPA2-PSK vs mixed. One of my ancient ThinkPad models definitely doesn't it configured for WPA2/3.
