Hi, I'm having the following problem. My router works fine, I can connect to the internet, DHCP works, DNS works, wireless works.
However, if I shut down or reboot my computer (Windows 10 Education), the NIC connected to my OpenWrt router says "No internet connection" or "Unidentified network". I get an APIPA address assigned. If I then disable and re-enable the network adapter in Windows, the OS detects an internet connection and traffic is routed through that NIC.
Configuration of Windows PC:
NIC 1: Connected to OpenWrt, static IP (outside DHCP range), Interface metric 1
NIC 2: USB NIC connected to other router, static IP, Interface metric 30 (traffic is router through this after a boot if OpenWrt is not detected as connected)
Configuration of OpenWrt:
DNS-Over-HTTPS Proxy as DNS resolver
WAN interface metric 5, VPN interface metric 0 (so I don't have to manually block traffic to WAN if connected to OpenVPN)
Custom FW zone for OpenVPN
Firewall rules to block Port 53 to WAN to prevent unencrypted DNS resolution
OpenWrt configuration:
root@OpenWrt:~# cat /etc/config/system /etc/config/firewall /etc/config/network /etc/config/wireless /etc/config/dhcp /etc/config/https-dns-proxy
config system
option hostname 'OpenWrt'
option timezone 'UTC'
option ttylogin '0'
option log_size '64'
option urandom_seed '0'
config timeserver 'ntp'
option enabled '1'
option enable_server '0'
list server '0.openwrt.pool.ntp.org'
list server '1.openwrt.pool.ntp.org'
list server '2.openwrt.pool.ntp.org'
list server '3.openwrt.pool.ntp.org'
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option network 'vpn'
option forward 'REJECT'
option name 'vpn'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option input 'REJECT'
config forwarding
option dest 'vpn'
option src 'lan'
config forwarding
option dest 'wan'
option src 'lan'
config rule
option src_port '53'
option name 'Block-unencrypted-DNS'
option dest 'wan'
option target 'REJECT'
option dest_port '53'
list proto 'udp'
option src '*'
config rule
option src_port '53'
option src '*'
option name 'Block-unencrypted-DNS-VPN'
option dest 'vpn'
option target 'REJECT'
option dest_port '53'
list proto 'udp'
config rule
option src_port '53'
list proto 'udp'
option name 'Block-unencrypted-DNS-resolution'
option dest 'wan'
option target 'REJECT'
option dest_port '53'
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fda4:b5ba:a255::/48'
config interface 'lan'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ifname 'eth0 eth1 eth2 eth3 eth4'
option ipaddr '172.16.10.1'
config interface 'wan'
option ifname 'eth5'
option proto 'dhcp'
list dns '127.0.0.1'
option peerdns '0'
option metric '5'
config interface 'wan6'
option ifname 'eth5'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
config interface 'vpn'
option ifname 'tun0'
option proto 'none'
option auto '0'
config wifi-device 'radio0'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'pci0000:00/0000:00:1e.0/0000:01:0c.0'
option htmode 'HT20'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option key '[redacted]'
option ieee80211w '1'
option ssid '[redacted]'
option encryption 'psk2'
option wpa_disable_eapol_key_retries '1'
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option noresolv '1'
option doh_backup_noresolv '-1'
list server '127.0.0.1#5054'
list server '127.0.0.1#5053'
list doh_backup_server '127.0.0.1#5054'
list doh_backup_server '127.0.0.1#5053'
option confdir '/tmp/dnsmasq.d'
option domain 'local.[mydomain]'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
option ra_default '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config main 'config'
option update_dnsmasq_config '*'
list force_dns_port '53'
list force_dns_port '853'
option force_dns '0'
config https-dns-proxy
option resolver_url 'https://cloudflare-dns.com/dns-query'
option listen_addr '127.0.0.1'
option listen_port '5054'
option user 'nobody'
option group 'nogroup'
option bootstrap_dns '1.1.1.1,1.0.0.1,2606:4700:4700::1111,2606:4700:4700::1001'
config https-dns-proxy
option listen_addr '127.0.0.1'
option listen_port '5053'
option user 'nobody'
option group 'nogroup'
option bootstrap_dns '9.9.9.9,149.112.112.9,2620:fe::fe,2620:fe::9'
option resolver_url 'https://dns9.quad9.net/dns-query'
Hardware configuration of OpenWrt router (built myself):
Advantech SYS-2USM02
AIMB-212 Board
Intel Atom D510 2C/4T
2GB RAM
8GB SSD
2x Intel PRO/1000 onboard NIC
1x Intel PRO/1000 PCI-X quad-port NIC
1x TP-Link Atheros Wifi PCI Card
Well this doesn't sound like an OpenWrt problem. Windows have static IP, but after reboot you are getting an APIPA address.
I would disable the second NIC on windows and try with one NIC only.
I don't 100% remember if it was from trying DHCP to see if it's an addressing issue, but that'll be my next step, to see if it connects without the USB NIC.
I just booted up my computer today, and even with the USB NIC disabled, the problem persists. I do not get assigned an APIPA address, rather the troubleshooting I've done looks like this:
Install tcpdump on OpenWrt opkg update; opkg install tcpdump
Next time you face this issue run this command: tcpdump host 172.16.10.20 and post here the output.
According to your diagnostics, Dnsmasq is running and serving DHCP as usual.
There're successful DHCPREQUEST and DHCPACK messages for other clients.
Perhaps the issue is client/hardware-specific and unrelated to OpenWrt?
One thing I notice when you say you have Static IP on the Win10 education (that is a very slim budget Windows installation function wise, even slimmer that Home version).
Have you set the Static IP in the OpenWRT or in Windows?
You could try have Automatic assign address in Win10 and set the Static IP in the DHCP server for that MAC. Then the router have total control over the IP addresses.
I set the static IP in Windows, but also tried to assign a static lease in OpenWrt and have Windows pull it using DHCP to no avail.
Win 10 Education is basically Win 10 Enterprise/Pro, it just doesn't have the "value added software" that Win 10 Pro comes with.
Perhaps the issue is client/hardware-specific and unrelated to OpenWrt?
I'm pretty sure that's not the case. It did work fine in pfSense and in that same OpenWrt install for a couple of weeks, I switched to OpenWrt because of the superior wireless performance and the software features.
In vain, I ran Windows network diagnostics with a rather interesting output:
Windows Network Diagnostics
Issues found
The default gateway is not available / Not fixed
Investigate router or broadband modem issues / Failed
Reset the "Ethernet" adapter / Completed
An Ethernet cable is not properly plugged in or might be broken / Not fixed
Plug an Ethernet cable into the network adapter "Ethernet" / Failed
Issues found
The default gateway is not available / Not fixed
The default gateway is a device that connects a local network or computer to
the Internet. A broadband modem or router is usually the default gateway.
Investigate router or broadband modem issues / Failed
If you're connected to a hotspot or domain network, contact the network
administrator.
Otherwise:
1. Unplug or turn off the device.
2. After all the lights on the device are off, wait at least 10 seconds.
3. Turn the device on or plug it back into the power outlet. To restart a router or modem that has a built-in
battery, press and quickly release the Reset button.
Reset the "Ethernet" adapter / Completed
This can sometimes resolve an intermittent problem.
Network Diagnostics Log
File Name: 2979F427-A912-464D-A193-68FA7F439440.Repair.1.etl
An Ethernet cable is not properly plugged in or might be broken / Not fixed
Plug an Ethernet cable into the network adapter "Ethernet" / Failed
An Ethernet cable looks like a telephone cable but with larger connectors on
the ends. Plug this cable into the opening on the back or side of the computer.
Make sure the other end of the cable is plugged into the router. If that does
not help, try using a different cable.
Detection details
Diagnostics Information (Network Adapter)
Details about network adapter diagnosis:
Network adapter Ethernet driver information:
Description . . . . . . . . . . : Realtek PCIe GbE Family Controller
Manufacturer . . . . . . . . . : Realtek
Provider . . . . . . . . . . . : Microsoft
Version . . . . . . . . . . . : 9.1.410.2015
Inf File Name . . . . . . . . . : C:\Windows\INF\rt640x64.inf
Inf File Date . . . . . . . . . : Saturday, 7 December 2019 09:07:54
Section Name . . . . . . . . . : RTL8168Series.ndi
Hardware ID . . . . . . . . . . : pci\ven_10ec&dev_8168&rev_11
Instance Status Flags . . . . . : 0x180200a
Device Manager Status Code . . : 0
IfType . . . . . . . . . . . . : 6
Physical Media Type . . . . . . : 14
Network Diagnostics Log
File Name: 2979F427-A912-464D-A193-68FA7F439440.Diagnose.0.etl
Other Networking Configuration and Logs
File Name: NetworkConfiguration.cab
Collection information
Computer Name: DERDOMINATOR
Windows Version: 10.0
Architecture: x64
Time: Saturday, May 1, 2021 12:39:25 PM
Publisher details
Windows Network Diagnostics
Detects problems with network connectivity.
Package Version: 4.0
Publisher: Microsoft Windows
This starts to look more and more like stubborn Windows.
I've tested the Ethernet cable I'm currently using with a cable tester, all passes. I will now try to update the network card driver with the latest drivers from my motherboard manufacturer. Somewhere lies an issue and I want to find where.
Update: After updating to the latest Realtek driver, I shut down the computer, waited a moment and booted back up, and am immediately connected. I'll see if it works after the computer has been turned off for a couple of hours and report back.