Constant WiFi problems on iPhones

Thanks to help from the forum I have managed set the majority of elements in my network to infinite leases on fixed addresses. Most of them appear to work fine. However, our iPhones are not working at all well. They constantly drop off the WiFi connection and often say they are connected when they are not. I have set one to an infinite lease (10.0.0.60), the other to a renewing lease (10.0.0.100). It does not appear to make a difference.

Part of the problem is the apple mentality which forces me to choose between a stupid privacy warning message, a fixed but different MAC address or a rotating MAC address.

For static IPs, apple's rotating MAC addresses are no good. Even the “fixed” MAC address is not that sticky as it changes when the network is forgotten then reconnected. Each time a new fixed MAC address is generated I am now adding it to the static IP list of MAC addresses for my phone but I am not sure if this works properly.

I attached config files to show the relevant items for the iPhones and outputs for various cli commands. Can anyone see what might be causing the WiFi problems please?

/etc/config/dhcp extract

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option localservice '1'
	option ednspacket_max '1232'
	list server '1.1.1.1'
	list server '8.8.8.8'
	option noresolv '1'
	list addnmount '/var/run/pbr.dnsmasq'

config dhcp 'lan'
	option interface 'lan'
	option dhcpv4 'server'
	option start '151'
	option limit '49'
	option leasetime '12h'

config odhcpd 'odhcpd'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'




config host
	option name 'JCP-iPhone-SE'
	option dns '1'
	option ip '10.0.0.60'
	option leasetime 'infinite'
	list mac '02:81:BE:BE:34:CD'


config host
	option name 'GJJ-iPhone-SE'
	option dns '1'
	list mac '9E:C3:00:B7:A5:4A'
	option ip '10.0.0.90'

/etc/config/network extract

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option packet_steering '1'
	option ula_prefix 'fd33:1ec6:00a8::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'
	list ports 'lan5'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	list ipaddr '10.0.0.1/24'
	option multipath 'off'

config interface 'ovpn_wan_free'
	option proto 'none'
	option metric '20'
	option device 'tun0'
	option defaultroute '0'

config route
	option interface 'ovpn_wan_free'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option metric '30'

config interface 'wan_fbx'
	option proto 'static'
	option metric '10'
	option device 'eth1'
	list ipaddr '192.168.1.20/24'
	option gateway '192.168.1.254'
	option broadcast '192.168.1.255'
	list dns '8.8.8.8'
	list dns '1.1.1.1'
	list dns '8.8.4.4'
	list dns '10.0.0.1'
	list dns '192.168.1.20'
	list dns '192.168.1.254'
	option multipath 'off'

/etc/config/wireless full

config wifi-device 'radio2'
	option type 'mac80211'
	option path 'platform/soc/18000000.wifi'
	option band '2g'
	option channel '1'
	option htmode 'HE20'
	option cell_density '0'

config wifi-iface 'default_radio2'
	option device 'radio2'
	option network 'lan'
	option mode 'ap'
	option ssid 'MBD-2'
	option encryption 'psk2'
	option key 'xxx'

config wifi-device 'radio5'
	option type 'mac80211'
	option path 'platform/soc/18000000.wifi+1'
	option band '5g'
	option channel '36'
	option htmode 'HE80'
	option cell_density '0'

config wifi-iface 'default_radio5'
	option device 'radio5'
	option network 'lan'
	option mode 'ap'
	option ssid 'MBD-5'
	option encryption 'psk2'
	option key 'xxx'

/etc/config/firewall extract

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list device 'tun0'
	option input 'REJECT'
	list network 'wan_fbx'
	
config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'Support-UDP-Traceroute'
	option src 'wan'
	option dest_port '33434:33689'
	option proto 'udp'
	option family 'ipv4'
	option target 'REJECT'
	option enabled 'false'

config include
	option path '/etc/firewall.user'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Home Assistant'
	option src 'wan'
	option src_dport 'xxxxx'
	option dest_ip '10.0.0.150'
	option dest_port '8123'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'GJJ Macbook Air'
	option src 'wan'
	option src_dport 'xxxxx'
	option dest_ip '10.0.0.50'
	option dest_port '5900'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Home Assistant Supervisor'
	option src 'wan'
	option src_dport 'xxxxx'
	option dest_ip '10.0.0.150'
	option dest_port '4357'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'enigma2 webif server'
	option src 'wan'
	option src_dport 'xxxxx'
	option dest_ip '10.0.0.70'
	option dest_port '80'

/var/etc/dnsmasq.config.xxxxxxxxx extract

# auto-generated config file from /etc/config/dhcp
conf-file=/etc/dnsmasq.conf
dhcp-authoritative
domain-needed
no-resolv
localise-queries
read-ethers
enable-ubus=dnsmasq
expand-hosts
bind-dynamic
local-service
edns-packet-max=1232
local=/lan/
server=1.1.1.1
server=8.8.8.8
addn-hosts=/tmp/hosts
dhcp-leasefile=/tmp/dhcp.leases
stop-dns-rebind
rebind-localhost-ok
dhcp-broadcast=tag:needs-broadcast
conf-dir=/tmp/dnsmasq.cfg01411c.d
user=dnsmasq
group=dnsmasq


dhcp-host=02:81:BE:BE:34:CD,10.0.0.60,JCP-iPhone-SE,infinite

dhcp-host=9E:C3:00:B7:A5:4A,10.0.0.90,GJJ-iPhone-SE


dhcp-ignore-names=tag:dhcp_bogus_hostname
conf-file=/usr/share/dnsmasq/dhcpbogushostname.conf


bogus-priv
conf-file=/usr/share/dnsmasq/rfc6761.conf
dhcp-range=set:lan,10.0.0.151,10.0.0.199,255.255.255.0,12h

logread -e dnsmasq-dhcp | grep -I 10.0.0.100

Thu Jun  4 10:43:06 2026 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 10.0.0.100 5e:3f:08:54:bf:81 GJJ-iPhone-13-mini
Thu Jun  4 10:43:12 2026 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:43:12 2026 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 10.0.0.100 5e:3f:08:54:bf:81 GJJ-iPhone-13-mini
Thu Jun  4 10:43:13 2026 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:43:13 2026 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 10.0.0.100 5e:3f:08:54:bf:81 GJJ-iPhone-13-mini
Thu Jun  4 10:43:20 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:43:22 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:43:24 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:43:29 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:43:30 2026 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:43:30 2026 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 10.0.0.100 5e:3f:08:54:bf:81 GJJ-iPhone-13-mini
Thu Jun  4 10:43:41 2026 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:43:41 2026 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 10.0.0.100 5e:3f:08:54:bf:81 GJJ-iPhone-13-mini
Thu Jun  4 10:43:45 2026 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:43:45 2026 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 10.0.0.100 5e:3f:08:54:bf:81 GJJ-iPhone-13-mini
Thu Jun  4 10:43:49 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:43:51 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:43:53 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:44:01 2026 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:44:01 2026 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 10.0.0.100 5e:3f:08:54:bf:81 GJJ-iPhone-13-mini
Thu Jun  4 10:44:03 2026 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:44:03 2026 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 10.0.0.100 5e:3f:08:54:bf:81 GJJ-iPhone-13-mini
Thu Jun  4 10:44:07 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:44:09 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:44:11 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:44:16 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:44:24 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:44:33 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:44:41 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:44:50 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:44:57 2026 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:44:57 2026 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 10.0.0.100 5e:3f:08:54:bf:81 GJJ-iPhone-13-mini
Thu Jun  4 10:44:58 2026 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:44:58 2026 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 10.0.0.100 5e:3f:08:54:bf:81 GJJ-iPhone-13-mini
Thu Jun  4 10:45:09 2026 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:45:09 2026 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 10.0.0.100 5e:3f:08:54:bf:81 GJJ-iPhone-13-mini
Thu Jun  4 10:45:15 2026 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:45:15 2026 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 10.0.0.100 5e:3f:08:54:bf:81 GJJ-iPhone-13-mini
Thu Jun  4 10:45:17 2026 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:45:17 2026 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 10.0.0.100 5e:3f:08:54:bf:81 GJJ-iPhone-13-mini
Thu Jun  4 10:45:20 2026 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:45:20 2026 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 10.0.0.100 5e:3f:08:54:bf:81 GJJ-iPhone-13-mini
Thu Jun  4 10:45:24 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:45:26 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:45:28 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:45:33 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:45:50 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:45:50 2026 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:45:50 2026 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 10.0.0.100 5e:3f:08:54:bf:81 GJJ-iPhone-13-mini
Thu Jun  4 10:45:52 2026 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:45:52 2026 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 10.0.0.100 5e:3f:08:54:bf:81 GJJ-iPhone-13-mini
Thu Jun  4 10:46:07 2026 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:46:07 2026 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 10.0.0.100 5e:3f:08:54:bf:81 GJJ-iPhone-13-mini
Thu Jun  4 10:47:16 2026 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:47:16 2026 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 10.0.0.100 5e:3f:08:54:bf:81 GJJ-iPhone-13-mini
Thu Jun  4 10:47:17 2026 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:47:17 2026 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 10.0.0.100 5e:3f:08:54:bf:81 GJJ-iPhone-13-mini
Thu Jun  4 10:47:24 2026 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:47:24 2026 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 10.0.0.100 5e:3f:08:54:bf:81 GJJ-iPhone-13-mini
root@OpenWrt-GL-MT6000:~# 

logread -e dnsmasq-dhcp | grep -I 10.0.0.60

This gives no output. I assume because it is set to infinite?

cat /tmp/dhcp.leases. You can see at some stage dhcp ignored the Mac address and issue 10.0.0.164 which I then corrected so that it uses 10.0.0.100.

0 00:04:74:45:2a:14 10.0.0.151 Legrand-Gateway *

0 18:7f:88:4a:e7:25 10.0.0.162 Ring-Movement-Sensor *

0 18:7f:88:30:e3:6f 10.0.0.158 Ring-Workshop-Cam *

0 38:42:0b:0e:f3:12 10.0.0.200 SonosRoam 01:38:42:0b:0e:f3:12

1788339130 c8:69:cd:92:e8:96 10.0.0.50 GJJ-AIR 01:c8:69:cd:92:e8:96

0 3c:e0:64:ef:04:3d 10.0.0.15 envoy-maison 01:3c:e0:64:ef:04:3d

1780602599 80:04:5f:21:33:7c 10.0.0.164 GJJ-iPhone-SE 01:80:04:5f:21:33:7c

1780606826 38:07:16:e4:fb:c6 10.0.0.198 * 01:38:07:16:e4:fb:c6

1788339733 c0:95:6d:87:87:7e 10.0.0.75 Apple-TV-4 01:c0:95:6d:87:87:7e

0 18:7f:88:4b:3c:6e 10.0.0.16 envoy-direct *

0 38:42:0b:61:33:e6 10.0.0.201 SonosOne-L-Bed 01:38:42:0b:61:33:e6

0 38:42:0b:10:77:6a 10.0.0.208 SonosOneSL-R-Kitchen 01:38:42:0b:10:77:6a

0 5c:47:5e:e7:55:8f 10.0.0.161 Ring-Indoor-Cam *

1780606044 5e:3f:08:54:bf:81 10.0.0.100 GJJ-iPhone-13-mini 01:5e:3f:08:54:bf:81

1788333759 02:81:be:be:34:cd 10.0.0.60 JCP-iPhone-SE 01:02:81:be:be:34:cd

0 38:42:0b:61:34:42 10.0.0.207 SonosOne-L-Kitchen 01:38:42:0b:61:34:42

Finally, I just checked my iPhone and it was not connected. It then connected to a self assigned IP (169.xxx.xxx.xxx). It then connected properly to 10.0.0.100 based on the MAC address. Here is that output:

logread -e dnsmasq-dhcp | grep -I 10.0.0.100

Thu Jun  4 10:47:16 2026 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:47:16 2026 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 10.0.0.100 5e:3f:08:54:bf:81 GJJ-iPhone-13-mini
Thu Jun  4 10:47:17 2026 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:47:17 2026 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 10.0.0.100 5e:3f:08:54:bf:81 GJJ-iPhone-13-mini
Thu Jun  4 10:47:24 2026 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 10:47:24 2026 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 10.0.0.100 5e:3f:08:54:bf:81 GJJ-iPhone-13-mini
Thu Jun  4 11:03:51 2026 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 11:03:51 2026 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 10.0.0.100 5e:3f:08:54:bf:81 GJJ-iPhone-13-mini
Thu Jun  4 11:03:58 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 11:04:00 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 11:04:03 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 11:04:07 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 11:04:16 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 11:04:24 2026 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 11:04:25 2026 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 10.0.0.100 5e:3f:08:54:bf:81
Thu Jun  4 11:04:25 2026 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 10.0.0.100 5e:3f:08:54:bf:81 GJJ-iPhone-13-mini
root@OpenWrt-GL-MT6000:~# 

What privacy warning, I don't, but the rest of the family owns Apple products and I dont think they've ever complained about any privacy message.

The "infinite leases on fixed address" part seems to be what the OP is having trouble with.

I'm [nearly] certain the OP [assumed we would guess they possibly] altered thier iPhone to not employ random MACs on the SSID.

Also doesn't help that the leases are out of the server's scope.

if it was

option start '51'

10.0.0.60 and 10.0.0.90 were going to be reserved exclusive for the particular mac or any device could just get them?

i have something similar and I do not see a problem with the fact that all static ips are outside the ones that can be assigned for other devices.

Try adding this option to the wifi-device sections and do a wifi reload or restart the router/access point:

option he_twt_responder '0'

I'm not sure that infinite leases will help solve this problem. It also makes it difficult to change settings on your LAN like DNS servers, time servers, etc. I have set a DHCP time limit to 15 minutes in the past with no issues.

What hardware are you using for openwrt?

According to the dnsmasq logs, it’s not trying to use the MAC 9E:C3:00:B7:A5:4A so it is not matching the desired config. What is the latest dhcp config and is Private WiFi address set to “off”?

regarding iPhone SE and infinite lease I can say for sure, that if it is an iPhone SE 2020 then the iphone will not actually honor it, it will show that it expires after xy hours (i do not remember the exact number of hours but it is 2 digits number, might be something like 72h but i can be wrong here).

there is an iphone se in my house, but it does not look to have a problem with dhcp infinite lease, despite the fact that it does not honor it.

Hi, I do not understand this. The static leases are deliberately outside the DHCP range to avoid any potential of the leased IP going elsewhere. I have always put statics outside the DHCP range with no problems.

Correct. As I stated I am using fixed Mac addresses (which change everytime I disconnect from the network).

Hi Higgers,

Before I do that option, what does it do?

I am happy to go back to a 12 hour (or less) lease if infinite is likely to cause an issue for mobile items that regularly leave the network.

My router is a GL.iNet 6000. Very fast. Very stable.

Hi

This is part of the issue, each time I reset the network the "fixed" Ip address changes and I have to add it to my list in the config. It is easier just to leave it at "off" and use the base MAC address but apple interferes there and behind the scenes, overrides the off setting and puts it back to rotating. @£$%^&*() annoying!

It turns off target wake time

Why do you need fixed IP addresses for the clients?

Fixed MAC addresses don't change.

And what did Apple support say?

Thanks for the clarification, as I think you're terminology caused confusion.

(Your wording interestingly seems to keep overlooking the issue with your Apple devices using random MACs instead of a fixed MAC.)

I don't understand why this led you down the rabbit hole of static-ip/static-leases/rotating-macs.

Who am I to say, you might be spot on target for all I know - but you have not had any success it seems.

However, over some time I have been involved with public wi-fi and a recurring issue is a combination of your symptoms. - both ios and android can exhibit very similar although the reason is different.
In my experience, the issue has always been one related to ipv6.

Apart from one mention of odhcpd, your configs show nothing of the standard ipv6 configs - leaving them to default. They do seem quite unusual and complex, so I could be wrong.

Perhaps you could show the output of:

ip addr

It might give some clues....

I have never got to grips with ipv6 and for the home network, prefer to completely disable it but not sure I have. Here is the output but not much showing. Is it because of the time of day or is it because the leases have been shut down? I will do it again later when more items are running. Or does this command not show LAN connections?

root@OpenWrt-GL-MT6000:~# ip addr

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host proto kernel_lo 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1504 qdisc mq state UP group default qlen 1000
    link/ether 94:83:c4:bd:ad:88 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::9683:c4ff:febd:ad88/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 94:83:c4:bd:ad:86 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.20/24 brd 192.168.1.255 scope global eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::9683:c4ff:febd:ad86/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
4: lan2@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN group default qlen 1000
    link/ether 94:83:c4:bd:ad:88 brd ff:ff:ff:ff:ff:ff
5: lan3@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN group default qlen 1000
    link/ether 94:83:c4:bd:ad:88 brd ff:ff:ff:ff:ff:ff
6: lan4@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN group default qlen 1000
    link/ether 94:83:c4:bd:ad:88 brd ff:ff:ff:ff:ff:ff
7: lan5@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN group default qlen 1000
    link/ether 94:83:c4:bd:ad:88 brd ff:ff:ff:ff:ff:ff
8: lan1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether 94:83:c4:bd:ad:88 brd ff:ff:ff:ff:ff:ff
9: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 94:83:c4:bd:ad:88 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.1/24 brd 10.0.0.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fe80::9683:c4ff:febd:ad88/64 scope link proto kernel_ll 
       valid_lft forever preferred_lft forever
10: WSLondonBiscWG: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none 
    inet 100.126.215.40/32 brd 255.255.255.255 scope global WSLondonBiscWG
       valid_lft forever preferred_lft forever
11: phy0-ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether 94:83:c4:bd:ad:89 brd ff:ff:ff:ff:ff:ff
12: phy1-ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether 94:83:c4:bd:ad:8a brd ff:ff:ff:ff:ff:ff
root@OpenWrt-GL-MT6000:~# 

I find Apple support a bit tedious at times but you are right, I should flag it with them. I will try later today.

To be clear, I am using the “fixed” setting but as I say, every time I delete and reapply the WiFi connection it changes the fixed address.

If I use the “off” setting it eventually changes to rotating without me doing anything (perhaps when WiFi is lost then recovered?)

I'm guessing this is what you meant by your statement:

(That important information wasn't clear.)

• You "delete and reapply the WiFi connection" where?
• To be clear (since a fixed address doesn't change) - after reapply, do you reconfigure the Apple to use the permanent MAC again?
• Does the issue stop when you refrain from deleting and reapplying?

Maybe I misunderstand, that sounds like expected behavior.

You only show "extracts" from your config files so we can't tell.

Let's look at the routing tables, show the output of:

ip -6 route

What can happen with Apple devices in general is when you first connect:

1. The Apple device (iphone in this case) sends a dns request for its captive portal "canary test" url.
2. Your router passes this to 1.1.1.1 or 8.8.8.8, according to your dhcp config.
3. These dns servers will reply with BOTH the ipv4 and ipv6 addresses of the canary test url.
4. The Apple OS prefers ipv6 so will attempt to read the url page via ipv6. If ipv6 out to the url is not available, it will try again a few times then fall back to ipv4 - and you are connected.
5. At something like <=300 seconds (I'm not certain how long it is on iOS), the cycle will repeat.
6. After a few cycles the Apple OS deems the connection to be unstable so drops it and scans for other known SSID's
7. Manually reconnecting will start the process all over again.

If your ISP does not give you an ipv6 feed, a workaround is to use their DNS as they will not resolve ipv6 addresses - preventing the problem.

You can also filter out AAAA dns responses from dnsmasq if you use it:

Screenshot_20260605_113143_Samsung Browser1439×278 77.2 KB