I have a TP Archer A7 which I have been using with OpenWrt for the last few months and I noticed that from time to time, my wireless clients would loose access to the internet. They could ping each other but nothing on the other side of the router. Curiously, my guest wireless network did not exhibit this behavior and would continuously work during these times.
I thought that I would update to a later image before I dug into the issue so that, if it was not a configuration issue, that it might have already been resolved. Unfortunately, I now have exacerbated the situation and can only access the internet via the guest network and not at all from the lan nor lan assigned wifi network.
I"m hoping this is a simple config error and someone can point out what might be the issue.
My system:
/etc/config/network:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'xxxx:xxxx:xxxx::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
option type 'bridge'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
option type 'bridge'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'
config interface 'guest'
option proto 'static'
option ifname 'br-wan6'
option ipaddr '10.0.10.1'
option netmask '255.255.255.0'
option type 'bridge'
/etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option name 'guest'
option forward 'REJECT'
option output 'ACCEPT'
option network 'guest'
option input 'REJECT'
config forwarding
option dest 'wan'
option src 'guest'
config rule
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '53'
option name 'guest DNS'
option src 'guest'
config rule
option enabled '1'
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '67-68'
option name 'guest DHCP'
option src 'guest'
/etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'pci0000:00/0000:00:00.0'
option htmode 'VHT80'
option country 'US'
option legacy_rates '1'
config wifi-device 'radio1'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'platform/ahb/ahb:apb/18100000.wmac'
option htmode 'HT20'
option country 'US'
option legacy_rates '1'
config wifi-iface
option device 'radio1'
option mode 'ap'
option ssid 'Put your phone down'
option network 'guest'
option encryption 'psk2'
option key 'xxxxxxxxxx'
config wifi-iface
option device 'radio0'
option mode 'ap'
option ssid 'Bill Wi The Science Fi'
option network 'lan'
option encryption 'psk2'
option key 'xxxxxxxxx'
config wifi-iface
option device 'radio1'
option mode 'ap'
option ssid 'Bill Wi The Science Fi'
option network 'lan'
option encryption 'psk2'
option key 'xxxxxxxxx'
Thanks in advance.
mpa
July 8, 2019, 12:35pm
2
WAN interfaces are not bridged by default.option type 'bridge' from both wan and wan6.
option ifname 'br-wan6' looks wrong to me. You can either
remove option type 'bridge' and option ifname 'br-wan6' to serve only wireless clients, or
change the ifname to eth0.3 to assign guests to VLAN 3, and reconfigure the switch to also allow wired guests to connect to that VLAN
Could you please show your DHCP configuration?
There are multiple documents on the wiki on how to set up a guest network. You might want to save your current configuration for reference, start over with the defaults and follow the documented steps.
1 Like
Why did you name your guest network br-wan6? (just curious)
Why is WAN a bridge?
(I think @mpa covered both questions in his post.)
Your title implies that you "loose your default gateway" on LAN, is that the case?
/etc/config/dhcp:
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option serversfile '/tmp/adb_list.overall'
config dhcp 'lan'
option interface 'lan'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
option start '205'
option limit '45'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'guest'
option start '100'
option limit '150'
option interface 'guest'
option leasetime '2h'
config host
option name 'OBI-202'
option dns '1'
option mac 'xx:xx:xx:xx:xx:xx'
option leasetime '12h'
option ip '192.168.2.11'
<many host entries removed for brevity, All are in same subnet as above and external to start/stop limit>
Unfortunately, I can not tell you why I had these settings as I dont exactly recall the specifics. I was following a guide but do not know which one (setup around February). If I locate my previous source, I'll add it to this case.
Trying the suggestions from mpa directly.
I made the change to network as suggested by mpa. now:
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'xxxx:Xxxx:xxxx::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 0t'
config interface 'guest'
option proto 'static'
option ipaddr '10.0.10.1'
option netmask '255.255.255.0'
option type 'bridge'
But still having issues. On a lan device, I can add a default gw route to the router and things work but this should be automatic.
$ ping 8.8.8.8
connect: Network is unreachable
eric@eric-Precision-7520 /var/lib/NetworkManager
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 enxxxxxxxxxxxxx
192.168.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enxxxxxxxxxxxxxx
eric@eric-Precision-7520 /var/lib/NetworkManager
$ sudo route add default gw 192.168.2.1
eric@eric-Precision-7520 /var/lib/NetworkManager
$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=53 time=26.3 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 1 received, 50% packet loss, time 1001ms
rtt min/avg/max/mdev = 26.349/26.349/26.349/0.000 ms
eric@eric-Precision-7520 /var/lib/NetworkManager
$ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default _gateway 0.0.0.0 UG 0 0 0 enxxxxxxxxxxxxxx
link-local 0.0.0.0 255.255.0.0 U 1000 0 0 enxxxxxxxxxxxxxx
192.168.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enxxxxxxxxxxxxxx
eric@eric-Precision-7520 /var/lib/NetworkManager
Looking at the NM settings with nmcli, I see:
$ nmcli con show Wired\ connection\ 5
connection.id: Wired connection 5
connection.uuid: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
connection.stable-id: --
connection.type: 802-3-ethernet
connection.interface-name: --
connection.autoconnect: yes
connection.autoconnect-priority: -999
connection.autoconnect-retries: -1 (default)
connection.auth-retries: -1
connection.timestamp: 1562614168
connection.read-only: no
connection.permissions: --
connection.zone: --
connection.master: --
connection.slave-type: --
connection.autoconnect-slaves: -1 (default)
connection.secondaries: --
connection.gateway-ping-timeout: 0
connection.metered: unknown
connection.lldp: default
connection.mdns: -1 (default)
802-3-ethernet.port: --
802-3-ethernet.speed: 0
802-3-ethernet.duplex: --
802-3-ethernet.auto-negotiate: no
802-3-ethernet.mac-address: D8:D0:90:xx:xx:xx
802-3-ethernet.cloned-mac-address: --
802-3-ethernet.generate-mac-address-mask:--
802-3-ethernet.mac-address-blacklist: --
802-3-ethernet.mtu: auto
802-3-ethernet.s390-subchannels: --
802-3-ethernet.s390-nettype: --
802-3-ethernet.s390-options: --
802-3-ethernet.wake-on-lan: default
802-3-ethernet.wake-on-lan-password: --
ipv4.method: auto
ipv4.dns: --
ipv4.dns-search: --
ipv4.dns-options: ""
ipv4.dns-priority: 0
ipv4.addresses: --
ipv4.gateway: --
ipv4.routes: --
ipv4.route-metric: -1
ipv4.route-table: 0 (unspec)
ipv4.ignore-auto-routes: no
ipv4.ignore-auto-dns: no
ipv4.dhcp-client-id: --
ipv4.dhcp-timeout: 0 (default)
ipv4.dhcp-send-hostname: yes
ipv4.dhcp-hostname: --
ipv4.dhcp-fqdn: --
ipv4.never-default: no
ipv4.may-fail: yes
ipv4.dad-timeout: -1 (default)
ipv6.method: auto
ipv6.dns: --
ipv6.dns-search: --
ipv6.dns-options: ""
ipv6.dns-priority: 0
ipv6.addresses: --
ipv6.gateway: --
ipv6.routes: --
ipv6.route-metric: -1
ipv6.route-table: 0 (unspec)
ipv6.ignore-auto-routes: no
ipv6.ignore-auto-dns: no
ipv6.never-default: no
ipv6.may-fail: yes
ipv6.ip6-privacy: -1 (unknown)
ipv6.addr-gen-mode: stable-privacy
ipv6.dhcp-send-hostname: yes
ipv6.dhcp-hostname: --
ipv6.token: --
proxy.method: none
proxy.browser-only: no
proxy.pac-url: --
proxy.pac-script: --
GENERAL.NAME: Wired connection 5
GENERAL.UUID: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
GENERAL.DEVICES: enxxxxxxxxxxxxx
GENERAL.STATE: activated
GENERAL.DEFAULT: yes
GENERAL.DEFAULT6: yes
GENERAL.SPEC-OBJECT: --
GENERAL.VPN: no
GENERAL.DBUS-PATH: /org/freedesktop/NetworkManager/ActiveCo
GENERAL.CON-PATH: /org/freedesktop/NetworkManager/Settings
GENERAL.ZONE: --
GENERAL.MASTER-PATH: --
IP4.ADDRESS[1]: 192.168.2.123/24
IP4.GATEWAY: 192.168.2.1
IP4.ROUTE[1]: dst = 192.168.2.0/24, nh = 0.0.0.0, mt =
IP4.ROUTE[2]: dst = 0.0.0.0/0, nh = 192.168.2.1, mt =
DHCP4.OPTION[1]: network_number = 192.168.2.0
DHCP4.OPTION[2]: requested_domain_search = 1
DHCP4.OPTION[3]: requested_interface_mtu = 1
DHCP4.OPTION[4]: requested_broadcast_address = 1
DHCP4.OPTION[5]: requested_domain_name = 1
DHCP4.OPTION[6]: requested_rfc3442_classless_static_route
DHCP4.OPTION[7]: requested_time_offset = 1
DHCP4.OPTION[8]: requested_wpad = 1
DHCP4.OPTION[9]: requested_netbios_scope = 1
DHCP4.OPTION[10]: next_server = 192.168.2.123
DHCP4.OPTION[11]: expiry = 1562614541
DHCP4.OPTION[12]: dhcp_message_type = 5
DHCP4.OPTION[13]: requested_subnet_mask = 1
DHCP4.OPTION[14]: dhcp_lease_time = 540
DHCP4.OPTION[15]: ip_address = 192.168.2.123
DHCP4.OPTION[16]: requested_static_routes = 1
DHCP4.OPTION[17]: subnet_mask = 255.255.255.0
DHCP4.OPTION[18]: routers = 192.168.2.255
DHCP4.OPTION[19]: broadcast_address = 192.168.2.255
DHCP4.OPTION[20]: requested_ntp_servers = 1
DHCP4.OPTION[21]: requested_netbios_name_servers = 1
DHCP4.OPTION[22]: requested_ms_classless_static_routes = 1
DHCP4.OPTION[23]: requested_routers = 1
DHCP4.OPTION[24]: requested_domain_name_servers = 1
DHCP4.OPTION[25]: requested_host_name = 1
DHCP4.OPTION[26]: dhcp_server_identifier = 192.168.2.123
mpa
July 8, 2019, 10:53pm
6
Does the default route get installed when you stop Network Manager and run the DHCP client manually?
dhcpdump with network manager up/down
TIME: 2019-07-08 19:12:42.448
IP: 0.0.0.0 (d8:d0:90:xx:xx:xx) > 255.255.255.255 (ff:ff:ff:ff:ff:ff)
OP: 1 (BOOTPREQUEST)
HTYPE: 1 (Ethernet)
HLEN: 6
HOPS: 0
XID: f3907146
SECS: 0
FLAGS: 0
CIADDR: 0.0.0.0
YIADDR: 0.0.0.0
SIADDR: 0.0.0.0
GIADDR: 0.0.0.0
CHADDR: d8:d0:90:xx:xx:xx:00:00:00:00:00:00:00:00:00:00
SNAME: .
FNAME: .
OPTION: 53 ( 1) DHCP message type 3 (DHCPREQUEST)
OPTION: 50 ( 4) Request IP address 192.168.2.123
OPTION: 12 ( 19) Host name eric-Precision-7520
OPTION: 55 ( 16) Parameter Request List 1 (Subnet mask)
28 (Broadcast address)
2 (Time offset)
3 (Routers)
15 (Domainname)
6 (DNS server)
119 (Domain Search)
12 (Host name)
44 (NetBIOS name server)
47 (NetBIOS scope)
26 (Interface MTU)
121 (Classless Static Route)
42 (NTP servers)
249 (MSFT - Classless route)
33 (Static route)
252 (MSFT - WinSock Proxy Auto Detect)
---------------------------------------------------------------------------
TIME: 2019-07-08 19:12:42.448
IP: 192.168.2.123 (d8:d0:90:xx:xx:xx) > 192.168.2.123 (d8:d0:90:xx:xx:xx)
OP: 2 (BOOTPREPLY)
HTYPE: 1 (Ethernet)
HLEN: 6
HOPS: 0
XID: f3907146
SECS: 0
FLAGS: 0
CIADDR: 0.0.0.0
YIADDR: 192.168.2.123
SIADDR: 192.168.2.123
GIADDR: 0.0.0.0
CHADDR: d8:d0:90:xx:xx:xx:00:00:00:00:00:00:00:00:00:00
SNAME: .
FNAME: .
OPTION: 53 ( 1) DHCP message type 5 (DHCPACK)
OPTION: 54 ( 4) Server identifier 192.168.2.123
OPTION: 51 ( 4) IP address leasetime 600 (10m)
OPTION: 1 ( 4) Subnet mask 255.255.255.0
OPTION: 28 ( 4) Broadcast address 192.168.2.255
OPTION: 3 ( 4) Routers 192.168.2.255
dhcpdump with dhclient
TIME: 2019-07-08 19:14:13.496
IP: 0.0.0.0 (d8:d0:90:xx:xx:xx) > 255.255.255.255 (ff:ff:ff:ff:ff:ff)
OP: 1 (BOOTPREQUEST)
HTYPE: 1 (Ethernet)
HLEN: 6
HOPS: 0
XID: bebc886e
SECS: 0
FLAGS: 0
CIADDR: 0.0.0.0
YIADDR: 0.0.0.0
SIADDR: 0.0.0.0
GIADDR: 0.0.0.0
CHADDR: d8:d0:90:xx:xx:xx:00:00:00:00:00:00:00:00:00:00
SNAME: .
FNAME: .
OPTION: 53 ( 1) DHCP message type 1 (DHCPDISCOVER)
OPTION: 12 ( 19) Host name eric-Precision-7520
OPTION: 55 ( 13) Parameter Request List 1 (Subnet mask)
28 (Broadcast address)
2 (Time offset)
3 (Routers)
15 (Domainname)
6 (DNS server)
119 (Domain Search)
12 (Host name)
44 (NetBIOS name server)
47 (NetBIOS scope)
26 (Interface MTU)
121 (Classless Static Route)
42 (NTP servers)
---------------------------------------------------------------------------
TIME: 2019-07-08 19:14:14.436
IP: 192.168.2.123 (d8:d0:90:xx:xx:xx) > 192.168.2.123 (d8:d0:90:xx:xx:xx)
OP: 2 (BOOTPREPLY)
HTYPE: 1 (Ethernet)
HLEN: 6
HOPS: 0
XID: bebc886e
SECS: 0
FLAGS: 0
CIADDR: 0.0.0.0
YIADDR: 192.168.2.123
SIADDR: 192.168.2.123
GIADDR: 0.0.0.0
CHADDR: d8:d0:90:xx:xx:xx:00:00:00:00:00:00:00:00:00:00
SNAME: .
FNAME: .
OPTION: 53 ( 1) DHCP message type 2 (DHCPOFFER)
OPTION: 54 ( 4) Server identifier 192.168.2.123
OPTION: 51 ( 4) IP address leasetime 509 (8m29s)
OPTION: 1 ( 4) Subnet mask 255.255.255.0
OPTION: 28 ( 4) Broadcast address 192.168.2.255
OPTION: 3 ( 4) Routers 192.168.2.255
---------------------------------------------------------------------------
TIME: 2019-07-08 19:14:14.436
IP: 0.0.0.0 (d8:d0:90:xx:xx:xx) > 255.255.255.255 (ff:ff:ff:ff:ff:ff)
OP: 1 (BOOTPREQUEST)
HTYPE: 1 (Ethernet)
HLEN: 6
HOPS: 0
XID: bebc886e
SECS: 0
FLAGS: 0
CIADDR: 0.0.0.0
YIADDR: 0.0.0.0
SIADDR: 0.0.0.0
GIADDR: 0.0.0.0
CHADDR: d8:d0:90:xx:xx:xx:00:00:00:00:00:00:00:00:00:00
SNAME: .
FNAME: .
OPTION: 53 ( 1) DHCP message type 3 (DHCPREQUEST)
OPTION: 54 ( 4) Server identifier 192.168.2.123
OPTION: 50 ( 4) Request IP address 192.168.2.123
OPTION: 12 ( 19) Host name eric-Precision-7520
OPTION: 55 ( 13) Parameter Request List 1 (Subnet mask)
28 (Broadcast address)
2 (Time offset)
3 (Routers)
15 (Domainname)
6 (DNS server)
119 (Domain Search)
12 (Host name)
44 (NetBIOS name server)
47 (NetBIOS scope)
26 (Interface MTU)
121 (Classless Static Route)
42 (NTP servers)
---------------------------------------------------------------------------
TIME: 2019-07-08 19:14:14.436
IP: 192.168.2.123 (d8:d0:90:xx:xx:xx) > 192.168.2.123 (d8:d0:90:xx:xx:xx)
OP: 2 (BOOTPREPLY)
HTYPE: 1 (Ethernet)
HLEN: 6
HOPS: 0
XID: bebc886e
SECS: 0
FLAGS: 0
CIADDR: 0.0.0.0
YIADDR: 192.168.2.123
SIADDR: 192.168.2.123
GIADDR: 0.0.0.0
CHADDR: d8:d0:90:xx:xx:xx:00:00:00:00:00:00:00:00:00:00
SNAME: .
FNAME: .
OPTION: 53 ( 1) DHCP message type 5 (DHCPACK)
OPTION: 54 ( 4) Server identifier 192.168.2.123
OPTION: 51 ( 4) IP address leasetime 508 (8m28s)
OPTION: 1 ( 4) Subnet mask 255.255.255.0
OPTION: 28 ( 4) Broadcast address 192.168.2.255
OPTION: 3 ( 4) Routers 192.168.2.255
mpa
July 9, 2019, 9:41am
8
There seems to be a DHCP server running on the LAN device. You can check this withnetstat -lunp | grep ':67\>'
Stop this server and try again.
1 Like
Yep. Can't believe I missed that.
Removed dhcpd from the offending machine, verified no other DHCP servers and things seem to be back to normal. Thanks for your help.
system
July 19, 2019, 1:27pm
10
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.