DHCP client for WAN port not working

Mfuad · August 26, 2022, 5:23pm

I am using a Xiaomi router 4 (R4) with OpenWrt 21.02.3 r16554-1d4dea6d4f.
I want to connect to the internet using DHCP but WAN DHCP client does not take IP.

What might be causing this problem? Is there anything I need to change in LAN, to make sure requests to external IPs are sent to WAN correctly?

Thanks

/etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix 'fd24:a4d3:b94a::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '10.0.0.1'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

/etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'
        option start '100'
        option limit '150'
        option leasetime '12h'
        list ra_flags 'none'

/etc/config/firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option masq '1'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config rule
        option name 'Support-UDP-Traceroute'
        option src 'wan'
        option dest_port '33434:33689'
        option proto 'udp'
        option family 'ipv4'
        option target 'REJECT'
        option enabled 'false'

config include
        option path '/etc/firewall.user'

Pilot6 · August 26, 2022, 5:26pm

I don't see any obvious problems with this config. Where you want to get the address from? If it is an ISP, then maybe there is some authorization be mac address,etc.
Check the logs.

Mfuad · August 26, 2022, 5:41pm

I didn't find anything that could help me.

logread -e dhcp

Fri Aug 26 17:03:36 2022 daemon.info dnsmasq[1378]: read /tmp/hosts/dhcp.cfg01411c - 0 addresses
Fri Aug 26 17:03:39 2022 user.notice ucitrack: Setting up /etc/config/network reload dependency on /etc/config/dhcp
Fri Aug 26 17:03:39 2022 user.notice ucitrack: Setting up /etc/config/dhcp reload dependency on /etc/config/odhcpd
Fri Aug 26 17:03:39 2022 user.notice ucitrack: Setting up /etc/config/system reload dependency on /etc/config/dhcp
Fri Aug 26 17:03:45 2022 daemon.info dnsmasq-dhcp[2477]: DHCP, IP range 10.0.0.100 -- 10.0.0.249, lease time 12h
Fri Aug 26 17:03:45 2022 daemon.info dnsmasq[2477]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Fri Aug 26 17:03:45 2022 daemon.info dnsmasq-dhcp[2477]: read /etc/ethers - 0 addresses
Fri Aug 26 17:03:45 2022 daemon.info dnsmasq-dhcp[2477]: DHCPREQUEST(br-lan) 10.0.0.174 04:7c:16:0a:31:25
Fri Aug 26 17:03:45 2022 daemon.info dnsmasq-dhcp[2477]: DHCPACK(br-lan) 10.0.0.174 04:7c:16:0a:31:25 WIN-VJVCVVHJH5R
Fri Aug 26 17:03:46 2022 daemon.info dnsmasq[2477]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Fri Aug 26 17:03:46 2022 daemon.info dnsmasq-dhcp[2477]: read /etc/ethers - 0 addresses
Fri Aug 26 17:03:47 2022 daemon.notice netifd: wan (2734): udhcpc: started, v1.33.2
Fri Aug 26 17:03:47 2022 daemon.err odhcp6c[2733]: Failed to send RS (Address not available)
Fri Aug 26 17:03:47 2022 daemon.notice netifd: wan (2734): udhcpc: sending discover
Fri Aug 26 17:03:48 2022 daemon.err odhcp6c[2733]: Failed to send SOLICIT message to ff02::1:2 (Address not available)
Fri Aug 26 17:03:50 2022 daemon.notice netifd: wan (2734): udhcpc: sending discover
Fri Aug 26 17:03:53 2022 daemon.notice netifd: wan (2734): udhcpc: sending discover

logread -e dnsmasq

Fri Aug 26 17:03:36 2022 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Fri Aug 26 17:03:36 2022 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Fri Aug 26 17:03:36 2022 daemon.info dnsmasq[1378]: Connected to system UBus
Fri Aug 26 17:03:36 2022 daemon.info dnsmasq[1378]: started, version 2.85 cachesize 150
Fri Aug 26 17:03:36 2022 daemon.info dnsmasq[1378]: DNS service limited to local subnets
Fri Aug 26 17:03:36 2022 daemon.info dnsmasq[1378]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC no-ID loop-detect inotify dumpfile
Fri Aug 26 17:03:36 2022 daemon.info dnsmasq[1378]: UBus support enabled: connected to system bus
Fri Aug 26 17:03:36 2022 daemon.info dnsmasq[1378]: using only locally-known addresses for domain test
Fri Aug 26 17:03:36 2022 daemon.info dnsmasq[1378]: using only locally-known addresses for domain onion
Fri Aug 26 17:03:36 2022 daemon.info dnsmasq[1378]: using only locally-known addresses for domain localhost
Fri Aug 26 17:03:36 2022 daemon.info dnsmasq[1378]: using only locally-known addresses for domain local
Fri Aug 26 17:03:36 2022 daemon.info dnsmasq[1378]: using only locally-known addresses for domain invalid
Fri Aug 26 17:03:36 2022 daemon.info dnsmasq[1378]: using only locally-known addresses for domain bind
Fri Aug 26 17:03:36 2022 daemon.info dnsmasq[1378]: using only locally-known addresses for domain lan
Fri Aug 26 17:03:36 2022 daemon.warn dnsmasq[1378]: no servers found in /tmp/resolv.conf.d/resolv.conf.auto, will retry
Fri Aug 26 17:03:36 2022 daemon.info dnsmasq[1378]: read /etc/hosts - 4 addresses
Fri Aug 26 17:03:36 2022 daemon.info dnsmasq[1378]: read /tmp/hosts/dhcp.cfg01411c - 0 addresses
Fri Aug 26 17:03:45 2022 daemon.info dnsmasq[1378]: exiting on receipt of SIGTERM
Fri Aug 26 17:03:45 2022 daemon.info dnsmasq[2477]: Connected to system UBus
Fri Aug 26 17:03:45 2022 daemon.info dnsmasq[2477]: started, version 2.85 cachesize 150
Fri Aug 26 17:03:45 2022 daemon.info dnsmasq[2477]: DNS service limited to local subnets
Fri Aug 26 17:03:45 2022 daemon.info dnsmasq[2477]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth cryptohash DNSSEC no-ID loop-detect inotify dumpfile
Fri Aug 26 17:03:45 2022 daemon.info dnsmasq[2477]: UBus support enabled: connected to system bus
Fri Aug 26 17:03:45 2022 daemon.info dnsmasq-dhcp[2477]: DHCP, IP range 10.0.0.100 -- 10.0.0.249, lease time 12h
Fri Aug 26 17:03:45 2022 daemon.info dnsmasq[2477]: using only locally-known addresses for domain test
Fri Aug 26 17:03:45 2022 daemon.info dnsmasq[2477]: using only locally-known addresses for domain onion
Fri Aug 26 17:03:45 2022 daemon.info dnsmasq[2477]: using only locally-known addresses for domain localhost
Fri Aug 26 17:03:45 2022 daemon.info dnsmasq[2477]: using only locally-known addresses for domain local
Fri Aug 26 17:03:45 2022 daemon.info dnsmasq[2477]: using only locally-known addresses for domain invalid
Fri Aug 26 17:03:45 2022 daemon.info dnsmasq[2477]: using only locally-known addresses for domain bind
Fri Aug 26 17:03:45 2022 daemon.info dnsmasq[2477]: using only locally-known addresses for domain lan
Fri Aug 26 17:03:45 2022 daemon.warn dnsmasq[2477]: no servers found in /tmp/resolv.conf.d/resolv.conf.auto, will retry
Fri Aug 26 17:03:45 2022 daemon.info dnsmasq[2477]: read /etc/hosts - 4 addresses
Fri Aug 26 17:03:45 2022 daemon.info dnsmasq[2477]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Fri Aug 26 17:03:45 2022 daemon.info dnsmasq-dhcp[2477]: read /etc/ethers - 0 addresses
Fri Aug 26 17:03:45 2022 daemon.info dnsmasq-dhcp[2477]: DHCPREQUEST(br-lan) 10.0.0.174 04:7c:16:0a:31:25
Fri Aug 26 17:03:45 2022 daemon.info dnsmasq-dhcp[2477]: DHCPACK(br-lan) 10.0.0.174 04:7c:16:0a:31:25 WIN-VJVCVVHJH5R
Fri Aug 26 17:03:46 2022 daemon.info dnsmasq[2477]: read /etc/hosts - 4 addresses
Fri Aug 26 17:03:46 2022 daemon.info dnsmasq[2477]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Fri Aug 26 17:03:46 2022 daemon.info dnsmasq-dhcp[2477]: read /etc/ethers - 0 addresses

Pilot6 · August 26, 2022, 5:49pm

Something is wrong at the DHCP server side. In some cases you need to wait a few minutes. You'd better ask the ISP support.

Mfuad · August 26, 2022, 6:06pm

I checked on the old TP-LINK(TL-WR841ND)(without OpenWRT) and everything works fine there.

Pilot6 · August 26, 2022, 6:16pm

It has another mac address. ISP can check it. For instance in my place I have to wait 10 min when I change a device before I get to the authorization page to link a new device. It depends on ISP.

stmtpr · August 26, 2022, 6:20pm

Some ISP's require extra steps be taken when swapping hardware. For example, when I swap routers, i have to power cycle my cablemodem. Other ISP requirements may be different.

Mfuad · September 24, 2022, 1:41pm

the ISP said that you need to wait 20m.i waited and nothing changed.

Mfuad · September 24, 2022, 1:42pm

dhcpcd

DUID 00:01:00:01:2a:c1:c2:94:ec:41:18:22:49:23
eth0: IAID 18:22:49:23
eth0: IAID conflicts with one assigned to lan2
eth0: adding address fe80::aa5f:773e:d39f:263e
lan2: IAID 18:22:49:23
lan2: IAID conflicts with one assigned to eth0
lan2: adding address fe80::aa5f:773e:d39f:263e
ipv6_addaddr1: Permission denied
wan: IAID 18:22:49:24
wan: adding address fe80::81b7:a888:3c41:2523
br-lan: IAID 18:22:49:23
br-lan: IAID conflicts with one assigned to eth0
br-lan: adding address fe80::aa5f:773e:d39f:263e
lan1: waiting for carrier
wlan0: waiting for carrier
wlan1: waiting for carrier
br-lan: soliciting an IPv6 router
lan2: soliciting a DHCP lease
br-lan: soliciting a DHCP lease
lan2: truncated packet (80) from 192.168.1.1
br-lan: truncated packet (80) from 192.168.1.1
lan2: truncated packet (80) from 192.168.1.1
br-lan: truncated packet (80) from 192.168.1.1
lan2: checksum failure from 64.6.12.29
br-lan: checksum failure from 64.6.12.28
wan: soliciting an IPv6 router
lan2: soliciting an IPv6 router
wan: rebinding lease of 192.168.0.100
wan: truncated packet (88) from 192.168.1.1
wan: checksum failure from 64.6.12.11
eth0: soliciting a DHCP lease
eth0: truncated packet (80) from 192.168.1.1
eth0: checksum failure from 64.6.12.16
eth0: soliciting an IPv6 router
lan2: probing for an IPv4LL address
br-lan: probing for an IPv4LL address
wan: probing for an IPv4LL address
wan: DHCP lease expired
wan: soliciting a DHCP lease
eth0: probing for an IPv4LL address
br-lan: using IPv4LL address 169.254.64.153
br-lan: adding route to 169.254.0.0/16
br-lan: adding default route
forked to background, child pid 5750

wan: checksum failure from 64.6.12.11 ???

Mfuad · September 24, 2022, 1:46pm

I also changed the mac address of the WAN port to tplink's WAN address. nothing changed.

mk24 · September 24, 2022, 2:24pm

This is common with cable. To have the company forget your old router's MAC, don't just wait, but unplug your cable modem and leave it off for 30 minutes.

There are some settings in the configs you posted that don't make sense, like masq being on LAN. OpenWrt's default settings are intended to get online with a DHCP WAN connection.