DHCP clients don't have internet access

My Setup
I have OpenWrt install and mostly working on a Linksys 1900ACS v2. I am using it as a router.

My internet is provided by a cellular hotspot, fed to a Netgear wireless extender. The extender ethernet is out to the WAN port on the router.

WAN, hotspot, and extender are on 192.168.129.0/24 subnet.
Lan is on 192.168.128.0/24.

The issue
All works perfectly for any clients with a static IP.
DHCP clients connect and have access to devices on both subnets (WAN and LAN). However, DHCP clients have no internet access.

I am a newbie to networking. Please let me know of any additional info I can provide.
TIA

What parameters are you using for the static clients? What parameters do the clients receive via DHCP?

For static I use:
An IP outside of the DHCP range set on the router (I have tried one within the range as well, both work)
Subnet: 255.255.255.0
Gateway: 192.168.128.1 - the router lan IP

Clients receive the same - ip within the DHCP range, of course.

If your network is IPv4 only, be sure to turn off the IPv6 DHCP server on the OpenWrt LAN. This a different tab from the checkbox which only affects IPv4 (and must be left on).

First you need to differentiate whether the clients truly lack a route to the Internet, or it is that they can't DNS. From a non-working client, try pinging a numeric place on the Internet versus pinging by name.

Since your WAN network is not 192.168.1.1, it should work with a default configuration. At least one thing has been changed from the default configuration here.

Please post your config files (in/etc/config/) into a code block </> to preserve formatting:
Network
Dhcp
Firewall

Much easier to review the configuration than to guess at this type of problem.

1 Like

I am able to ping a public ip from a DHCP client. So, you must be correct regarding DNS.

Apologies for not including previously... As a newbie, I didn't know what my particular issue might warrant a need for

/etc/network

config interface 'loopback'                                                                                                                                                                                     
        option ifname 'lo'                                                                                                                                                                                      
        option proto 'static'                                                                                                                                                                                   
        option ipaddr '127.0.0.1'                                                                                                                                                                               
        option netmask '255.0.0.0'                                                                                                                                                                              
                                                                                                                                                                                                                
config globals 'globals'                                                                                                                                                                                        
        option ula_prefix 'fddd:c701:7bab::/48'                                                                                                                                                                 
                                                                                                                                                                                                                
config interface 'lan'                                                                                                                                                                                          
        option type 'bridge'                                                                                                                                                                                    
        option ifname 'eth0.1'                                                                                                                                                                                  
        option proto 'static'                                                                                                                                                                                   
        option netmask '255.255.255.0'                                                                                                                                                                          
        option ip6assign '60'                                                                                                                                                                                   
        option ipaddr '192.168.128.1'                                                                                                                                                                           
        option igmp_snooping '1'                                                                                                                                                                                
                                                                                                                                                                                                                
config interface 'wan'                                                                                                                                                                                          
        option type 'bridge'                                                                                                                                                                                    
        option ifname 'eth0.1 eth1.2'                                                                                                                                                                           
        option proto 'static'                                                                                                                                                                                   
        option netmask '255.255.255.0'                                                                                                                                                                          
        option ipaddr '192.168.129.5'                                                                                                                                                                           
        option gateway '192.168.129.1'                                                                                                                                                                          
                                                                                                                                                                                                                
config interface 'wan6'                                                                                                                                                                                         
        option ifname 'eth1.2'                                                                                                                                                                                  
        option proto 'dhcpv6'                                                                                                                                                                                   
                                                                                                                                                                                                                
config switch                                                                                                                                                                                                   
        option name 'switch0'                                                                                                                                                                                   
        option reset '1'                                                                                                                                                                                        
        option enable_vlan '1'                                                                                                                                                                                  
                                                                                                                                                                                                                
config switch_vlan                                                                                                                                                                                              
        option device 'switch0'                                                                                                                                                                                 
        option vlan '1'                                                                                                                                                                                         
        option ports '0 1 2 3 5t'                                                                                                                                                                               
                                                                                                                                                                                                                
config switch_vlan                                                                                                                                                                                              
        option device 'switch0'                                                                                                                                                                                 
        option vlan '2'                                                                                                                                                                                         
        option ports '4 6t'

/etc/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option localservice '1'
        option domain 'fernwood'

config dhcp 'lan'
        option interface 'lan'
        option start '120'
        option leasetime '36h'
        option limit '136'
        option ra 'server'
        option dhcpv6 'server'
        option ra_management '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config host
        option mac 'B8:27:EB:BD:93:B8'
        option name 'Kodi'
        option dns '1'
        option ip '192.168.128.221'

config host
        option mac '78:2B:CB:43:3A:DB'
        option name 'Storage'
        option dns '1'
        option ip '192.168.128.10'

config host
        option mac '52:54:00:BC:D7:E7'
        option name 'NAS'
        option dns '1'
        option ip '192.168.128.101'

/etc/firewall

config defaults
        option syn_flood        1
        option input            ACCEPT
        option output           ACCEPT
        option forward          REJECT
# Uncomment this line to disable ipv6 rules
#       option disable_ipv6     1

config zone
        option name             lan
        list   network          'lan'
        option input            ACCEPT
        option output           ACCEPT
        option forward          ACCEPT

config zone
        option name             wan
        list   network          'wan'
        list   network          'wan6'
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
        option masq             1
        option mtu_fix          1

config forwarding
        option src              lan
        option dest             wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
        option name             Allow-DHCP-Renew
        option src              wan
        option proto            udp
        option dest_port        68
        option target           ACCEPT
        option family           ipv4

# Allow IPv4 ping
config rule
        option name             Allow-Ping
        option src              wan
        option proto            icmp
        option icmp_type        echo-request
        option family           ipv4
        option target           ACCEPT

config rule
        option name             Allow-IGMP
        option src              wan
        option proto            igmp
        option family           ipv4            
        option target           ACCEPT          

# Allow DHCPv6 replies                          
# see https://dev.openwrt.org/ticket/10381      
config rule                                     
        option name             Allow-DHCPv6    
        option src              wan             
        option proto            udp             
        option src_ip           fc00::/6        
        option dest_ip          fc00::/6        
        option dest_port        546             
        option family           ipv6            
        option target           ACCEPT          
                                                
config rule                                     
        option name             Allow-MLD       
        option src              wan             
        option proto            icmp            
        option src_ip           fe80::/10       
        list icmp_type          '130/0'         
        list icmp_type          '131/0'         
        list icmp_type          '132/0'         
        list icmp_type          '143/0'         
        option family           ipv6            
        option target           ACCEPT          
                                                
# Allow essential incoming IPv6 ICMP traffic    
config rule                                     
        option name             Allow-ICMPv6-Input
        option src              wan               
        option proto    icmp                      
        list icmp_type          echo-request      
        list icmp_type          echo-reply        
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big         
        list icmp_type          time-exceeded          
        list icmp_type          bad-header             
        list icmp_type          unknown-header-type    
        list icmp_type          router-solicitation    
        list icmp_type          neighbour-solicitation 
        list icmp_type          router-advertisement   
        list icmp_type          neighbour-advertisement
        option limit            1000/sec               
        option family           ipv6                   
        option target           ACCEPT                 

config rule                                            
        option name             Allow-IPSec-ESP        
        option src              wan                    
        option dest             lan                    
        option proto            esp                    
        option target           ACCEPT                 
                                                       
config rule                                            
        option name             Allow-ISAKMP           
        option src              wan                    
        option dest             lan                    
        option dest_port        500                    
        option proto            udp                    
        option target           ACCEPT                 
                                                       
# include a file with users custom iptables rules      
config include                                         
        option path /etc/firewall.user                 
                                       

I think you pointed me in the right direction. Can you confirm?
I added google's DNS servers under the setting: DNS forwardings and all seems to be working.

Apologies. Previous reply was to the incorrect post...

Why do you have the wan and lan interfaces bridged together in the network conduit?

EDIT: Damn You Autocorrect... "network conduit" was supposed to be "network config" (for the WAN)

1 Like

I don't know the why behind much of what I did :wink:

If memory serves, I found a post that said I needed that to provide wan internet to the lan.

Do you have a recommendation?

Start by removing eth0.1 from the wan section.

Can you make a diagram of your setup so we can understand how this device factors into your whole network?

OK. I have been working from the GUI. I prefer cli. But, after making your recommended change, do I need to restart anything, or is the affect immediate?

I do want to make sure you saw my conversation with @mk24. I didn't have DNS servers set. I added those and it seems to have fixed the issue.

I still want to improve and understand better. Should we continue?

Also this is going over the end of the network. It is not the last IP, but how many will be allocated, so in your case it is 120+136=256
If you want the pool to be 120-136 use limit 16.

1 Like

After you modify the network file manually, restart the network service:
/etc/init.d/network restart

A diagram of your network would also still be useful so that we can make sure we're giving you the right guidance.

Not the greatest diagram, and I haven't added ips yet. but...

Network is pretty simple.
Verify that there are no IP conflicts with static and dhcp.
Also lower the DHCP lease time and force some hosts to renew their IP. Make sure it is valid for the lan network and do a traceroute to see where the packets will stop.

1 Like

OK.
I reduced DHCP lease time to 18h
I have one static IP that is within the DHCP range; I'll change that.

All seems good now. Thanks for your patience and help. You have taught me a good bit.

1 Like