DHCP does not work for wi-fi

I have OpenWRT VM installed on Proxmox (OpenWrt firmware version 22.03.5 r20134-5f15225c1e / LuCI openwrt-22.03 branch git-23.119.80898-65ef406, kernel version 5.10.176). Configured 2 networks in Proxmox and forwarded them to OpenWRT. For Wifi distribution, an Intel AC 3168NGW module was routed through the IOMMU group PCI Wifi, iwlwifi-firmware-iwl3168 drivers and drivers for wireless network operation were installed. Wifi is configured as a bridge to the Lan network.
The problem is that DHCP Lan is not provided to wireless network clients. When trying to connect, the following message appears in the system log:

daemon.warn dnsmasq-dhcp[1]: DHCP packet received on wlan0 which has no address

Next settings:

/etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'wan'
        option device 'eth0'
        option proto 'static'
        option netmask '255.255.255.0'
        list dns '78.29.2.21'
        list dns '78.29.2.22'
        list dns '77.88.8.8'
        list dns '77.88.8.1'
        option delegate '0'
        option ipaddr '192.168.1.1'

config interface 'lan'
        option device 'eth1'
        option proto 'static'
        option netmask '255.255.255.0'
        option type 'bridge'
        option ipaddr '10.10.0.1'
        list dns '10.10.0.1'
        option ip4table 'main'
        option delegate '0'

config route 'wan0'
        option interface 'wan'
        option target '0.0.0.0/0'
        option gateway '192.168.1.2'

config device
        option name 'eth0'
        option ipv6 '0'

config device
        option name 'eth1'
        option ipv6 '0'
        option acceptlocal '1'

config device
        option name 'wlan0'
        option ipv6 '0'

/etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '2'
        option htmode 'HT20'
        option path 'pci0000:00/0000:00:10.0'
        option band '2g'
        option cell_density '0'
        option txpower '10'

config wifi-iface 'wifinet0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'ssid'
        option key 'key'
        option encryption 'psk'
        option network 'lan wlan0'

/etc/config/dhcp

config dnsmasq
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option dhcpv4 'server'
        option force '1'
        option netmask '255.255.255.0'
        option leasetime '12h'
        option start '2'
        option limit '254'
        list dhcp_option '3,10.10.0.1'
        list dhcp_option '6,10.10.0.1'

config dhcp 'wan'
        option interface 'wan'
        option limit '255'
        option leasetime '12h'
        option netmask '255.255.255.0'
        option start '2'
        list dhcp_option '3,192.168.1.1'
        list dhcp_option '6,192.168.1.1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
    link/ether 02:35:ea:db:38:3a brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global eth0
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP qlen 1000
    link/ether 02:bb:ce:b6:e1:66 brd ff:ff:ff:ff:ff:ff
    inet 10.10.0.1/24 brd 10.10.0.255 scope global eth1
       valid_lft forever preferred_lft forever
5: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether f0:b6:1e:7e:d1:b9 brd ff:ff:ff:ff:ff:ff

# ip r

default via 192.168.1.2 dev eth0
10.10.0.0/24 dev eth1 scope link
192.168.1.0/24 dev eth0 scope link  src 192.168.1.1

# ip ru

0:      from all lookup local
10000:  from 10.10.0.1 lookup main
20000:  from all to 10.10.0.1/24 lookup main
32766:  from all lookup main
32767:  from all lookup default
90003:  from all iif lo lookup main

Grateful for any pointers.

Remove wlan0.

Remove that section.

Add this to the wan section.

Remove that, unless you plan to manually configure PBR with netifd.

Remove that to avoid looping.

Remove that, unless you explicitly need it.

Remove those, it should work by default.

253 is the max possible limit for the current netmask.

If you really need DHCP server on the wan interface, it should start with 3 and the max limit is 252 since your gateway is 2.

3 Likes

I completed all of the above, no additional errors seemed to appear. And I need DHCP in the LAN network.

Now I tried to connect to the wireless network again. It failed again with the same error in the system log.

And I need lan without going out to the wan.

1 Like

Reboot your router to ensure all changes are correctly applied.
If the issue persists, collect the updated configs:

uci show network; uci show wireless; uci show dhcp; uci show firewall
2 Likes

uci show network

network.loopback=interface
network.loopback.device='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.wan=interface
network.wan.device='eth0'
network.wan.proto='static'
network.wan.netmask='255.255.255.0'
network.wan.dns='78.29.2.21' '78.29.2.22' '77.88.8.8' '77.88.8.1'
network.wan.delegate='0'
network.wan.ipaddr='192.168.1.1'
network.wan.gateway='192.168.1.2'
network.lan=interface
network.lan.device='eth1'
network.lan.proto='static'
network.lan.netmask='255.255.255.0'
network.lan.type='bridge'
network.lan.ipaddr='10.10.0.1'
network.lan.delegate='0'
network.@device[0]=device
network.@device[0].name='eth0'
network.@device[0].ipv6='0'
network.@device[1]=device
network.@device[1].name='eth1'
network.@device[1].ipv6='0'
network.@device[2]=device
network.@device[2].name='wlan0'
network.@device[2].ipv6='0'

uci show wireless

wireless.radio0=wifi-device
wireless.radio0.type='mac80211'
wireless.radio0.channel='2'
wireless.radio0.htmode='HT20'
wireless.radio0.path='pci0000:00/0000:00:10.0'
wireless.radio0.band='2g'
wireless.radio0.cell_density='0'
wireless.radio0.txpower='10'
wireless.wifinet0=wifi-iface
wireless.wifinet0.device='radio0'
wireless.wifinet0.mode='ap'
wireless.wifinet0.ssid='ssid'
wireless.wifinet0.key='key'
wireless.wifinet0.encryption='psk'
wireless.wifinet0.network='lan'

uci show dhcp

dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.d/resolv.conf.auto'
dhcp.@dnsmasq[0].localservice='1'
dhcp.@dnsmasq[0].ednspacket_max='1232'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.dhcpv4='server'
dhcp.lan.force='1'
dhcp.lan.netmask='255.255.255.0'
dhcp.lan.leasetime='12h'
dhcp.lan.start='3'
dhcp.lan.limit='253'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.leasetime='12h'
dhcp.wan.netmask='255.255.255.0'
dhcp.wan.start='3'
dhcp.wan.limit='253'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'
dhcp.@domain[0]=domain
dhcp.@domain[0].ip='192.168.1.1'
dhcp.@domain[0].name='router_OpenWRT'
dhcp.@domain[1]=domain
dhcp.@domain[1].ip='192.168.1.2'
dhcp.@domain[1].name='proxmox_server_wan'
dhcp.@domain[2]=domain
dhcp.@domain[2].ip='192.168.1.3'
dhcp.@domain[2].name='HAOS_Wan'
dhcp.wlan0=dhcp
dhcp.wlan0.interface='wlan0'
dhcp.wlan0.start='100'
dhcp.wlan0.limit='150'
dhcp.wlan0.leasetime='12h'
dhcp.@domain[3]=domain
dhcp.@domain[3].name='HAOS_Lan'
dhcp.@domain[3].ip='10.10.0.3'
dhcp.@host[0]=host
dhcp.@host[0].name='HAOS.lan'
dhcp.@host[0].dns='1'
dhcp.@host[0].mac='06:66:F0:E4:C0:2B'
dhcp.@host[0].ip='10.10.0.3'

uci show firewall

firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[0].family='ipv4'
firewall.@zone[0].network='lan' 'wlan0'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[1].input='ACCEPT'
firewall.@zone[1].forward='ACCEPT'
firewall.@zone[1].family='ipv4'
firewall.@zone[1].network='wan'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[3].enabled='0'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[4].enabled='0'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[5].enabled='0'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[6].enabled='0'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[7].family='ipv4'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@rule[8].family='ipv4'
1 Like

Try this:

uci -q delete dhcp.wlan0
uci set dhcp.lan.start="2"
uci set dhcp.wan.limit="252"
uci commit dhcp
/etc/init.d/dnsmasq restart
uci del_list firewall.@zone[0].network="wlan0"
uci commit firewall
/etc/init.d/firewall restart

Do you want to disable internet access, or just access to 192.168.1.0/24?

If you don't need DHCP server on the WAN side, then disable it:

uci set dhcp.wan.ignore="1"
uci commit dhcp
/etc/init.d/dnsmasq restart
2 Likes

What is my idea, in a nutshell.
OpenWRT has access via van to the Internet for updates and local network via Proxmox and NAT. IoT devices without Internet access, but with access to Proxmox, will connect to Lan in OpenWRT. Gaining access to the 192.168.1.0/24 network is not necessary. But I plan to leave it on and turn it on and off as needed.

I will leave it for monitoring OpenWRT from Home Assistant.

1 Like

DHCP completed registration. The VM was restarted several times. But! In the DCHP config everything is fine, but in the system log:

daemon.info dnsmasq-dhcp[1]: DHCP, IP range 192.168.1.3 -- 192.168.1.254, lease time 12h
daemon.info dnsmasq-dhcp[1]: DHCP, IP range 10.10.0.3 -- 10.10.0.254, lease time 12h
# uci show dhcp
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.d/resolv.conf.auto'
dhcp.@dnsmasq[0].localservice='1'
dhcp.@dnsmasq[0].ednspacket_max='1232'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.dhcpv4='server'
dhcp.lan.force='1'
dhcp.lan.netmask='255.255.255.0'
dhcp.lan.leasetime='12h'
dhcp.lan.start='3'
dhcp.lan.limit='252'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.leasetime='12h'
dhcp.wan.netmask='255.255.255.0'
dhcp.wan.start='3'
dhcp.wan.limit='252'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'

And still the same when trying to connect to a wireless network.

daemon.notice hostapd: wlan0: AP-STA-CONNECTED ee:46:c8:94:7f:0f
daemon.info hostapd: wlan0: STA ee:46:c8:94:7f:0f RADIUS: starting accounting session 18FD54632307F828
daemon.info hostapd: wlan0: STA ee:46:c8:94:7f:0f WPA: pairwise key handshake completed (WPA)
daemon.notice hostapd: wlan0: EAPOL-4WAY-HS-COMPLETED ee:46:c8:94:7f:0f
daemon.info hostapd: wlan0: STA ee:46:c8:94:7f:0f WPA: group key handshake completed (WPA)
daemon.warn dnsmasq-dhcp[1]: DHCP packet received on wlan0 which has no address
daemon.warn dnsmasq-dhcp[1]: DHCP packet received on wlan0 which has no address
daemon.warn dnsmasq-dhcp[1]: DHCP packet received on wlan0 which has no address
daemon.warn dnsmasq-dhcp[1]: DHCP packet received on wlan0 which has no address
daemon.warn dnsmasq-dhcp[1]: DHCP packet received on wlan0 which has no address
daemon.notice hostapd: wlan0: AP-STA-DISCONNECTED ee:46:c8:94:7f:0f

There should be no problems with WPA, since the phone supports up to WPA3

Confirm that wlan0 is a member of the LAN bridge:

brctl show

It's empty.
Maybe you need to add a lan-wlan0 bridge as a separate interface?

1 Like

You don't have a bridge device defined and this line is "old style" pre-DSA format so is invalid.

By default you should have a section maybe something like this:
network.@device[0]=device
network.@device[0].name='br-lan'
network.@device[0].type='bridge'
network.@device[0].ports='lan'

2 Likes
uci -q delete network.lan.type
uci set network.lan.device="br-lan"
uci -q delete network.lan_br
uci set network.lan_br="device"
uci set network.lan_br.type="bridge"
uci set network.lan_br.name="br-lan"
uci add_list network.lan_br.ports="eth1"
uci commit network
/etc/init.d/network restart
2 Likes

Thanks a lot! You helped a lot! To disable the passage of lan traffic to a wan, you just need to set the firewall to discard outgoing and incoming traffic, do I understand correctly?

1 Like

Remove that section:

1 Like

Or turn it off.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.