DHCP issue on reboot

Hi everybody, I detect a strange behavior with my netgear router (the same with a pirelli with different release).
In my network I have a router with stock firmware connect to internet and to my other router with openwrt.
For this I use a WAN port on vlan 1(in DCHP client).
In LAN port (on vlan 2 with DHCP server) I have connected one pc to test before to extend the configuration for other services.
In this way, it seems works all fine.
But, when I reboot the router with openwrt, the dhcp server doesn't assign any address on lan port. Addresses are assigned from by main router connected on wan port, even though the pc doesn't seem connected ( ping doesn't work).
If I start my second router without the WAN cable, the dhcp server works (after two minutes). Then I can re-plug the wan cable.
I don't know if there is a bug or an error in my configuration. I thought to disable on startup, for some minutes, the wan port.
Can you help me?
Many thanks.

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall

Many thanks, if I unplug and plug again the cable, pc receive the correct ip address from dhcp server (by openwrt router)

root@OpenWrt:~# cat /etc/config/network


config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd5b:90f0:d2dd::/48'

config interface 'lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ifname 'eth1.2'
        option delegate '0'
        option ipaddr '192.168.2.1'

config interface 'wan'
        option ifname 'eth1.1'
        option proto 'dhcp'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 3 5t'

config switch_vlan
        option device 'switch0'
        option ports '2 5t'
        option vlan '2'


root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option interface 'lan'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'server'
        option ra 'server'
        option ra_management '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'





root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan'
        option input 'ACCEPT'
        option forward 'REJECT'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'
        option enabled '0'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'
        option enabled '0'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

Did you modify the switch configuration? I see LAN is assigned to ports 0, 1, and 3, while WAN is on port 2... that is a bit unusual. Can we see the switch config page, please?

1 Like

No WAN port are present physically. Now I'm testing the connectivity on vlan2 (port 2) and other port on vlan1 (port 1 conneccted to the other router).

I guess that at boot time, the switch chip in the OpenWrt router behaves like an unmanaged switch, allowing communication across all ports. VLAN separation is not applied until the OpenWrt network configuration has been loaded.
The client PC gets its IP configuration directly from the upstream router via DHCP, and ping might even work for a short moment, but it breaks as soon as the VLANs have been set up on the OpenWrt device.

Possible workarounds:

  • Disable the DHCP server on the upstream router's LAN interface, and set up a static IP configuration on OpenWrt's WAN interface. This is possible with private IPv4 addresses, or static public IP addresses provided by your ISP, but not useful for dynamic IPv6 addresses.
  • Configure the upstream router as a bridged modem, and run the WAN protocol (e.g. PPPoE) on the OpenWrt router. However, this does not help when the WAN protocol is also DHCP.

If you want to discuss this further, please provide details about your ISP uplink, such as protocol and address assignment mechanism.

2 Likes

I think you are right.
Maybe, the fastest workaround, to maintein the current configuration, could be to disable the interface programmaticaly and after tuw minutes re-enable them. Is it possble on custom rules or on start-up configuration?

This is unlikely to solve the problem because it would happen near the point in time where the VLANs are set up, which is too late.

But if I start my router without WAN cable and I reconnect its after two minutes, the pc has the correct ip address.

k becomes ready
Tue Aug 17 17:46:21 2021 kern.info kernel: [   36.788546] IPv6: ADDRCONF(NETDEV_CHANGE): eth1.2: link becomes ready
Tue Aug 17 17:46:21 2021 daemon.notice netifd: VLAN 'eth1.1' link is up
Tue Aug 17 17:46:21 2021 daemon.notice netifd: Interface 'wan' has link connectivity
Tue Aug 17 17:46:21 2021 daemon.notice netifd: Interface 'wan' is setting up now
Tue Aug 17 17:46:21 2021 daemon.notice netifd: VLAN 'eth1.2' link is up
Tue Aug 17 17:46:21 2021 daemon.notice netifd: Interface 'lan' has link connectivity
Tue Aug 17 17:46:21 2021 user.notice ucitrack: Setting up /etc/config/network reload dependency on /etc/config/dhcp
Tue Aug 17 17:46:22 2021 daemon.err odhcpd[893]: Failed to send to ff02::1%lan@eth1.2 (Address not available)
Tue Aug 17 17:46:22 2021 user.notice ucitrack: Setting up /etc/config/network reload dependency on /etc/config/radvd
Tue Aug 17 17:46:22 2021 daemon.notice netifd: wan (1046): udhcpc: started, v1.30.1
Tue Aug 17 17:46:22 2021 user.notice firewall: Reloading firewall due to ifup of lan (eth1.2)
Tue Aug 17 17:46:22 2021 user.notice ucitrack: Setting up /etc/config/wireless reload dependency on /etc/config/network
Tue Aug 17 17:46:23 2021 daemon.notice netifd: wan (1046): udhcpc: sending discover
Tue Aug 17 17:46:23 2021 daemon.notice netifd: wan (1046): udhcpc: sending select for 192.168.1.233
Tue Aug 17 17:46:23 2021 daemon.notice netifd: wan (1046): udhcpc: lease of 192.168.1.233 obtained, lease time 86400
Tue Aug 17 17:46:23 2021 user.notice ucitrack: Setting up /etc/config/firewall reload dependency on /etc/config/luci-splash
Tue Aug 17 17:46:23 2021 user.notice ucitrack: Setting up /etc/config/firewall reload dependency on /etc/config/qos
Tue Aug 17 17:46:24 2021 user.notice ucitrack: Setting up /etc/config/firewall reload dependency on /etc/config/miniupnpd
Tue Aug 17 17:46:24 2021 daemon.notice netifd: Interface 'wan' is now up
Tue Aug 17 17:46:24 2021 daemon.info dnsmasq[745]: reading /tmp/resolv.conf.auto
Tue Aug 17 17:46:24 2021 daemon.info dnsmasq[745]: using local addresses only for domain test
Tue Aug 17 17:46:24 2021 daemon.info dnsmasq[745]: using local addresses only for domain onion
Tue Aug 17 17:46:24 2021 daemon.info dnsmasq[745]: using local addresses only for domain localhost
Tue Aug 17 17:46:24 2021 daemon.info dnsmasq[745]: using local addresses only for domain local
Tue Aug 17 17:46:24 2021 daemon.info dnsmasq[745]: using local addresses only for domain invalid
Tue Aug 17 17:46:24 2021 daemon.info dnsmasq[745]: using local addresses only for domain bind
Tue Aug 17 17:46:24 2021 daemon.info dnsmasq[745]: using local addresses only for domain lan
Tue Aug 17 17:46:24 2021 daemon.info dnsmasq[745]: using nameserver 8.8.8.8#53
Tue Aug 17 17:46:24 2021 daemon.info dnsmasq[745]: using nameserver 8.8.4.4#53
Tue Aug 17 17:46:25 2021 user.notice ucitrack: Setting up /etc/config/dhcp reload dependency on /etc/config/odhcpd
Tue Aug 17 17:46:26 2021 user.notice firewall: Reloading firewall due to ifup of wan (eth1.1)
Tue Aug 17 17:46:26 2021 user.notice ucitrack: Setting up non-init /etc/config/fstab reload handler: /sbin/block mount
Tue Aug 17 17:46:27 2021 user.notice ucitrack: Setting up /etc/config/system reload trigger for non-procd /etc/init.d/led
Tue Aug 17 17:46:27 2021 user.notice ucitrack: Setting up /etc/config/system reload dependency on /etc/config/luci_statistics
Tue Aug 17 17:46:27 2021 user.notice ucitrack: Setting up /etc/config/system reload dependency on /etc/config/dhcp
Tue Aug 17 17:46:27 2021 user.notice ucitrack: Setting up /etc/config/bcp38 reload dependency on /etc/config/firewall
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq[745]: exiting on receipt of SIGTERM
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq[1277]: started, version 2.80 cachesize 150
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq[1277]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-nettlehash no-DNSSEC no-ID loop-detect inotify dumpfile
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq-dhcp[1277]: DHCP, IP range 192.168.2.100 -- 192.168.2.249, lease time 12h
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq-dhcp[1277]: DHCP, sockets bound exclusively to interface eth1.2
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq[1277]: using local addresses only for domain test
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq[1277]: using local addresses only for domain onion
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq[1277]: using local addresses only for domain localhost
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq[1277]: using local addresses only for domain local
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq[1277]: using local addresses only for domain invalid
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq[1277]: using local addresses only for domain bind
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq[1277]: using local addresses only for domain lan
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq[1277]: reading /tmp/resolv.conf.auto
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq[1277]: using local addresses only for domain test
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq[1277]: using local addresses only for domain onion
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq[1277]: using local addresses only for domain localhost
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq[1277]: using local addresses only for domain local
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq[1277]: using local addresses only for domain invalid
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq[1277]: using local addresses only for domain bind
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq[1277]: using local addresses only for domain lan
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq[1277]: using nameserver 8.8.8.8#53
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq[1277]: using nameserver 8.8.4.4#53
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq[1277]: read /etc/hosts - 4 addresses
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq[1277]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq-dhcp[1277]: read /etc/ethers - 0 addresses
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq[1277]: read /etc/hosts - 4 addresses
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq[1277]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Tue Aug 17 17:46:30 2021 daemon.info dnsmasq-dhcp[1277]: read /etc/ethers - 0 addresses
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq[1277]: exiting on receipt of SIGTERM
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq[1354]: started, version 2.80 cachesize 150
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq[1354]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-nettlehash no-DNSSEC no-ID loop-detect inotify dumpfile
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq-dhcp[1354]: DHCP, IP range 192.168.2.100 -- 192.168.2.249, lease time 12h
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq-dhcp[1354]: DHCP, sockets bound exclusively to interface eth1.2
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq[1354]: using local addresses only for domain test
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq[1354]: using local addresses only for domain onion
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq[1354]: using local addresses only for domain localhost
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq[1354]: using local addresses only for domain local
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq[1354]: using local addresses only for domain invalid
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq[1354]: using local addresses only for domain bind
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq[1354]: using local addresses only for domain lan
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq[1354]: reading /tmp/resolv.conf.auto
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq[1354]: using local addresses only for domain test
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq[1354]: using local addresses only for domain onion
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq[1354]: using local addresses only for domain localhost
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq[1354]: using local addresses only for domain local
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq[1354]: using local addresses only for domain invalid
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq[1354]: using local addresses only for domain bind
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq[1354]: using local addresses only for domain lan
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq[1354]: using nameserver 8.8.8.8#53
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq[1354]: using nameserver 8.8.4.4#53
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq[1354]: read /etc/hosts - 4 addresses
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq[1354]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq-dhcp[1354]: read /etc/ethers - 0 addresses
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq[1354]: read /etc/hosts - 4 addresses
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq[1354]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Tue Aug 17 17:46:32 2021 daemon.info dnsmasq-dhcp[1354]: read /etc/ethers - 0 addresses
Tue Aug 17 17:46:59 2021 daemon.info dnsmasq[1354]: exiting on receipt of SIGTERM
Tue Aug 17 17:47:00 2021 user.notice dnsmasq: DNS rebinding protection is active, will discard upstream RFC1918 responses!
Tue Aug 17 17:47:00 2021 user.notice dnsmasq: Allowing 127.0.0.0/8 responses
Tue Aug 17 17:47:00 2021 daemon.notice procd: /etc/rc.d/S95done: udhcpc: started, v1.30.1
Tue Aug 17 17:47:00 2021 daemon.notice procd: /etc/rc.d/S95done: udhcpc: sending discover
Tue Aug 17 17:47:03 2021 daemon.notice procd: /etc/rc.d/S95done: udhcpc: no lease, failing
Tue Aug 17 17:47:04 2021 daemon.info dnsmasq[1447]: started, version 2.80 cachesize 150
Tue Aug 17 17:47:04 2021 daemon.info dnsmasq[1447]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-nettlehash no-DNSSEC no-ID loop-detect inotify dumpfile
Tue Aug 17 17:47:04 2021 daemon.info dnsmasq-dhcp[1447]: DHCP, IP range 192.168.2.100 -- 192.168.2.249, lease time 12h
Tue Aug 17 17:47:04 2021 daemon.info dnsmasq-dhcp[1447]: DHCP, sockets bound exclusively to interface eth1.2
Tue Aug 17 17:47:04 2021 daemon.info dnsmasq[1447]: using local addresses only for domain test
Tue Aug 17 17:47:04 2021 daemon.info dnsmasq[1447]: using local addresses only for domain onion
Tue Aug 17 17:47:04 2021 daemon.info dnsmasq[1447]: using local addresses only for domain localhost
Tue Aug 17 17:47:04 2021 daemon.info dnsmasq[1447]: using local addresses only for domain local
Tue Aug 17 17:47:04 2021 daemon.info dnsmasq[1447]: using local addresses only for domain invalid
Tue Aug 17 17:47:04 2021 daemon.info dnsmasq[1447]: using local addresses only for domain bind
Tue Aug 17 17:47:04 2021 daemon.info dnsmasq[1447]: using local addresses only for domain lan
Tue Aug 17 17:47:04 2021 daemon.info dnsmasq[1447]: reading /tmp/resolv.conf.auto
Tue Aug 17 17:47:04 2021 daemon.info dnsmasq[1447]: using local addresses only for domain test
Tue Aug 17 17:47:04 2021 daemon.info dnsmasq[1447]: using local addresses only for domain onion
Tue Aug 17 17:47:04 2021 daemon.info dnsmasq[1447]: using local addresses only for domain localhost
Tue Aug 17 17:47:04 2021 daemon.info dnsmasq[1447]: using local addresses only for domain local
Tue Aug 17 17:47:04 2021 daemon.info dnsmasq[1447]: using local addresses only for domain invalid
Tue Aug 17 17:47:04 2021 daemon.info dnsmasq[1447]: using local addresses only for domain bind
Tue Aug 17 17:47:04 2021 daemon.info dnsmasq[1447]: using local addresses only for domain lan
Tue Aug 17 17:47:04 2021 daemon.info dnsmasq[1447]: using nameserver 8.8.8.8#53
Tue Aug 17 17:47:04 2021 daemon.info dnsmasq[1447]: using nameserver 8.8.4.4#53
Tue Aug 17 17:47:04 2021 daemon.info dnsmasq[1447]: read /etc/hosts - 4 addresses
Tue Aug 17 17:47:04 2021 daemon.info dnsmasq[1447]: read /tmp/hosts/dhcp.cfg01411c - 2 addresses
Tue Aug 17 17:47:04 2021 daemon.info dnsmasq-dhcp[1447]: read /etc/ethers - 0 addresses
Tue Aug 17 17:47:06 2021 daemon.info procd: - init complete -
Tue Aug 17 17:50:57 2021 daemon.info dnsmasq-dhcp[1447]: DHCPDISCOVER(eth1.2) 192.168.1.3 00:1e:8c:a8:00:36
Tue Aug 17 17:50:57 2021 daemon.info dnsmasq-dhcp[1447]: DHCPOFFER(eth1.2) 192.168.2.106 00:1e:8c:a8:00:36
Tue Aug 17 17:50:57 2021 daemon.info dnsmasq-dhcp[1447]: DHCPREQUEST(eth1.2) 192.168.2.106 00:1e:8c:a8:00:36
Tue Aug 17 17:50:57 2021 daemon.info dnsmasq-dhcp[1447]: DHCPACK(eth1.2) 192.168.2.106 00:1e:8c:a8:00:36 pc
Tue Aug 17 17:51:28 2021 daemon.err uhttpd[954]: luci: failed login on / for root from 192.168.2.106
Tue Aug 17 17:51:33 2021 daemon.err uhttpd[954]: luci: accepted login on / for root from 192.168.2.106

Could this be the problem?
Tue Aug 17 17:46:22 2021 daemon.err odhcpd[893]: Failed to send to ff02::1%lan@eth1.2 (Address not available)