Dhcp server not working on LAN but it runs well on Wifi

brainstormi · December 3, 2023, 5:21pm

I have setup Openwrt x86 virtualized with Proxmox. It's running in a NUC server with two Ethernet ports. DHCP works for Wifi, but not for LAN. Eth1 lan port it's connected to a switch Zyxel GS1200, with all ports configured by default as VLAN 1 Untagged. I just run out of ideas, any support is welcome!

/etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdf6:47de:ae2e::/48'

config interface 'wan'
        option proto 'dhcp'
        option device 'wwan0'

config interface 'lan'
        option proto 'static'
        option device 'br-lan'
        option ipaddr '10.69.1.1'
        option netmask '255.255.255.0'

config interface 'wwan'
        option proto 'ncm'
        option ifname 'wwan0'
        option device '/dev/cdc-wdm0'
        option delay '10'
        option pdptype 'IP'
        option ipv6 'auto'
        option apn 'orangeworld'
        option username 'orange'
        option password 'orange'
        option mode 'auto'

config device
        option name 'phy0-ap0'

config device
        option type 'bridge'
        option name 'br-lan'
        list ports 'eth1'
        option ipv6 '0'

config device
        option name 'eth1'

config device
        option name 'wwan0'

/etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '0'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'
        option cachesize '1000'
        option port '54'
        list server '10.69.1.1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        list dhcp_option '6,10.69.1.1'
        list dhcp_option '3,10.69.1.1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

/etc/config/firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option input 'REJECT'
        option forward 'REJECT'
        list network 'wan'
        list network 'wwan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

/etc/config/wireless


config wifi-device 'radio0'
        option type 'mac80211'
        option path 'pci0000:00/0000:00:1c.0/0000:01:00.0'
        option cell_density '1'
        option disabled '1'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'AX201'
        option encryption 'psk2'
        option key 'XXXXXXXXX'
        option disabled '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'pci0000:00/0000:00:1e.0/0000:05:02.0/0000:07:1b.0/usb9/9-2/9-2:1.0'
        option channel 'auto'
        option band '2g'
        option htmode 'HT40'
        option cell_density '0'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'HOMW'
        option encryption 'psk2'
        option key 'XXXXXXXXX'

psherman · December 3, 2023, 9:41pm

The config appears mostly okay. I think your issue is related to the mapping of the Ethernet port in your vm host/hyperrvisor.

brainstormi · December 3, 2023, 10:27pm

Thanks for the tip. I'll take a look at Proxmox side to check if I find something.

brainstormi · December 4, 2023, 4:54pm

Just FYI in case that anybody suffers a similar issue. The problem seems to be related to intel vPro technology, in the moment you enable AMT over the same ethernet port you are using for running the DHCP Server, it's breaking DHCP communictation. I've not found more info so far about how to fix it, apart from the workaround suggested of using an USB ethernet card or running from a different ethernet port not used by Intel AMT. More details in the following thread: