DHCP unsolvable issue on WLAN only

Hello,

I am having a really weird DHCP issue with my Mercusys MR90Xv1 running OpenWRT 23.05.4. Same issue also with 23.05.3 downgrading and vanilla settings.

I am posting the settings and showing the issue just after flashing 23.05.4 again without keeping old configuration, in order to start from scratch and be 100% sure to show you the issue is not caused by any other settings made by me.
What is not understandable for me is that this kind of setting was working just fine until yesterday, when it stopped working out of the blue and I cannot manage to make it working anymore.

My installation is with just basic settings right now

root@OpenWrt:~# ubus call system board
{
	"kernel": "5.15.162",
	"hostname": "OpenWrt",
	"system": "ARMv8 Processor rev 4",
	"model": "MERCUSYS MR90X v1",
	"board_name": "mercusys,mr90x-v1",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.4",
		"revision": "r24012-d8dd03c46f",
		"target": "mediatek/filogic",
		"description": "OpenWrt 23.05.4 r24012-d8dd03c46f"
	}
}

/etc/config/network

root@OpenWrt:~# cat /etc/config/network 

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd16:ec05:32d3::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan0'
	list ports 'lan1'
	list ports 'lan2'

config device
	option name 'lan0'
	option macaddr '00:eb:d8:60:0f:01'

config device
	option name 'lan1'
	option macaddr '00:eb:d8:60:0f:01'

config device
	option name 'lan2'
	option macaddr '00:eb:d8:60:0f:01'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.90.1'
	option broadcast '192.168.1.255'

config interface 'wan'
	option device 'eth1'
	option proto 'dhcp'

config interface 'wan6'
	option device 'eth1'
	option proto 'static'
	list ipaddr '192.168.90.2/24'
	option gateway '192.168.90.1'
	option broadcast '192.168.90.255'
	list dns '1.1.1.1'
	list dns '8.8.8.8'

/etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/soc/18000000.wifi'
	option channel '1'
	option band '2g'
	option htmode 'HE20'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt2.4'
	option encryption 'psk2'
	option key 'hidden'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/soc/18000000.wifi+1'
	option channel '36'
	option band '5g'
	option htmode 'HE80'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrtAX'
	option encryption 'psk2'
	option key 'hidden'

/etc/config/dhcp

root@OpenWrt:~# cat /etc/config/dhcp 

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

The issue is related to WLAN devices that are trying to receive an IP address from the DHCP from the WLAN AP created by OpenWRT itself without success, randomly it works after several time, but it's quite rare.

  1. For SOME devices it just works (i.e. my Windows 11 laptop is working every time).
  2. All wired devices always works with no issues.
  3. For most of my other Wifi devices (Ubuntu laptop, Android phones, smart plugs, ecc.) which always worked before they are not working or randomly working.
  4. I have another SSID distributed by both another OpenWRT and from an ASUS AC68U with MerlinWRT, and when connecting to it it always works instead (the DHCP server is still the one on this Mercusys).

Considering these points, I narrowed down the issue to the majority of the devices (Windows 11 excluded, don't know why) ONLY IF they are trying to connect to the SSID distributed by this Mercusys.

the WLAN interfaces (phy0-ap0 and phy1ap0) are inside the LAN bridge

root@OpenWrt:~# brctl show
bridge name	bridge id		STP enabled	interfaces
br-lan		7fff.00ebd8600f01	no		phy1-ap0
							lan2
							lan0
							lan1
							phy0-ap0
root@OpenWrt:~# brctl showstp br-lan
br-lan
 bridge id		7fff.00ebd8600f01
 designated root	7fff.00ebd8600f01
 root port		   0			path cost		   0
 max age		  10.00			bridge max age		  10.00
 hello time		   1.00			bridge hello time	   1.00
 forward delay		   8.00			bridge forward delay	   8.00
 ageing time		 300.00
 hello timer		   0.00			tcn timer		   0.00
 topology change timer	   0.00			gc timer		  69.63
 flags			


phy1-ap0 (5)
 port id		8005			state		     forwarding
 designated root	7fff.00ebd8600f01	path cost		 100
 designated bridge	7fff.00ebd8600f01	message age timer	   0.00
 designated port	8005			forward delay timer	   0.00
 designated cost	   0			hold timer		   0.00
 flags			
 hairpin mode		   1

lan2 (3)
 port id		8003			state		       disabled
 designated root	7fff.00ebd8600f01	path cost		 100
 designated bridge	7fff.00ebd8600f01	message age timer	   0.00
 designated port	8003			forward delay timer	   0.00
 designated cost	   0			hold timer		   0.00
 flags			

lan0 (1)
 port id		8001			state		       disabled
 designated root	7fff.00ebd8600f01	path cost		 100
 designated bridge	7fff.00ebd8600f01	message age timer	   0.00
 designated port	8001			forward delay timer	   0.00
 designated cost	   0			hold timer		   0.00
 flags			

lan1 (2)
 port id		8002			state		     forwarding
 designated root	7fff.00ebd8600f01	path cost		   4
 designated bridge	7fff.00ebd8600f01	message age timer	   0.00
 designated port	8002			forward delay timer	   0.00
 designated cost	   0			hold timer		   0.00
 flags			

phy0-ap0 (4)
 port id		8004			state		     forwarding
 designated root	7fff.00ebd8600f01	path cost		 100
 designated bridge	7fff.00ebd8600f01	message age timer	   0.00
 designated port	8004			forward delay timer	   0.00
 designated cost	   0			hold timer		   0.00
 flags			
 hairpin mode		   1

and, while connecting from Windows 11 laptop is working as expected:

Fri Aug  9 09:51:04 2024 daemon.info hostapd: phy1-ap0: STA a8:7e:ea:00:79:c2 IEEE 802.11: authenticated
Fri Aug  9 09:51:04 2024 daemon.info hostapd: phy1-ap0: STA a8:7e:ea:00:79:c2 IEEE 802.11: associated (aid 2)
Fri Aug  9 09:51:04 2024 daemon.notice hostapd: phy1-ap0: STA-OPMODE-SMPS-MODE-CHANGED a8:7e:ea:00:79:c2 off
Fri Aug  9 09:51:04 2024 daemon.notice hostapd: phy1-ap0: AP-STA-CONNECTED a8:7e:ea:00:79:c2 auth_alg=open
Fri Aug  9 09:51:04 2024 daemon.info hostapd: phy1-ap0: STA a8:7e:ea:00:79:c2 WPA: pairwise key handshake completed (RSN)
Fri Aug  9 09:51:04 2024 daemon.notice hostapd: phy1-ap0: EAPOL-4WAY-HS-COMPLETED a8:7e:ea:00:79:c2
Fri Aug  9 09:51:04 2024 daemon.warn odhcpd[1873]: No default route present, overriding ra_lifetime!
Fri Aug  9 09:51:04 2024 daemon.warn odhcpd[1873]: No default route present, overriding ra_lifetime!
Fri Aug  9 09:51:04 2024 kern.warn kernel: [ 1218.872864] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
Fri Aug  9 09:51:05 2024 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 192.168.1.121 a8:7e:ea:00:79:c2
Fri Aug  9 09:51:05 2024 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 192.168.1.121 a8:7e:ea:00:79:c2 DESKTOP-T5OT0MS
Fri Aug  9 09:51:05 2024 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 192.168.1.121 a8:7e:ea:00:79:c2
Fri Aug  9 09:51:05 2024 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 192.168.1.121 a8:7e:ea:00:79:c2 DESKTOP-T5OT0MS
root@OpenWrt:~# tcpdump -nnvepi any port 68
09:52:25.554967 phy1-ap0 Out ifindex 12 a8:7e:ea:00:79:c2 ethertype IPv4 (0x0800), length 370: (tos 0x0, ttl 128, id 25755, offset 0, flags [none], proto UDP (17), length 350)
    0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from a8:7e:ea:00:79:c2, length 322, xid 0xf262350d, Flags [Broadcast]
	  Client-Ethernet-Address a8:7e:ea:00:79:c2
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message (53), length 1: Request
	    Client-ID (61), length 7: ether a8:7e:ea:00:79:c2
	    Requested-IP (50), length 4: 192.168.1.121
	    Hostname (12), length 15: "DESKTOP-T5OT0MS"
	    FQDN (81), length 18: "DESKTOP-T5OT0MS"
	    Vendor-Class (60), length 8: "MSFT 5.0"
	    Parameter-Request (55), length 14: 
	      Subnet-Mask (1), Default-Gateway (3), Domain-Name-Server (6), Domain-Name (15)
	      Router-Discovery (31), Static-Route (33), Vendor-Option (43), Netbios-Name-Server (44)
	      Netbios-Node (46), Netbios-Scope (47), Unknown (119), Classless-Static-Route (121)
	      Classless-Static-Route-Microsoft (249), Unknown (252)
09:52:25.555586 phy1-ap0 Out ifindex 12 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 369: (tos 0xc0, ttl 64, id 14457, offset 0, flags [none], proto UDP (17), length 349)
    192.168.1.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 321, xid 0xf262350d, Flags [Broadcast]
	  Your-IP 192.168.1.121
	  Server-IP 192.168.1.1
	  Client-Ethernet-Address a8:7e:ea:00:79:c2
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message (53), length 1: ACK
	    Server-ID (54), length 4: 192.168.1.1
	    Lease-Time (51), length 4: 43200
	    RN (58), length 4: 21600
	    RB (59), length 4: 37800
	    Subnet-Mask (1), length 4: 255.255.255.0
	    BR (28), length 4: 192.168.1.255
	    Default-Gateway (3), length 4: 192.168.1.1
	    Domain-Name-Server (6), length 4: 192.168.1.1
	    Domain-Name (15), length 3: "lan"
	    FQDN (81), length 22: [SO] 255/255 "DESKTOP-T5OT0MS.lan"

for the most of the other devices is not (this is from my Android phone)

root@OpenWrt:~# logread -f
Fri Aug  9 10:12:24 2024 daemon.info hostapd: phy1-ap0: STA 26:41:b6:24:7c:88 IEEE 802.11: authenticated
Fri Aug  9 10:12:24 2024 daemon.info hostapd: phy1-ap0: STA 26:41:b6:24:7c:88 IEEE 802.11: associated (aid 2)
Fri Aug  9 10:12:24 2024 daemon.notice hostapd: phy1-ap0: AP-STA-CONNECTED 26:41:b6:24:7c:88 auth_alg=open
Fri Aug  9 10:12:24 2024 daemon.info hostapd: phy1-ap0: STA 26:41:b6:24:7c:88 WPA: pairwise key handshake completed (RSN)
Fri Aug  9 10:12:24 2024 daemon.notice hostapd: phy1-ap0: EAPOL-4WAY-HS-COMPLETED 26:41:b6:24:7c:88
Fri Aug  9 10:12:24 2024 kern.warn kernel: [ 2497.883573] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
Fri Aug  9 10:12:25 2024 daemon.warn odhcpd[1873]: No default route present, overriding ra_lifetime!
Fri Aug  9 10:12:25 2024 daemon.warn odhcpd[1873]: No default route present, overriding ra_lifetime!
Fri Aug  9 10:12:25 2024 kern.warn kernel: [ 2498.919234] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
Fri Aug  9 10:12:27 2024 kern.warn kernel: [ 2499.957988] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
Fri Aug  9 10:12:28 2024 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-lan) 26:41:b6:24:7c:88
Fri Aug  9 10:12:28 2024 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 192.168.1.135 26:41:b6:24:7c:88
Fri Aug  9 10:12:28 2024 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-lan) 26:41:b6:24:7c:88
Fri Aug  9 10:12:28 2024 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 192.168.1.135 26:41:b6:24:7c:88
Fri Aug  9 10:12:28 2024 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-lan) 26:41:b6:24:7c:88
Fri Aug  9 10:12:28 2024 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 192.168.1.135 26:41:b6:24:7c:88
Fri Aug  9 10:12:28 2024 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-lan) 26:41:b6:24:7c:88
Fri Aug  9 10:12:28 2024 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 192.168.1.135 26:41:b6:24:7c:88
Fri Aug  9 10:12:28 2024 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-lan) 26:41:b6:24:7c:88
Fri Aug  9 10:12:28 2024 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 192.168.1.135 26:41:b6:24:7c:88
Fri Aug  9 10:12:28 2024 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-lan) 26:41:b6:24:7c:88
Fri Aug  9 10:12:28 2024 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 192.168.1.135 26:41:b6:24:7c:88
Fri Aug  9 10:12:29 2024 daemon.warn odhcpd[1873]: No default route present, overriding ra_lifetime!
Fri Aug  9 10:12:29 2024 daemon.warn odhcpd[1873]: No default route present, overriding ra_lifetime!
Fri Aug  9 10:12:32 2024 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-lan) 26:41:b6:24:7c:88
Fri Aug  9 10:12:32 2024 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 192.168.1.135 26:41:b6:24:7c:88
Fri Aug  9 10:12:32 2024 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-lan) 26:41:b6:24:7c:88
Fri Aug  9 10:12:32 2024 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 192.168.1.135 26:41:b6:24:7c:88
Fri Aug  9 10:12:32 2024 kern.warn kernel: [ 2505.668675] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
Fri Aug  9 10:12:33 2024 kern.warn kernel: [ 2506.680877] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
Fri Aug  9 10:12:34 2024 kern.warn kernel: [ 2507.709814] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
Fri Aug  9 10:12:36 2024 kern.warn kernel: [ 2509.161317] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
Fri Aug  9 10:12:37 2024 kern.warn kernel: [ 2510.187280] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
Fri Aug  9 10:12:37 2024 daemon.warn odhcpd[1873]: No default route present, overriding ra_lifetime!
Fri Aug  9 10:12:37 2024 daemon.warn odhcpd[1873]: No default route present, overriding ra_lifetime!
Fri Aug  9 10:12:38 2024 kern.warn kernel: [ 2511.226256] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
Fri Aug  9 10:12:39 2024 kern.warn kernel: [ 2512.070401] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
Fri Aug  9 10:12:39 2024 kern.warn kernel: [ 2512.269948] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
Fri Aug  9 10:12:40 2024 kern.warn kernel: [ 2513.144381] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
Fri Aug  9 10:12:40 2024 kern.warn kernel: [ 2513.304213] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
Fri Aug  9 10:12:41 2024 kern.warn kernel: [ 2514.183378] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
Fri Aug  9 10:12:41 2024 kern.warn kernel: [ 2514.343208] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
Fri Aug  9 10:12:42 2024 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-lan) 191.89.168.192 00:07:a8:e4:c8:76
Fri Aug  9 10:12:42 2024 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 192.168.1.191 00:07:a8:e4:c8:76
Fri Aug  9 10:12:42 2024 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-lan) 26:41:b6:24:7c:88
Fri Aug  9 10:12:42 2024 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 192.168.1.135 26:41:b6:24:7c:88
Fri Aug  9 10:12:42 2024 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-lan) 26:41:b6:24:7c:88
Fri Aug  9 10:12:42 2024 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 192.168.1.135 26:41:b6:24:7c:88
Fri Aug  9 10:12:42 2024 daemon.notice hostapd: phy1-ap0: AP-STA-DISCONNECTED 26:41:b6:24:7c:88
root@OpenWrt:~# tcpdump -nnvepi any port 68
tcpdump: data link type LINUX_SLL2
tcpdump: listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
[...]
10:13:10.573059 phy1-ap0 Out ifindex 12 26:41:b6:24:7c:88 ethertype IPv4 (0x0800), length 356: (tos 0x10, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 336)
    0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 26:41:b6:24:7c:88, length 308, xid 0xdd40379, Flags [none]
	  Client-Ethernet-Address 26:41:b6:24:7c:88
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message (53), length 1: Discover
	    Client-ID (61), length 7: ether 26:41:b6:24:7c:88
	    MSZ (57), length 2: 1500
	    Vendor-Class (60), length 15: "android-dhcp-14"
	    Hostname (12), length 15: "realme-GT-2-Pro"
	    Parameter-Request (55), length 12: 
	      Subnet-Mask (1), Default-Gateway (3), Domain-Name-Server (6), Domain-Name (15)
	      MTU (26), BR (28), Lease-Time (51), RN (58)
	      RB (59), Vendor-Option (43), URL (114), Unknown (108)
	    SLP-NA (80), length 0""
10:13:13.965758 br-lan Out ifindex 10 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 348: (tos 0xc0, ttl 64, id 9918, offset 0, flags [none], proto UDP (17), length 328)
    192.168.1.1.67 > 192.168.1.135.68: BOOTP/DHCP, Reply, length 300, xid 0xdd40379, Flags [none]
	  Your-IP 192.168.1.135
	  Server-IP 192.168.1.1
	  Client-Ethernet-Address 26:41:b6:24:7c:88
	  Vendor-rfc1048 Extensions
	    Magic Cookie 0x63825363
	    DHCP-Message (53), length 1: Offer
	    Server-ID (54), length 4: 192.168.1.1
	    Lease-Time (51), length 4: 43200
	    RN (58), length 4: 21600
	    RB (59), length 4: 37800
	    Subnet-Mask (1), length 4: 255.255.255.0
	    BR (28), length 4: 192.168.1.255
	    Default-Gateway (3), length 4: 192.168.1.1
	    Domain-Name-Server (6), length 4: 192.168.1.1
	    Domain-Name (15), length 3: "lan"

the DHCP reply is always sent (so the DHCP server is not the issue, but it is not sent on phy1-ap0 interface). The missing packet is the DHCP reply on phy1-ap0, showing it better with tcpdump without -v

root@OpenWrt:~# tcpdump -nnepi any port 68
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
10:15:09.795007 eth1  Out ifindex 3 00:eb:d8:60:0f:02 ethertype IPv4 (0x0800), length 348: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:eb:d8:60:0f:02, length 300
10:15:10.597274 phy1-ap0 B   ifindex 12 26:41:b6:24:7c:88 ethertype IPv4 (0x0800), length 354: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 26:41:b6:24:7c:88, length 306
10:15:10.597316 phy1-ap0 Out ifindex 12 26:41:b6:24:7c:88 ethertype IPv4 (0x0800), length 354: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 26:41:b6:24:7c:88, length 306
10:15:10.597343 phy0-ap0 Out ifindex 11 26:41:b6:24:7c:88 ethertype IPv4 (0x0800), length 354: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 26:41:b6:24:7c:88, length 306
10:15:10.597352 lan1  Out ifindex 5 26:41:b6:24:7c:88 ethertype IPv4 (0x0800), length 354: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 26:41:b6:24:7c:88, length 306
10:15:10.597356 eth0  Out ifindex 2 26:41:b6:24:7c:88 ethertype IPv4 (0x0800), length 354: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 26:41:b6:24:7c:88, length 306
10:15:10.597274 br-lan B   ifindex 10 26:41:b6:24:7c:88 ethertype IPv4 (0x0800), length 354: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 26:41:b6:24:7c:88, length 306
10:15:10.597462 lan1  B   ifindex 5 26:41:b6:24:7c:88 ethertype IPv4 (0x0800), length 354: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 26:41:b6:24:7c:88, length 306
10:15:10.597494 phy1-ap0 Out ifindex 12 26:41:b6:24:7c:88 ethertype IPv4 (0x0800), length 354: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 26:41:b6:24:7c:88, length 306
10:15:10.597508 phy0-ap0 Out ifindex 11 26:41:b6:24:7c:88 ethertype IPv4 (0x0800), length 354: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 26:41:b6:24:7c:88, length 306
10:15:10.597462 br-lan B   ifindex 10 26:41:b6:24:7c:88 ethertype IPv4 (0x0800), length 354: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 26:41:b6:24:7c:88, length 306
10:15:10.598672 br-lan Out ifindex 10 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 348: 192.168.1.1.67 > 192.168.1.135.68: BOOTP/DHCP, Reply, length 300
10:15:10.598678 lan1  Out ifindex 5 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 348: 192.168.1.1.67 > 192.168.1.135.68: BOOTP/DHCP, Reply, length 300
10:15:10.598682 eth0  Out ifindex 2 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 348: 192.168.1.1.67 > 192.168.1.135.68: BOOTP/DHCP, Reply, length 300
10:15:10.598931 br-lan Out ifindex 10 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 348: 192.168.1.1.67 > 192.168.1.135.68: BOOTP/DHCP, Reply, length 300
10:15:10.598936 lan1  Out ifindex 5 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 348: 192.168.1.1.67 > 192.168.1.135.68: BOOTP/DHCP, Reply, length 300
10:15:10.598939 eth0  Out ifindex 2 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 348: 192.168.1.1.67 > 192.168.1.135.68: BOOTP/DHCP, Reply, length 300
10:15:10.778260 phy1-ap0 B   ifindex 12 78:2b:46:c5:bd:9a ethertype IPv4 (0x0800), length 343: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 78:2b:46:c5:bd:9a, length 295
10:15:10.778303 phy1-ap0 Out ifindex 12 78:2b:46:c5:bd:9a ethertype IPv4 (0x0800), length 343: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 78:2b:46:c5:bd:9a, length 295
10:15:10.778327 phy0-ap0 Out ifindex 11 78:2b:46:c5:bd:9a ethertype IPv4 (0x0800), length 343: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 78:2b:46:c5:bd:9a, length 295
10:15:10.778335 lan1  Out ifindex 5 78:2b:46:c5:bd:9a ethertype IPv4 (0x0800), length 343: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 78:2b:46:c5:bd:9a, length 295
10:15:10.778339 eth0  Out ifindex 2 78:2b:46:c5:bd:9a ethertype IPv4 (0x0800), length 343: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 78:2b:46:c5:bd:9a, length 295
10:15:10.778260 br-lan B   ifindex 10 78:2b:46:c5:bd:9a ethertype IPv4 (0x0800), length 343: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 78:2b:46:c5:bd:9a, length 295
10:15:10.778441 lan1  B   ifindex 5 78:2b:46:c5:bd:9a ethertype IPv4 (0x0800), length 343: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 78:2b:46:c5:bd:9a, length 295
10:15:10.778472 phy1-ap0 Out ifindex 12 78:2b:46:c5:bd:9a ethertype IPv4 (0x0800), length 343: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 78:2b:46:c5:bd:9a, length 295
10:15:10.778486 phy0-ap0 Out ifindex 11 78:2b:46:c5:bd:9a ethertype IPv4 (0x0800), length 343: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 78:2b:46:c5:bd:9a, length 295
10:15:10.778441 br-lan B   ifindex 10 78:2b:46:c5:bd:9a ethertype IPv4 (0x0800), length 343: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 78:2b:46:c5:bd:9a, length 295

with the same Android phone, if I connect to the other SSID (not ditributed by this OpenWRT device) I make the DHCP request coming wired so it always works in that way

root@OpenWrt:~# tcpdump -nnepi any port 68
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
10:21:08.342889 lan1  B   ifindex 5 42:76:78:25:d7:70 ethertype IPv4 (0x0800), length 360: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 42:76:78:25:d7:70, length 312
10:21:08.342900 phy1-ap0 Out ifindex 12 42:76:78:25:d7:70 ethertype IPv4 (0x0800), length 360: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 42:76:78:25:d7:70, length 312
10:21:08.342909 phy0-ap0 Out ifindex 11 42:76:78:25:d7:70 ethertype IPv4 (0x0800), length 360: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 42:76:78:25:d7:70, length 312
10:21:08.342889 br-lan B   ifindex 10 42:76:78:25:d7:70 ethertype IPv4 (0x0800), length 360: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 42:76:78:25:d7:70, length 312
10:21:08.343662 br-lan Out ifindex 10 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 348: 192.168.1.1.67 > 192.168.1.192.68: BOOTP/DHCP, Reply, length 300
10:21:08.343672 lan1  Out ifindex 5 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 348: 192.168.1.1.67 > 192.168.1.192.68: BOOTP/DHCP, Reply, length 300
10:21:08.343677 eth0  Out ifindex 2 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 348: 192.168.1.1.67 > 192.168.1.192.68: BOOTP/DHCP, Reply, length 300

Imho the issue is with some broadcasting issue inside OpenWRT bridge (br-lan), but I am able to explain why for the Windows 11 laptop it just works as the DHCP reply on phy1-ap0 is correctly sent instead

root@OpenWrt:~# tcpdump -nnepi any port 68
tcpdump: data link type LINUX_SLL2
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on any, link-type LINUX_SLL2 (Linux cooked v2), snapshot length 262144 bytes
10:17:39.945007 eth1  Out ifindex 3 00:eb:d8:60:0f:02 ethertype IPv4 (0x0800), length 348: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:eb:d8:60:0f:02, length 300
10:17:42.865016 eth1  Out ifindex 3 00:eb:d8:60:0f:02 ethertype IPv4 (0x0800), length 348: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from 00:eb:d8:60:0f:02, length 300
10:17:42.923146 phy1-ap0 B   ifindex 12 a8:7e:ea:00:79:c2 ethertype IPv4 (0x0800), length 370: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from a8:7e:ea:00:79:c2, length 322
10:17:42.923173 phy1-ap0 Out ifindex 12 a8:7e:ea:00:79:c2 ethertype IPv4 (0x0800), length 370: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from a8:7e:ea:00:79:c2, length 322
10:17:42.923186 phy0-ap0 Out ifindex 11 a8:7e:ea:00:79:c2 ethertype IPv4 (0x0800), length 370: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from a8:7e:ea:00:79:c2, length 322
10:17:42.923193 lan1  Out ifindex 5 a8:7e:ea:00:79:c2 ethertype IPv4 (0x0800), length 370: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from a8:7e:ea:00:79:c2, length 322
10:17:42.923197 eth0  Out ifindex 2 a8:7e:ea:00:79:c2 ethertype IPv4 (0x0800), length 370: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from a8:7e:ea:00:79:c2, length 322
10:17:42.923146 br-lan B   ifindex 10 a8:7e:ea:00:79:c2 ethertype IPv4 (0x0800), length 370: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from a8:7e:ea:00:79:c2, length 322
10:17:42.923301 lan1  B   ifindex 5 a8:7e:ea:00:79:c2 ethertype IPv4 (0x0800), length 370: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from a8:7e:ea:00:79:c2, length 322
10:17:42.923336 phy1-ap0 Out ifindex 12 a8:7e:ea:00:79:c2 ethertype IPv4 (0x0800), length 370: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from a8:7e:ea:00:79:c2, length 322
10:17:42.923349 phy0-ap0 Out ifindex 11 a8:7e:ea:00:79:c2 ethertype IPv4 (0x0800), length 370: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from a8:7e:ea:00:79:c2, length 322
10:17:42.923301 br-lan B   ifindex 10 a8:7e:ea:00:79:c2 ethertype IPv4 (0x0800), length 370: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from a8:7e:ea:00:79:c2, length 322
10:17:42.924153 br-lan Out ifindex 10 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 369: 192.168.1.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 321
10:17:42.924167 phy1-ap0 Out ifindex 12 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 369: 192.168.1.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 321
10:17:42.924195 phy0-ap0 Out ifindex 11 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 369: 192.168.1.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 321
10:17:42.924202 lan1  Out ifindex 5 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 369: 192.168.1.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 321
10:17:42.924205 eth0  Out ifindex 2 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 369: 192.168.1.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 321
10:17:42.924301 lan1  B   ifindex 5 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 369: 192.168.1.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 321
10:17:42.924585 br-lan Out ifindex 10 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 369: 192.168.1.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 321
10:17:42.924593 phy1-ap0 Out ifindex 12 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 369: 192.168.1.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 321
10:17:42.924610 phy0-ap0 Out ifindex 11 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 369: 192.168.1.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 321
10:17:42.924617 lan1  Out ifindex 5 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 369: 192.168.1.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 321
10:17:42.924619 eth0  Out ifindex 2 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 369: 192.168.1.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 321
10:17:42.934428 phy1-ap0 Out ifindex 12 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 369: 192.168.1.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 321
10:17:42.934439 phy0-ap0 Out ifindex 11 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 369: 192.168.1.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 321
10:17:42.924301 br-lan B   ifindex 10 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 369: 192.168.1.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 321
10:17:42.934481 lan1  B   ifindex 5 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 369: 192.168.1.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 321
10:17:42.944630 phy1-ap0 Out ifindex 12 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 369: 192.168.1.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 321
10:17:42.944640 phy0-ap0 Out ifindex 11 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 369: 192.168.1.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 321
10:17:42.934481 br-lan B   ifindex 10 00:eb:d8:60:0f:01 ethertype IPv4 (0x0800), length 369: 192.168.1.1.67 > 255.255.255.255.68: BOOTP/DHCP, Reply, length 321

it seems like a compatibility issue of some kind between most of my devices and Openwrt WLAN, but I cannot imagine what it could be.

I don't see any MAC difference on br-lan between my Android phone and Windows 11 laptop

root@OpenWrt:~# brctl showmacs br-lan
port no	mac addr		is local?	ageing timer
  2	00:07:a8:cd:fd:87	no		  17.44
  2	00:07:a8:e4:c8:76	no		  17.40
  2	00:07:a8:e4:cc:be	no		  34.00
  2	00:0e:c6:ac:1e:65	no		   0.06
  2	00:e0:4c:68:05:b1	no		   0.00
  5	00:eb:d8:60:0f:00	yes		   0.00
  5	00:eb:d8:60:0f:00	yes		   0.00
  1	00:eb:d8:60:0f:01	yes		   0.00
  1	00:eb:d8:60:0f:01	yes		   0.00
  2	10:d5:61:be:9a:7c	no		   0.08
  2	42:76:78:25:d7:70	no		   0.10  -> Android phone
  2	52:64:2b:4c:a2:53	no		   0.13
  2	70:8b:cd:c3:39:a0	no		   0.29
  2	74:da:88:4a:74:60	no		   0.23
  2	78:11:dc:ed:9f:6f	no		  14.44
  2	78:2b:46:c5:bd:9a	no		  50.79
  2	90:09:d0:0f:fa:bc	no		   0.78
  5	a8:7e:ea:00:79:c2	no		   1.75  -> Windows 11 laptop
  2	c4:4f:33:87:b6:a3	no		   3.43
  2	c4:dd:57:16:06:f3	no		   0.05
  2	c4:dd:57:16:07:f6	no		   1.27
  2	c4:dd:57:16:0e:10	no		   1.37
  2	dc:4f:22:9e:00:36	no		   0.48
  2	dc:a6:32:c5:3f:12	no		   0.53
  2	f0:ef:86:3e:5e:d1	no		   0.26

Are you able to help me on this topic?

This is invalid on LAN. Remove.

  • the gateway is on a subnet assigned to the WAN interface
  • LAN will route/forward to the WAN gateway (the Kernel is smart enough)

That might be causing an issue.

2 Likes

Thanks a lot for you answer! Meanwhile I've restored my final settings as I need them, but I've removed the lan gateway as per you suggestion:

root@Mercusys_MR90X:~# cat /etc/config/network | grep "interface 'lan'" -A 9
config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ip6assign '60'
	list ipaddr '192.168.89.1/24'
	list dns '1.1.1.1'
	list dns '192.168.89.187'
	list dns '192.168.89.1'

config interface 'wan'
root@Mercusys_MR90X:~# uci commit network
root@Mercusys_MR90X:~# /etc/init.d/network restart
root@Mercusys_MR90X:~# uci show network.lan
network.lan=interface
network.lan.device='br-lan'
network.lan.proto='static'
network.lan.ip6assign='60'
network.lan.ipaddr='192.168.89.1/24'
network.lan.dns='1.1.1.1' '192.168.89.187' '192.168.89.1'

but unfortunately no luck, DHCP server always answers correctly but its reply never reaches back the wifi client on phy1-ap0 (only if such wifi client is asking the IP from this Mercusys SSID, otherwise it always works)

Fri Aug  9 15:10:26 2024 daemon.info hostapd: phy1-ap0: STA be:9a:11:45:8b:b1 IEEE 802.11: authenticated
Fri Aug  9 15:10:26 2024 daemon.info hostapd: phy1-ap0: STA be:9a:11:45:8b:b1 IEEE 802.11: associated (aid 3)
Fri Aug  9 15:10:26 2024 daemon.notice hostapd: phy1-ap0: AP-STA-CONNECTED be:9a:11:45:8b:b1 auth_alg=open
Fri Aug  9 15:10:26 2024 daemon.info hostapd: phy1-ap0: STA be:9a:11:45:8b:b1 WPA: pairwise key handshake completed (RSN)
Fri Aug  9 15:10:26 2024 daemon.notice hostapd: phy1-ap0: EAPOL-4WAY-HS-COMPLETED be:9a:11:45:8b:b1
Fri Aug  9 15:10:26 2024 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 192.168.89.199 be:9a:11:45:8b:b1
Fri Aug  9 15:10:26 2024 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 192.168.89.199 be:9a:11:45:8b:b1 realme-GT-2-Pro
Fri Aug  9 15:10:26 2024 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 192.168.89.199 be:9a:11:45:8b:b1
Fri Aug  9 15:10:26 2024 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 192.168.89.199 be:9a:11:45:8b:b1 realme-GT-2-Pro
Fri Aug  9 15:10:26 2024 kern.warn kernel: [ 7634.057623] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
Fri Aug  9 15:10:27 2024 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 192.168.89.199 be:9a:11:45:8b:b1
Fri Aug  9 15:10:27 2024 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 192.168.89.199 be:9a:11:45:8b:b1 realme-GT-2-Pro
Fri Aug  9 15:10:27 2024 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 192.168.89.199 be:9a:11:45:8b:b1
Fri Aug  9 15:10:27 2024 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 192.168.89.199 be:9a:11:45:8b:b1 realme-GT-2-Pro
Fri Aug  9 15:10:27 2024 kern.warn kernel: [ 7635.006616] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
Fri Aug  9 15:10:28 2024 kern.warn kernel: [ 7636.045491] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
Fri Aug  9 15:10:29 2024 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 192.168.89.199 be:9a:11:45:8b:b1
Fri Aug  9 15:10:29 2024 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 192.168.89.199 be:9a:11:45:8b:b1 realme-GT-2-Pro
Fri Aug  9 15:10:29 2024 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 192.168.89.199 be:9a:11:45:8b:b1
Fri Aug  9 15:10:29 2024 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 192.168.89.199 be:9a:11:45:8b:b1 realme-GT-2-Pro
Fri Aug  9 15:10:29 2024 kern.warn kernel: [ 7637.004372] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
Fri Aug  9 15:10:30 2024 kern.warn kernel: [ 7637.668084] reject wan in: IN=eth1 OUT= MAC=00:eb:d8:60:0f:02:3c:a7:ae:8a:d4:60:08:00 SRC=149.154.167.92 DST=192.168.90.2 LEN=52 TOS=0x00 PREC=0x00 TTL=52 ID=9070 DF PROTO=TCP SPT=443 DPT=47882 WINDOW=2082 RES=0x00 ACK FIN URGP=0
Fri Aug  9 15:10:30 2024 kern.warn kernel: [ 7637.688504] drop wan invalid ct state: IN= OUT=eth1 SRC=192.168.90.2 DST=149.154.167.92 LEN=40 TOS=0x00 PREC=0x00 TTL=64 ID=0 DF PROTO=TCP SPT=47882 DPT=443 WINDOW=0 RES=0x00 RST URGP=0
Fri Aug  9 15:10:30 2024 kern.warn kernel: [ 7638.043330] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
Fri Aug  9 15:10:31 2024 kern.warn kernel: [ 7638.717353] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
Fri Aug  9 15:10:31 2024 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-lan) be:9a:11:45:8b:b1
Fri Aug  9 15:10:31 2024 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 192.168.89.199 be:9a:11:45:8b:b1
Fri Aug  9 15:10:31 2024 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-lan) be:9a:11:45:8b:b1
Fri Aug  9 15:10:31 2024 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 192.168.89.199 be:9a:11:45:8b:b1
Fri Aug  9 15:10:31 2024 kern.warn kernel: [ 7639.092280] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
Fri Aug  9 15:10:32 2024 kern.warn kernel: [ 7640.041223] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
Fri Aug  9 15:10:32 2024 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-lan) be:9a:11:45:8b:b1
Fri Aug  9 15:10:32 2024 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 192.168.89.199 be:9a:11:45:8b:b1
Fri Aug  9 15:10:32 2024 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-lan) be:9a:11:45:8b:b1
Fri Aug  9 15:10:32 2024 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 192.168.89.199 be:9a:11:45:8b:b1
15:12:00.489888 phy1-ap0 B   IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 312
15:12:00.489928 phy1-ap0 Out IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 312
15:12:00.489953 phy0-ap0 Out IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 312
15:12:00.489966 tap1  Out IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 312
15:12:00.489977 tap0  Out IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 312
15:12:00.489989 lan1  Out IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 312
15:12:00.489993 eth0  Out IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 312
15:12:00.489888 br-lan B   IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 312
15:12:00.490035 lan1  B   IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 312
15:12:00.490067 phy1-ap0 Out IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 312
15:12:00.490082 phy0-ap0 Out IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 312
15:12:00.490089 tap1  Out IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 312
15:12:00.490101 tap0  Out IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 312
15:12:00.490035 br-lan B   IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 312
15:12:00.491828 br-lan Out IP 192.168.89.1.67 > 192.168.89.199.68: BOOTP/DHCP, Reply, length 309
15:12:00.491842 lan1  Out IP 192.168.89.1.67 > 192.168.89.199.68: BOOTP/DHCP, Reply, length 309
15:12:00.491848 eth0  Out IP 192.168.89.1.67 > 192.168.89.199.68: BOOTP/DHCP, Reply, length 309
15:12:00.492195 br-lan Out IP 192.168.89.1.67 > 192.168.89.199.68: BOOTP/DHCP, Reply, length 309
15:12:00.492203 lan1  Out IP 192.168.89.1.67 > 192.168.89.199.68: BOOTP/DHCP, Reply, length 309
15:12:00.492207 eth0  Out IP 192.168.89.1.67 > 192.168.89.199.68: BOOTP/DHCP, Reply, length 309

my current configuration is the following, there are additional WG and TAP OpenVPN interfaces (and STP enabled as one of the attempts to try solving this issue) but it's pretty the same thing as before as I shown the issue exists also with vanilla settings:

root@Mercusys_MR90X:~# cat /etc/config/network 

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd31:1bc8:1c80::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	option ipv6 '0'
	option stp '1'
	list ports 'lan0'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'tap0'
	list ports 'tap1'

config device
	option name 'lan0'
	option macaddr '00:eb:d8:60:0f:01'

config device
	option name 'lan1'
	option macaddr '00:eb:d8:60:0f:01'

config device
	option name 'lan2'
	option macaddr '00:eb:d8:60:0f:01'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ip6assign '60'
	list ipaddr '192.168.89.1/24'
	list dns '1.1.1.1'
	list dns '192.168.89.187'
	list dns '192.168.89.1'

config interface 'wan'
	option device 'eth1'
	option proto 'static'
	option ipaddr '192.168.90.2'
	option netmask '255.255.255.0'
	option gateway '192.168.90.1'
	option broadcast '192.168.90.255'

config interface 'wan6'
	option proto 'static'
	option device 'eth1'
	option auto '0'
	option disabled '1'

config interface 'wg_lan'
	option proto 'wireguard'
	option private_key 'hidden'
	option listen_port '51820'
	list addresses '10.89.5.1/24'

config wireguard_wg_lan
	option description 'Stefano Phone'
	option public_key 'hidden'
	option preshared_key 'hidden'
	option persistent_keepalive '25'
	option private_key 'hidden'
	option route_allowed_ips '1'
	list allowed_ips '10.89.5.2/32'

config wireguard_wg_lan
	option description 'CasaSenzani'
	option public_key 'hidden'
	option preshared_key 'hidden'
	list allowed_ips '10.89.5.3/32'
	list allowed_ips '192.168.0.0/24'
	option persistent_keepalive '25'
	option private_key 'hidden'
	option route_allowed_ips '1'

config wireguard_wg_lan
	option description 'Imported peer configuration'
	option public_key 'hidden'
	option preshared_key 'hidden'
	list allowed_ips '10.89.5.4/32'
	option persistent_keepalive '25'

config wireguard_wg_lan
	option description 'CasaAndrea'
	option public_key 'hidden'
	option preshared_key 'hidden'
	list allowed_ips '10.89.5.5/32'
	list allowed_ips '192.168.87.0/24'
	option persistent_keepalive '25'
	option private_key 'hidden'
	option route_allowed_ips '1'

config device
	option name 'wg_lan'

config device
	option name 'eth0'
	option ipv6 '0'

config device
	option name 'phy0-ap0'
	option ipv6 '0'

config device
	option name 'phy1-ap0'
	option ipv6 '0'

root@Mercusys_MR90X:~# cat /etc/config/dhcp 

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/stehome.lan/'
	option domain 'stehome.lan'
	option expandhosts '1'
	option cachesize '1000'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	list notinterface 'wan'
	list notinterface 'wan6'
	option authoritative '1'
	list interface 'lan'
	list interface 'wg_lan'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '253'
	option leasetime '1h'
	option dhcpv4 'server'
	list dhcp_option '3,192.168.89.1'
	list dhcp_option '42,192.168.89.1'
	list dhcp_option '6,192.168.89.187,192.168.89.1'
	option preferred_lifetime '1h'
	option ra_useleasetime '1'
	option force '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
	option start '100'
	option limit '150'
	option leasetime '12h'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config domain
	option name 'xiaomirouter'
	option ip '192.168.89.3'

config domain
	option name 'xiaomirobot'
	option ip '192.168.89.140'

config domain
	option name 'diskstation'
	option ip '192.168.89.107'

config domain
	option name 'rasppi4b'
	option ip '192.168.89.187'

config domain
	option name 'stefanopceth'
	option ip '192.168.89.100'

config domain
	option name 'printer'
	option ip '192.168.89.112'

config domain
	option name 'zerowire'
	option ip '192.168.89.183'

config domain
	option name 'stefanopcwifi'
	option ip '192.168.89.101'

config domain
	option name 'steipcam'
	option ip '192.168.89.156'

config domain
	option name 'sterealmegt2pro'
	option ip '192.168.89.199'

config domain
	option name 'condizionatore3'
	option ip '192.168.89.198'

config domain
	option name 'condizionatore2'
	option ip '192.168.89.197'

config domain
	option name 'condizionatore1'
	option ip '192.168.89.196'

config domain
	option name 'samsungtv'
	option ip '192.168.89.195'

config domain
	option ip '192.168.89.193'
	option name 's22elena'

config host
	option name 'xiaomirobot'
	list mac '78:11:dc:ed:9f:6f'
	option ip '192.168.89.140'

config host
	option name 'diskstation'
	list mac '90:09:d0:0f:fa:bc'
	option ip '192.168.89.107'

config host
	option name 'rasppi4b'
	list mac 'dc:a6:32:c5:3f:12'
	option ip '192.168.89.187'

config host
	option name 'stefanopceth'
	list mac '84:a9:3e:3b:00:33'
	option ip '192.168.89.100'

config host
	option name 'printer'
	list mac '84:25:19:5e:ee:ec'
	option ip '192.168.89.112'

config host
	option name 'stefanopcwifi'
	list mac 'a8:7e:ea:00:79:c2'
	option ip '192.168.89.101'

config host
	option name 'steipcam'
	list mac '94:e0:d6:be:96:fc'
	option ip '192.168.89.156'

config host
	option name 'condizionatore3'
	list mac '00:07:a8:e4:c8:76'
	option ip '192.168.89.198'

config host
	option name 'condizionatore2'
	list mac '00:07:a8:e4:cc:be'
	option ip '192.168.89.197'

config host
	option name 'condizionatore1'
	list mac '00:07:a8:cd:fd:87'
	option ip '192.168.89.196'

config host
	option name 'samsungtv'
	list mac '80:8a:bd:0e:d1:8c'
	option ip '192.168.89.195'

config host
	option name 's22elena'
	list mac '1e:dc:b3:62:b8:71'
	option ip '192.168.89.193'

config host
	option name 'elenapclavorowifi'
	list mac '98:3b:8f:f1:50:f4'
	option ip '192.168.89.106'

config host
	option name 'steipcam2'
	list mac '00:6e:07:8b:3d:08'
	option ip '192.168.89.157'

config host
	option name 'stefanousbeth'
	list mac '00:0e:c6:ac:1e:65'
	option ip '192.168.89.102'

config host
	option name 'pcasuselena'
	list mac '54:a0:50:b7:a9:41'
	option ip '192.168.89.104'

config host
	option name 'steipcamsrihome'
	list mac 'b4:6d:c2:03:fd:93'
	option ip '192.168.89.158'

config domain
	option name 'mercusysap'
	option ip '192.168.89.5'

config domain
	option name 'steipcamsrihome'
	option ip '192.168.89.158'

config domain
	option name 'stefanousbeth'
	option ip '192.168.89.102'

config domain
	option name 'pcasuselena'
	option ip '192.168.89.104'

config domain
	option name 'steipcam2'
	option ip '192.168.89.157'

config domain
	option name 'elenapclavorowifi'
	option ip '192.168.89.106'

config domain
	option name 's22elena'
	option ip '192.168.89.193'

config domain
	option name 'myrouter.io'
	option ip '192.168.0.1'

config ipset
	list name 'mypublicip'
	list domain 'hidden'
	option table_family 'ip'

config host
	list mac 'be:9a:11:45:8b:b1'
	option ip '192.168.89.199'
	option name 'realme-GT-2-Pro'

root@Mercusys_MR90X:~# cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/soc/18000000.wifi'
	option channel '6'
	option band '2g'
	option htmode 'HT20'
	option country 'IT'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'Vodafone-STEHOME'
	option encryption 'psk2'
	option key 'hidden'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/soc/18000000.wifi+1'
	option band '5g'
	option htmode 'HE160'
	option country 'IT'
	option cell_density '0'
	option channel '36'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'STEHOME_5GAX'
	option encryption 'psk2'
	option key 'hidden'

do you have any other suggestions to try?

Wait...are you saying you just added VPNs to this config?

Yes, this is my final configuration. I opened the post with a vanilla configuration just to show the issue exists also with default configs and it is not caused by any of my current configuration. otherwise I would have been able to solve the issue by simply using default configuration.

Anyway I've reported all current config files again for comparison, but I wouldn't focus on the differences as the issue exists with default configuration too.

1 Like

I've discovered a new thing. I've shut DHCP server on this device down and I've enabled another one on another host (192.168.89.107) and it is still not working anyway.

17:24:25.865813 phy1-ap0 B   IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 308
17:24:25.865851 phy1-ap0 Out IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 308
17:24:25.865883 phy0-ap0 Out IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 308
17:24:25.865895 tap1  Out IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 308
17:24:25.865908 tap0  Out IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 308
17:24:25.865917 lan1  Out IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 308
17:24:25.865920 eth0  Out IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 308
17:24:25.865926 br-lan B   IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 308
17:24:25.866196 lan1  B   IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 308
17:24:25.866219 phy1-ap0 Out IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 308
17:24:25.866233 phy0-ap0 Out IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 308
17:24:25.866240 tap1  Out IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 308
17:24:25.866249 tap0  Out IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 308
17:24:25.866254 br-lan B   IP 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from be:9a:11:45:8b:b1, length 308
17:24:25.866612 lan1  P   IP 192.168.89.107.67 > 192.168.89.199.68: BOOTP/DHCP, Reply, length 309

so that doesn't work regardless of the position of the DHCP server. The issue seems to be on the path of the DHCP reply inside br-lan.

The only common point that links all the test I've made is the fact DHCP reply doesn't get through into WLAN interfaces of this Mercusys (phy1-ap0 and phy0-ap0).

root@Mercusys_MR90X:~# brctl show
bridge name	bridge id		STP enabled	interfaces
br-lan		7fff.00ebd8600f01	yes		phy1-ap0
							tap1
							lan2
							lan0
							tap0
							lan1
							phy0-ap0
root@Mercusys_MR90X:~# ip a s phy1-ap0
25: phy1-ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether 00:eb:d8:60:0f:00 brd ff:ff:ff:ff:ff:ff
root@Mercusys_MR90X:~# ip a s br-lan
20: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:eb:d8:60:0f:01 brd ff:ff:ff:ff:ff:ff
    inet 192.168.89.1/24 brd 192.168.89.255 scope global br-lan
       valid_lft forever preferred_lft forever
root@Mercusys_MR90X:~# brctl showstp br-lan
br-lan
 bridge id		7fff.00ebd8600f01
 designated root	7fff.00ebd8600f01
 root port		   0			path cost		   0
 max age		  10.00			bridge max age		  10.00
 hello time		   1.00			bridge hello time	   1.00
 forward delay		   8.00			bridge forward delay	   8.00
 ageing time		 300.00
 hello timer		   0.56			tcn timer		   0.00
 topology change timer	   0.00			gc timer		 128.18
 flags			


phy1-ap0 (7)
 port id		8007			state		     forwarding
 designated root	7fff.00ebd8600f01	path cost		 100
 designated bridge	7fff.00ebd8600f01	message age timer	   0.00
 designated port	8007			forward delay timer	   0.00
 designated cost	   0			hold timer		   0.56
 flags			
 hairpin mode		   1

tap1 (5)
 port id		8005			state		     forwarding
 designated root	7fff.00ebd8600f01	path cost		 100
 designated bridge	7fff.00ebd8600f01	message age timer	   0.00
 designated port	8005			forward delay timer	   0.00
 designated cost	   0			hold timer		   0.56
 flags			

lan2 (3)
 port id		8003			state		       disabled
 designated root	7fff.00ebd8600f01	path cost		 100
 designated bridge	7fff.00ebd8600f01	message age timer	   0.00
 designated port	8003			forward delay timer	   0.00
 designated cost	   0			hold timer		   0.00
 flags			

lan0 (1)
 port id		8001			state		       disabled
 designated root	7fff.00ebd8600f01	path cost		 100
 designated bridge	7fff.00ebd8600f01	message age timer	   0.00
 designated port	8001			forward delay timer	   0.00
 designated cost	   0			hold timer		   0.00
 flags			

tap0 (4)
 port id		8004			state		     forwarding
 designated root	7fff.00ebd8600f01	path cost		 100
 designated bridge	7fff.00ebd8600f01	message age timer	   0.00
 designated port	8004			forward delay timer	   0.00
 designated cost	   0			hold timer		   0.56
 flags			

lan1 (2)
 port id		8002			state		     forwarding
 designated root	7fff.00ebd8600f01	path cost		   4
 designated bridge	7fff.00ebd8600f01	message age timer	   0.00
 designated port	8002			forward delay timer	   0.00
 designated cost	   0			hold timer		   0.56
 flags			

phy0-ap0 (6)
 port id		8006			state		     forwarding
 designated root	7fff.00ebd8600f01	path cost		 100
 designated bridge	7fff.00ebd8600f01	message age timer	   0.00
 designated port	8006			forward delay timer	   0.00
 designated cost	   0			hold timer		   0.56
 flags			
 hairpin mode		   1

I was thinking about modifying some of the advanced configurations of the WLAN interface (like promiscuous mode on or accept local on)


or bridge settings but they seems fine to me

No luck with promiscuous mode + accept local on, I don't know what to do to be honest

hi,

1), it is not a good idea to add more complex configuration (e.g. vpn) if your basic configuration is not working as it makes troubleshooting harder.
2), i'd suggest to reset your configuration back to factory default and only add things when basic stuff is working.
3) your config here has problems, see inline

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan0'
	list ports 'lan1'
	list ports 'lan2'

# why you specify the same MAC address for all your ports? MAC addresses should be unique
# you can see the warning as well
# kern.warn kernel: [ 2498.919234] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
# kern.warn kernel: [ 2499.957988] br-lan: received packet on lan1 with own address as source address (addr:00:eb:d8:60:0f:01, vlan:0)
config device
	option name 'lan0'
	option macaddr '00:eb:d8:60:0f:01'

config device
	option name 'lan1'
	option macaddr '00:eb:d8:60:0f:01'

config device
	option name 'lan2'
	option macaddr '00:eb:d8:60:0f:01'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option gateway '192.168.90.1' # <- what is this address?
	option broadcast '192.168.1.255'

config interface 'wan'
	option device 'eth1'
	option proto 'dhcp'

config interface 'wan6'
	option device 'eth1'
	option proto 'static'
	list ipaddr '192.168.90.2/24' # <- this hardly looks as ipv6 address. wan6 is for ipv6
	option gateway '192.168.90.1'
	option broadcast '192.168.90.255'
	list dns '1.1.1.1'
	list dns '8.8.8.8'

regarding DHCP problem only relevant is the all-same mac address and maybe the default gateway in my opinion.

Hello,

Thanks for your answer.

1 and 2) Yes, you are right, I just demonstrated that the issue is present also with vanilla configuration but it is also true that this doesn't guarantee that my configuration won't add more layer of complexity on the issue, so I will revert back to default configuration in order to make some additional tests.

I added that cuz was having issue with Internet but I agree it is not useful at all, anyway I already removed it before, see my comment above DHCP unsolvable issue on WLAN only - #3 by theunreal89

those options are added when you put an interface to a Linux bridge (br-lan), that's the default setting I didn't put it by myself, and I confirm that's usually right, the interfaces inherit the MAC address of the virtual bridge interface, see the default configuration in this case (except for WAN settings needed for Internet), I didn't touch MAC address part

root@OpenWrt:~# ip a s lan0
4: lan0@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN group default qlen 1000
    link/ether 00:eb:d8:60:0f:01 brd ff:ff:ff:ff:ff:ff
root@OpenWrt:~# ip a s lan1
5: lan1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether 00:eb:d8:60:0f:01 brd ff:ff:ff:ff:ff:ff
root@OpenWrt:~# ip a s lan2
6: lan2@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN group default qlen 1000
    link/ether 00:eb:d8:60:0f:01 brd ff:ff:ff:ff:ff:ff
root@OpenWrt:~# ip a s br-lan
9: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 00:eb:d8:60:0f:01 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fd72:2eba:77b9::1/60 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::2eb:d8ff:fe60:f01/64 scope link 
       valid_lft forever preferred_lft forever
root@OpenWrt:~# brctl show
bridge name	bridge id		STP enabled	interfaces
br-lan		7fff.00ebd8600f01	no		lan2
							           lan0
							           lan1
root@OpenWrt:~# cat /etc/config/network 

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd72:2eba:77b9::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan0'
	list ports 'lan1'
	list ports 'lan2'

config device
	option name 'lan0'
	option macaddr '00:eb:d8:60:0f:01'

config device
	option name 'lan1'
	option macaddr '00:eb:d8:60:0f:01'

config device
	option name 'lan2'
	option macaddr '00:eb:d8:60:0f:01'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	list dns '1.1.1.1'

config interface 'wan'
	option device 'eth1'
	option proto 'static'
	option ipaddr '192.168.90.2'
	option netmask '255.255.255.0'
	option gateway '192.168.90.1'
	option broadcast '192.168.90.255'

config interface 'wan6'
	option device 'eth1'
	option proto 'dhcpv6'

hm, i cannot recall ever that kind of setting on none of my devices. might be your specific hardware requires it though.

1 Like

Is this device a bridged AP (i.e. not your router)?

Where is your DHCP server located on your network? Typically it is the main router, but it can be another host.

Ah ok, so It could be actually an hardware bridge on the motherboard that connects all LAN ports (for sure it's a bit more complex than this but I think you got it). To make you understand what I mean, those lan0,lan1 and lan2 are these LAN ports:


and are labeled with LAN on the router itself.

This is the main router of my LAN network which has only a ISP Router in front of it, giving fiber connectivity, but it's not interfering at all for sure. DHCP server is located on this OpenWRT itself, but the issue is present both if the DHCP server is this OpenWRT or even if the DHCP server is located on another LAN host (192.168.89.107)

Your DHCP server's limit value is invalid -- it is the size of the DHCP pool, and thus must be <=155 if your start is set to 100.

Further, you can remove option 3 and option 42, a they are not needed. I'd also recommend removing the force line.

If that doesn't fix things, your best bet would be to reset and start from scratch. There are a lot of things in your config that may or may not be problematic, but it would take a lot of extra time to evaluate them -- it's faster to start fresh.

1 Like

Thanks, I will try that but considering the following

I already made a test with the vanilla configuration (see my starting post above DHCP unsolvable issue on WLAN only) and the configuration was the following

root@OpenWrt:~# cat /etc/config/dhcp 
config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

but it didn't work anyway

A completely stock/default config, or just the dhcp server settings?

Complete stock, It was just after a factory reset, except for Wan setting to give connectivity and the useless config line

that I had added by mistake.

I also had enabled wifi and put a simple WPA2 password to make the test, but nothing more.

I assume you also enabled wifi?

Have you tried different wireless client devices?

Yes, otherwise I couldn't make the test.

Yes, almost all client weren't working expect my Windows 11 laptop that was working all the times. After restoring the normal configuration also that laptop stopped working. The unique difference is that I wasn't connecting that laptop to wifi since a long time, I always use it with Ethernet.

I also noticed that randomly the association works (with a ratio of 1 out of 10), but after that if I disconnect that client and try to reassociate, then it stops working again.

I also decided to buy a new identical hardware as a test, it will be shipped on Monday and I will make the same test just to exclude the fact it is due to some hardware issue. I am considering this due to the fact this setup stopped working out of the blue, with no specific reason.

I finally solved the issue! I found out that disconnecting all wired cabled from OpenWRT device makes DHCP working perfectly, Therefore, I made the same test by disconnecting WAN only -> problem appeared again.
After disconnecting LAN cable only the issue disappeared, so I was glad to discover that OpenWRT configuration was fine all along, I narrowed the issue down to LAN wired configuration and I eventually found out the culpirt was an unmanaged TP-LINK switch that I use to connect all my LAN wired hosts:

OpenWRT LAN -> Port #1 of Local switch -> rest of LAN network

I discovered that I forgot port mirroring enabled on Port #1 of TP-LINK switch (of course by mistake):


which of couse was causing a mess on the network. Disabling it solved the issue for good.

Thanks to anyone who tried helping me on this!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.