Enabling an interface using VLAN breaks all other interfaces

Installing and Using OpenWrt Network and Wireless Configuration
1

I have this setup with:

  • guest interface
  • internal interface
  • lan interface
  • vpnlan interface
    All of them use a VLAN from a single bridge. For whatever reason, even though I set them all the same way - if I ever just enable interface internal nothing works - I can no longer connect to any other interface through any of my ethX ports. Even the ones that carry Untagged packages. It doesn't break immediately either - I have to reboot and then nothing works. Until I reboot I just can't connect to internal.

Then, if I disable internal or take away its' device, everything goes back to working normal.

Any clues on what it could be? Here's my /etc/config/network:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd95:f13:1605::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'br-vlan.1'
	list ports 'eth0'

config interface 'lan'
	option device 'br-vlan.1'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'

config interface 'wan'
	option device 'eth1'
	option proto 'dhcp'
	option peerdns '0'

config interface 'wan6'
	option device 'eth1'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'
	option norelease '1'
	option peerdns '0'

config interface 'vpn'
	option proto 'wireguard'
	option private_key 'privatekey='
	list addresses '10.2.0.2/32'
	option listen_port '51820'
	list dns '10.2.0.1'
	option mtu '1280'

config wireguard_vpn
	option description 'WG'
	option public_key 'publickey='
	list allowed_ips '0.0.0.0/0'
	option endpoint_host '79.127.186.193'
	option endpoint_port '51820'
	option persistent_keepalive '25'

config rule
	option in 'vpnlan'
	option lookup '102'

config route
	option interface 'vpn'
	option target '0.0.0.0/0'
	option table '102'

config interface 'vpnlan'
	option proto 'static'
	option ipaddr '192.168.12.1'
	option netmask '255.255.255.0'
	option defaultroute '0'
	option device 'br-vlan.12'

config route
	option interface 'vpn'
	option target '10.2.0.1/24'
	option table '110'

config rule
	option in 'guest'
	option lookup '102'

config rule
	option dest '10.2.0.1/24'
	option lookup '110'
	option in 'loopback'

config interface 'guest'
	option proto 'static'
	option ipaddr '192.168.10.1'
	option netmask '255.255.255.0'
	option device 'br-vlan.10'

config interface 'internal'
	option proto 'static'
	option ipaddr '192.168.20.1'
	option netmask '255.255.255.0'
	option device 'br-vlan.20'
	option disabled '1'

config device
	option type 'bridge'
	option name 'br-vlan'
	list ports 'eth0'
	list ports 'eth2'
	list ports 'eth3'

config bridge-vlan
	option device 'br-vlan'
	option vlan '1'
	list ports 'eth0'
	list ports 'eth2'
	list ports 'eth3:u*'

config bridge-vlan
	option device 'br-vlan'
	option vlan '10'
	list ports 'eth3:t'

config bridge-vlan
	option device 'br-vlan'
	option vlan '20'
	list ports 'eth3:t'

config bridge-vlan
	option device 'br-vlan'
	option vlan '12'
	list ports 'eth3:t'
2

There are some significant issues here. What is the device?

ubus call system board
3 
root@OpenWrt:~# ubus call system board
{
	"kernel": "6.6.73",
	"hostname": "OpenWrt",
	"system": "Intel(R) N100",
	"model": "Default string Default string",
	"board_name": "default-string-default-string",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "24.10.0",
		"revision": "r28427-6df0e3d02a",
		"target": "x86/64",
		"description": "OpenWrt 24.10.0 r28427-6df0e3d02a",
		"builddate": "1738624177"
	}
}
4

Could you elaborate? I don't know what's wrong with it - I don't have much experience with this...

5

I think I got it and it's the dumbest thing I've seen. I figured that since I can't connect anywhere, it looks much like DHCP server is choking on something - nobody's getting any IP address assigned so I looked in the /etc/config/dhcp instead. This is what I found there:

config dhcp 'internal'
	option interface 'internal'
	option start '100'
	option limit '150'
	option leasetime '12h'
	list dhcp_option '6,192.168,1,1'

Yep. I used comas in the IP of the DNS address. After changing it to normal address it seems to work fine.

1 Like