Fritzbox4040 LAN works, no WLAN

After I have already set up a subnet with OpenWRT, I am now in the process of connecting a second one.

As with the existing network, I clamped the Fritzbox with OpenWRT behind my Fritzbox7490 and started with the setup.

While the LAN works and brings the Internet, this does not work with the WLAN.

The Wi-Fi networks are visible on the end devices and the devices can also connect to the Wi-Fi, but there is, and this is the problem, no Internet.

A Fritzbox7490 (192.168.200.1) does the WAN for the Fritzbox4040 (192.168.200.96).

I can still say that I don't have DHCP enabled anywhere and only use fixed IP addresses. For the interfaces under DHCP server, the checkmark is set to "Ignore interface".

The software (OpenWRT) is up-to-date.

Can anyone give me a hint if one of the many settings, some of which I don't know properly, isn't working properly or what's going on?

Is dumb AP what you're trying to achieve?

No, it's about accommodating different smart home devices in separate subnets so that these device classes are separated from each other and communication between them is made more difficult. Everything works so far, except for the WiFi.

Then you need to update your post, there's nothing about separate subnets in it.

Currently it can be summed up as "two openwrt devices, one trying (and failing), to provide clients with wifi".

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2023.11.06 17:59:18 =~=~=~=~=~=~=~=~=~=~=~=
login as: root
root@192.168.205.1's password: 


BusyBox v1.35.0 (2023-04-27 20:28:15 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 22.03.5, r20134-5f15225c1e
 -----------------------------------------------------
root@OpenWrt:~# ubus call system board
{
"kernel": "5.10.176",
"hostname": "OpenWrt",
"system": "ARMv7 Processor rev 5 (v7l)",
"model": "AVM FRITZ!Box 4040",
"board_name": "avm,fritzbox-4040",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "22.03.5",
"revision": "r20134-5f15225c1e",
"target": "ipq40xx/generic",
"description": "OpenWrt 22.03.5 r20134-5f15225c1e"
}
}
root@OpenWrt:~# cat /etc /config/network

config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fd7a:6e3e:471a::/48'

config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.205.1'
option device 'eth0'

config interface 'wan'
option device 'eth1'
option proto 'static'
option gateway '192.168.200.1'
option broadcast '192.168.200.255'
list ipaddr '192.168.200.96/24'
list dns '192.168.200.1'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 0'

config device
option name 'wlan0'
option macaddr '**:**:**:**:**:**'
option ipv6 '1'

config device
option name 'wlan1'
option macaddr '**:**:**:**:**:**'

config interface 'WIFI'
option proto 'static'
option delegate '0'
option type 'bridge'
list ipaddr '192.168.206.1'
option broadcast '192.168.206.255'

config device
option name 'eth0'
option ipv6 '0'

config device
option name 'eth1'
option ipv6 '0'

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/a000000.wifi'
option band '2g'
option htmode 'HT40'
option channel 'auto'
option cell_density '0'
option country 'DE'

config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option encryption 'sae-mixed'
option ssid '**********_optout_nomap'
option network 'WIFI'
option key '**********'
option isolate '1'

config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc/a800000.wifi'
option band '5g'
option htmode 'VHT80'
option channel 'auto'
option cell_density '0'
option country 'DE'

config wifi-iface 'default_radio1'
option device 'radio1'
option mode 'ap'
option encryption 'sae-mixed'
option ssid '**********_optout_nomap'
option isolate '1'
option network 'WIFI'
option key '**********'

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
list server '192.168.200.1'
option noresolv '1'

config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'

config dhcp 'wan'
option interface 'wan'
option start '100'
option limit '150'
option leasetime '12h'
option dynamicdhcp '0'
option ignore '1'

config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'

config dhcp 'WIFI'
option interface 'WIFI'
option start '100'
option limit '150'
option leasetime '12h'
option ignore '1'

root@OpenWrt:~# cat /etc/config/firewall

config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'

config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'

config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
list network 'wan'

config forwarding
option src 'lan'
option dest 'wan'

config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'

config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'

config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'

config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'

config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'

config zone
option name 'wifi'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'WIFI'

config forwarding
option src 'wifi'
option dest 'wan'

root@OpenWrt:~# 

There is a Fritzbox 7590 through which the Internet comes. It is the WAN for three subnets connected to it. Two of these subnets are implemented with OpenWRT. The Fritzbox 7590 has the IP 192.168.200.1, the two OpenWRT devices listen to 192.168.200.98 and 192.168.200.96, the latter is the Fritzbox that we are talking about here. This Fritzbox makes the LAN 192.168.205.1 and the WLAN 192.168.206.1 - but the WLAN doesn't work.

You should consider upgrading to 23.05.0.

I recommend removing the broadcast option below... it's not a problem for it to be here, but it is automatically calculated based on the subnet, so it's not necessary. Cleaner without the option.

There are problems with the WIFI interface...

Bridges must be defined as devices outside the network interface stanzas. You've also neglected to include the subnet mask (or CIDR network definition). And, as above, I'd recommend removing the broadcast address.

It should look like this, instead...

config device
  option name 'br-wifi'
  option type 'bridge'

config interface 'WIFI'
  option proto 'static'
  option device 'br-wifi'
  option delegate '0'
  list ipaddr '192.168.206.1/24'

You also have the wifi network's DHCP server disabled... is that intentional? That will make wifi not work unless you have your clients with static IP addresses (manually configured on each client device).

Remove the ignore line above if you want the wifi network to have a functional DHCP server.

Restart your router after these changes and test again.

Where can i customize that?

The broadcast is obviously preset.

I make the settings via the user interface.

I upgraded the OpenWRT to 23.05.

It is actually desired and important that all devices have fixed IP addresses.

I personally edit the config files directly. But you can do it in the LuCI web interface -- first create a bridge for the wifi network, then use that bridge as the device for the wifi network interface.

You've entered the value directly, as compared to letting it calculate. It's fine if you leave it there, but I personally feel it is better to omit because of the fact that it is determined by the system.

Good.

Sure, but there are two ways to do this:

1. using DHCP reservations. The DHCP server (in this case, on the router) can keep a list of MAC addresses and corresponding IP addresses so that every device is guaranteed the same IP every single time it connects or requests a renewal.
2. manually configured static IP on each device. Here, you must specify on the device itself that the network will use a static IP assignment and then provide all the relevant information (IP, subnet mask, router/gateway, DNS). This must be done physically on each device -- it's easy on a computer/tablet/phone, but may be difficult or impossible on other devices like multimedia or IoT devices that may expect DHCP and have no means of manual configuration.

I can't find a way to create a bridge.

The devices are supposed to have a fixed IP address so that the device scanners are faster - if the IP addresses are consecutive. It is not to be expected that new devices that expect DHCP will ever be added to the network.

I don't have an OpenWrt device in front of me right now, so I can't give you the 'breadcrumbs' to get to the right page. But you can edit the text file directly.

You can set the DHCP server to issue sequential IP addresses (instead of the usual method which uses a hash of the MAC address to generate an assignment) and as previously stated you can also set DHCP reservations. But if you want to assign every device manually by hand, you can do that, too. That's up to you. But you should now be aware that your DHCP server is disabled, so a device that is not properly configured will not be able to get online.

The effect on IP scanner speed should be relatively small assuming that only limited ports are being scanned (if you're scanning hundreds or thousands of ports, the scan will be slow, but a few dozen or less will be really quick and it won't matter if you're dealing with sequential IPs or 'random' through a /24 network space).

Now I have repeated the complete configuration, but the result is the same again.

The Internet works on the LAN, but not on the WLAN.
I can connect the wireless devices to the OpenWRT router, but again no data comes.

I compared the settings with another Open-WRT Fritzbox4040, they differ except for the device-specific values IP; MAC, etc. not.

This is beginning to despair.

Let’s see the latest configs.

First of all, thank you for getting in touch again.

Since I don't have a good knowledge of SSH, I also did the upgrade via Luci. On the support page for the FB4040, 23.05.0 is stated as the current release, but only 22.03.5 is available for download. That's why I don't have it more current now.

The WiFi now works, although I haven't changed anything. It's really puzzling, it didn't work this morning. I'll be watching over the coming days.

But I would be happy if you could take a look through the configuration, maybe you'll notice something. I don't know why the problem has now been resolved.

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2023.11.07 17:25:35 =~=~=~=~=~=~=~=~=~=~=~=
login as: root
root@192.168.205.1's password: 


BusyBox v1.35.0 (2023-04-27 20:28:15 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 22.03.5, r20134-5f15225c1e
 -----------------------------------------------------
e]0;root@OpenWrt: ~aroot@OpenWrt:~# ubus call system board
{
	"kernel": "5.10.176",
	"hostname": "OpenWrt",
	"system": "ARMv7 Processor rev 5 (v7l)",
	"model": "AVM FRITZ!Box 4040",
	"board_name": "avm,fritzbox-4040",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "22.03.5",
		"revision": "r20134-5f15225c1e",
		"target": "ipq40xx/generic",
		"description": "OpenWrt 22.03.5 r20134-5f15225c1e"
	}
}
e]0;root@OpenWrt: ~aroot@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd7a:6e3e:471a::/48'

config interface 'lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.205.1'
	option device 'eth0'

config interface 'wan'
	option device 'eth1'
	option proto 'static'
	option gateway '192.168.200.1'
	list ipaddr '192.168.200.96/24'
	list dns '192.168.200.1'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 4 0'

config device
	option name 'wlan0'
	option macaddr '**:**:**:**:**:**'
	option ipv6 '1'

config device
	option name 'wlan1'
	option macaddr '**:**:**:**:**:**'

config device
	option name 'eth0'
	option ipv6 '0'

config device
	option name 'eth1'
	option ipv6 '0'

config interface 'Wifi'
	option proto 'static'
	option ipaddr '192.168.206.1'
	option type 'bridge'
	option netmask '255.255.255.0'
	option delegate '0'

e]0;root@OpenWrt: ~aroot@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/soc/a000000.wifi'
	option band '2g'
	option htmode 'HT40'
	option channel 'auto'
	option cell_density '0'
	option country 'DE'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option mode 'ap'
	option encryption 'sae-mixed'
	option ssid '**********_optout_nomap'
	option key '**********'
	option isolate '1'
	option network 'Wifi'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/soc/a800000.wifi'
	option band '5g'
	option htmode 'VHT80'
	option channel 'auto'
	option cell_density '0'
	option country 'DE'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option mode 'ap'
	option encryption 'sae-mixed'
	option ssid '**********_optout_nomap'
	option isolate '1'
	option key '**********'
	option network 'Wifi'

e]0;root@OpenWrt: ~aroot@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option localservice '1'
	option ednspacket_max '1232'
	list server '192.168.200.1'
	option noresolv '1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dynamicdhcp '0'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'Wifi'
	option interface 'Wifi'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option ignore '1'

e]0;root@OpenWrt: ~aroot@OpenWrt:~# cat /etc/config/firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	list network 'wan'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config zone
	option name 'wifi'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'Wifi'

config forwarding
	option src 'wifi'
	option dest 'wan'

e]0;root@OpenWrt: ~aroot@OpenWrt:~# 

You earlier said that you had upgraded...

But clearly you haven't...

Why did you previously say that you had upgraded, then? The device info page is just out of date... use the firmware selector:
https://firmware-selector.openwrt.org/?version=23.05.0&target=ipq40xx%2Fgeneric&id=avm_fritzbox-4040

It doesn't appear that you implemented the things I recommended:

Thank you for your further information.

If the current build is listed in a column on an OpenWRT support page, but the file behind it is outdated, this can of course lead to misunderstandings. This was also the reason why I assumed that I had updated, although this was not the case.
But thank you very much for the information about the firmware selector, I didn't know it before.

But even with that, the attempt to upgrade failed, because the config is obviously incompatible with the new version. OpenWRT is a very, very complicated thing.

2023-11-08 17_06_59-OpenWrt - Backup _ Flash Firmware - LuCI - Chromium1178×812 68.3 KB

In this way, there is now a new, additional problem.

    config interface 'Wifi'
    	option proto 'static'
    	option ipaddr '192.168.206.1'
    	option type 'bridge'
    	option netmask '255.255.255.0'
    	option delegate '0'

It doesn't appear that you implemented the things I recommended:

How could they? So far nobody has been able to tell me how to get the desired changes into the OpenWRT. I can't do anything with information such as "edit the text file directly", etc. I can get to the edited text file, but what about it? I am a scientist and not an IT specialist.

Bridges must be defined as devices outside the network interface stanzas. You've also neglected to include the subnet mask (or CIDR network definition). And, as above, I'd recommend removing the broadcast address.

The broadcast address is already stored in Luci in light grey, I could change it, but I didn't do that at all.
I would like to set everything correctly, but no one has yet been able to tell me how to set it up in Luci. I would also do it in SSH, have the means to do so, if I knew how to do it.

It is the case that the OpenWRT on this Fritzbox4040 now works comprehensively - just as I wanted it and also the WLAN. However, I can't say if that's a safe configuration, because I don't know what the differences from the configuration you specify could do.
I also thought about just reinstalling the AVM operating system, as it is very easy to configure and I understand the parameters. However, it would then be proprietary again and that's exactly what I wanted to avoid.

By the way, the same thing via SSH, why should it be any different?

2023-11-08 17_30_09-Einstellungen1799×623 31.8 KB

This means your device was part of the DSA transition for 23.05 (since 21.02, devices have been slowly transitioning from an older methof of controlling the internal switch called swconfig). It is safe to force the upgrade here, but you must not keep settings. This will create a completely default configuration (which is required as part of the DSA transition), and then you can configure from there. (feel free to take a backup -- you can use those files as a reference when you reconfigure, but do not attempt to restore the backup or copy the files directly into place -- that will soft-brick your router).

I do understand that editing the text files can be a bit daunting if you're not used to using ssh for this stuff... but it's actually faster and eaiser once you learn it.

The vi editor is included by default in OpenWrt. You can install other editors like nano, or use scp to copy the file to your comptuer where you may find it easier to edit, then copy it back again when you're done.

I found this really cool interactive tutorial, but you can look up vi or vim tutorials and you'll be able to learn this stuff fairly easily.