Fritzbox4040 LAN works, no WLAN

To everything that is new!

Now I actually installed the upgrade via SSH and shortly re-entered the configuration manually. What can I say, all networks work, including the WLAN. I'm now sending the Putty recordings again.

Is everything now finally as it should be?

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2023.11.08 19:31:21 =~=~=~=~=~=~=~=~=~=~=~=
ubus call systemboarde[Je[Je[Je[Je[J board
{
	"kernel": "5.15.134",
	"hostname": "OpenWrt",
	"system": "ARMv7 Processor rev 5 (v7l)",
	"model": "AVM FRITZ!Box 4040",
	"board_name": "avm,fritzbox-4040",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.0",
		"revision": "r23497-6637af95aa",
		"target": "ipq40xx/generic",
		"description": "OpenWrt 23.05.0 r23497-6637af95aa"
	}
}
e]0;root@OpenWrt: ~aroot@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fda3:1794:caf8::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.205.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option device 'wan'
	option proto 'static'
	option ipaddr '192.168.200.96'
	option netmask '255.255.255.0'
	option gateway '192.168.200.1'
	list dns '192.168.200.1'

config interface 'wifi'
	option proto 'static'
	option ipaddr '192.168.206.1'
	option netmask '255.255.255.0'

e]0;root@OpenWrt: ~aroot@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/soc/a000000.wifi'
	option channel 'auto'
	option band '2g'
	option htmode 'HT40'
	option country 'DE'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option mode 'ap'
	option ssid '**********_optout_nomap'
	option encryption 'sae-mixed'
	option isolate '1'
	option key '**********'
	option network 'wifi'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/soc/a800000.wifi'
	option channel 'auto'
	option band '5g'
	option htmode 'VHT80'
	option country 'DE'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option mode 'ap'
	option ssid '**********'
	option encryption 'sae-mixed'
	option isolate '1'
	option key '**********'
	option network 'wifi'

e]0;root@OpenWrt: ~aroot@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
	option start '100'
	option limit '150'
	option leasetime '12h'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

e]0;root@OpenWrt: ~aroot@OpenWrt:~# cat /etc/config/firewallle[J

config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config zone
	option name 'wifi'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	list network 'wifi'

config forwarding
	option src 'wifi'
	option dest 'wan'

e]0;root@OpenWrt: ~aroot@OpenWrt:~# 

I suspect that you will experience a problem at some point because you've associated your wifi network interface with two radios. For this, a bridge is required because you are connecting a network interface with more than one physical interface.

The fix is simple... create a bridge device and then set the wifi interface to use that bridge. Like this:

config device
	option name 'br-wifi'
	option type 'bridge'

config interface 'wifi'
	option device 'br-wifi'
	option proto 'static'
	option ipaddr '192.168.206.1'
	option netmask '255.255.255.0'

But, the old question.... "How to create this bridge in LuCi"?

As before, I'm not in front of an OpenWrt device right now. But I think it is under the devices tab when you go into network > interfaces.

I found a way to set up bridged devices. But the radio devices for the bridge cannot be seen in the “bridge ports” input field and therefore cannot be selected.

Oh, what a piece of crap, I've had enough of this rubbish. I don't want a router that works randomly. And no one else comes forward here to explain it.

I've been messing around with it for almost a week now. That can't be the case. The only option left is to switch back to AVM.

Correct. The wireless file is the only place where the radios should be specified. Ethernet is a different story, but you're working with wifi only here. As I showed in the text based suggestions, all you're doing is creating a bridge device as an entity, with no hardware devices within.

Really? It should just work now if you've implemented my suggestions.

I'm shocked (and somewhat offended) that you would say this. I have spent quite a lot of time and effort helping you. Do you not trust my suggestions to be accurate? Or do you not find my explanations sufficient?

I'd like to remind you that this forum is entirely a volunteer effort (as is the whole OpenWrt project). People dedicate their time to this without any expectation of compensation, but we don't need to do this and we don't owe anybody anything.

Keep in mind, also, that part of the benefit (and the friction) of using OpenWrt is that you must actually take some time to learn new, more advanced skills if you want to create multiple subnets and have more granular control over you network configuration. We don't expect people to be experts in IT or linux, but it is important for you to take some initiative to lean certain basic things (like editing a text file).

I suspect (although I don't know for sure) that you will not be able to have a different wifi subnet -- you'd have just a single unified lan. If that's what you want, the vendor firmware may be perfect for you. Most vendor firmware options are simplified to make administration easier for those who don't have the need, experience, or interest in learning/implementing more complex networking methods.

Da beginn es bereits.... obwohl ein Device br-lan schon vorhanden ist, kann ich ein br-wlan nicht hinzufügen, da der "-" nich verwendet werden darf. Aber konforme Namen bringen mich ebenfalls nicht weiter.

Ich habe den ganzen Tag verschiedene Vorgehensweisen, Kombinationen und Reihenfolgen ausprobiert und habe nun die Überzeugung das das in der Luci Oberfläche gar nicht geht.

Im Endeffekt habe ich mich nun als letzte Möglichkeit entschlossen auf eine "bridge" ganz zu verzichten und die Radios zwei verschiedenen WLAN Interfaces direkt zuzuweisen. Für meine Zwecke ist das völlig ausreichend.

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2023.11.09 17:21:13 =~=~=~=~=~=~=~=~=~=~=~=
login as: root
root@192.168.250.1's password: 


BusyBox v1.36.1 (2023-10-09 21:45:35 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 23.05.0, r23497-6637af95aa
 -----------------------------------------------------
e]0;root@OpenWrt: ~aroot@OpenWrt:~# ubus call system board
{
	"kernel": "5.15.134",
	"hostname": "OpenWrt",
	"system": "ARMv7 Processor rev 5 (v7l)",
	"model": "AVM FRITZ!Box 4040",
	"board_name": "avm,fritzbox-4040",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.0",
		"revision": "r23497-6637af95aa",
		"target": "ipq40xx/generic",
		"description": "OpenWrt 23.05.0 r23497-6637af95aa"
	}
}
e]0;root@OpenWrt: ~aroot@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd22:0a49:7785::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.250.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option delegate '0'

config interface 'wan'
	option device 'wan'
	option proto 'static'
	option ipaddr '192.168.200.96'
	option netmask '255.255.255.0'
	option gateway '192.168.200.1'

config interface 'wan6'
	option device 'wan'
	option proto 'none'
	option auto '0'
	option delegate '0'

config interface 'wifi2'
	option proto 'static'
	option ipaddr '192.168.251.1'
	option netmask '255.255.255.0'

config interface 'wifi5'
	option proto 'static'
	option ipaddr '192.168.252.1'
	option netmask '255.255.255.0'

e]0;root@OpenWrt: ~aroot@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/soc/a000000.wifi'
	option channel 'auto'
	option band '2g'
	option htmode 'HT40'
	option cell_density '0'
	option country 'DE'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'wifi2'
	option mode 'ap'
	option ssid '**********_optout_nomap'
	option encryption 'sae-mixed'
	option isolate '1'
	option key '**********'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/soc/a800000.wifi'
	option channel 'auto'
	option band '5g'
	option htmode 'VHT80'
	option country 'DE'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'wifi5'
	option mode 'ap'
	option ssid '**********_optout_nomap'
	option encryption 'sae-mixed'
	option isolate '1'
	option key '**********'

e]0;root@OpenWrt: ~aroot@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option ignore '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
	option start '100'
	option limit '150'
	option leasetime '12h'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

e]0;root@OpenWrt: ~aroot@OpenWrt:~# cat /config e[Je[Je[Je[Je[Je[Je[Jetc/config/firewall

config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config zone
	option name 'wifi2'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'wifi2'

config forwarding
	option src 'wifi2'
	option dest 'wan'

config zone
	option name 'wifi5'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'wifi5'

config forwarding
	option src 'wifi5'
	option dest 'wan'

e]0;root@OpenWrt: ~aroot@OpenWrt:~# 

Really? It should just work now if you've implemented my suggestions.

Unfortunately, no. Maybe Luci has a mistake too, I can't say...

I'm shocked (and somewhat offended) that you would say this. I have spent quite a lot of time and effort helping you. Do you not trust my suggestions to be accurate? Or do you not find my explanations sufficient?

I'd like to remind you that this forum is entirely a volunteer effort (as is the whole OpenWrt project). People dedicate their time to this without any expectation of compensation, but we don't need to do this and we don't owe anybody anything.

Keep in mind, also, that part of the benefit (and the friction) of using OpenWrt is that you must actually take some time to learn new, more advanced skills if you want to create multiple subnets and have more granular control over you network configuration. We don't expect people to be experts in IT or linux, but it is important for you to take some initiative to lean certain basic things (like editing a text file).

On the contrary, your competences exceed mine and therefore I can follow my thoughts, but I am not able to implement the recommendations. Or in the case just described (Luci/bridge) it doesn't seem to be possible. I managed to do everything, except for the bridge. And because of such a small thing, I didn't want to familiarize myself with SSH yet. Although I can edit the files via SSH, I also need to understand the syntax. And your answers with the lines that need to be edited - where do they go? What if there are others standing there that they didn't mention, do I have to remove those, maybe some, none, all? In the end, there would simply be even more questions than in the initial situation.

I understand that open software and, above all, the support in the forums is provided on a voluntary basis and I am grateful for that. But you have to put yourself in the role of the user who is asking; they just don't have the same knowledge, otherwise they wouldn't ask. As invaluable as your service is, it can be ineffective if someone is unable to implement it. If it's possible with Luci, a step-by-step guide would be the easiest.

1. Open Luci...
2. Goto Networks ....
3. ....

I suspect (although I don't know for sure) that you will not be able to have a different wifi subnet -- you'd have just a single unified lan. If that's what you want, the vendor firmware may be perfect for you. Most vendor firmware options are simplified to make administration easier for those who don't have the need, experience, or interest in learning/implementing more complex networking methods.

It's about two subnets, each of which is connected via cable to 192.168.200.1 (FB 7590). And both subnets should each maintain a WLAN.

There is even a third one, also a Fritzbox4040, but with the original AVM, because I want to use the advantages of the AVM Mesh here.

I would like to thank you politely.

Let's take a step back to the basics... you have a number of devices and it would be good to make sure we are on the same page as we discuss the detailed configs.

Please make a diagram of your network topology. A photo of a sketch on paper is sufficient here. On the diagram, be sure to label each device's model number and if it running OpenWrt or some other firmware. Also be sure to make it clear what the goal is for each device (router, dumb AP/switch, combination of a dumb AP with some routing, etc.).