Guest Network not giving Internet access

Installing and Using OpenWrt Network and Wireless Configuration
1

Hi Everyone!

I've been working a lot with openwrt and learning.

I'm following this guide to make a routed AP:

https://openwrt.org/docs/guide-user/network/wifi/routedap?s[]=routed&s[]=ap

I've follow all the steps as the guide mentioned. but when i try to connect to the wifi network (OpenWrt) It does not give internet access.

Here are my config files:

/etc/config/network:

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdd1:1a23:52f5::/48'

config interface 'wifi'
        option proto 'static'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '192.168.15.1'
        option ipaddr '192.168.15.15'
        option dns '8.8.8.8 192.168.15.1'

config interface 'wan'
        option ifname 'eth0.2'
        option proto 'dhcp'

config interface 'wan6'
        option ifname 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan            
        option device 'switch0'
        option vlan '1'        
        option ports '2 3 4 5 0t'
                                 
config switch_vlan               
        option device 'switch0'  
        option vlan '2'          
        option ports '1 0t'

/etc/config/wireless

config switch_vlan            
        option device 'switch0'
        option vlan '1'        
        option ports '2 3 4 5 0t'
                                 
config switch_vlan               
        option device 'switch0'  
        option vlan '2'          
        option ports '1 0t'

/etc/config/firewall

config defaults                                        
        option syn_flood        1                      
        option input            ACCEPT                 
        option output           ACCEPT                 
        option forward          REJECT                 
                                                                     
config zone                                            
        option name             lan                    
        list   network          'lan'                  
        option input            ACCEPT                 
        option output           ACCEPT                 
        option forward          ACCEPT                 
                                                       
config zone                                            
        option name       wifi                         
        list   network    'wifi'                       
        option input      ACCEPT                       
        option output     ACCEPT                       
        option forward    REJECT                       
                                                       
config zone                                            
        option name             wan                    
        list   network          'wan'                  
        list   network          'wan6'                 
        option input            REJECT                 
        option output           ACCEPT                 
        option forward          REJECT                 
        option masq             1                      
        option mtu_fix          1                      
                                                       
config forwarding                                      
        option src              lan                    
        option dest             wan                    
                                                       
config 'forwarding'                                    
        option 'src'        'wifi'                
option dest             wan                    
                                                       
config 'forwarding'                                    
        option 'src'        'wifi'                     
        option 'dest'       'wan'                      
                                                       
config 'forwarding'                                    
        option 'src'        'lan'                      
        option 'dest'       'wifi'                     
                                                       
config 'forwarding'                                    
        option 'src'        'wifi'                     
        option 'dest'       'lan'                      
                                                       
         
config rule                                            
        option name             Allow-DHCP-Renew       
        option src              wan                    
        option proto            udp                    
        option dest_port        68                     
        option target           ACCEPT                 
        option family           ipv4                   
                                                                                       
config rule                                            
        option name             Allow-Ping             
        option src              wan                    
        option proto            icmp                   
        option icmp_type        echo-request           
        option family           ipv4                   
        option target           ACCEPT                 
                                                       
config rule                                            
        option name             Allow-IGMP             
        option src              wan                    
        option proto            igmp                   
        option family           ipv4
option target           ACCEPT                 
                                                           
config rule                                            
        option name             Allow-DHCPv6           
        option src              wan                    
        option proto            udp                    
        option src_ip           fc00::/6               
        option dest_ip          fc00::/6               
        option dest_port        546                    
        option family           ipv6                   
        option target           ACCEPT                 
                                                       
config rule                                            
        option name             Allow-MLD              
        option src              wan                    
        option proto            icmp                   
        option src_ip           fe80::/10              
        list icmp_type          '130/0'                
        list icmp_type          '131/0'                
        list icmp_type          '132/0'                
        list icmp_type          '143/0'                
        option family           ipv6                   
        option target           ACCEPT                 
                                                       
    
config rule                                            
        option name             Allow-ICMPv6-Input     
        option src              wan                    
        option proto    icmp                           
        list icmp_type          echo-request           
        list icmp_type          echo-reply             
        list icmp_type          destination-unreachable
  list icmp_type          packet-too-big         
        list icmp_type          time-exceeded          
        list icmp_type          bad-header             
        list icmp_type          unknown-header-type    
        list icmp_type          router-solicitation    
        list icmp_type          neighbour-solicitation 
        list icmp_type          router-advertisement   
        list icmp_type          neighbour-advertisement
        option limit            1000/sec               
        option family           ipv6                   
        option target           ACCEPT                 
                                                          
config rule                                            
        option name             Allow-ICMPv6-Forward   
        option src              wan                    
        option dest             *                      
        option proto            icmp                   
        list icmp_type          echo-request           
        list icmp_type          echo-reply             
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big         
        list icmp_type          time-exceeded          
        list icmp_type          bad-header             
        list icmp_type          unknown-header-type    
        option limit            1000/sec               
        option family           ipv6                   
        option target           ACCEPT                 
                                                       
config rule                                            
        option name             Allow-IPSec-ESP        
        option src              wan                    
        option dest             lan                    
        option proto            esp                    
        option target           ACCEPT        

config rule                                            
        option name             Allow-IPSec-ESP        
        option src              wan                    
        option dest             lan                    
        option proto            esp                    
        option target           ACCEPT                 
                                                       
config rule                                            
        option name             Allow-ISAKMP           
        option src              wan                    
        option dest             lan                    
        option dest_port        500                    
        option proto            udp                    
        option target           ACCEPT

I dont know why i cant get internet acess... the browers just hangs and never displays the requested web...

Any help will be very appreciated! thanks!

2

You have not provided enough information to help you:

  • You never show us this guest network, is it called wifi?
  • You never pasted your /etc/config/wireless
  • What network does it connect to?
  • Wifi to WAN is listed twice in the firewall config
  • Did you setup DHCP on wifi to give a DNS and Gateway address?
    • Can you show us this config?