Guest wifi + Adguard home - no internet access

Hi, I've seen a few posts with problems with internet access for guest wifi after installing Adguard home, though can't figure out my own issue, especially as I'm a newbie when it comes to understanding routers.

GL.iNet Flint2 (GL-MT6000) with Openwrt 23.05.3. Simple setup: modem > router.

I followed the guide to set up a guest wifi (and also isolating it). Though after installing Adguard Home via opkg (following guide), I can't connect to the internet when using guest wifi.

I'd appreciate any help.

cat /etc/config/network:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd70:aad0:aed6::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'
	list ports 'lan5'

config device
	option name 'lan1'
	option macaddr 'xxx'

config device
	option name 'lan2'
	option macaddr 'xxx'

config device
	option name 'lan3'
	option macaddr 'xxx'

config device
	option name 'lan4'
	option macaddr 'xxx'

config device
	option name 'lan5'
	option macaddr 'xxx'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device
	option name 'eth1'
	option macaddr 'xxx'

config interface 'wan'
	option device 'eth1'
	option proto 'pppoe'
	option username 'xxx'
	option password 'xxx'
	option ipv6 'auto'
	option peerdns '0'
	list dns '1.1.1.2'
	list dns '1.0.0.2'

config interface 'wan6'
	option device 'eth1'
	option proto 'dhcpv6'

config interface 'guestwifi'
	option proto 'static'
	option ipaddr '192.168.10.1'
	option netmask '255.255.255.0'

cat /etc/config/wireless:

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/soc/18000000.wifi'
	option channel '12'
	option band '2g'
	option htmode 'HT20'
	option country 'GB'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'nomad_home2G'
	option encryption 'psk2'
	option key 'xxx'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/soc/18000000.wifi+1'
	option channel '149'
	option band '5g'
	option htmode 'HE20'
	option country 'GB'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'nomad_home5G'
	option encryption 'psk2'
	option key 'xxx'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid 'guestwifi'
	option encryption 'psk2'
	option key 'xxx'
	option network 'guestwifi'
	option isolate '1'

cat /etc/config/dhcp:

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '0'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'
	option serversfile '/var/run/adblock-fast/dnsmasq.servers'
	option noresolv '0'
	option port '54'
	list server '192.168.1.1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	list dhcp_option '6,192.168.1.1'
	list dhcp_option '3,192.168.1.1'
	list dns 'fd70:aad0:aed6::1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config host
	option ip '192.168.1.100'
	option leasetime 'infinite'
	option name 'ss-mx-desktop'
	option duid '0004a1001e992d3d858538871ea133f9119e'
	list mac 'xxx'

config dhcp 'guestwifi'
	option interface 'guestwifi'
	option start '100'
	option limit '120'
	option leasetime '12h'
	list dhcp_option '6,192.168.1.1'

cat /etc/config/firewall:

config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config zone
	option name 'guestwifi'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	list network 'guestwifi'

config forwarding
	option src 'guestwifi'
	option dest 'wan'

config rule
	option name 'guest-DHCP'
	list proto 'tcp'
	option src 'guestwifi'
	option dest_port '67'
	option target 'ACCEPT'

config rule
	option name 'guest-dns'
	option src 'guestwifi'
	option dest_port '53'
	option target 'ACCEPT'

Probably same issue as in AdGuard Home, opkg and ping on router not working - #7 by frollic

Or point the guest lan to 8.8.8.8 instead.

1 Like

Thanks for responding.

I edited the adguard yaml file, but it keeps going back to default - deleting the 127.0.0.1 entry.
I disabled Adguard from the web interface before editing, and then rebooting router. Is there something else I should do to turn off Adguard before editing the yaml file?

Otherwise, dumb question, how to point 'guest lan to 8.8.8.8'?

No idea, I don't use it.

Change list dhcp_option '6,192.168.1.1'

Ok, I figured out stopping adguard via cli. Edited the yaml file, which now persists, but still no internet access when using guestwifi :slightly_frowning_face:

I wouldn't want to use pointing guestwifi lan solution as that then bypasses adguard? (And it didn't work when I tried it).

Thanks in advance for any further help

EDIT:

  • Access to internet on my other wifi (e.g. nomad_home2G) on same interface works fine. The problem is specifically with guestwifi.
  • When I don't isolate guestwifi, still have no internet access problem.

So I wiped out the guest wifi, and re-did it. It works now! (with list dhcp_option '6,192.168.1.1').
It appears that creating the guest wifi after installing Adguard is the solution to my issue.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.