Guest wifi and unbound

My configuration is dnsmasq disabled, odhcpd is the main dhcp app and unbound is used for dns tls.
Network works in normal interface but doesn't work in the guest network. (the client doesn't receive any ip)

This is DHCP conf


config dnsmasq 'global'
	option expandhosts '1'
	option leasefile '/tmp/dhcp.leases'
	option localservice '1'
	option domain 'Ansuel-Network'
	option cachesize '2000'
	option local '/Ansuel-Network/'
	option rebind_protection '0'
	option sequential_ip '1'
	option localise_queries '1'
	option boguspriv '0'
	option noresolv '1'
	option port '53'

config dhcp 'lan'
	option interface 'lan'
	option start '2'
	option force '1'
	option limit '200'
	option ra_management '1'
	option ra 'server'
	option dhcpv4 'server'
	option dhcpv6 'server'
	list domain 'Ansuel-Router'
	option leasetime '24h'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config host
	option name 'Ansuel-Gaming'
	option mac '10:c3:7b:92:19:ff'
	option ip '192.168.2.5'

config dhcp 'guest'
	option interface 'guest'
	option limit '200'
	option leasetime '1h'
	option start '2'

config dhcp 'tor'
	option interface 'tor'
	option start '2'
	option stop '100'
	option leasetime '12h'
	option limit '150'

config host
	option mac 'e8:de:27:c9:68:82'
	option name 'Ripe-Atlas'
	option ip '192.168.2.3'

config odhcpd 'odhcpd'
	option maindhcp '1'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '1'

config host
	option name 'Samknows-Whitebox'
	option mac 'd8:37:be:fd:f3:6d'
	option ip '192.168.2.6'

This is NETWORK

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd49:5134:465f::/48'

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.2.1'
	option ip6assign '64'
	option ifname 'eth0.1 tap_softether'

config interface 'guest'
	option proto 'static'
	option netmask '255.255.255.0'
	option _orig_ifname 'wlan1-1'
	option _orig_bridge 'false'
	option type 'bridge'
	option metric '10'
	option ipaddr '192.168.20.1'

config interface 'wan'
	option ifname 'eth1.2'
	option proto 'pppoe'
	option password 'testoh'
	option ipv6 'auto'
	option metric '0'
	option username 'ciaoca'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 5t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '4 6t'

config interface 'wan_ipv6'
	option proto 'pppoe'
	option ifname 'eth1.2'
	option username 'adsl@alice6.it'
	option password 'IPV6@alice6'
	option ipv6 'auto'
	option metric '10'

config interface 'modem'
	option ifname 'eth1.2'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.1.7'

and this is FIREWALL


config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule 'guest_rule_dns'
	option name 'Allow DNS Queries'
	option src 'guest'
	option target 'ACCEPT'
	option proto 'tcp udp'
	option dest_port '53'

config rule 'guest_rule_dhcp'
	option name 'Allow DHCP request'
	option src 'guest'
	option proto 'udp'
	option target 'ACCEPT'
	option dest_port '67-68'

config rule
	option src 'tor'
	option proto 'udp'
	option dest_port '67'
	option target 'ACCEPT'
	option name 'Tor DHCP Network'

config rule
	option src 'tor'
	option proto 'tcp'
	option dest_port '9040'
	option target 'ACCEPT'
	option name 'Tor Packet Network'

config rule
	option src 'tor'
	option proto 'udp'
	option dest_port '9053'
	option target 'ACCEPT'
	option name 'Tor DNS Network'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'tcp'
	option dest_port '9001'
	option name 'Tor Relay'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option dest_port '6800'
	option name 'Aria2'
	option proto 'tcp'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'tcp'
	option dest_port '80'
	option name 'Redirect to HTTPS'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option dest_port '6881-6999'
	option name 'Aria 2 Torrent Listen & DHT'
	option proto 'tcp udp'

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option syn_flood '1'
	option drop_invalid '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan'

config zone
	option name 'wan'
	option output 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	option input 'REJECT'
	option forward 'REJECT'
	option network 'modem wan wan_6 wan6 wan_ipv6'

config include
	option path '/etc/firewall.user'

config zone 'guest_zone'
	option name 'guest'
	option network 'guest'
	option input 'REJECT'
	option forward 'REJECT'
	option output 'ACCEPT'

config zone
	option name 'tor'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option network 'tor'

config forwarding
	option dest 'wan'
	option src 'guest'

config forwarding
	option dest 'wan'
	option src 'lan'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'tcp'
	option dest_port '443'
	option name 'WAN web'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'tcp'
	option dest_port '22'
	option name 'WAN SSH'

config redirect 'adblock_dns_53'
	option name 'Adblock DNS, port 53'
	option src 'lan'
	option proto 'tcp udp'
	option src_dport '53'
	option dest_port '53'
	option target 'DNAT'

config redirect 'adblock_dns_853'
	option name 'Adblock DNS, port 853'
	option src 'lan'
	option proto 'tcp udp'
	option src_dport '853'
	option dest_port '853'
	option target 'DNAT'

config redirect 'adblock_dns_5353'
	option name 'Adblock DNS, port 5353'
	option src 'lan'
	option proto 'tcp udp'
	option src_dport '5353'
	option dest_port '5353'
	option target 'DNAT'

config rule
	option src 'wan'
	option dest_port '992'
	option target 'ACCEPT'
	option proto 'tcp'
	option name 'Softther VPN #1'

config rule
	option src 'wan'
	option dest_port '1194'
	option target 'ACCEPT'
	option name 'Softther VPN #2'
	option proto 'udp'

config rule
	option src 'wan'
	option dest_port '5555'
	option target 'ACCEPT'
	option proto 'tcp'
	option name 'Softther VPN #3'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'tcp'
	option dest_port '8443'
	option name 'Softther VPN Mgmt'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'udp'
	option dest_port '500'
	option name 'L2TP VPN'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'udp'
	option dest_port '4500'
	option name 'L2TP VPN'

config rule
	option enabled '1'
	option target 'ACCEPT'
	option src 'wan'
	option dest_port '1701'
	option name 'L2TP VPN'
	option proto 'tcp udp'

config include 'miniupnpd'
	option type 'script'
	option path '/usr/share/miniupnpd/firewall.include'
	option family 'any'
	option reload '1'

and this is unbound

config unbound
	option dns64 '0'
	option edns_size '1280'
	option extended_luci '0'
	option hide_binddata '1'
	option listen_port '53'
	option manual_conf '0'
	option query_minimize '1'
	option recursion 'passive'
	option root_age '9'
	option ttl_min '120'
	option validator '1'
	option validator_ntp '1'
	option rebind_localhost '1'
	option unbound_control '3'
	option enabled '1'
	option resource 'medium'
	option extended_stats '0'
	option dhcp_link 'odhcpd'
	option dhcp4_slaac6 '1'
	option domain_type 'deny'
	option add_local_fqdn '0'
	option add_wan_fqdn '0'
	option add_extra_dns '0'
	option protocol 'ip6_prefer'
	option rebind_protection '2'
	option localservice '1'
	option domain 'Ansuel-Network'
	list trigger_interface 'lan'
	list trigger_interface 'wan'

config zone
	option fallback '0'
	option enabled '1'
	option zone_type 'forward_zone'
	list zone_name '.'
	list server '1.1.1.1'
	list server '1.0.0.1'
	list server '2606:4700:4700::1111'
	list server '2606:4700:4700::1001'
	option tls_upstream '1'

Any idea ?

Probably missing in dhcp conf under guest section:
option dhcpv4 'server'

Same for ip6 if you need.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.