My configuration is dnsmasq disabled, odhcpd is the main dhcp app and unbound is used for dns tls.
Network works in normal interface but doesn't work in the guest network. (the client doesn't receive any ip)
This is DHCP conf
config dnsmasq 'global'
option expandhosts '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option domain 'Ansuel-Network'
option cachesize '2000'
option local '/Ansuel-Network/'
option rebind_protection '0'
option sequential_ip '1'
option localise_queries '1'
option boguspriv '0'
option noresolv '1'
option port '53'
config dhcp 'lan'
option interface 'lan'
option start '2'
option force '1'
option limit '200'
option ra_management '1'
option ra 'server'
option dhcpv4 'server'
option dhcpv6 'server'
list domain 'Ansuel-Router'
option leasetime '24h'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config host
option name 'Ansuel-Gaming'
option mac '10:c3:7b:92:19:ff'
option ip '192.168.2.5'
config dhcp 'guest'
option interface 'guest'
option limit '200'
option leasetime '1h'
option start '2'
config dhcp 'tor'
option interface 'tor'
option start '2'
option stop '100'
option leasetime '12h'
option limit '150'
config host
option mac 'e8:de:27:c9:68:82'
option name 'Ripe-Atlas'
option ip '192.168.2.3'
config odhcpd 'odhcpd'
option maindhcp '1'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '1'
config host
option name 'Samknows-Whitebox'
option mac 'd8:37:be:fd:f3:6d'
option ip '192.168.2.6'
This is NETWORK
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd49:5134:465f::/48'
config interface 'lan'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.2.1'
option ip6assign '64'
option ifname 'eth0.1 tap_softether'
config interface 'guest'
option proto 'static'
option netmask '255.255.255.0'
option _orig_ifname 'wlan1-1'
option _orig_bridge 'false'
option type 'bridge'
option metric '10'
option ipaddr '192.168.20.1'
config interface 'wan'
option ifname 'eth1.2'
option proto 'pppoe'
option password 'testoh'
option ipv6 'auto'
option metric '0'
option username 'ciaoca'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 5t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4 6t'
config interface 'wan_ipv6'
option proto 'pppoe'
option ifname 'eth1.2'
option username 'adsl@alice6.it'
option password 'IPV6@alice6'
option ipv6 'auto'
option metric '10'
config interface 'modem'
option ifname 'eth1.2'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.1.7'
and this is FIREWALL
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule 'guest_rule_dns'
option name 'Allow DNS Queries'
option src 'guest'
option target 'ACCEPT'
option proto 'tcp udp'
option dest_port '53'
config rule 'guest_rule_dhcp'
option name 'Allow DHCP request'
option src 'guest'
option proto 'udp'
option target 'ACCEPT'
option dest_port '67-68'
config rule
option src 'tor'
option proto 'udp'
option dest_port '67'
option target 'ACCEPT'
option name 'Tor DHCP Network'
config rule
option src 'tor'
option proto 'tcp'
option dest_port '9040'
option target 'ACCEPT'
option name 'Tor Packet Network'
config rule
option src 'tor'
option proto 'udp'
option dest_port '9053'
option target 'ACCEPT'
option name 'Tor DNS Network'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'tcp'
option dest_port '9001'
option name 'Tor Relay'
config rule
option target 'ACCEPT'
option src 'wan'
option dest_port '6800'
option name 'Aria2'
option proto 'tcp'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'tcp'
option dest_port '80'
option name 'Redirect to HTTPS'
config rule
option target 'ACCEPT'
option src 'wan'
option dest_port '6881-6999'
option name 'Aria 2 Torrent Listen & DHT'
option proto 'tcp udp'
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option syn_flood '1'
option drop_invalid '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option input 'REJECT'
option forward 'REJECT'
option network 'modem wan wan_6 wan6 wan_ipv6'
config include
option path '/etc/firewall.user'
config zone 'guest_zone'
option name 'guest'
option network 'guest'
option input 'REJECT'
option forward 'REJECT'
option output 'ACCEPT'
config zone
option name 'tor'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option network 'tor'
config forwarding
option dest 'wan'
option src 'guest'
config forwarding
option dest 'wan'
option src 'lan'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'tcp'
option dest_port '443'
option name 'WAN web'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'tcp'
option dest_port '22'
option name 'WAN SSH'
config redirect 'adblock_dns_53'
option name 'Adblock DNS, port 53'
option src 'lan'
option proto 'tcp udp'
option src_dport '53'
option dest_port '53'
option target 'DNAT'
config redirect 'adblock_dns_853'
option name 'Adblock DNS, port 853'
option src 'lan'
option proto 'tcp udp'
option src_dport '853'
option dest_port '853'
option target 'DNAT'
config redirect 'adblock_dns_5353'
option name 'Adblock DNS, port 5353'
option src 'lan'
option proto 'tcp udp'
option src_dport '5353'
option dest_port '5353'
option target 'DNAT'
config rule
option src 'wan'
option dest_port '992'
option target 'ACCEPT'
option proto 'tcp'
option name 'Softther VPN #1'
config rule
option src 'wan'
option dest_port '1194'
option target 'ACCEPT'
option name 'Softther VPN #2'
option proto 'udp'
config rule
option src 'wan'
option dest_port '5555'
option target 'ACCEPT'
option proto 'tcp'
option name 'Softther VPN #3'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'tcp'
option dest_port '8443'
option name 'Softther VPN Mgmt'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'udp'
option dest_port '500'
option name 'L2TP VPN'
config rule
option target 'ACCEPT'
option src 'wan'
option proto 'udp'
option dest_port '4500'
option name 'L2TP VPN'
config rule
option enabled '1'
option target 'ACCEPT'
option src 'wan'
option dest_port '1701'
option name 'L2TP VPN'
option proto 'tcp udp'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
and this is unbound
config unbound
option dns64 '0'
option edns_size '1280'
option extended_luci '0'
option hide_binddata '1'
option listen_port '53'
option manual_conf '0'
option query_minimize '1'
option recursion 'passive'
option root_age '9'
option ttl_min '120'
option validator '1'
option validator_ntp '1'
option rebind_localhost '1'
option unbound_control '3'
option enabled '1'
option resource 'medium'
option extended_stats '0'
option dhcp_link 'odhcpd'
option dhcp4_slaac6 '1'
option domain_type 'deny'
option add_local_fqdn '0'
option add_wan_fqdn '0'
option add_extra_dns '0'
option protocol 'ip6_prefer'
option rebind_protection '2'
option localservice '1'
option domain 'Ansuel-Network'
list trigger_interface 'lan'
list trigger_interface 'wan'
config zone
option fallback '0'
option enabled '1'
option zone_type 'forward_zone'
list zone_name '.'
list server '1.1.1.1'
list server '1.0.0.1'
list server '2606:4700:4700::1111'
list server '2606:4700:4700::1001'
option tls_upstream '1'
Any idea ?