Guest WiFi DHCP issue

Have an interesting issue that isn't the biggest deal, more of a nuisance. I have a guest network setup mainly for IoT devices and such. After doing any reboot or system update I start getting the following error

Sun Oct 8 17:33:08 2023 daemon.warn dnsmasq-dhcp[1]: no address range available for DHCP request via phy1-ap1

This will being repeated over and over for every device trying to connect. The fix is easy, simply reset the Guest network interface and all is well. Just trying to figure out why this would be happening.

Suggestions? I can post any additional logs or configs to assist. Appreciate it.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/dhcp
1 Like

system board

{
	"kernel": "5.15.133",
	"hostname": "router",
	"system": "ARMv7 Processor rev 1 (v7l)",
	"model": "Linksys WRT32X",
	"board_name": "linksys,wrt32x",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "SNAPSHOT",
		"revision": "r24096-9536446965",
		"target": "mvebu/cortexa9",
		"description": "OpenWrt SNAPSHOT r24096-9536446965"
	}
}

network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd51:3537:f103::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.2.1'

config device
	option name 'wan'
	option macaddr '62:38:e0:cb:da:f0'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'
	option peerdns '0'
	list dns '1.1.1.2'
	list dns '1.0.0.2'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'
	option peerdns '0'
	list dns '2606:4700:4700::1112'
	list dns '2606:4700:4700::1002'

config interface 'guest'
	option proto 'static'
	option broadcast '255.255.255.0'
	list ipaddr '192.168.3.1/24'

config interface 'nordvpntun'
	option proto 'none'
	option device 'tun0'

dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	option confdir '/tmp/dnsmasq.d'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option leasetime '3d'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
	list ra_flags 'none'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config host
	option name 'plex'
	option dns '1'
	option mac '00:24:81:7E:02:A8'
	option ip '192.168.2.5'
	option leasetime '5d'

config dhcp 'guest'
	option interface 'guest'
	option start '100'
	option limit '150'
	option leasetime '24h'

config host
	option name 'router2'
	option dns '1'
	option mac 'CE:C2:B6:47:18:B9'
	option leasetime '5d'
	option ip '192.168.3.2'

config host
	option name 'canon'
	option dns '1'
	option mac '10:98:C3:D7:09:D2'
	option leasetime '5d'
	option ip '192.168.2.30'

config host
	option name 'brother'
	option dns '1'
	option mac 'A8:6B:AD:6E:2B:60'
	option ip '192.168.2.31'
	option leasetime '5d'

config host
	option name 'XBOX'
	option mac 'D8:E2:DF:21:11:93'
	option ip '192.168.2.10'
	option leasetime '5d'
	option duid '000100012a6a64d2d8e2df211193'

Again, this issue is ONLY affecting the GUEST network, and only immediately after a reboot or system update, which rebooting the GUEST interface fixes. Thanks again so much for your time.

1 Like

exec:

# Configure network
uci -q delete network.guest_dev
uci set network.guest_dev="device"
uci set network.guest_dev.type="bridge"
uci set network.guest_dev.name="br-guest"
uci -q delete network.guest
uci set network.guest="interface"
uci set network.guest.proto="static"
uci set network.guest.device="br-guest"
uci set network.guest.ipaddr="192.168.3.1"
uci set network.guest.netmask="255.255.255.0"
uci commit network
/etc/init.d/network restart

from:

diff file first:

config interface 'guest'
	option proto 'static'
	option broadcast '255.255.255.0'
	list ipaddr '192.168.3.1/24'

diff file after

config interface 'guest'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.3.1'
	option device 'br-guest'
2 Likes

A question for those who know more than me, how is it possible that without a device option a client can obtain a valid DHCP or that something works ?

since he follows us:

config interface 'guest'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.3.1'

for example in the configuration of this router the part is missing:

option device 'br-guest'

given that:

device string Required=yes

Unfortunately, there's not enough data for conclusive analysis due to missing wireless and runtime network configs, and it's problematic for me to reproduce this setup.

1 Like

so if a distracted user modifies the configuration files by hand and forgets something, the system will not warn you if there is damage to the configuration file

however, if a user uses the luci environment (web interface) the system warns him of the discrepancy

in the end we are human beings we make mistakes it would be appropriate that the moment one executes

/etc/init.d/network reload

the system will at least notify you of detectable errors

I appreciate the assistance, I did try this, however, it basically broke everything across all networks with no connectivity. I was able to capture this:

Sun Oct  8 18:53:47 2023 daemon.crit dnsmasq[1]: inconsistent DHCP range at line 38 of /var/etc/dnsmasq.conf.cfg01411c
Sun Oct  8 18:53:47 2023 daemon.crit dnsmasq[1]: FAILED to start up

I will look over this again and the links you provided and attempt this again at a better time when I don't have family yelling at me about the internet going out. Reverting back to my original configuration, doing a full reboot, then resetting the guest network has brought everything back to normal again.

1 Like

I'm sorry for the problems that have arisen

remind the family that they existed before wifi
most important needs (quality of life, health, love, etc.)

1 Like

We'll also need to see the firewall file...

lets see the latest full config:

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Instructions that require editing files by hand tend to have a higher chance of human related errors.
Although using LuCI can mostly protect you from syntax errors, it barely detects any logical ones.
The OP's original config appears to be created with LuCI, otherwise it's difficult to explain the wrong and missing parts.

3 Likes

cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd51:3537:f103::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.2.1'

config device
	option name 'wan'
	option macaddr '62:38:e0:cb:da:f0'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'
	option peerdns '0'
	list dns '1.1.1.2'
	list dns '1.0.0.2'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'
	option peerdns '0'
	list dns '2606:4700:4700::1112'
	list dns '2606:4700:4700::1002'

config interface 'guest'
	option proto 'static'
	option broadcast '255.255.255.0'
	list ipaddr '192.168.3.1/24'

config interface 'nordvpntun'
	option proto 'none'
	option device 'tun0'

cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
	option band '5g'
	option country 'US'
	option channel 'auto'
	option cell_density '0'
	option htmode 'VHT40'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option macaddr '60:38:e0:cb:da:f2'
	option ssid '###
	option encryption 'psk2'
	option key '###'
	option disassoc_low_ack '0'
	option max_inactivity '600'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
	option band '2g'
	option htmode 'HT20'
	option country 'US'
	option channel 'auto'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option macaddr '60:38:e0:cb:da:f1'
	option ssid '###'
	option encryption 'psk2'
	option key '###'
	option disassoc_low_ack '0'
	option max_inactivity '600'

config wifi-device 'radio2'
	option type 'mac80211'
	option path 'platform/soc/soc:internal-regs/f10d8000.sdhci/mmc_host/mmc0/mmc0:0001/mmc0:0001:1'
	option channel '34'
	option band '5g'
	option htmode 'VHT80'
	option cell_density '0'

config wifi-iface 'default_radio2'
	option device 'radio2'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'
	option wmm '0'

config wifi-iface 'wifinet3'
	option macaddr '60:38:E0:CB:DA:F9'
	option device 'radio1'
	option mode 'ap'
	option ssid '###'
	option encryption 'psk2'
	option key '###'
	option network 'guest'
	option isolate '1'
	option disassoc_low_ack '0'
	option max_inactivity '600'

config wifi-iface 'wifinet4'
	option device 'radio2'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'none'

cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	option confdir '/tmp/dnsmasq.d'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option leasetime '3d'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
	list ra_flags 'none'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config host
	option name 'plex'
	option dns '1'
	option mac '00:24:81:7E:02:A8'
	option ip '192.168.2.5'
	option leasetime '5d'

config dhcp 'guest'
	option interface 'guest'
	option start '100'
	option limit '150'
	option leasetime '24h'

config host
	option name 'router2'
	option dns '1'
	option mac 'CE:C2:B6:47:18:B9'
	option leasetime '5d'
	option ip '192.168.3.2'

config host
	option name 'canon'
	option dns '1'
	option mac '10:98:C3:D7:09:D2'
	option leasetime '5d'
	option ip '192.168.2.30'

config host
	option name 'brother'
	option dns '1'
	option mac 'A8:6B:AD:6E:2B:60'
	option ip '192.168.2.31'
	option leasetime '5d'

config host
	option name 'XBOX'
	option mac 'D8:E2:DF:21:11:93'
	option ip '192.168.2.10'
	option leasetime '5d'
	option duid '000100012a6a64d2d8e2df211193'

cat /etc/config/firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option synflood_protect '1'
	option drop_invalid '1'
	option forward 'DROP'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option output 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'
	option input 'DROP'
	option forward 'DROP'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'
	option enabled '0'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'Support-UDP-Traceroute'
	option src 'wan'
	option dest_port '33434:33689'
	option proto 'udp'
	option family 'ipv4'
	option target 'REJECT'
	option enabled '0'

config include
	option path '/etc/firewall.user'

config zone
	option name 'guest'
	option output 'ACCEPT'
	list network 'guest'
	option input 'DROP'
	option forward 'DROP'

config rule
	option name 'Guest DHCP'
	list proto 'udp'
	option src 'guest'
	option dest_port '67-68'
	option target 'ACCEPT'

config rule
	option name 'Guest DNS'
	option src 'guest'
	option dest_port '53'
	option target 'ACCEPT'

config rule
	option name 'DirecTV'
	option src 'lan'
	option target 'DROP'
	list src_ip '169.254.0.0/16'
	list proto 'all'
	list src_mac '40:3d:ec:46:4d:a3'

config forwarding
	option src 'guest'
	option dest 'wan'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option src 'wan'
	option src_dport '3074'
	option dest_ip '192.168.2.10'
	option dest_port '3074'
	option name 'Xbox Series X 3074'

config zone
	option name 'vpnfirewall'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option mtu_fix '1'
	list network 'nordvpntun'
	option masq '1'

config forwarding
	option src 'lan'
	option dest 'vpnfirewall'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Xbox Series X 88'
	list proto 'udp'
	option src 'wan'
	option src_dport '88'
	option dest_ip '192.168.2.10'
	option dest_port '88'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Xbox Series X 53'
	option src 'wan'
	option src_dport '53'
	option dest_ip '192.168.2.10'
	option dest_port '53'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Xbox Series X 80'
	list proto 'tcp'
	option src 'wan'
	option src_dport '80'
	option dest_ip '192.168.2.10'
	option dest_port '80'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Xbox Series X 500'
	list proto 'udp'
	option src 'wan'
	option src_dport '500'
	option dest_ip '192.168.2.10'
	option dest_port '500'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Xbox Series X 3544'
	list proto 'udp'
	option src 'wan'
	option src_dport '3544'
	option dest_ip '192.168.2.10'
	option dest_port '3544'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Xbox Series X 4500'
	list proto 'udp'
	option src 'wan'
	option src_dport '4500'
	option dest_ip '192.168.2.10'
	option dest_port '4500'

config include 'miniupnpd'
	option type 'script'
	option path '/usr/share/miniupnpd/firewall.include'

config include 'pbr'
	option fw4_compatible '1'
	option type 'script'
	option path '/usr/share/pbr/pbr.firewall.include'

This is wrong, remove it from your guest network interface configuration:

You may want to remove these while troubleshooting... they shouldn't be the problem, but it is best to keep things simple while troubleshooting.

The guest firewall config looks okay, but if things don't start working, you might try setting the guest zone (temporarily) to accept input.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.