Hi,
I Install a guest wifi and I think I have a problem ?
root@OpenWrt:~# # Configure DHCP
root@OpenWrt:~# uci -q delete dhcp.guest
root@OpenWrt:~# uci set dhcp.guest="dhcp"
root@OpenWrt:~# uci set dhcp.guest.interface="guest"
root@OpenWrt:~# uci set dhcp.guest.start="100"
root@OpenWrt:~# uci set dhcp.guest.limit="150"
root@OpenWrt:~# uci set dhcp.guest.leasetime="1h"
root@OpenWrt:~# uci set dhcp.guest.netmask="255.255.255.0"
root@OpenWrt:~# uci commit dhcp
root@OpenWrt:~# /etc/init.d/dnsmasq restart
udhcpc: started, v1.35.0
udhcpc: broadcasting discover
udhcpc: no lease, failing
udhcpc: started, v1.35.0
udhcpc: broadcasting discover
udhcpc: no lease, failing
The problem appears to be the system is unable to obtain a dhcp lease from your upstream network. The error you are seeing presumably has nothing to do with the guest network.
We can review your config, if you'd like, but it is important that you describe the actual problem(s) you are facing (since that error simply tells me that your device couldn't get a lease from the upstream).
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
psherman:
cat /etc/config/firewall
thank you
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
option metric '1024'
option peerdns '0'
list dns '192.168.1.1'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '5 0t'
config interface 'wg'
option proto 'wireguard'
option private_key 'qBvm/eH/CXXXXXXXXXXXXXXXXXXXXXXPslUI='
option listen_port '55380'
list addresses '10.xx.xx.xx/24'
config wireguard_wg
option public_key 'VhVKXXXXXXXXXXXXXXXXXXXXXXXVfq/4aBn8='
list allowed_ips '0.0.0.0/0'
list allowed_ips '::/0'
option route_allowed_ips '1'
option endpoint_host '1xx.xxx.xxx.90'
option endpoint_port '1443'
option persistent_keepalive '25'
config device 'guest_dev'
option type 'bridge'
option name 'guest'
config interface 'guest'
option proto 'static'
option device 'guest'
option ipaddr '192.168.3.1'
option netmask '255.255.255.0'
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
option band '5g'
option htmode 'VHT80'
option country 'CA'
option cell_density '0'
option channel '157'
option txpower '30'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'N5_5'
option encryption 'psk2'
option key 'XXXXXX'
config wifi-device 'radio1'
option type 'mac80211'
option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
option band '2g'
option htmode 'HT40'
option channel '9'
option country 'CA'
option cell_density '0'
option txpower '30'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'N24'
option encryption 'psk2'
option key 'xxxxxxxx#'
config wifi-iface 'guest'
option device 'radio0'
option mode 'ap'
option network 'guest'
option ssid 'guestN'
option encryption 'psk2'
option key 'xxxxxxxxx'
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
option confdir '/tmp/dnsmasq.d'
list server '127.0.0.53#53'
list server '/mask.icloud.com/'
list server '/mask-h2.icloud.com/'
list server '/use-application-dns.net/'
option noresolv '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'guest'
option interface 'guest'
option start '100'
option limit '150'
option leasetime '1h'
option netmask '255.255.255.0'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option flow_offloading '1'
config zone 'lan'
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone 'wan'
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wg'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include 'qcanssecm'
option type 'script'
option path '/etc/firewall.d/qca-nss-ecm'
option family 'any'
option reload '1'
config include 'bcp38'
option type 'script'
option path '/usr/lib/bcp38/run.sh'
option family 'IPv4'
option reload '1'
config rule 'wg'
option name 'Allow-WireGuard'
option src 'wan'
option dest_port '51820'
option proto 'udp'
option target 'ACCEPT'
config redirect 'dns_int'
option name 'Intercept-DNS'
option src 'lan'
option src_dport '53'
option proto 'tcp udp'
option target 'DNAT'
config include 'pbr'
option fw4_compatible '1'
option type 'script'
option path '/usr/share/pbr/pbr.firewall.include'
config zone 'guest'
option name 'guest'
option network 'guest'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config forwarding 'guest_wan'
option src 'guest'
option dest 'wan'
config rule 'guest_dns'
option name 'Allow-DNS-Guest'
option src 'guest'
option dest_port '53'
option proto 'tcp udp'
option target 'ACCEPT'
config rule 'guest_dhcp'
option name 'Allow-DHCP-Guest'
option src 'guest'
option src_port '68'
option dest_port '67'
option proto 'udp'
option family 'ipv4'
option target 'ACCEPT'
root@OpenWrt:~#
It is not a good idea to set the DNS server to the lan address of the same device -- this makes it such that you won't have a proper upstream DNS server. Remove that and use something else (such as a public DNS server of your choosing).
Remove the 'guest_dev' from the above, just in case it is causing a problem. You already have a name explicitly defined.
This is non-standard. Is this really what you want?
remove the source port... just make the dest port 67-68.
1 Like
not sure if I understand, as dns, I'M using dnscript proxy2.
psherman:
It is not a good idea to set the DNS server to the lan address of the same device -- this makes it such that you won't have a proper upstream DNS server. Remove that and use something else (such as a public DNS server of your choosing).
Remove the 'guest_dev' from the above, just in case it is causing a problem. You already have a name explicitly defined.
removing that with from ssh command?
This is non-standard. Is this really what you want?
no at all, you are talking about mask-icloud? everytime I remove them they appear anyway, dont know why
remove the source port... just make the dest port 67-68.
Ok. I’ve never used dnscript proxy, but this looks unusual.
But still not sure what your actual problem is.
I added some answers /questions
Can you tell me what your actual functional problem is here? I still don't understand the specific issue you're facing.
now I did the changing you pointed me, thanks
it seems to be ok, it was about that;
udhcpc: broadcasting discover
udhcpc: no lease, failing
udhcpc: started, v1.35.0
udhcpc: broadcasting discover
udhcpc: no lease, failing
Like I said before... this error appears to be related to your upstream network not providing a DHCP lease to your OpenWrt wan.
But what is the actual problem in real use? What is not working the way you expect?
1 Like
yep for now, but with the changes I made, maybe I could make a test with DHCP lease if it is working now? dont how btw
Ok... you haven't answered the fundamental question:
From a practical use perspective, what is wrong here?
I can't reach the internet on any of the OpenWrt networks
I can't get online on the Guest network, but the regular lan is fine
my devices (phone, computer, etc.) are unable to get a DHCP lease from OpenWrt
You need to tell me what is wrong, otherwise we're just wasting time.
just to be sure that setup is ok?
config rule 'guest_dhcp'
option name 'Allow-DHCP-Guest'
option src 'guest'
option dest_port '67-68'
option proto 'udp'
option family 'ipv4'
option target 'ACCEPT'
riodoro
December 31, 2022, 12:36pm
15
PerkelSimon:
udhcpc: broadcasting discover
udhcpc: no lease, failing
udhcpc: started, v1.35.0
udhcpc: broadcasting discover
udhcpc: no lease, failing
Don't worry.
1 Like
system
January 10, 2023, 12:39pm
17
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.
