Hello, I have an issue in actually connecting to the internet on my newly created guest Wifi. I've set it all up on a separate old router using it as just a dumb AP.
If somebody could guide me as to how I show my settings here for you to examine, I'd be grateful.
Thanks
Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*
Forgive my ignorance: When I run those uci commands, where do they get exported to?
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd63:1d54:2143::/48'
config atm-bridge 'atm'
option vpi '1'
option vci '32'
option encaps 'llc'
option payload 'bridged'
option nameprefix 'dsl'
config dsl 'dsl'
option annex 'a'
option tone 'av'
option ds_snr_offset '0'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.55'
config device 'lan_dev'
option name 'eth0.1'
option macaddr 'REDACT’
config interface 'wan'
option ifname 'dsl0'
option proto 'pppoe'
option username 'username'
option password 'password'
option ipv6 '1'
config device 'wan_dev'
option name 'dsl0'
option macaddr 'REDACT
config interface 'wan6'
option ifname '@wan'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 4 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '5 6t'
config interface 'guest'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.2.1'
option gateway '192.168.1.254'
package wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'pci0000:01/0000:01:00.0/0000:02:00.0'
option htmode 'VHT80'
option country 'GB'
option legacy_rates '1'
option __toggle 'Disable'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
option disabled '1'
option mesh_fwding '1'
option key '1'
option ft_over_ds '1'
option ft_psk_generate_local '1'
config wifi-device 'radio1'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'pci0000:00/0000:00:0e.0'
option htmode 'HT20'
option country 'GB'
option legacy_rates '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option mode 'ap'
option ssid 'Studio_Guest_WiFi'
option key 'XXXXXX'
option isolate '1'
option encryption 'psk2'
option network 'guest'
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'guest'
option interface 'guest'
option start '100'
option leasetime '12h'
option limit '150'
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
option masq '1'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone 'guest'
option name 'guest'
option network 'guest'
option forward 'REJECT'
option output 'ACCEPT'
option input 'REJECT'
config forwarding 'guest_fwd'
option src 'guest'
option dest 'wan'
config rule 'guest_dhcp'
option name 'guest_DHCP'
option src 'guest'
option target 'ACCEPT'
option proto 'udp'
option dest_port '67-68'
config rule 'guest_dns'
option name 'guest_DNS'
option src 'guest'
option target 'ACCEPT'
list proto 'tcp'
list proto 'udp'
list proto 'tcp'
list proto 'udp'
option dest_port '53'
config rule 'guest_modem'
option name 'Guest-Block-Cable-Modem'
option src 'guest'
option dest 'wan'
option dest_ip '192.168.1.254'
option family 'ipv4'
option proto 'all'
option target 'REJECT'
Your output. (as you see)
(Answered in case others read the thread.)
Remove the gateway from the guest interface.
You didn't execute all the commands I asked you. You stopped at the second line.
Thanks. I DID execute all of the commands (didn't I?). I've now removed the gateway too. Still the same
Maybe you did, but didn't paste them here?
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd63:1d54:2143::/48'
config atm-bridge 'atm'
option vpi '1'
option vci '32'
option encaps 'llc'
option payload 'bridged'
option nameprefix 'dsl'
config dsl 'dsl'
option annex 'a'
option tone 'av'
option ds_snr_offset '0'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.55'
config device 'lan_dev'
option name 'eth0.1'
option macaddr 'a4:08:f5:XXXXXX
config interface 'wan'
option ifname 'dsl0'
option proto 'pppoe'
option username 'username'
option password 'password'
option ipv6 '1'
config device 'wan_dev'
option name 'dsl0'
option macaddr 'a4:08:f5:XXXXXX'
config interface 'wan6'
option ifname '@wan'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 4 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '5 6t'
config interface 'guest'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.2.1'
package wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'pci0000:01/0000:01:00.0/0000:02:00.0'
option htmode 'VHT80'
option country 'GB'
option legacy_rates '1'
option __toggle 'Disable'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
option disabled '1'
option mesh_fwding '1'
option key '1'
option ft_over_ds '1'
option ft_psk_generate_local '1'
config wifi-device 'radio1'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'pci0000:00/0000:00:0e.0'
option htmode 'HT20'
option country 'GB'
option legacy_rates '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option mode 'ap'
option ssid 'Studio_Guest_WiFi'
option key 'XXXXXX'
option isolate '1'
option encryption 'psk2'
option network 'guest'
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'guest'
option interface 'guest'
option start '100'
option leasetime '12h'
option limit '150'
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
option masq '1'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone 'guest'
option name 'guest'
option network 'guest'
option forward 'REJECT'
option output 'ACCEPT'
option input 'REJECT'
config forwarding 'guest_fwd'
option src 'guest'
option dest 'wan'
config rule 'guest_dhcp'
option name 'guest_DHCP'
option src 'guest'
option target 'ACCEPT'
option proto 'udp'
option dest_port '67-68'
config rule 'guest_dns'
option name 'guest_DNS'
option src 'guest'
option target 'ACCEPT'
list proto 'tcp'
list proto 'udp'
list proto 'tcp'
list proto 'udp'
option dest_port '53'
config rule 'guest_modem'
option name 'Guest-Block-Cable-Modem'
option src 'guest'
option dest 'wan'
option dest_ip '192.168.1.254'
option family 'ipv4'
option proto 'all'
option target 'REJECT'
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.1.55/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
7: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.2.1/24 brd 192.168.2.255 scope global wlan1
valid_lft forever preferred_lft forever
192.168.1.0/24 dev br-lan scope link src 192.168.1.55
192.168.2.0/24 dev wlan1 scope link src 192.168.2.1
broadcast 127.0.0.0 dev lo table local scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
local 127.0.0.1 dev lo table local scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
broadcast 192.168.1.0 dev br-lan table local scope link src 192.168.1.55
local 192.168.1.55 dev br-lan table local scope host src 192.168.1.55
broadcast 192.168.1.255 dev br-lan table local scope link src 192.168.1.55
broadcast 192.168.2.0 dev wlan1 table local scope link src 192.168.2.1
local 192.168.2.1 dev wlan1 table local scope host src 192.168.2.1
broadcast 192.168.2.255 dev wlan1 table local scope link src 192.168.2.1
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
lrwxrwxrwx 1 root root 16 Jan 30 12:21 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r-- 1 root root 32 Jan 30 19:46 /tmp/resolv.conf
-rw-r--r-- 1 root root 0 Jan 30 14:22 /tmp/resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
Any better?
A gateway and a DNS are missing from the uplink, the lan interface.
Could you spell it out further for me please? I'm very much a novice here.
Then better use the Luci web interface to fix that.
Go to Network - Interfaces, edit lan interface and add a gateway (the upstream router) and a dns (could be the upstream router as well)
Ok... I added my main router address as both the gateway and DNS too. Still the same.
What is the problem exactly?
guests can connect to the access point?
Do they get settings from dhcp?
Can they ping 8.8.8.8?
Can they ping google.com?
The Guest Wifi always says... 'Internet may not be available' and isn't.
Well... "may" doesn't mean much.
If the answer is yes to all above questions then you don't have a problem.
It won't let me connect to the guest wifi so I can't answer the rest of the questions.
What doesn't let you connect? Did you try different devices? Also what happens if you try to connect to a non-guest wifi or using the cable?
Does the AP itself has Internet? Can you ping a public IP or a domain from the AP?
You can try to disable the legacy rates. Also try to disable the encryption to verify that you can connect with open security.
All different wireless devices won't connect. However, I just managed to connect ok when wired directly to the router. Seems the AP isn't on the internet at all.