Guest wifi or LAN Wifi does not have internet access

Hello,

My config is :
Internet ---> operator box ------------> Asus-AX53U-WRT ~~~~~~ GUEST WIFI
~
~~~~~~~Home WIFI

Can you help me to Identify what's wrong on my config ?

Asus-AX53U-WRT is able to connect to openwrt.org :

PING openwrt.org (139.59.209.225): 56 data bytes
64 bytes from 139.59.209.225: seq=0 ttl=53 time=27.676 ms
64 bytes from 139.59.209.225: seq=1 ttl=53 time=27.328 ms
64 bytes from 139.59.209.225: seq=2 ttl=53 time=27.344 ms
64 bytes from 139.59.209.225: seq=3 ttl=53 time=27.382 ms
64 bytes from 139.59.209.225: seq=4 ttl=53 time=27.380 ms

--- openwrt.org ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 27.328/27.422/27.676 ms

Network :

login as: root
root@192.168.0.128's password:


BusyBox v1.35.0 (2023-01-03 00:24:21 UTC) built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt 22.03.3, r20028-43d71ad93e
 -----------------------------------------------------
root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix 'fd05:6988:d105::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'
        option force_link '0'
        list dns '192.160.0.254'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'
        option type 'bridge'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

config interface 'Guest'
        option proto 'static'
        option ipaddr '10.20.30.40'
        option netmask '255.255.255.0'
        option device 'wlan0-1'
        list dns '8.8.8.8'
        list dns '1.1.1.1'

config device
        option name 'wlan0'

config interface 'HomeWifi'
        option device 'wlan0'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.3.1'

WIFI :

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
        option band '2g'
        option cell_density '0'
        option htmode 'HT20'
        option country 'FR'
        option channel '6'

config wifi-device 'radio1'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0+1'
        option channel '36'
        option band '5g'
        option htmode 'HE80'
        option disabled '1'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

config wifi-iface 'wifinet2'
        option device 'radio0'
        option encryption 'psk2'
        option key 'wifiHome'
        option mode 'ap'
        option network 'HomeWifi'
        option ssid 'OpenWrt'

config wifi-iface 'wifinet3'
        option device 'radio0'
        option key 'keywifiGUEST'
        option mode 'ap'
        option ssid 'wifigguest'
        option encryption 'psk2'
        option isolate '1'

DHCP :

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option dhcpv4 'server'
        option leasetime '72h'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'Guest'
        option interface 'Guest'
        option start '100'
        option limit '150'
        option leasetime '12h'

config dhcp 'HomeWifi'
        option interface 'HomeWifi'
        option start '100'
        option limit '150'
        option leasetime '12h'

Firewall :

root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option synflood_protect '1'
        option forward 'ACCEPT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'
        list network 'HomeWifi'

config zone
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        list masq_src '192.168.2.1'
        option name 'wan'
        option forward 'REJECT'
        list network 'wan'
        list network 'wan6'
        option input 'ACCEPT'

config rule
        option name 'Allow-DHCP-Renew'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'
        option src 'wan'

config rule
        option name 'Allow-Ping'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'
        option src 'wan'

config rule
        option name 'Allow-IGMP'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'
        option src 'wan'

config rule
        option name 'Allow-DHCPv6'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'
        option src 'wan'

config rule
        option name 'Allow-MLD'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'
        option src 'wan'

config rule
        option name 'Allow-ICMPv6-Input'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
        option src 'wan'

config rule
        option name 'Allow-ICMPv6-Forward'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
        option src 'wan'

config rule
        option name 'Allow-IPSec-ESP'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'
        option src 'wan'

config rule
        option name 'Allow-ISAKMP'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'
        option src 'wan'

config rule
        option name 'Luci Acces from Wan Port'
        option dest 'lan'
        list dest_ip '192.168.2.1'
        option target 'ACCEPT'
        option src 'wan'
        list proto 'all'
        list src_ip '192.168.0.129'

config zone
        option name 'GuestZone'
        option output 'ACCEPT'
        option input 'REJECT'
        option forward 'REJECT'
        list network 'Guest'

config forwarding
        option src 'GuestZone'
        option dest 'wan'

config rule
        option name 'Guest DHCP and DNS'
        option src 'GuestZone'
        option dest_port '53 67 68'
        option target 'ACCEPT'

config forwarding
        option src 'lan'
        option dest 'wan'

you might want to repost/edit the output of those cat commands ...

have you seen https://openwrt.org/docs/guide-user/network/wifi/guestwifi/start ?

edited, sorry
Yes already look-up on the guest wi-fi , but not helping

I kind of suck at these things, but what device is wlan0-1 ?

wlan0-1 seems to be the internal router ID of the wifi named guestwifi

Hi

if i get it correct, you removed IP address from LAN ...

well, my opinion is that you need to

  1. reset router to factory defaults
  2. make sure that your wifi is working. ex: it getting 192.168.1.x addresses from "LAN" network
  3. rename this wifi SSID to "HomeWIFI"

if everything is OK, then you need to create second wifi, firewall zone and dhcp for guest
it is all

Thanks Frollic and NPeca75 to look over my issue.

@NPeca75 Why are you saying I removed IP address from LAN ?
I am connected to LuCi through WAN and nothing connected to LAN ports

If you confirm I can move to factory defaults

acorrding to your last screenshot, you messed up br-lan

please try as i wrote above

Thanks , finally works after reset to fatory for the homewifi

Needed to apply twice for the guest to have it working,

looks strange on the device selection :

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.