Help installing packages, Failed to establish connection but pc internet works fine when connected to router

Hi,

New to Linux and lede. I initially had setup my router as a switch using this guide for openwrt
https://wiki.openwrt.org/doc/recipes/dumbap

I can access the internet using my pc connected to the router (configured as above with the link). However, when I ssh to it and run opkg update I get connection failed to establish. If I change it back to a router and connect it directly to my modem it works.

I don't want to have to do this every time. Is there a way to setup my router as a switch and still install packages?

You shouldn't need to change anything, there seems to be something wrong with your configuration. Log into the device, execute "ping www.google.com", and post the results here.

ping: bad address 'www.google.com'

I also tried pinging 8.8.8.8 which is the google dns server

PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: Network unreachable

please post your /etc/config/network and /etc/config/firewall files.

Your device was not configured properly, post the files requested by @rj-45, please.

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fdc4:7f9b:1b50::/48'

config interface 'lan'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.201'
option ifname 'eth0.1'

config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'

config interface 'wan6'
option ifname 'eth1'
option proto 'dhcpv6'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 4 5t 6t'
option vid '1'

config switch_vlan
option device 'switch0'
option vlan '2'
option ports '6'
option vid '2'

root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT

Uncomment this line to disable ipv6 rules

option disable_ipv6 1

config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT

config zone
option name wan
list network 'wan'
list network 'wan6'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1

config forwarding
option src lan
option dest wan

We need to accept udp packets on port 68,

see https://dev.openwrt.org/ticket/4108

config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4

Allow IPv4 ping

config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT

config rule
option name Allow-IGMP
option src wan
option proto igmp
option family ipv4
option target ACCEPT

Allow DHCPv6 replies

see https://dev.openwrt.org/ticket/10381

config rule
option name Allow-DHCPv6
option src wan
option proto udp
option src_ip fc00::/6
option dest_ip fc00::/6
option dest_port 546
option family ipv6
option target ACCEPT

config rule
option name Allow-MLD
option src wan
option proto icmp
option src_ip fe80::/10
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family ipv6
option target ACCEPT

Allow essential incoming IPv6 ICMP traffic

config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT

Allow essential forwarded IPv6 ICMP traffic

config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT

include a file with users custom iptables rules

config include
option path /etc/firewall.user

EXAMPLE CONFIG SECTIONS

do not allow a specific ip to access wan

#config rule

option src lan

option src_ip 192.168.45.2

option dest wan

option proto tcp

option target REJECT

block a specific mac on wan

#config rule

option dest wan

option src_mac 00:11:22:33:44:66

option target REJECT

block incoming ICMP traffic on a zone

#config rule

option src lan

option proto ICMP

option target DROP

port redirect port coming in on wan to lan

#config redirect

option src wan

option src_dport 80

option dest lan

option dest_ip 192.168.16.235

option dest_port 80

option proto tcp

port redirect of remapped ssh port (22001) on wan

#config redirect

option src wan

option src_dport 22001

option dest lan

option dest_port 22

option proto tcp

allow IPsec/ESP and ISAKMP passthrough

config rule
option src wan
option dest lan
option proto esp
option target ACCEPT

config rule
option src wan
option dest lan
option dest_port 500
option proto udp
option target ACCEPT

FULL CONFIG SECTIONS

#config rule

option src lan

option src_ip 192.168.45.2

option src_mac 00:11:22:33:44:55

option src_port 80

option dest wan

option dest_ip 194.25.2.129

option dest_port 120

option proto tcp

option target REJECT

#config redirect

option src lan

option src_ip 192.168.45.2

option src_mac 00:11:22:33:44:55

option src_port 1024

option src_dport 80

option dest_ip 194.25.2.129

option dest_port 120

option proto tcp

Your device does not appear to have been configured as a "dumb AP", as you stated on your first post... I'm confused.

I swear I followed that guide exactly, maybe it didn't take?

I'll check again.

Looks like I have to change it from above to this?

config interface 'lan'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.201'
option ifname 'eth0.1 eth1'

Delete this whole section?
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '6'
option vid '2'

I can still access the internet if I connect from my main router to the wan port and then connect a cable from the LAN port to my pc. This is why I thought I had it in dumb ap mode as it didn't work this way when I first flashed lede to the router. I'm confused about how to properly configure it to work as a switch.

Sounds to me like you have not set correctly on the LAN interface the default gateway address and subnet mask.

Try to add option gateway 192.168.1.1 after option proto 'static' (or whatever is the address of your main router).

EDIT: Removed most content because I think this is as simple as that.

Still isn't working, I did a fresh install of lede.

With the following settings, I think I'm able to use the wan as a lan port. I plug in a cable from my main router to the wan port on this router. I plug in a lan port from this router to my pc. Internet works fine.

The only things I changed were the following.
Interfaces-Lan
Set static ip address to 192.168.1.201
net mask to 255.255.255.0
gateway to 192.168.1.1 (the weird thing is it doesn't seem to matter what I input for the gateway, I'm still able to access the internet even when there's no ip)
Ignore interface Disable DHCP for this interface. (box is checked)

Network-Switch
Vlan ID 1: Wan to untagged
Vlan ID 2: Wan to off

root@LEDE:~# cat /etc/config/network

config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fd9c:e592:1f5b::/48'

config interface 'lan'
option type 'bridge'
option ifname 'eth0 eth1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.201'
option gateway '192.168.1.1'

config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'

config interface 'wan6'
option ifname 'eth1'
option proto 'dhcpv6'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 4 5'
option vid '1'

config switch_vlan
option device 'switch0'
option vlan '2'
option ports '6'
option vid '2'

The problem with using WAN instead of LAN to connect your main router is that you are double-natting. Every devices connected to the main router will not reach devices connected to your EA3500.

Can you try to put your LAN interface in DHCP client and connect your main router to LAN of EA3500? Disable DHCP server on LAN interface also.

Does lede not function like ddwrt where you can set the wan port as a LAN port thus giving you one extra port to use?

Which is the ip of your modem? 192.168.1.1?
Please post the output of

  1. route -n
  2. cat /etc/resol.conf

How did you configurate the router, ssh or via luci?

root@LEDE:~# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br-lan
root@LEDE:~#

root@LEDE:~# cat /etc/resol.conf
cat: can't open '/etc/resol.conf': No such file or directory
root@LEDE:~#

I configured the router using luci.
The ip of the router connected to my modem is 192.168.1.1
The ip of the router I want to set up as a switch and which I can't use okpg update is 192.168.1.201

Based on the above: you have not defined DNS server and Gateway in the "dumb AP" router itself.

  • PC gets DNS and gateway via DHCP from the main router, so routing works.
  • Dumb AP itself has static IP address but no gateway and no DNS, so apps/services running in the dumb AP itself fail.

In your later message, you seem to have added gateway, but you need to add DNS, too. It should also be the main router at 192.168.1.1 (or a public DNS server somewhere)

PS. if you want a simple advice about a dumb wifi repeater that is connected via wired LAN to the main router, read e.g. https://forum.openwrt.org/viewtopic.php?pid=340068#p340068
or Extending wifi coverage using LEDE-PROJECT

1 Like

it was as simple as setting a custom dns in the lan-interace to my main router's ip.....

It is not actually about setting a "custom DNS" but setting at least some DNS. Earlier you had no DNS defined, so all name lookups performed by the dumb AP would fail.

You configure your dumb AP to use the DNS server running in the "main router".
PCs gets the DNS address in the DHCP messages, and likely uses similarly the main router's DNS server (at least if DHCP server runs in the main router).

The main router has got it own info about upstream ISP DNS servers via DHCP at the same time it got its own wan IP address. Likely that is your ISPs DNS servers that will be used.

Thank you everyone for all your help!