remove eth0 from the lan bridge.
remove device wlan0 from the lan interface, and replace it with br-lan
Remove masquerading from the lan firewall zone
Not critical, but I recommend making the WAN interface lowercase ('wan'). Change it in the firewall zone, too -- it is case sensitive.
Then restart your router and test again.
asyba
October 22, 2022, 12:10am
22
I can "remove device wlan0 from the lan interface"
but "and replace it with br-lan" I can, after 90 seconds it rollbacks safemode nothing I can do.
still no internet
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd70:13bf:2451::/48'
config device
option name 'br-lan'
option type 'bridge'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.10.1'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '0'
config interface 'WAN'
option proto 'dhcp'
option device 'eth0'
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'WAN'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
root@OpenWrt:~#
asyba
October 22, 2022, 12:12am
23
how I can change the WAN to wan ? luci doest let me unless delete the interface and start over.
can be done with ssh? just editing the /etc/config/xx file?
You can edit the case of the wan network by directly editing the config file or use the UCI commands. I personally often directly edit the file, but be aware that there is no error-checking so you can mess things up if you make a typo or an incorrect/invalid configuration.
Because of the auto-rollback, you may find that this is the easier way of handling certain changes. Just be careful.
Try the following things:
Provide results from each of those tests.
asyba
October 22, 2022, 12:53am
25
I renamed and reboot but still same issue
SSH:
root@OpenWrt:~# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
^C
--- 192.168.1.1 ping statistics ---
18 packets transmitted, 0 packets received, 100% packet loss
root@OpenWrt:~# ping 192.168.1.105
PING 192.168.1.105 (192.168.1.105): 56 data bytes
64 bytes from 192.168.1.105: seq=0 ttl=64 time=0.622 ms
64 bytes from 192.168.1.105: seq=1 ttl=64 time=0.382 ms
64 bytes from 192.168.1.105: seq=2 ttl=64 time=0.363 ms
64 bytes from 192.168.1.105: seq=3 ttl=64 time=0.365 ms
64 bytes from 192.168.1.105: seq=4 ttl=64 time=0.367 ms
^C
--- 192.168.1.105 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.363/0.419/0.622 ms
root@OpenWrt:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
^C
--- 8.8.8.8 ping statistics ---
8 packets transmitted, 0 packets received, 100% packet loss
root@OpenWrt:~# ping google.com
ping: bad address 'google.com'
root@OpenWrt:~#
PC:
federico@MacBook-Pro-de-Federico ~ % ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
64 bytes from 192.168.10.1: icmp_seq=0 ttl=64 time=50.780 ms
64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=6.265 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=64 time=8.872 ms
64 bytes from 192.168.10.1: icmp_seq=3 ttl=64 time=25.563 ms
^C
--- 192.168.10.1 ping statistics ---
4 packets transmitted, 4 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 6.265/22.870/50.780/17.733 ms
federico@MacBook-Pro-de-Federico ~ % ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
^C
--- 192.168.1.1 ping statistics ---
5 packets transmitted, 0 packets received, 100.0% packet loss
federico@MacBook-Pro-de-Federico ~ % ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
federico@MacBook-Pro-de-Federico ~ % ping google.com
^C
federico@MacBook-Pro-de-Federico ~ % ping google.com
^C
federico@MacBook-Pro-de-Federico ~ %
So there is clearly an issue with the upstream network connectivity.
Is the cable connected properly to the ethernet port?
Make sure that the wan network is lowercase in both the network settings and the firewall.
Restart and try again. Post your latest configs.
asyba
October 22, 2022, 1:11am
27
I was trying again to set device to br-lan on LAN.
and I lost access to the router by ethernet or wifi no IP address.
I need to hard factory reset and start over?
do I need this? "set device to br-lan on LAN."
from the test before I can ping 192.168.1.105 that is the IP that the main router tp-link assing to the WAN openWRT so is working the ethernet connectivity
You can use failsafe mode to regain access and fix any errors in your config files.
You don't necessarily need to set the lan device as br-lan in this case since you are only attaching it to one physical interface (a bridge is required if you are using multiple physical interfaces).
The wifi connection from your computer > OpenWrt was working properly. It was just the upstream connection (from OpenWrt > main network > internet).
asyba
October 22, 2022, 1:24am
29
I rebooted the router by power plug and got IP address.
SSH:
root@OpenWrt:~# ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
ping: sendto: Network unreachable
root@OpenWrt:~# ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
64 bytes from 192.168.10.1: seq=0 ttl=64 time=0.432 ms
64 bytes from 192.168.10.1: seq=1 ttl=64 time=0.463 ms
^C
--- 192.168.10.1 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.432/0.447/0.463 ms
root@OpenWrt:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
ping: sendto: Network unreachable
root@OpenWrt:~# ping google.com
^C
root@OpenWrt:~#
PC:
federicobechini@MacBook-Pro-de-Federico ~ % ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
64 bytes from 192.168.10.1: icmp_seq=0 ttl=64 time=21.176 ms
64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=25.654 ms
^C
--- 192.168.10.1 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 21.176/23.415/25.654/2.239 ms
federicobechini@MacBook-Pro-de-Federico ~ % ping 192.168.1.1
PING 192.168.1.1 (192.168.1.1): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
^C
--- 192.168.1.1 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
federicobechini@MacBook-Pro-de-Federico ~ % ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
federicobechini@MacBook-Pro-de-Federico ~ % ping google.com
^C
federicobechini@MacBook-Pro-de-Federico ~ %
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd70:13bf:2451::/48'
config device
option name 'br-lan'
option type 'bridge'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.10.1'
option device 'br-lan'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '0'
config interface 'wan'
option proto 'dhcp'
option device 'eth0'
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/10300000.wmac'
option channel '1'
option band '2g'
option htmode 'HT40'
option country 'AR'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'GALA1'
option encryption 'psk2'
option key '4237345fj'
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
root@OpenWrt:~#
Is the ethernet cable plugged in properly?
what is the output of
ifconfig
asyba
October 22, 2022, 1:31am
31
yes I test the same cable to my own pc and internet works.
also if unplug on openwrt does't show IP if I plug it show IP assigned
root@OpenWrt:~# ifconfig
br-lan Link encap:Ethernet HWaddr 54:AF:97:89:0D:26
inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::56af:97ff:fe89:d26/64 Scope:Link
inet6 addr: fd70:13bf:2451::1/60 Scope:Global
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4939 errors:0 dropped:0 overruns:0 frame:0
TX packets:2387 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:675082 (659.2 KiB) TX bytes:784684 (766.2 KiB)
eth0 Link encap:Ethernet HWaddr 54:AF:97:89:0D:26
inet addr:192.168.1.105 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::56af:97ff:fe89:d26/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:779 errors:0 dropped:0 overruns:0 frame:0
TX packets:186 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:127051 (124.0 KiB) TX bytes:15378 (15.0 KiB)
Interrupt:5
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:728 errors:0 dropped:0 overruns:0 frame:0
TX packets:728 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:57808 (56.4 KiB) TX bytes:57808 (56.4 KiB)
wlan0 Link encap:Ethernet HWaddr 54:AF:97:89:0D:26
inet6 addr: fe80::56af:97ff:fe89:d26/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4951 errors:0 dropped:0 overruns:0 frame:0
TX packets:2681 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:745668 (728.1 KiB) TX bytes:989693 (966.4 KiB)
If you unplug the cable from your WR802N and instead plug that into a computer, do you get internet access from that connection (make sure wifi is disabled on that computer)?
asyba
October 22, 2022, 1:37am
33
yes i got connection, yes wifi off
what did the computer show as its connection information (IP address, subnet mask, gateway/router, DNS)?
mk24
October 22, 2022, 1:41am
35
That is the default, don't change it. When you set the wifi AP network to lan
, the wlan0 will at run time be put into br-lan. Do not add a wlan anywhere in /etc/config/network. After removing eth0, the br-lan bridge will initially be empty, until the AP starts up and gets added.
In summary:
Default configuration. Connect Ethernet port to your PC and log in to 192.168.1.1.
Configure a wifi AP, set its network to lan
. Make sure to enter your country code in advanced settings (or option country
in both config wifi-device
in /etc/config/wireless) Enable the wifi.
Disconnect Ethernet cable from your PC. Connect PC to wifi AP and log in again.
Change lan IP to 192.168.10.1. This is tricky on LuCI, easier to edit the /etc/config/network file.
Reconnect PC to wifi and log in at 192.168.10.1
Remove eth0 from br-lan.
Create a new interface named exactly wan
(lower case, though LuCI will show it in upper case) with protoc dhcp (client) and eth0 as its device.
Plug Ethernet port into your home network (192.168.1.0/24)
You should now have Internet on the PC through the router.
It would be a good idea to make a config backup so you can easily return to this point.
Now set up the VPN.
Does your main router have any MAC address restrictions or firewall rules that could prevent your WR802N from connecting to the network properly?
asyba
October 22, 2022, 1:46am
38
mk24:
Remove eth0 from br-lan.
on the step * Remove eth0 from br-lan.
I could't do that, because I lost access and auto rollback.
I have to create first:
Create a new interface named exactly wan
(lower case, though LuCI will show it in upper case) with protoc dhcp (client) and eth0 as its device.
and then could * Remove eth0 from br-lan.
maybe I could start again a fresh install ..
can you post all of the config files as they are right now? (network, firewall, dhcp, wireless)
mk24
October 22, 2022, 1:47am
40
It's a bad idea to try to set the same device in two networks (wan and lan), results are indeterminate.
There's no reason why removing eth0 from br-lan while the Ethernet port is unplugged would affect wifi connectivity, if the wifi is properly configured.