Help with no IP from ISP after power loss

Hi All,

I hope someone can help me as i'm banging my head against the wall on this for a few days.

My openwrt setup was working great, until a thunderstorm made the power flicker a few times, no issue, i thought as everything is plugged into UPS's as far as my hardware goes. the isp's ONT box is the only thing not on an UPS, so i figured after realizing the internet was out, it must be something there. well they cant come out to fix for a few days so I got to looking, their box looked fine, the lights were on and so did a sanity check and plugged the ISP modem in to check, boom internet works. plug it back into the WAN port on my protectli Vault running Openwrt, nothing.

My openwrt box never lost power as its on an UPS, and suddenly it's just not working, it seems to be seeing send/receive traffic but it's not picking up an IP from the ISP. I ran into another article about dhcp caching on the ISP end, so I tried spoofing my interface MAC to match that of the ISP modem no luck, tried unplugging everything for the night and back in in nthe morning, no luck.

Anyways, here are my configs, i have messed with them a little bit but I believe they should be back to what it was, so I really don't know why it's not working - also if anyone has any other ideas, please let me know.

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd81:5e35:4ce8::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        list dns '1.1.1.1'
        list dns '8.8.8.8'
        option ipaddr '10.0.0.50'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'
        option peerdns '1'

config interface 'wan6'
        option device 'eth1'
        option proto 'dhcpv6'

config interface 'opt1'
        option proto 'static'
        option device 'eth2'
        option netmask '255.255.255.0'
        option ipaddr '10.0.100.1'

config interface 'test'
        option proto 'static'
        option ipaddr '10.0.99.1'
        option netmask '255.255.255.0'
        option device 'wlan0'

config route
        option target '10.0.200.0/24'
        option gateway '10.0.100.10'
        option interface 'opt1'

config route
        option interface 'opt1'
        option target '10.0.150.0/24'
        option gateway '10.0.100.15'

config device
        option name 'eth1'
        option ipv6 '0'
		
		
		
root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option expandhosts '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'
        list interface 'test'
        list interface 'lan'
        list interface 'opt1'
        list server '8.8.8.8'
        list server '1.1.1.1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        list dhcp_option '6,1.1.1.1,8.8.8.8'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'opt1'
        option interface 'opt1'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        list dhcp_option '6,10.0.200.100,1.1.1.1'

config dhcp 'test'
        option interface 'test'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        list dhcp_option '6,8.8.8.8,1.1.1.1'


root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option synflood_protect '1'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'allow all to lan from office'
        option src 'office'
        option dest 'lan'
        option target 'ACCEPT'
        list proto 'all'

config rule
        option name 'allow all from lan to office'
        list proto 'all'
        option src 'lan'
        option dest 'office'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config zone
        option name 'office'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option mtu_fix '1'
        list network 'opt1'
        list subnet '10.0.100.0/24'
        option log '1'
        option log_limit '10/minute'

config forwarding
        option src 'office'
        option dest 'lan'

config forwarding
        option src 'office'
        option dest 'wan'

config forwarding
        option src 'lan'
        option dest 'office'

config zone
        option name 'homelab1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        list network 'opt1'
        list subnet '10.0.200.0/24'
        option forward 'ACCEPT'

config forwarding
        option src 'homelab1'
        option dest 'lan'

config forwarding
        option src 'homelab1'
        option dest 'office'

config forwarding
        option src 'lan'
        option dest 'homelab1'

config forwarding
        option src 'office'
        option dest 'homelab1'

config rule
        option name 'office to homelab'
        list proto 'all'
        option src 'office'
        option dest 'homelab1'
        option target 'ACCEPT'

config rule
        option name 'homelabout'
        list proto 'all'
        option src 'homelab1'
        option dest 'office'
        option target 'ACCEPT'

config zone
        option name 'jhomelab'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list subnet '10.0.150.0/24'
        list network 'opt1'

config forwarding
        option src 'jhomelab'
        option dest 'wan'

config forwarding
        option src 'office'
        option dest 'jhomelab'

Your WAN interface is configured as a simple DHCP client, and that is not very common when connecting through a ONT; are you sure you weren't running a different configuration (a PPPoE client, for example) before rebooting? How is the original router from the ISP configured?

What are the logs on the OpenWRT box, when it tries to establish a connection?

Sorry that took a minute - the ISP modem is also set to DHCP client.

The WAN config hasn't changed except I tried switching between a static DNS and using the peerdns is about it, I don't think the config should have changed after a reboot either but who knows.

As far as logs go, i'm familiar with the "Logread" command, no logs when plugging the WAN cable in or after restarting the interface, are there any other log locations I should check?

So restarted again while watching logs and got the following

Mon Jun 19 14:07:43 2023 daemon.notice netifd: wan (3446): udhcpc: received SIGTERM
Mon Jun 19 14:07:43 2023 daemon.notice netifd: wan (3446): udhcpc: entering released state
Mon Jun 19 14:07:43 2023 daemon.notice netifd: wan (3446): Command failed: ubus call network.interface notify_proto { "action": 0, "link-up": false, "keep": false, "interface": "wan" } (Permission denied)
Mon Jun 19 14:07:43 2023 daemon.notice netifd: Interface 'wan' is now down
Mon Jun 19 14:07:43 2023 daemon.notice netifd: Interface 'wan' is setting up now
Mon Jun 19 14:07:43 2023 daemon.notice netifd: wan (3904): udhcpc: started, v1.35.0
Mon Jun 19 14:07:43 2023 daemon.notice netifd: wan (3904): udhcpc: broadcasting discover
Mon Jun 19 14:07:47 2023 daemon.notice netifd: wan (3904): udhcpc: broadcasting discover
Mon Jun 19 14:07:50 2023 daemon.notice netifd: wan (3904): udhcpc: broadcasting discover

Here are some possibly relevant logs from dmesg i'm looking into

[   12.706345] kmodloader: done loading kernel modules from /etc/modules.d/*
[   13.236020] br-lan: port 1(eth0) entered blocking state
[   13.241750] br-lan: port 1(eth0) entered disabled state
[   13.247502] device eth0 entered promiscuous mode
[   16.582302] igc 0000:01:00.0 eth0: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
[   16.591435] br-lan: port 1(eth0) entered blocking state
[   16.597141] br-lan: port 1(eth0) entered forwarding state
[   16.603160] IPv6: ADDRCONF(NETDEV_CHANGE): br-lan: link becomes ready
[   17.032279] igc 0000:03:00.0 eth1: NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
[   23.227488] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[   65.641841] i915 0000:00:02.0: [drm] Failed to load DMC firmware i915/kbl_dmc_ver1_04.bin. Disabling runtime power management.
[   65.654278] i915 0000:00:02.0: [drm] DMC firmware homepage: https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git/tree/i915

I do not see any relevant messages in those logs... I could not tell why it is not connecting.

The wan interface is starting a DISCOVER broadcast, but it doesn't receive an answer from the DHCP server (ONT device ???).

You have to find out, why the DHCP server doesn't answer.

Consider the possibility of hardware damage to the port. It appears the ONT is OK as it works plugged into another router. I would move eth1 into br-lan and plug the LAN into it. If that works then try running the WAN through eth0.

Do you have another router that you can use as a dhcp server to test the wan port of the router in question. The isp router could be used. Just connect the lan port of the isp router to the wan port of your openwrt router. The goal here is just to see if the port physically works and the device can get an address via dhcp (actual internet connectivity is not the purpose of this test).

Yes, sorry was just posting logs for expediency in case anyone had a chance to look, I came to the same conclusion, no idea why so far based on those logs.

Yes, not sure - didn't have TCPDUMP installed, plan to install that and do a PCAP when I get a chance.

@mk24 @psherman Yes, I have hooked the old netgate PfSense back up and got my home network up and running again. I have the OpenWrt router in my office now and I've hooked it up (WAN and LAN) ports to my OPT1 network, the WAN received a DHCP address immediately, so I think hardware damage is ruled out (Thanks APC) - I also spoke with the ISP but they couldn't find anything on their end, next plan is to do a PCAP when I get a chance to take the internet down again.

@psherman

I got around to giving this another test, i had my old firewall plugged in for the last week and moved the openwrt/vault back plugged it in and it started working with no issues. The PCAP just shows a successful DHCP discover followed by an offer and an ack with no issues.

Unfortunately unable to reproduce the issue at this time.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.