How do I route internet to the OpenWrt Router

ericyew · September 13, 2022, 1:28pm

Can someone help me figure out how I can give my router internet access so that I can download packages etc?

Currently I have setup with 2 vlan on the Redmi AX6S and Wifi to each vlan. All ports including the wan port have been group into brlan to act as lan ports. The vlan and internet is managed on firewalla. There is another management vlan, vlan 1 on firewalla. Any help would be appreciated. Thanks.

root@AX6S-2:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdf9:4f9e:92fc::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'wan'

config interface 'lan'
        option device 'br-lan'
        option proto 'none'

config bridge-vlan
        option device 'br-lan'
        option vlan '8'
        list ports 'lan2:t'
        list ports 'wan:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '99'
        list ports 'lan1'
        list ports 'lan2:t'
        list ports 'lan3'
        list ports 'wan:t'

config interface 'securelan'
        option device 'br-lan.8'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.8.2'
        option netmask '255.255.255.0'
        option gateway '192.168.8.1'

config interface 'iot'
        option proto 'static'
        option device 'br-lan.99'
        option ipaddr '192.168.99.2'
        option netmask '255.255.255.0'
        option gateway '192.168.99.1'

config interface 'wan'
        option proto 'dhcp'
        option auto '0'

config interface 'wan6'
        option proto 'dhcpv6'
        option auto '0'
        option reqaddress 'try'
        option reqprefix 'auto'

root@AX6S-2:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/18000000.wmac'
        option band '2g'
        option htmode 'HT20'
        option cell_density '0'
        option country 'AU'
        option channel '1'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option ssid 'WiFi2'
        option key 'xxx'
        option network 'iot'
        option max_inactivity '3600'
        option disassoc_low_ack '0'
        option ieee80211w '0'
        option encryption 'psk2'
        option wmm '0'

config wifi-device 'radio1'
        option type 'mac80211'
        option path '1a143000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
        option band '5g'
        option cell_density '0'
        option channel '36'
        option txpower '23'
        option htmode 'HE80'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option mode 'ap'
        option key 'xxx'
        option network 'securelan'
        option ssid 'Wifi1'
        option encryption 'psk2+ccmp'

config wifi-iface 'wifinet2'
        option device 'radio1'
        option mode 'ap'
        option ssid 'WiFi2'
        option key 'xxx'
        option network 'iot'
        option hidden '1'
        option encryption 'psk2+ccmp'

config wifi-iface 'wifinet3'
        option device 'radio0'
        option mode 'ap'
        option ssid 'Wifi3'
        option key 'xxx'
        option network 'securelan'
        option encryption 'psk2+ccmp'

frollic · September 13, 2022, 1:32pm

Add DNSes?

Or temp populate /etc/resolv.conf

ericyew · September 13, 2022, 1:36pm

Where would I configure this? On any of the interfaces? My LAN itself is unconfigured.

ulmwind · September 13, 2022, 2:37pm

DNS should be obtained by DHCP, check ping from router by IP, and by name.

trendy · September 13, 2022, 3:05pm

Change iot interface protocol to unmanaged. Only securelan should have an IP. Also add dns under securelan.

ulmwind · September 13, 2022, 5:11pm

Now 'downloads.openwrt.org' does not work.

ericyew · September 14, 2022, 2:47am

I added DNS to securelan and in network diagnostics, I am able to traceroute, ping and do nslookup, but ppackages still will not update.
But strangely, it seems like the traffic is going out IOT. When I change IOT to unmanaged, traceroute and ping stopped working.
The only difference I can see between IOT and SECURELAN interface is securelan has
option type 'bridge'
Should I remove it?

trendy · September 14, 2022, 8:39am

You can. Also verify that there is a default route via the securelan interface. Since the iot was used for the default gateway, after removing it you also removed the default route. Do a ifup securelan to bounce it and install the default route via securelan.

ericyew · September 23, 2022, 12:26am

I was missing the last action, which is rebooting the interface as mentioned.
Thanks

system · October 3, 2022, 12:26am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.