I've setup a openwrt router and defined 3 interfaces in the following order: lan, iot, nvr
The problem is, openwrt cant check for updates or ping wan, the reason for this is openwrt is routing over the nvr interface which is a closed down network where everything is blocked by the gateway.
How can i tell openwrt to route over lan or iot so it has internet access ?
after takin a look at the routes, i guess i have to set a static route for 0.0.0.0/0 on lan
edit: that did it, my bad
edit2: that only worked until a reboot.. now its back to routing over nvr, the static route is still set in configuration, but under status there is a route over nvr only, any idea ?
By default, OpenWrt expects Internet access to be routed to a WAN such as a modem. Main thing to look out for there is that the WAN network can't be the same IP subnet as the LAN. If you have static IP the WAN you need to explicitly set gateway and DNS in the wan config, if it is DHCP or pppoe it will auto configure.
If you are connected to the Internet through the LAN network as a LAN device of another router, you need to add option gateway and option dns to the LAN configuration. And the LAN network needs to be the same IP subnet as the main network.
lan, iot and nvr are 3 vlan interfaces with a different subnet managed by opnsense.
Every interface has a dns and gateway set.
Everything is working fine, only that openwrt itself routes over the last interface by default which it should not. So right now only internet on openwrt itself is not working.
In that use case, the IOT interfaces should be "unmanaged" so that the OpenWrt kernel does not hold an IP address on them at all. Your IOT devices bridge through them at layer 2 and the main router handles all of their layer 3 stuff. OpenWrt here acts only as a wired to wifi converter and / or Ethernet switch.
Then OpenWrt will use the lan which is usually a more privileged network in the main router.
They should be type bridge and proto none (which LuCI calls "Unmanaged"). They are really dumb kernel bridges so the wifi driver can make a link to the ethernet port but nothing more.
This protocol name is misleading because netifd can still interfere with the state of the interface.
If you need a truly unmanaged interface, you must not declare it in the network configuration.