Hi,
I've installed a snapshot openwrt 22 build (so no LUCI), and can SSH to 192.168.1.1, but when I connect the router's WAN port to my ISP's router, the openwrt IP changes to the upstream router 192.168.0.x range, and I can't SSH to it anymore.
What can i change in the network or dhcp config files so the openwrt router keeps the static assigned 192.168.1.1 when the WAN port is connected and get internet?
Thank you
OpenWrt default lan interface is 192.168.1.1/24.
If your ISP router is in the 192.168.0.1/24, then there isn't any overlapping.
What is the subnet used in the lan interface of your ISP router?
Subnet mask is 255.255.255.0 on the ISP router.
Yes, normally i can connect my ISP router to WAN on openwrt in two different ranges, and it's fine. But for some reason on the WR904AC the local LAN IP is set by the DHCP by the ISP router.
If I connect WWAN it works ok, the openwrt keeps to 192.168.1.1.
Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have
ubus call system board; \
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru
I don't see WR904AC in the hardware listings. If it is a WR902AC or other router with only one Ethernet port, on such devices OpenWrt defaults to having the Ethernet port in the lan bridge and no wan network. You would need to remove the Ethernet port from br-lan and create a wan interface with the Ethernet port as its device. Of course that means the lan can only be wifi, so first start up a wifi AP on lan and log in by wifi.
Thanks for looking into this. Here's the output with the WAN disconnected:
{
"kernel": "5.10.161",
"hostname": "OpenWrt",
"system": "MediaTek MT7628AN ver:1 eco:2",
"model": "TP-Link TL-WR902AC v3",
"board_name": "tplink,tl-wr902ac-v3",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "SNAPSHOT",
"revision": "r21652-2c547e367d",
"target": "ramips/mt76x8",
"description": "OpenWrt SNAPSHOT r21652-2c547e367d"
}
}
package network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd92:61f3:2269::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '4 6t'
package wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/10300000.wmac'
option channel '1'
option band '2g'
option htmode 'HT20'
option disabled '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
config wifi-device 'radio1'
option type 'mac80211'
option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
option channel '36'
option band '5g'
option htmode 'VHT80'
option disabled '1'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
package firewall
config defaults
option syn_flood '1'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
192.168.1.0/24 dev br-lan scope link src 192.168.1.1
broadcast 127.0.0.0 dev lo table local scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
local 127.0.0.1 dev lo table local scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
broadcast 192.168.1.0 dev br-lan table local scope link src 192.168.1.1
local 192.168.1.1 dev br-lan table local scope host src 192.168.1.1
broadcast 192.168.1.255 dev br-lan table local scope link src 192.168.1.1
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
Apologies, yes that's right its WR902AC with 1 port, not WR904AC.
I've enabled the wifi adatper, how do I create a wan interface with ethernet port as its device?
First create a new SSID and assign it on a new interface, which will be part of lan firewall zone. After you are able to connect to it successfully, and not get yourself locked outside, then you can proceed to make the changes on the lan interface.
# Configure network
uci -q delete network.mgmt_dev
uci set network.mgmt_dev="device"
uci set network.mgmt_dev.type="bridge"
uci set network.mgmt_dev.name="br-mgmt"
uci -q delete network.mgmt
uci set network.mgmt="interface"
uci set network.mgmt.proto="static"
uci set network.mgmt.device="br-mgmt"
uci set network.mgmt.ipaddr="192.168.3.1"
uci set network.mgmt.netmask="255.255.255.0"
uci commit network
/etc/init.d/network restart
# Configure wireless
WIFI_DEV="$(uci get wireless.@wifi-iface[0].device)"
uci -q delete wireless.mgmt
uci set wireless.mgmt="wifi-iface"
uci set wireless.mgmt.device="${WIFI_DEV}"
uci set wireless.mgmt.mode="ap"
uci set wireless.mgmt.network="mgmt"
uci set wireless.mgmt.ssid="mgmt"
uci set wireless.mgmt.encryption="none"
uci commit wireless
wifi reload
# Configure DHCP
uci -q delete dhcp.mgmt
uci set dhcp.mgmt="dhcp"
uci set dhcp.mgmt.interface="mgmt"
uci set dhcp.mgmt.start="100"
uci set dhcp.mgmt.limit="150"
uci set dhcp.mgmt.leasetime="1h"
uci commit dhcp
/etc/init.d/dnsmasq restart
uci -q delete firewall.mgmt
uci set firewall.mgmt="zone"
uci set firewall.mgmt.name="mgmt"
uci set firewall.mgmt.network="mgmt"
uci set firewall.mgmt.input="ACCEPT"
uci set firewall.mgmt.output="ACCEPT"
uci set firewall.mgmt.forward="REJECT"
uci commit firewall
/etc/init.d/firewall restart
Then connect to mgmt ssid and verify you can connect to the router.
Follow the instructions here to make the lan interface without dhcp and enable dhcp client.
After it is connected you can either create a new SSID for the clients, or change the MGMT interface to connect upstream via the lan by enabling forwarding from mgmt zone to lan zone and enabling masquerade on lan zone.
Thank you trendy, i'll try that