Can anyone help me with the following problem: After upgrading from version 23.05 to 23.05.2 via Attended SysUpgrade, my Google WiFi access points are still in mesh and working perfectly. However, I cannot SSH or LUCI on the IPs of the APs. IPs are fixed. I've already tried logging in via a network cable, without success. I have a network via cable, but I can't SSH or LUCI.

Does ping work? Can you access the internet? Are you sure that the upgrade succeeded?

Which router are you talking about? Google WiFi AP?

Looking at your earlier messages, thee have been some problems regarding multiple devices

In general, it is a rare condition that the AP would work ok from WiFi client perspective, but would be unreachable by SSH or LuCI. That would point to firewall rules, dropbear SSH being disabled or something similar. There hasn't been any significant config changes between 23.05.0 and 23.05.2, so it sounds really strange.

You might need to reset the devices, or possibly use the OpenWrt failsafe mode to clear settings.

Yes, they are the APs mentioned above. Because I also found it strange to maintain connectivity and at the same time lose access via both SSH and LUCI. I'll accept the suggestion and try safe mode. Then I'll get back to you with the feedback. Thank you very much for answering, my friend.

It's very strange. The ping does not reach the destination, without access via SSH and Luci, but the mesh connection and APs work normally. Tested.

For the AP in question, had you set it up with a static IP address previously (specifically, on the AP itself, not a DHCP reservation)?

Is this device using a wired or wireless backhaul? Have you tried connecting a computer directly to a lan port on the AP?

Yes, all three APs had a fixed IP, they were in mesh via wireless (and continue to work like that), I tried connecting the lan port to access via SSH or LUCI, without success. Now at this point I restarted one of them in safe mode. The firewall was already disabled, and the configuration remains the same, apparently. The LAN IP remains the same. The WAN disabled as it already was. I'm taking a beating here to investigate what's going on.

Once booted in failsafe mode, you should be able to connect to the device over ethernet using ssh (192.168.1.1). Don't forget to set a static IP on your computer.

Then you can grab your config files and post them here.

I found the problem and solved it.
It turns out that the update somehow enabled the firewall. As I had previously disabled it via LUCI and deleted the zones, with the firewall enabled I was left out, even for ping. This explains why the mesh and the rest continued to work.

Solution:

Edit: /etc/rc.local

these services do not run on dumb APs

for i in firewall dnsmasq odhcpd; of
if /etc/init.d/"$i" enabled; then
/etc/init.d/"$i" disable
/etc/init.d/"$i" stop
fi
done

rm /usr/sbin/wpa_supplicant

(reboot)

Everything is OK.
Thanks to everyone who tried to help.

This is expected behavior. You don't need to disable the firewall. Instead, it is best to explicitly setup the correct permissions/zone rules. Simplistically, the default lan network + lan firewall zone is usually an appropriate configuration.

BTW, it is the same with the DHCP server -- the lan dhcp server should be explicitly set to disabled (ignore) instead of simply disabling the dnsmasq service. Like the firewall, it will become re-enabled upon upgrades.

In the future I will set it exactly like this. To avoid any eventuality like the one that occurred now. Thank you very much.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.