In default setup, WiFi clients have no Internet access

router: TP-Link Archer C50 v4 (OpenWrt 19.07.3)

I'm sorry but I can't set up the most basic WiFi router configuration in the world. I'm new to OpenWRT as of this week. They say the default OpenWRT image attempts to duplicate the stock setup: I've installed this router a few times with stock firmware, and clients from both WiFi networks always have the same Internet access as devices connected with a LAN cable.

On OpenWRT, with the firmware defaults and only having added the basic WAN settings for my Internet provider & the basic WiFi access point settings, I only get a DHCP response with Internet access from clients connected with cable to a LAN port. Wireless clients connected by either the 2.4 or 5Ghz access points only get a DHCP lease (I guess since they, by default, are bridged to the LAN interface) but no Internet connectivity.

I've hard-reset the router once or twice to confirm that all settings are still standard after a couple full days of working on this (I've been over every relevant page on the Wiki). I must be missing some very simple reason why the router at the heart of all this isn't forwarding wlan0 & wlan1 traffic from the LAN to the WAN.

Some more basic things to confirm:

• There's no problem with the Internet access (via cable into standard WAN port) since I can verify it from the cabled clients as well as accessing external IPs from the OpenWRT shell.
• Firewall settings haven’t been changed from the default: everything from LAN is forwarded to WAN, with nothing else.
• I've created no new networks for the wireless interfaces: they confirm in their own "General Setup" tabs that they are attached to the LAN, as well as showing "Bridged" in the LAN interface settings.
• Nothing about the Switch setup has been modified: by default, the LAN hard ports are on VLAN 1 and the WAN port is on VLAN 2.

If I try to force wireless clients onto the WAN by bridging the wlan0 and wlan1 networks to the WAN interface instead of LAN, they never get an IP address by DHCP. I haven't yet tested if they might use the Internet this way through a static IP, because this wouldn't be a long-term option even if it worked.

I'm really at a dead end & don't know what I could be missing here since I've set up hundreds of routers & Linux servers. Other forum respondents suggest sending "wireless, network, firewall, dhcp" files so here they are (I heard global IP's or MACs shouldn't be posted so I'm blocking them out), and of course I'll send more upon request:

wireless

config wifi-device 'radio0'
    option type 'mac80211'
    option channel '11'
    option hwmode '11g'
    option path 'platform/10300000.wmac'
    option htmode 'HT20'
    option country 'IN'

config wifi-iface 'default_radio0'
    option device 'radio0'
    option mode 'ap'
    option key '********'
    option ssid 'MS2.4ghz'
    option encryption 'psk2'
    option network 'lan'

config wifi-device 'radio1'
    option type 'mac80211'
    option hwmode '11a'
    option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
    option htmode 'VHT80'
    option country 'IN'
    option channel 'auto'

config wifi-iface 'default_radio1'
    option device 'radio1'
    option mode 'ap'
    option key '********'
    option ssid 'MS5.0ghz'
    option encryption 'psk2'
    option network 'lan'

network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix '***************::/48'

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ifname 'eth0.1'

config device 'lan_eth0_1_dev'
	option name 'eth0.1'
	option macaddr '******************'

config interface 'wan'
	option proto 'static'
	option netmask '255.255.255.128'
	list dns '8.8.8.8,8.8.4.4'
	option ipaddr '*****************'
	option gateway '************'
	option ifname 'eth0.2'

config device 'wan_eth0_2_dev'
	option name 'eth0.2'
	option macaddr '*******************'

config interface 'wan6'
	option ifname 'eth0.2'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '1 2 3 4 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0 6t'

grep -v ^# firewall

config defaults
	option syn_flood	1
	option input		ACCEPT
	option output		ACCEPT
	option forward		REJECT

config zone
	option name		lan
	list   network		'lan'
	option input		ACCEPT
	option output		ACCEPT
	option forward		ACCEPT

config zone
	option name		wan
	list   network		'wan'
	list   network		'wan6'
	option input		REJECT
	option output		ACCEPT
	option forward		REJECT
	option masq		1
	option mtu_fix		1

config forwarding
	option src		lan
	option dest		wan

config rule
	option name		Allow-DHCP-Renew
	option src		wan
	option proto		udp
	option dest_port	68
	option target		ACCEPT
	option family		ipv4

config rule
	option name		Allow-Ping
	option src		wan
	option proto		icmp
	option icmp_type	echo-request
	option family		ipv4
	option target		ACCEPT

config rule
	option name		Allow-IGMP
	option src		wan
	option proto		igmp
	option family		ipv4
	option target		ACCEPT

config rule
	option name		Allow-DHCPv6
	option src		wan
	option proto		udp
	option src_ip		fc00::/6
	option dest_ip		fc00::/6
	option dest_port	546
	option family		ipv6
	option target		ACCEPT

config rule
	option name		Allow-MLD
	option src		wan
	option proto		icmp
	option src_ip		fe80::/10
	list icmp_type		'130/0'
	list icmp_type		'131/0'
	list icmp_type		'132/0'
	list icmp_type		'143/0'
	option family		ipv6
	option target		ACCEPT

config rule
	option name		Allow-ICMPv6-Input
	option src		wan
	option proto	icmp
	list icmp_type		echo-request
	list icmp_type		echo-reply
	list icmp_type		destination-unreachable
	list icmp_type		packet-too-big
	list icmp_type		time-exceeded
	list icmp_type		bad-header
	list icmp_type		unknown-header-type
	list icmp_type		router-solicitation
	list icmp_type		neighbour-solicitation
	list icmp_type		router-advertisement
	list icmp_type		neighbour-advertisement
	option limit		1000/sec
	option family		ipv6
	option target		ACCEPT

config rule
	option name		Allow-ICMPv6-Forward
	option src		wan
	option dest		*
	option proto		icmp
	list icmp_type		echo-request
	list icmp_type		echo-reply
	list icmp_type		destination-unreachable
	list icmp_type		packet-too-big
	list icmp_type		time-exceeded
	list icmp_type		bad-header
	list icmp_type		unknown-header-type
	option limit		1000/sec
	option family		ipv6
	option target		ACCEPT

config rule
	option name		Allow-IPSec-ESP
	option src		wan
	option dest		lan
	option proto		esp
	option target		ACCEPT

config rule
	option name		Allow-ISAKMP
	option src		wan
	option dest		lan
	option dest_port	500
	option proto		udp
	option target		ACCEPT

config include
	option path /etc/firewall.user

dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv6 'server'
	option ra 'server'
	option ra_management '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

If this network is IPv4 only, disable the IPv6 DHCP server on the lan. Some clients get confused.

On a wireless client, check that its gateway and DNS are properly configured and that you can ping 192.168.1.1.

thanks @mk24 - this helped me make a good start for another survey today. There were two problems, one which stopped me from seeing the nature of the second one.

I had additional DNS servers hard-coded on the wired clients themselves (mainly desktops w/Linux, where this is set easily), but not on the wireless clients (mainly mobiles) which were only using the info from DHCP. That made it appear that DNS services were missing on the wireless clients: the media type actually had nothing to do with it.

I was using LuCI incorrectly which generated a syntax error in the /etc/config/network file above. In the WAN settings for my Static IP broadband connection, I'd entered the DNS servers in the GUI in a single field of 8.8.8.8,8.8.4.4 - GNOME network manager & accept that syntax, and I wasn't being cautious. This was configured as:

After properly separating the DNS IP's one line each, it generates the correct syntax:

        list dns '8.8.8.8'
        list dns '8.8.4.4'

Having DNS servers defined properly in the WAN interface ensures that LAN hosts will be able to use the router's LAN address (192.168.1.1) as a DNS server, so they don't have to be given explicitly to DHCP clients.

Other methods to get that information out to the clients (Option #6 of the LAN DHCP server, to explicitly specify DNS servers, or adding "DNS forwarding) didn't provide DNS on the router itself.

I do feel better having disabled the IPv6 DHCP server on the lan, but it didn't make a difference in this case.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.