router: TP-Link Archer C50 v4 (OpenWrt 19.07.3)
I'm sorry but I can't set up the most basic WiFi router configuration in the world. I'm new to OpenWRT as of this week. They say the default OpenWRT image attempts to duplicate the stock setup: I've installed this router a few times with stock firmware, and clients from both WiFi networks always have the same Internet access as devices connected with a LAN cable.
On OpenWRT, with the firmware defaults and only having added the basic WAN settings for my Internet provider & the basic WiFi access point settings, I only get a DHCP response with Internet access from clients connected with cable to a LAN port. Wireless clients connected by either the 2.4 or 5Ghz access points only get a DHCP lease (I guess since they, by default, are bridged to the LAN interface) but no Internet connectivity.
I've hard-reset the router once or twice to confirm that all settings are still standard after a couple full days of working on this (I've been over every relevant page on the Wiki). I must be missing some very simple reason why the router at the heart of all this isn't forwarding wlan0 & wlan1 traffic from the LAN to the WAN.
Some more basic things to confirm:
- There's no problem with the Internet access (via cable into standard WAN port) since I can verify it from the cabled clients as well as accessing external IPs from the OpenWRT shell.
- Firewall settings haven’t been changed from the default: everything from LAN is forwarded to WAN, with nothing else.
- I've created no new networks for the wireless interfaces: they confirm in their own "General Setup" tabs that they are attached to the LAN, as well as showing "Bridged" in the LAN interface settings.
- Nothing about the Switch setup has been modified: by default, the LAN hard ports are on VLAN 1 and the WAN port is on VLAN 2.
If I try to force wireless clients onto the WAN by bridging the wlan0 and wlan1 networks to the WAN interface instead of LAN, they never get an IP address by DHCP. I haven't yet tested if they might use the Internet this way through a static IP, because this wouldn't be a long-term option even if it worked.
I'm really at a dead end & don't know what I could be missing here since I've set up hundreds of routers & Linux servers. Other forum respondents suggest sending "wireless, network, firewall, dhcp" files so here they are (I heard global IP's or MACs shouldn't be posted so I'm blocking them out), and of course I'll send more upon request:
wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'platform/10300000.wmac'
option htmode 'HT20'
option country 'IN'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option key '********'
option ssid 'MS2.4ghz'
option encryption 'psk2'
option network 'lan'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11a'
option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
option htmode 'VHT80'
option country 'IN'
option channel 'auto'
config wifi-iface 'default_radio1'
option device 'radio1'
option mode 'ap'
option key '********'
option ssid 'MS5.0ghz'
option encryption 'psk2'
option network 'lan'
network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix '***************::/48'
config interface 'lan'
option type 'bridge'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option ifname 'eth0.1'
config device 'lan_eth0_1_dev'
option name 'eth0.1'
option macaddr '******************'
config interface 'wan'
option proto 'static'
option netmask '255.255.255.128'
list dns '8.8.8.8,8.8.4.4'
option ipaddr '*****************'
option gateway '************'
option ifname 'eth0.2'
config device 'wan_eth0_2_dev'
option name 'eth0.2'
option macaddr '*******************'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '1 2 3 4 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0 6t'
grep -v ^# firewall
config defaults
option syn_flood 1
option input ACCEPT
option output ACCEPT
option forward REJECT
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
list network 'wan6'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
config rule
option name Allow-IGMP
option src wan
option proto igmp
option family ipv4
option target ACCEPT
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option src_ip fc00::/6
option dest_ip fc00::/6
option dest_port 546
option family ipv6
option target ACCEPT
config rule
option name Allow-MLD
option src wan
option proto icmp
option src_ip fe80::/10
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family ipv6
option target ACCEPT
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
config rule
option name Allow-IPSec-ESP
option src wan
option dest lan
option proto esp
option target ACCEPT
config rule
option name Allow-ISAKMP
option src wan
option dest lan
option dest_port 500
option proto udp
option target ACCEPT
config include
option path /etc/firewall.user
dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'