Internet stopped after restart, no changes made before that, please help

chowdarygm · October 16, 2024, 6:43pm

Here are the config files, have been using with this setup for a while with mesh setup on second OpenWRT router. Changed internet provider and plugged it to the new modem and was working fine till the night when the router restarted and stopped working, restored to a backup I had a day before and started working again and stopped again after a day suddenly and even the restore is not bringing back the internet. Any help is appreciated.

I am on OpenWrt 22.03.5 r20134-5f15225c1e

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.2.1'
        option ipv6 '0'
        option delegate '0'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'
        option ipv6 '0'
        option peerdns '0'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/18000000.wmac'
        option band '2g'
        option htmode 'HT20'
        option channel 'auto'
        option country 'US'
        option cell_density '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'Aadi IOT'
        option key 'xxxxx'
        option ieee80211r '1'
        option nasid '12345'
        option mobility_domain 'ab12'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'
        option encryption 'psk2'
        option isolate '1'

config wifi-device 'radio1'
        option type 'mac80211'
        option path '1a143000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
        option band '5g'
        option htmode 'HE80'
        option channel 'auto'
        option country 'US'
        option cell_density '0'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option key 'xxxxxx'
        option ieee80211r '1'
        option nasid '12345'
        option mobility_domain 'ab12'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'
        option encryption 'psk2'
        option ssid 'Ammu 5G'

config wifi-iface 'wifinet2'
        option device 'radio0'
        option mode 'ap'
        option encryption 'psk2'
        option key 'xxxxxx'
        option ieee80211r '1'
        option nasid '12345'
        option mobility_domain 'ab12'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'
        option network 'lan'
        option ssid 'Aadi IOT TV'

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

brada4 · October 16, 2024, 6:52pm

Seems you are ignoring providers DNS?
One speculation doh dot whatever got blocked
Other that doh dot client did not start.

Quick fix would be go luci/net/dns/forward and add 4x1 4x4 4x8 4x9 as forward servers, then figure out what went wrong.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/dhcp

chowdarygm · October 16, 2024, 7:19pm

Yes, I am suing PiHole for the DNS and checked that it is working fine. I am unable to use the path luci/net/dns/forward to add what you mentioned. Getting

No page is registered at '/net/dns/forward'. If this url belongs to an extension, make sure it is properly installed. If the extension was recently installed, try removing the /tmp/luci-indexcache file.

Unable to dispatch: /cgi-bin/luci/net/dns/forward

Also, here is the output of what you requested


        "kernel": "5.10.176",
        "hostname": "OpenWrt",
        "system": "ARMv8 Processor rev 4",
        "model": "Linksys E8450 (UBI)",
        "board_name": "linksys,e8450-ubi",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "22.03.5",
                "revision": "r20134-5f15225c1e",
                "target": "mediatek/mt7622",
                "description": "OpenWrt 22.03.5 r20134-5f15225c1e"

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option localservice '1'
        option ednspacket_max '1232'
        option rebind_protection '0'
        list server '192.168.2.1#5353'
        list server '192.168.1.217'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config host
        option name 'xxxx'
        option ip '192.168.2.108'
        option mac 'xxxx'

config host
        option name 'raspberrypi'
        option ip '192.168.2.163'
        option mac 'XXXX'

config host
        option ip '192.168.2.121'
        option mac 'XXXXX'

brada4 · October 16, 2024, 7:28pm

Your installation is damaged somehow
Check in front status if you have free space in /overlay?

frollic · October 16, 2024, 7:31pm

does your Pi sit on a different subnet ?

and it doesn't match

chowdarygm · October 16, 2024, 7:32pm

Yes, it is on another subnet but can access it with no issues, that's how it has been for almost two years

chowdarygm · October 16, 2024, 7:34pm

Yes, I see free space

frollic · October 16, 2024, 7:35pm

then I guess nslookup google.com 192.168.1.217 works from a client ?

chowdarygm · October 16, 2024, 7:41pm

Yes, here is the output

C:\Users\chowd>nslookup google.com 192.168.1.217
Server:  pi.hole
Address:  192.168.1.217

Non-authoritative answer:
Name:    google.com
Addresses:  2607:f8b0:4009:814::200e
          172.217.4.206

lleachii · October 16, 2024, 7:41pm

screen860

Browse to:

Network > DHCP and DNS > Forwarders

frollic · October 16, 2024, 7:45pm

accessible, and if you delete the PI's IP from the nslookup command ?

chowdarygm · October 16, 2024, 7:50pm

Okay, this looks like fixed the issue, thank you, able to acess internet now, but strange how it was working when I restored the backup and then stopped suddenly. Also, as you can see in the above replies, nslookup to google.com with PiHole was resolving fine

chowdarygm · October 16, 2024, 7:52pm

This is before changing the DNS from Pihole to generic ones

C:\Users\chowd>nslookup google.com
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.2.1

Non-authoritative answer:
Name:    google.com
Addresses:  2607:f8b0:4009:81b::200e
          172.217.2.46

and this is after changing the DNS to generic ones and now internet is working fine but lost ad blocking

C:\Users\chowd>nslookup google.com
Server:  OpenWrt.lan
Address:  192.168.2.1

Non-authoritative answer:
Name:    google.com
Addresses:  2607:f8b0:4009:80b::200e
          142.250.190.46

frollic · October 16, 2024, 7:53pm

then the issue's with the router's dnsmasq.

chowdarygm · October 16, 2024, 7:55pm

any suggestion on how to fix this as I want to use ad blocking on this

frollic · October 16, 2024, 7:57pm

not going to dig into the dnsmasq issue, zzzz time here, but you can tell the clients to use the Pi directly, and bypass the local dnsmasq, by using option 6 from https://openwrt.org/docs/guide-user/base-system/dhcp_configuration#dhcp_options.

system · October 26, 2024, 7:58pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.