LAN/WAN port no internet

redchilis · October 24, 2022, 1:09pm

My device is TP-Link TL-MR3020 v3 (https://openwrt.org/toh/tp-link/tl-mr3020_v3)

I connect it to my computer via an ethernet cable usb adapter and in luci I remove existing (disabled) wifi OpenWrt and scan for WiFi networks, I connect to an existing wifi network, all is fine, however, only the router gets internet, which is fine for me to update and add packages, LAN/WAN connected to my Debian computer does not get internet, but has a connection to SSH/luci and do whatever I need.

I then go ahead and use client wifi and Master wifi. All works as expected. Once I do this I can't even connect to LAN, the LAN icon on debian keeps spinning, asif it's not getting assigned an IP address.

All wifi devices connected to the network work fine, using OpenVPN/Adblock, works perfectly.

LAN/WAN connection to PC just doesn't work. Is it my router? does it support LAN while being an AP? or is it my firewall? or something else.

When I plug in the LAN/WAN eth to computer and unplug I get the following in Kernel Log

[  485.472561] br-lan: port 1(eth0.1) entered blocking state
[  485.478072] br-lan: port 1(eth0.1) entered forwarding state
[  488.345254] IPv6: MLD: clamping QRV from 1 to 2!
[  494.357956] IPv6: MLD: clamping QRV from 1 to 2!
[  500.370006] IPv6: MLD: clamping QRV from 1 to 2!
[  506.381687] IPv6: MLD: clamping QRV from 1 to 2!
[  512.394216] IPv6: MLD: clamping QRV from 1 to 2!
[  518.406852] IPv6: MLD: clamping QRV from 1 to 2!
[  524.417392] IPv6: MLD: clamping QRV from 1 to 2!
[  530.430471] IPv6: MLD: clamping QRV from 1 to 2!
[  536.451433] IPv6: MLD: clamping QRV from 1 to 2!
[  542.462491] IPv6: MLD: clamping QRV from 1 to 2!
[  548.475206] IPv6: MLD: clamping QRV from 1 to 2!
[  554.488425] IPv6: MLD: clamping QRV from 1 to 2!
[  560.499975] IPv6: MLD: clamping QRV from 1 to 2!
[  566.514832] IPv6: MLD: clamping QRV from 1 to 2!
[  572.524846] IPv6: MLD: clamping QRV from 1 to 2!
[  578.536175] IPv6: MLD: clamping QRV from 1 to 2!
[  584.561791] IPv6: MLD: clamping QRV from 1 to 2!
[  589.018680] rt3050-esw 10110000.esw: port 0 link down
[  589.024624] br-lan: port 1(eth0.1) entered disabled state


root@OpenWrt:~# ubus call system board
{
	"kernel": "5.10.146",
	"hostname": "OpenWrt",
	"system": "MediaTek MT7628AN ver:1 eco:2",
	"model": "TP-Link TL-MR3020 v3",
	"board_name": "tplink,tl-mr3020-v3",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "22.03.2",
		"revision": "r19803-9a599fee93",
		"target": "ramips/mt76x8",
		"description": "OpenWrt 22.03.2 r19803-9a599fee93"
	}
}

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd29:fbef:2087::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.1.1'
	option igmp_snooping '1'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '0'

config interface 'jio'
	option proto 'dhcp'
	option peerdns '0'
	list dns '1.1.1.1'

config interface 'eth'
	option proto 'dhcp'
	option device 'eth0.1'
	option peerdns '0'
	list dns '1.1.1.1'

root@OpenWrt:~# cat /etc/config/firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list device 'tun0'
	list network 'lan'
	list network 'jio'
	list network 'eth'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'Support-UDP-Traceroute'
	option src 'wan'
	option dest_port '33434:33689'
	option proto 'udp'
	option family 'ipv4'
	option target 'REJECT'
	option enabled '0'

config include
	option path '/etc/firewall.user'

frollic · October 24, 2022, 1:38pm

you probably want https://openwrt.org/docs/guide-user/network/wifi/relay_configuration

if you're OK with separating the two networks, put the wifi connecting to the upstream device in the wan zone, and make sure the wan and lan side subnets aren't the same.

frollic · October 24, 2022, 1:45pm

with the relay config, it should be...

mk24 · October 24, 2022, 1:55pm

If you start with a default configuration, the single Ethernet port will be LAN. Then scan the wifi and click the join button to join the upstream network as a wireless WAN. This should create a new network named 'wwan' and add it to the wan firewall zone. (the config files you posted show none of this, so I really suggest starting over). The computer on LAN will have a route to the Internet unless the upstream network is also 192.168.1.0, in which case you have to change lan (or the upstream) to be in a different subnet that does not overlap.

Once all of the above is working then you can try fancier stuff like non-default DNS servers and adding an AP to the lan side to make a wireless repeater.

mk24 · October 24, 2022, 1:58pm

There are multiple ways to do this, in order of preference would be:

Layer 2 4-address on the wifi link, either WDS or mesh mode. Requires support in the radio of the upstream router, generally that router must be running OpenWrt.
Symmetric routing. Requires being able to install static routes in the upstream router.
Port forwards. The repeater/client NATs out, but interesting services on its lan side can be reached with port forwards (SNAT).
relayd / relay mode. This is a last resort.

mk24 · October 24, 2022, 2:12pm

Connect to the phone, install packages, then edit the wifi connection SSID and encryption to change it to connect to the fixed network. Do not click the join button again.

When you use Internet internally from the router, the connections go out directly on the wan interface. It doesn't matter what the lan settings are.

mk24 · October 24, 2022, 3:52pm

Those look right. Is there a wifi STA linked to wwan? Does it come up?

On a fresh install make sure to set the wifi country code to your country for best results.

mk24 · October 24, 2022, 4:17pm

I see that you're still jumping the gun trying to set up VPNs and alternate DNS before nailing down basic lan->wan routing.

There is "More addresses" under IPv4 on the wired connection, suggesting that something may be statically configured in the PC.

mk24 · October 24, 2022, 4:24pm

Yes I would delete that and make a new Ethernet connection using default settings which are DHCP.

Having your own PC as default route is clearly wrong.

redchilis · October 24, 2022, 4:25pm

that worked, thank you so much!
Sincerely appreciate your help/support!

system · November 3, 2022, 4:25pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.