For the moment I am using the internet connection of another router (subnet 192.168.1.1) to provide my router with internet acces (subnet 192.168.2.1). To do this I followed this OpenWrt tutorial.
Next to that, I also enabled fast transitioning between the 5GHz and the 2.4GHz bands of my router (Archer C7 v2).
Sadly, my internet is not as reliable as I would hope. Last week it worked quite well, but just now after connecting a new device to a LAN port the system kind of crashed and would not obtain any active connections anymore. In some way, my computer stayed connected for a while. I believe I was able to ping 1.1.1.1, but that I could not access google.com in the browser. Naturally, I would like to have reliable internet access. Could someone help me?
Following is my interface config:
config interface 'loopback'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option device 'lo'
config globals 'globals'
option ula_prefix 'fd99:9ac4:1197::/48'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ipaddr '192.168.2.1'
option device 'br-lan'
config interface 'wan'
option proto 'dhcp'
option peerdns '0'
list dns '1.1.1.1'
option device 'br-wan'
config interface 'wan6'
option proto 'dhcpv6'
list dns 'fd99:9ac4:1197::d3f'
option reqprefix 'auto'
option peerdns '0'
option reqaddress 'none'
option auto '0'
option device 'eth0.2'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '2 3 4 5 0t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 6t'
config interface 'iot'
option proto 'none'
config interface 'wwan'
option proto 'dhcp'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1.1'
config device
option name 'br-wan'
option type 'bridge'
list ports 'eth0.2'
ps. Should I disable IPv6? Locally I use IPv4, my routers WAN connection (with router at 192.168.1.1) is IPv4, however his connection to his WAN could be IPv6, but I am not sure of that.
So you have this OpenWrt device behind another router (where the internet actually comes in)? Is there a reason you have this router setup this way (i.e. what are your goals for this network)?
I am waiting to be connected to my own internet source, but in the meanwhile I am leeching of the neighbor. Since I have quite a few IoT devices, I'd like to keep the networks separated.
Are any other config files relevant for troubleshooting this issue?
Your OpenWrt router doesn't really protect the upstream network (i.e. your neighbor's stuff) from your devices, but it does protect your stuff from theirs. You could setup the firewall to provide better isolation if you want.
Anyway, have you verified that the upstream connection is working properly and that this is really an issue of your own router? So, for example, have you run persistent pings to 8.8.8.8 or 1.1.1.1 from a client machine on your network (behind the OpenWrt router), from the router itself, and from a machine that is directly connected to your neighbor's network (i.e. upstream of yours)? Then, you can look at the pattern (if any) of the ping results when you have an issue with DNS or general connectivity. That will help answer a bunch of stuff pretty quickly -- stuff that would take quite a bit of guessing at the moment.
After a factory reset and a backup restore (so no configuration changes) the router started accepting leases again. I think you've got a good point in that I can still access the 192.168.1.1 subnet. Could devices try to use the router on that subnet as DHCP and/or DNS server? How can I block the devices on my network (not my router I guess) access to the 192.168.1.1 subnet?
Maybe I can use this as advice? Only then changed to 192.168.1.1/[?]
As for blocking, three rules for your WAN zone/interface:
Drop all OUTPUT with a destination address of 192.168.0.0/16
Drop all INPUT with a source address of 192.168.0.0/16
Drop all FORWARD with a source address of 192.168.0.0/16
You can create a simple firewall rule as follows:
Protocol: Any
Source Zone: LAN
Destination Zone: Any
Destination Address: 192.168.1.0/24
Action: Drop