Losing DNS and/or DHCP over time with a router connected to client Wi-Fi network

For the moment I am using the internet connection of another router (subnet to provide my router with internet acces (subnet To do this I followed this OpenWrt tutorial.

Next to that, I also enabled fast transitioning between the 5GHz and the 2.4GHz bands of my router (Archer C7 v2).

Sadly, my internet is not as reliable as I would hope. Last week it worked quite well, but just now after connecting a new device to a LAN port the system kind of crashed and would not obtain any active connections anymore. In some way, my computer stayed connected for a while. I believe I was able to ping, but that I could not access google.com in the browser. Naturally, I would like to have reliable internet access. Could someone help me?

Following is my interface config:

config interface 'loopback'
 	option proto 'static'
 	option ipaddr ''
 	option netmask ''
 	option device 'lo'

config globals 'globals'
	option ula_prefix 'fd99:9ac4:1197::/48'

config interface 'lan'
	option proto 'static'
	option netmask ''
	option ipaddr ''
	option device 'br-lan'

config interface 'wan'
	option proto 'dhcp'
	option peerdns '0'
	list dns ''
	option device 'br-wan'

config interface 'wan6'
	option proto 'dhcpv6'
	list dns 'fd99:9ac4:1197::d3f'
	option reqprefix 'auto'
	option peerdns '0'
	option reqaddress 'none'
	option auto '0'
	option device 'eth0.2'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '2 3 4 5 0t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '1 6t'

config interface 'iot'
	option proto 'none'

config interface 'wwan'
	option proto 'dhcp'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1.1'

config device
	option name 'br-wan'
	option type 'bridge'
	list ports 'eth0.2'

ps. Should I disable IPv6? Locally I use IPv4, my routers WAN connection (with router at is IPv4, however his connection to his WAN could be IPv6, but I am not sure of that.

So you have this OpenWrt device behind another router (where the internet actually comes in)? Is there a reason you have this router setup this way (i.e. what are your goals for this network)?

I am waiting to be connected to my own internet source, but in the meanwhile I am leeching of the neighbor. Since I have quite a few IoT devices, I'd like to keep the networks separated.

Are any other config files relevant for troubleshooting this issue?

Your OpenWrt router doesn't really protect the upstream network (i.e. your neighbor's stuff) from your devices, but it does protect your stuff from theirs. You could setup the firewall to provide better isolation if you want.

Anyway, have you verified that the upstream connection is working properly and that this is really an issue of your own router? So, for example, have you run persistent pings to or from a client machine on your network (behind the OpenWrt router), from the router itself, and from a machine that is directly connected to your neighbor's network (i.e. upstream of yours)? Then, you can look at the pattern (if any) of the ping results when you have an issue with DNS or general connectivity. That will help answer a bunch of stuff pretty quickly -- stuff that would take quite a bit of guessing at the moment.

Apart from the br-wan, I can see a mix of swconfig and DSA configurations.
Did you upgrade from 19.07 to 21.02 carrying over the configuration files?

Yup, mostly to take the static IP addresses with me on the update.

After a factory reset and a backup restore (so no configuration changes) the router started accepting leases again. I think you've got a good point in that I can still access the subnet. Could devices try to use the router on that subnet as DHCP and/or DNS server? How can I block the devices on my network (not my router I guess) access to the subnet?

Maybe I can use this as advice? Only then changed to[?]

As for blocking, three rules for your WAN zone/interface:

  • Drop all OUTPUT with a destination address of
  • Drop all INPUT with a source address of
  • Drop all FORWARD with a source address of

You can create a simple firewall rule as follows:
Protocol: Any
Source Zone: LAN
Destination Zone: Any
Destination Address:
Action: Drop


This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.