thanks.........................
I think I may see it:
Set the encryption to WPA2 only on the master...
What time and date does the router think it is?
1 Like
The laptop is fine, so the AP works.
What make/model are these phones?
Good idea for the OP to test a normal open network with the phones.
I observed that the AP name has changed, it would be nice to see the new configs...to make sure we're discussing the same thing.
What is this?
WWAN should be added to the WAN zone. Also, this wan to wwan rule is wrong. Can we see the current configs?
Is there a reason you keep making these incorrect configs where you keep adding WAN to LAN?
To be clear, if we don't discuss it, I assume you're using the default configs.
Problem is that i am somehow unable to ssh to my router. it says this
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@ WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED! @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:/1D5IaZpiAMa1zgA0dTtDbedenRtARig0V3Jr/uRU8g.
Please contact your system administrator.
Add correct host key in C:\\Users\\istia/.ssh/known_hosts to get rid of this message.
Offending ED25519 key in C:\\Users\\istia/.ssh/known_hosts:1
ED25519 host key for 192.168.1.1 has changed and you have requested strict checking.
Host key verification failed.
thats why i can not provide accurate config...
Download Putty.
It will give the same warning but you can ignore it.
That warning is given when the ip address changed and the certificate is stale.
So, you may not get it the first time you use Putty.
1 Like
i changed the time zone to my main router. tried to make it an open router still no internet on the phone..
how????????
Well, if the DNS server and your device is off by too much, it will do exactly that.
So, sync it to the browser and change the timezone.
You did say the laptop can surf?
yes. the laptop can. mobile do connect but doesnt get internet...
I'll bet it is, but without syncing to your DNS it will act like it is not..
It pings, no?
Try to ping 1.1.1.1 on your phone.
phone doesnt ping to this..
Try the link.
tried thAt.....
new
cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
list network 'wwan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
how to do this??????
Hmm, well given you had one access point with the wrong time, I'm sticking to this.
Your laptop may have DNS set up to bypass router(s').
Okay, good luck; I'm sure someone will dig this out.
Network/Firewall/Wan-edit/Covered networks
They will be back.
In the meantime, humor me.
Ensure EVERYTHING has the same date and time with the correct time zone and then reboot the routers and while they are rebooting restart the phones.