Newifi D2 (Newifi3) - 19.07.8 can access internet but not 21.02.1

volospin · November 16, 2021, 2:17pm

Hi guys,

I used OpenWRT since 17.01 with TP-Link routers and having no problem up to 19.07.8
I also bought and use a D-team Newifi D2 (Newifi3) also since 17.01 and no problem up to 19.07.8

When I try to upgrade the D-team router to 21.02.1 with all configuration wiped.
I am unable to access the Internet.

My WAN is using DHCP client and can get Address / Gateway / DNS just fine.
I see that the information shown with Device: Switch port "wan" below.

I can ping my WAN IP from my LAN computers (DHCP client from the router)
but I cannot ping the DNS shown on WAN or 8.8.8.8
which of course cannot ping www.google.com either.

with 19.07.8 I flashed and wipe configuration, everything just work out of the box.
but with 20.02.0 or 20.02.1, I am sitting duck.

Anyone that can help is appreciated.

Thanks and regards,
Volospin

flygarn12 · November 16, 2021, 2:27pm

The first thing I think about when I read your description is that there are some fault in DSA config.

So when you say you wipe config, what do you do after that?
We have users that makes a clean install and the first thing they do after that is copying their old configs manually to the newly installed router.

volospin · November 16, 2021, 2:30pm

So you mean 21.02.1 cannot be used out of the box.
I think I need to go ahead and study DSA then.

Thanks flygarm12

flygarn12 · November 16, 2021, 2:34pm

Yes it can be used out of the box but not with any kind of or any version of old configs. No matter how you install them in the router.

frollic · November 16, 2021, 2:36pm

he did write all configuration wiped ....

pavelgl · November 16, 2021, 2:54pm

Try to ping 8.8.8.8 from the router. If it works, check if the masquerading on the wan zone is enabled.

flygarn12 · November 16, 2021, 3:48pm

Maybe so and I asked what he did after that.
That is kind of standard operating procedure on this forum that we usually have to guess based on social and technical experience what we aren’t told. Or as some other have said earlier, we can’t read minds here.
We really don’t have many cases where a “clean” install/upgrade of 21.02 from 19.07 doesn’t work with ISP dhcp client mode on two different devices.

volospin · November 16, 2021, 11:05pm

Hi guys,

sorry for missing details.

I did login to the router and
did the following but failed.

ping 8.8.8.8
ping DNS of WAN port
ping www.google.com

however I think I did ping the gateway shown in WAN and was good.

and I tried to ping WAN IP from my mobile phone (connected to mobile network) but failed also.

So I need to failback to my another same model router with 17.xx to resume my Internet access.

Thanks,

psherman · November 16, 2021, 11:18pm

Did you make a backup of your configuration from 19.07? If so, we can look at the backup to understand the previous configuration. Worst case, we could look at the 17.01 configuration. Here, we'd be using the config data simply to figure out what we know works, and then we can recreate or troubleshoot similar settings on 21.02.

Also, how is (was) the router connected to the internet? Is it directly connected, or is there a router upstream of the Newifi D2 device?

volospin · November 17, 2021, 1:38am

Hi psherman,

Let me provide my current network.

RJ11 => [HUAWEI Echolife HG620 VDSL modem] = RJ45 = [Newifi-D2]

I have two Newifi-D2, A and B.
A is running 18.06.4
B is the one experiment and flashed (without keeping configuration / wipe everything)

I did Newifi-D2 B with both 19.07 [work after flashing] and 20.02 [NOT work after flashing]
I am willing to start from scratch on 20.02.1 and learn again how make it work.

So I will replace router A with B when I can get B up and running and perform the same function as A.

psherman · November 17, 2021, 2:06am

Please take one of your working devices and get the configuration info from it. Also make note of the ipv4 upstream information.

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall

volospin · November 17, 2021, 2:20am

        IPv4 upstream

Protocol: DHCP Client
Address: 113.254.10x.xxx
Netmark: 255.255.240.0
Gateway: 113.254.96.1
DNS 1: 210.3.59.72
DNS 2: 210.3.59.79
Expires: 2h 28m 3s
Connected: 12h 32m 27s

  Device: Software VLAN: "eth0.2"
  MAC-Address: 20.76:93:XX:XX:XX

/etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdcd:988d:5f22::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option netmask '255.255.255.0'
        option delegate '0'
        option ipaddr '10.92.78.28'

config device 'lan_dev'
        option name 'eth0.1'
        option macaddr '20:76:93:4b:1e:9f'

config interface 'wan'
        option ifname 'eth0.2'
        option proto 'dhcp'
        option delegate '0'

config device 'wan_dev'
        option name 'eth0.2'
        option macaddr '20:76:93:4b:1e:a0'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '0 1 2 3 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '4 6t'

/etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option nonwildcard '1'
        list server '127.0.0.1#5053'
        option noresolv '1'
        option nonegcache '1'
        option allservers '1'
        option localservice '0'
        option authoritative '1'
        option rebind_protection '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

/etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option drop_invalid '1'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'


config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config rule
        option target 'ACEPT'
        option name 'pptp'
        option src 'wan'
        option proto 'tcp'
        option dest_port '1723'
        option enabled '0'

config rule
        option target 'ACCEPT'
        option name 'gre'
        option src 'wan'
        option proto '47'
        option enabled '0'

psherman · November 17, 2021, 2:56am

Ok. All good there. What are the first 2 octets of the upstream ipv4 address? aaa.bbb.ccc.ddd (the bolded octets)

volospin · November 17, 2021, 3:11am

Hi psherman,

All updated in the previous post.
I will go study about DSA now.

Thanks.

psherman · November 17, 2021, 3:31am

Your configuration is pretty standard other than the LAN IP address and it looks like you might also be using Adblock or something else on the router for DNS.

The choice of .28 as your router address is a bit unconventional, but totally fine technically. Most users will use the .1 or .254 to be at the beginning or end of the /24 space. But again, this does not cause any technical issues.

The default IP address of OpenWrt is 192.168.1.1. You can update this to match your existing configuration once your router is flashed and booted. By default the router will pickup the DNS advertised by the upstream DHCP server, and the router will not have Adblock installed or configured, so you'll have the router's DNS operating on localhost:53.

You don't need to read about DSA or make any changes there -- your 21.02 default configuration should have everything working properly for the LAN and WAN.

If you are using a cable modem (at least with most cable ISP's in the USA), you may need to reboot the cable modem (possibly a few times) for it to issue an IP address when you swap devices. Alternatively, if the ISP does not issue you a DHCP lease, you may need to talk to them to find out why (sometimes they need to reset or register the new MAC address with their service).

Finally, you should probably force a DHCP renewal on your client systems when you have swapped to the new router.

volospin · November 17, 2021, 3:35am

Hi psherman,

Thanks for your reply.

as I said, router B works right out of the box with factory default config at 19.xx but not 20.xx
I did turn off and on the modem then router A and B did get different IP address.

I will check with ISP to see if there are special step need to do with them in order to make things work.

tsukimori · November 17, 2021, 3:46am

DSA configure is diffirent from SWconfig.
I found you are using eth0.2 as the ifname.
Actually it's quite diffirent.
You can use vlan with single port, or config vlan in bridge like in the swconifg in 19.07

volospin · November 17, 2021, 4:03am

tsukimori,

The eth0.2 is default in my A with 18.xx.
as I said, 19.xx works with default configuration.
but not 20.02.

Therefore I should try to translate / migrate my setting.
OR
I should study DSA and config it.

Thanks for your reply.

tsukimori · November 17, 2021, 4:09am

here is the official guide.
it can help you to convert quickly

psherman · November 17, 2021, 4:13am

DSA is indeed very different than swconfig, but in the default configuration, the router should be configured such that the wan port is associated with vlan 2 (and lan with vlan 1). As long as the defaults are correct, you don’t need to make any changes unless you plan to create additional VLANs or change the mappings. That is why I was saying that it is not necessary to learn about dsa to get the device running.