No DHCP assignment with relayd

I used this guide: https://openwrt.org/docs/guide-user/network/wifi/relay_configuration
to have the OpenWRT device connect to the main WiFi as a client and ethernet port of the OpenWRT device connects to a PC.

When I set the PC to use DHCP for IPv4 address the PC does not obtain an IP from the main network's DHCP server.

If I manually set the PC's IP to an address on main network/subnet then I can access other devices on the main network and access internet resources via IPs. If I manually add the DNS server address to the PC then address resolution works as well.

The main subnet is 192.168.4.0/24 and the ethernet port of OpenWRT is the default 192.168.1.1 . The PC should be getting a 192.168.4.x address.

I have seen this: Relayd not forwarding broadcast (BOOTP/DHCP) responses - #18 by kolalok and tried the OpenWRT part of it. But, I don't know how to setup the DHCP server (Kea) to reply to a DHCP relay. So right now the DHCP relay option is not working.

So it looks like there is a problem with DHCP traffic. Is there something that needs to be setup in addition to what is in the relay_configuration wiki? Does OpenWRT (dnsmasq) need to act as a DHCP relay?

Thanks for helping

Have you spotted that most "relay" options are in the context of IPv6? To configure dnsmasq to act as a DHCP (IPv4) relay agent have a look at the subsection at https://openwrt.org/docs/guide-user/base-system/dhcp#dhcp_relay

Kea dhcpv4 options are covered here:
https://kea.readthedocs.io/en/kea-2.2.0/arm/dhcp4-srv.html

I'd recommend you post your network and wireless configs rather than the link to the guide you've followed, so people inclined to help have an actual config to go by. AFAIR, you also needed an interface hotplug script to configure relayd options upon STA connection.

No, AFAIR, you need to disable dnsmasq on the router which is on the left in the first image of the wiki article.

The device is on OpenWrt 19.07.10 . I couldn't get relay/bridge setup working on OpenWRT 21 either so went back to OpenWRT 19 as 19 is faster and security is not the highest priority as it will be inside a private network.

I would rather avoid the DHCP relay pathway. And, would prefer to stay with IPv4.

I rolled back the 'Relayd not forwarding broadcast' post changes and rebooted the OpenWRT device.

Here is the config as it stands right now:

/etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd0a:ce77:267e::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option stp '1'

config interface 'wwan'
        option proto 'static'
        option ipaddr '192.168.4.249'
        option gateway '192.168.4.1'
        list dns '192.168.4.3'
        option netmask '255.255.255.0'

config interface 'rbridge'
        option proto 'relay'
        list network 'lan'
        list network 'wwan'
        option force_link '1'
        option ipaddr '192.168.4.249'

/etc/config/dhcp

config dnsmasq
        option port '0'
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option ignore '1'
        option dhcpv4 'disabled'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'
        option dhcpv4 'disabled'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

/etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'platform/ahb/18100000.wmac'
        option htmode 'HT20'
        option country 'AU'

config wifi-iface 'wifinet0'
        option ssid 'GNet'
        option device 'radio0'
        option mode 'sta'
        option key 'mypassword0_'
        option network 'wwan'
        option encryption 'psk2'

/etc/config/firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'
        list network 'wwan'
        list network 'rbridge'

config include
        option path '/etc/firewall.user'

/etc/firewall.user

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.

PC <-> OpenWRT device eth0 (192.168.1.1) <-> OpenWRT device wwan (192.168.4.249) <-> Main WiFi AP WiFi <-> Main WiFi AP eth0 <-> Main router eth2 (Gateway 192.168.4.1 and DNS server on 192.168.4.3) <-> Main router eth1 (ISP assigned address) <-> ISP

PC connected to OpenWRT eth0 port is not obtaining an IP address with above config. The PC assigns 169.254.236.220 to itself. Manually setting the the PC's IP to 192.168.4.200 (or any other non conflicting 192.168.4.x address) with 192.168.4.1 as gateway gives it full connectivity to 192.168.4.0/24 and internet. Manually assigning PC to use 192.168.4.3 as DNS server gives it full connectivity with resolution to the internet.

Thanks

1 Like

I've the same behavior on an TP-Link Archer A7 with V23.05.0.

Do you have some ideas what to add or change?

Thank you in advance

This is my easy method: Contrary to popular belief it’s not actually a requirement to disable dnsmasq/dhcp and/or other things. (It’s good practice though, espescially if you don’t know 100% what you’re doing)

Set LAN ip of the relay router/ap to different subnet than the Wifi router.
Connect with client mode to wifi. (will automatically create WWAN)

(You can experiment with wireless settings while in normal client mode)

Interfaces: make relaybridge, call it stabridge (or something else). Check to relay between LAN and WWAN.
Firewall LAN: 'Check' WWAN so that both LAN AND WWAN is checked in Covered Networks.
Finito.

This has always worked for me. But tbh I prefer using mesh, even though there is bigger overhead.