No Internet Access (OpenWRT 22.03.2 on Linksys WRT3200ACM)

Installing and Using OpenWrt
1

Hello everyone,

First of all I apologize for my English as I am going through a translator.
Then I apologize for my network level which is close to zero, despite my many searches.

Warning this post is for those who like racking their brains :wink:

I come to ask for help, because after 5 days of testing all the possible settings, and seeing no results, I confess that I no longer know what to do to successfully regain my internet connection.

I will try to be as precise as possible, because it is possible that I have several problems, as it is possible that I have only one.

For the history I already had a connection with a modem configured as a gateway, and OpenWRT behind it which worked great.

There was an electrical problem one day outside my home, (explosion of a transformer) which cut me off for several hours of electricity. After the cut the router turned on again and had the lights on.

There I already know more, it's after my Linksys WRT3200ACM router could no longer give me access to the internet (at the name resolution level), or if it's after a firmware update...

  • So I disconnected / reconnected, (by emptying the stagnant electricity inside) NOK.
  • I decided to reset the configuration: NOK
  • I changed firmware: NOK
  • I tested my internet connection, by removing the router and switching the modem back to router mode, and my connection was OK (domain resolution OK).
  • In my network architecture I have a domain server ServKaz.nohost.me (self uploaded via the Yunohost solution). I thought that the domain resolution problem might come from there, so I did a test by unplugging it, and it's the same... NOK

To simplify things a bit, otherwise it's no fun, I just changed my public IP after switching my internet connection to Fiber.

I saw on the Yunohost site that the domain IP should update automatically after a few minutes, but since I no longer have a domain name resolution, the update does not happen. (I don't know if it can have an influence or not)

After 5 days of testing all the possible and imaginable parameters (a little at random, setting google's DNS, activating masking, activating SNAT, modifying the /etc/config/network file, the /etc/config/firewall file , etc...) I therefore decided to start again on a healthy basis, and delete all the settings that I had tried on OpenWRT to be sure that it did not come from the configuration (via System/Back Up / Fash Firmware /reset to defaults/Perform reset), and it didn't change anything, but I told myself that before asking for help, I might as well leave with files that are free of any modifications.

Finally, here are the results of the following tests:

  • Ping openwrt.org: NOK bad address
  • Ping 8.8.8.8: NOK 100% packet loss
  • Openwrt.org traceroute: OK (the only thing that works)
    -Traceroute 8.8.8.8: OK
  • Nslookupopenwrt.org: ? (I don't think it's good)
    Server: 127.0.0.1
    Address: 127.0.0.1:53
    Non-authoritative answer
  • Nslookup 8.8.8.8: NOK: ;; connection timed out; nor servers could be reached

I also followed the OprnWRT documentation which told me to add the gateway and the DNS, but having obtained nothing as a result, I put back without gateway and without DNS, since the problem seems to be more that complex :frowning:

here is my setup:

  1. Modem in gateway mode (88.182.xxx.xxx)
  2. Linksys WRT3200ACM router with OpenWRT 22.03.2 (192.168.1.1)
  3. Proxmox 7.3-6 virtualization server running a VM (192.168.1.111)
  4. VM Yunohost (domain server) (192.168.1.101)

I can provide you with the network and firewall files, but they are empty (except for the "Modem" interface that I added following the OpenWRT user manual to connect your router to your modem)

Thanking you in advance for taking the time to read me and taking the time to help me.
And hoping it's not a hardware problem, and just a little configuration that I did wrong.

P.S. The local network is working fine.

2

If you just see one line of the first hop being your own router, that means traceroute is not OK, there's no Internet access. Traceroute should return many lines with the last one being the destination IP that you entered.

Most fiber connections are IPoE, meaning you can connect any DHCP client such as a laptop directly to the ONT Ethernet port and it will obtain a public IP address and reach the Internet. Do this test first. Also check the LEDs on the ONT and confirm that it is linked to the ISP on the fiber (usually an LED called "Service" or "Network". If connecting directly through the ONT does not work, contact the ISP to have them troubleshoot the line from their side.

If your ONT requires downstream to use pppoE or IPoE with a VLAN, additional configuration of the router will be needed.

1 Like
3

Hello Mk24,

Thanks for your help.
I confirm that I have all the lines of the traceroute before arriving at the destination IP address (in my test, the google DNS).

I also confirm that Internet access works perfectly when the modem (Internet provider box) is configured in router mode.

This problem is driving me crazy because I don't know what else to try.

If you have another lead, I'm a taker.

thanks again

4

I add the 3 files where I tried a lot of things, but there they are in the raw state, after resetting)

If it helps for the analysis...

**root@GuardKaz:~# cat /etc/config/network**

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd36:756a:fdc8::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device
        option name 'wan'
        option macaddr '26:f5:a2:30:08:c8'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

config interface 'Freebox'
        option proto 'static'
        option device '@wan'
        option ipaddr '88.182.xxx.xxx' (anonymized for posting on the forum)
        option netmask '255.255.255.0'

**root@GuardKaz:~# cat /etc/config/firewall**

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'Freebox'
        list network 'wan'
        list network 'wan6'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

**root@GuardKaz:~# cat /etc/resolv.conf**

search lan
nameserver 127.0.0.1
nameserver ::1
5

I don't think this config is valid. Does your ISP allow you to set a Static IP and obtain one via DHCP?

1 Like
6

Hello lleachii

Thank you for your help.

Indeed you are right, my access provider gives a Fixed IP connection (therefore static).

I left OpenWRT's default settings following the reset, without really looking, because I think I've tested all the solutions (but without the basics it's complicated)

On the other hand, while I continued to dig a little all the tracks, I realized that my access provider gave shared IP addresses, which could pose some problems for those hosting servers like me.

So I just requested a Full Stack IP address, which should be available in 15 minutes now.

However, I will also modify the WAN settings and put it in static immediately.

I will tell you if this solution is the right one.

Thanking you again

1 Like
7

Full stack?

Did they tell you to do so?

Let us know - and no worries.

1 Like
8

When wan is configured statically, you also have to specify gateway and DNS for it.

Make these changes by changing the default wan block from dhcp to static and adding the other options using the numbers supplied by the ISP (though you can specify a public DNS instead of the ISP's server). Do not create a new interface.

2 Likes
9

Good catch!

10

What time does the OpenWrt router think it is?

11

That is not what he is asking:
They are asking if the gateway's lan side allows you to set your OpenWrt local address to a static address.

Even if it does not, most modern firmware knows not to use a static address (an address it did not assign) in its DHCP pool.

The surge could have fried your WAN port (unlikely since LAN is working on the gateway) or, because of the time it was off it lost track of time and is not syncing.

Which is why I asked what time the router thinks it is.

1 Like
12

I just got my new full stack IP address
I specify that I have a supplier which for the zones of average density of subscriber proposes fixed IP divided between 4 people (I did not know that that existed).

So with this new IP address, I deleted the interface that I had called Freebox and which was static (yet the openWRT documentation says to do that to connect your router to the internet)...

LilRedDog, after resetting the router, the time wasn't correct anymore, I got it just before doing this post, because I already had this kind of problem another time (like what we learn from our mistakes ), and yet I only saw it after 1 hour of testing, so it's well thought out on your part.

For the grilled component problem I thought about it at one time, and it was my biggest fear, because I've been on the problem for 5 days...

In the end I kept the WAN interface in DHCP, rebooted the box following the change of the IP address, and...

It's good everything works perfectly !!!

Many thanks to you mk24, lleachii, LilRedDog, for your help.

If you come one day to the side of the Brittany region in France, I would buy you a good beer with great pleasure.

I'm marking the post as solved.

Wishing you a very good evening.

1 Like
13

Great!

If you think you can handle this, lock it down:
Set everything static on both devices but don't change the lease numbers.
Remember lleachii's catch: add DNS servers.

I do not think you need to but it is more elegant.

14

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.