No Internet After Firmware Update

Hey guys, I’ve been using Openwrt happily for about 6 or so months now. I usually check for an update every week or two and install it if one exists. Today I updated my firmware and after installing the update my internet completely stopped working. I had no idea what I should look for to fix the problem, but I clicked through the various network tabs until I saw an error under the “Interfaces” tab. I saw wan and wwan6 interfaces said “error network device is not present” or something. I then clicked on the “Devices” tab, clicked on “br-wan” and then selected “eth0” under the bridge port. This instantly fixed my internet connection after I applied the changes.

My question is: what went wrong with my update, and how can I prevent this from happening in the future? Any insight would be greatly appreciated, as I don’t want to have to debug my router every time I have to update it. Thanks!

Configuration below:

root@OpenWrt:\~# ubus call system board
{
"kernel": "6.6.104",
"hostname": "OpenWrt",
"system": "ARMv8 Processor rev 4",
"model": "OpenWrt One",
"board_name": "openwrt,one",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "24.10.3",
"revision": "r28872-daca7c049b",
"target": "mediatek/filogic",
"description": "OpenWrt 24.10.3 r28872-daca7c049b",
"builddate": "1758316778"
}
}
root@OpenWrt:\~# cat /etc/config/network

config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fd5f:f39a:9ad2::/48'
option packet_steering '1'

config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'

config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
list dns '192.168.1.108'

config interface 'wan'
option device 'br-wan'
option proto 'dhcp'

config interface 'wan6'
option device 'eth0'
option proto 'dhcpv6'

config interface 'wwan'
option proto 'dhcp'

config interface 'test'
option proto 'static'
option device 'br-test'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'

config device
option type 'bridge'
option name 'br-work'
option bridge_empty '1'

config device
option name 'br-wan'
option type 'bridge'
list ports 'eth0'

config device
option name 'br-test'
option type 'bridge'

root@OpenWrt:\~# cat /etc/config/wireless

config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/18000000.wifi'
option band '2g'
option channel 'auto'
option htmode 'HT20'
option num_global_macaddr '7'
option cell_density '0'
option country 'US'

config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'psk2'
option key 'password'

config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc/18000000.wifi+1'
option band '5g'
option channel '36'
option htmode 'HE80'
option num_global_macaddr '7'
option cell_density '0'

config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'psk2'
option key 'password'

config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'Work'
option encryption 'psk2'
option network 'test'
option key 'workwork'
option isolate '1'

root@OpenWrt:\~# cat /etc/config/dhcp

config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'

config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'

config dhcp 'wan'
option interface 'wan'
option ignore '1'

config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'

config host
option name 'R6400'
option ip '192.168.1.221'
list mac 'B0:7F:B9:9F:6A:50'

config host
option name 'raspberrypi'
option ip '192.168.1.108'
list mac 'B8:27:EB:CE:0A:DE'

config dhcp 'test'
option interface 'test'
option start '100'
option limit '150'
option leasetime '12h'

root@OpenWrt:\~# cat /etc/config/firewall

config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'

config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'

config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
list network 'wwan'

config forwarding
option src 'lan'
option dest 'wan'

config rule
option src 'work'
option dest 'lan'
option name 'block from work to lan (doesn'''t seem to work)'
option target 'REJECT'
list proto 'all'

config rule
option src 'work'
option dest '\*'
option name 'block work to router'
option target 'REJECT'
list proto 'all'
list dest_ip '192.168.1.1'
list dest_ip 'fe80::2205:b7ff:fe00:78d1'
list dest_ip 'fe80::2205:b7ff:fe00:78d3'
list dest_ip '192.168.2.1'

config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'

config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'

config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'

config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '\*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'

config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'

config zone
option name 'work'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
list network 'test'

config rule
option src 'work'
option dest 'lan'
option name 'Allow-DNS-Work'
option dest_port '53'
option target 'ACCEPT'

config rule
option src 'work'
option dest 'lan'
option name 'Allow-DHCP-Work'
list proto 'udp'
option dest_port '67'
option target 'ACCEPT'

config forwarding
option src 'work'
option dest 'wan'

Please try to post again with the correct formatting so that your config is readable.

Please use the "Preformatted text </>" button for logs, scripts, configs and general console output.

Please edit your post accordingly. Thank you!

There seems to be a bug in Discourse which trashes the formatting of pasted text, even (or especially) when using voice tags, FYI. I had to turn off Markdown notation to make it work again here.

I think it actually has to do with the rich text editor. The "old" editor which can be used instead seems to not have issues.

Hey, I used the preformatted text but it didn't seem to work. I switched to the "standard markdown editor" and now it seems to work properly. Sorry about that.

To be clear, logically partitioning a network/PHY is solved by VLANs (in standard practice).

Why do you have a bridge on WAN connected only to eth0?

Why is wan6 connected to eth0 (correct), but wan's to a bridge (seems incorrect)?

You ŕe updating packages? Thats not a good idea and may be the reason for your problems.

As already pointed out ...

Upgrading packages (via the CLI opkg upgrade command or the LuCI Upgrade... button) can result in major problems. It is generally highly discouraged, unless you know what you are doing or if there is specific instruction to do so.

Hey guys, I don't update packages, I usually just go to the "Attended Sysupgrade" tab under "System" and click "Search for firmware upgrade". If there is no update available I don't do anything. If there is an update available, I install it. Would this cause issues?

I think that's what I was trying to achieve, maybe I went about it wrong.

I'm not entirely sure to be honest, I followed a guide to set up a separate wifi network for home and work devices. It was working fine until this recent update which completely disabled my internet on both networks. Then, when I connected the WAN bridge to eth0 it seemingly fixed everything.

That's a great question, should wan6 also be connected to the bridge?

My main question still is why was my configuration working before my update and then broken after? I'm trying to get to the root cause of what went wrong so if a less technical user at my household wants to do an update they can be confident the internet isn't going to break like it did in this instance.

No, there shouldn't be a bridge.

Well, it's clear the device was misconfigured, so no clue.

I think this is the guide I followed. Did I do something wrong or is the advice in the guide outdated or something? https://openwrt.org/docs/guide-user/network/wifi/guestwifi/configuration_webinterface

Well, as we covered, you made mutuple bridges - that's not correct.

Also, you created a bridge for WAN, but you linked a guest WiFi Wiki.

What do you intend to accomplish?

I don't recall creating the wan bridge, I think that was part of the default configuration I got with the device. I wanted to create a separate isolated wifi network for my work devices, basically a guest network.

fwiw, my ISP requires PPPoE and VLAN - I also have a wan bridge and during the update to 24.10.3, the vlan, wan devices were removed form the bridge device, which didn’t happened in any previous update. Just adding them back fixed it for me, hth.