No internet on macbook, other devices working

Hi,
I have a problem with my WiFi. My setup:

Fritz!Box (FritzOS) -> Fujitsu S920 (openWRT) -> unmanaged switch -> TP Link EAP245 v1 AP (TP Link FW, dynamic IP).

So the AP is part of eth0 in br-lan. All phisycally connected devices work, PC and phone are working on wifi aswell. Macbook can ping the openWRT-router but has no internet connection. But when I activate the wifi on my FritzBox and connect to it with my macbook it works just fine.

Any ideas?

Thanks in advance!

this device is a black hole to us, and you too, it would seem ...

The chain is too long - dont you think? Make "unmanaged switch" a home LAN network and let internet-connected Fritzbox be a DHCP server and router for the rest, other AP-s can serve as dumb AP-s - set static LAN IP inside fritzbox-es DHCP subnet and connect to their LAN ports.

So you'd throw out the openWRT router all together?
I'd like to use it instead of the fritzbox in the future.

But I just connected the AP directly to the fritzbox and everything is working. That doesn't really make sense to me. What am I missing?

The problem is not OpenWrt…

It is this device - your WiFi AP - that is not working as expected. You need to refer to the documentation that TP-Link provides or ask on their support channels for help.

Or…

Install OpenWrt on that device and we will absolute be able to help you with that ap!

https://firmware-selector.openwrt.org/?version=23.05.4&target=ath79%2Fgeneric&id=tplink_eap245-v1

Don't you think it's got something to do with openWRT since the AP works as expected when connected directly to the fritzbox?

But I will have a look at installing openWRT on the AP. Thanks for the link.

Not likely a problem with Openwrt - I think your issue is the configuration of your ap with the vendor firmware. But let’s look at the config of your openwrt router.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
1 Like

I installed openWRT on the AP and configured it as dumb AP but still same behavior. Still good to have openWRT instead of the tp link fw of course :wink:
I also thought AdGuardHome might somehow block the macbook but disabling it didn't help either.

here's the result of the commands. I configured the "wifi" zone because I initially wanted to separate ethernet and wifi. But right now the AP is connected via ethernet and part of br-lan.

root@OpenWrt:~# ubus call system board
{
	"kernel": "5.15.150",
	"hostname": "OpenWrt",
	"system": "AMD GX-415GA SOC with Radeon(tm) HD Graphics",
	"model": "FUJITSU FUTRO S920",
	"board_name": "fujitsu-futro-s920",
	"rootfs_type": "ext4",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.3",
		"revision": "r23809-234f1a2efa",
		"target": "x86/64",
		"description": "OpenWrt 23.05.3 r23809-234f1a2efa"
	}
}
root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'xxx'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '62'

config interface 'wan'
	option device 'eth1'
	option proto 'dhcp'

config interface 'wan6'
	option device 'eth1'
	option proto 'dhcpv6'

config interface 'wifi'
	option proto 'static'
	option device 'wifi'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device
	option type 'bridge'
	option name 'wifi'
	option mtu '1500'
	option txqueuelen '1000'
	option macaddr 'xxx'
	list ports 'eth2'

root@OpenWrt:~# cat /etc/config/wireless
cat: can't open '/etc/config/wireless': No such file or directory
root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	option confdir '/tmp/dnsmasq.d'
	option port '553'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config host
	option name 'LAMBO'
	option ip '192.168.1.100'
	option mac 'xxx'

config host
	option name 'Desktop'
	option ip '192.168.1.154'
	option mac 'xxx'

config dhcp 'wifi'
	option interface 'wifi'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option ra_mtu '1500'
	option ra_hoplimit '64'
	option dhcpv6 'server'

config host
	option name 'homeassistant'
	option ip '192.168.1.139'
	option mac 'xxx'

root@OpenWrt:~# cat /etc/config/firewall

config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'
	option drop_invalid '1'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wifi'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'wifi'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'LAMBO xxx'
	option src 'wan'
	option src_dport 'xxx'
	option dest_ip '192.168.1.100'
	option dest_port 'xxx'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'LAMBO xxx'
	option src 'wan'
	option src_dport 'xxx'
	option dest_ip '192.168.1.100'
	option dest_port 'xxx'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'LAMBO xxx'
	option src 'wan'
	option src_dport 'xxx'
	option dest_ip '192.168.1.100'
	option dest_port 'xxx'

config forwarding
	option src 'wifi'
	option dest 'wan'

what's this for ?

What IP addresses do your devices when connected via that AP?

Is it 192.168.1.x or 192.168.2.x ?

As I said I initially wanted to separate WiFi and ethernet. But right now the WiFi zone has no ports attached to it and is doing nothing. I just didn't delete it.

Right now it's 192.168.1.xxx. I tried using a separate port which I attached to the "WiFi" zone. Then it was 192.168.2.xxx. but same result: all devices except the MacBook work fine.

If you want to do this, you'd connect eth2 directly to your AP. However, this won't solve the problem you're havnig with your Macbook -- that is almost certainly related to the current configuration of the AP (running its vendor firmware).

Alternatively, you can use VLANs for this, but you would need to have a managed switch -- the unmanaged one will not be appropraite here.

As I said I flashed openWRT to the AP. But the MacBook still has no internet connection while all other WiFi devices work.

Let's see the config for the AP:

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Also, please elaborate here:

  • is the mac able to join the network?
  • Is it set to get an address via DHCP?
  • Is it able to obtain an address via DHCP (and if so, what does it get)?
  • If you open the terminal, what happens if you run the following ping tests:
    • ping 192.168.1.1
    • ping 64.226.122.113
    • ping openwrt.org

According to your description you can bypass OpenWRT - does internet work then?

Yes, it's does :slight_smile:

What are the results of the tests I recommended?

  • mac is able to join the network
  • ip via dhcp
  • 192.168.1.242
  • pings:
    *- 192.168.1.1: working
    *- 64.226.122.113: timeout
    *- openwrt.org: uknown host