JordC
November 30, 2020, 12:02pm
1
Hi, new to the community.
Prewarn - I am not very clued up on networking, but have a good knowledge of linux systems & basic networking terminologies.
My friend purchased a BT HH5A flashed with OpenWrt and preinstalled with OpenVPN so he could use his NordVPN account. His ISP blocked Nord (but we didn't discover that until after the reset!!)
After a reset, the HH5A is back to a factory LuCI OpenWrt (18.06.2) install without the OpenVpn client, I went through the steps to reinstall the packages, to find that the device no longer connects to the internet!
My setup is depicted below -
I have followed the steps on page 95 Section 9.3 of the OpenWrt-Lede installation guide belowhttps://openwrt.ebilan.co.uk/viewtopic.php?f=7&t=266
This solved the Error - Network device not present
The WAN port still received no packets though & I cannot access the internet.
Help would be appreciated
Thanks!
trendy
November 30, 2020, 12:34pm
2
Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
uci export network; uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
Also version 18.06.2 is old, vulnerable and unsupported, so upgrade to the latest as soon as possible.
1 Like
JordC
November 30, 2020, 1:04pm
3
Thank you for the speedy reply. Here is the output of what you asked.
Also, I will upgrade as soon as possible! Thank you for letting me know.
package network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'xxxx:xxxx:xxxx::/xx'
config atm-bridge 'atm'
option vpi '1'
option vci '32'
option encaps 'llc'
option payload 'bridged'
option nameprefix 'dsl'
config dsl 'dsl'
option annex 'a'
option tone 'av'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device 'lan_dev'
option name 'eth0.1'
option macaddr 'xx:xx:xx:xx:xx:xx'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
option ipv6 'auto'
config device 'wan_dev'
option name 'eth0.2'
option macaddr 'xx:xx:xx:xx:xx:xx'
config interface 'wan6'
option ifname '@wan'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '0 1 2 4 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '2'
option ports '5 6t'
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan6 wan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
root@OpenWrt:~#
root@OpenWrt:~#
root@OpenWrt:~# uci export network; uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; \
> ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
> ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*
package network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'xxxx:xxxx:xxxx::/xx'
config atm-bridge 'atm'
option vpi '1'
option vci '32'
option encaps 'llc'
option payload 'bridged'
option nameprefix 'dsl'
config dsl 'dsl'
option annex 'a'
option tone 'av'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device 'lan_dev'
option name 'eth0.1'
option macaddr 'xx:xx:xx:xx:xx:xx'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
option ipv6 'auto'
config device 'wan_dev'
option name 'eth0.2'
option macaddr 'xx:xx:xx:xx:xx:xx'
config interface 'wan6'
option ifname '@wan'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '0 1 2 4 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '2'
option ports '5 6t'
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan6 wan'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
5: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
valid_lft forever preferred_lft forever
192.168.1.0/24 dev br-lan scope link src 192.168.1.1
broadcast 127.0.0.0 dev lo table local scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
local 127.0.0.1 dev lo table local scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
broadcast 192.168.1.0 dev br-lan table local scope link src 192.168.1.1
local 192.168.1.1 dev br-lan table local scope host src 192.168.1.1
broadcast 192.168.1.255 dev br-lan table local scope link src 192.168.1.1
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
ls: /tmp/resolv.*/*: No such file or directory
lrwxrwxrwx 1 root root 16 Jan 30 2019 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r-- 1 root root 32 Jan 31 2019 /tmp/resolv.conf
-rw-r--r-- 1 root root 0 Jan 31 2019 /tmp/resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf.auto <==
head: /tmp/resolv.*/*: No such file or directory
frollic
November 30, 2020, 1:27pm
4
Are you routing everything through the VPN ?
JordC
November 30, 2020, 1:33pm
5
Hi @frollic ,
When I reset the HH5A I lost the VPN client so there's no VPN adapter to route through!
Trying to get traffic to he received through my WAN adapter first of all.
frollic
November 30, 2020, 1:37pm
6
It's not a subnet conflict ?
Your 5A and the "household router" both use the 192.168.1 range ?
JordC
November 30, 2020, 1:50pm
7
Good suggestion, I double checked but no conflicts within the subnet range!
Cheers.
JordC
November 30, 2020, 2:04pm
9
Ping 8.8.8.8 from my terminal gives the following response -
From 192.168.1.1 icmp_seq=1 Destination Net Unreachable
frollic
November 30, 2020, 2:08pm
10
... and tracert/traceroute ?
JordC
November 30, 2020, 2:37pm
11
frollic:
nd tracert/tracerou
No luck, with that either.
frollic
November 30, 2020, 2:44pm
12
That I knew, question is what does it say ... ?
1 Like
trendy
November 30, 2020, 4:28pm
13
Wan interface doesn't have an IP. Are you sure that port 5 which is assigned as untagged to vlan2 is connected to the cable towards the upstream router?
JordC
November 30, 2020, 4:36pm
14
Sorry haha it says this -
OpenWrt.lan (192.168.1.1) 0.434ms !N 0.717 ms !N *
(This doesn't mean much to me but hopefully you know more!)
JordC
November 30, 2020, 4:50pm
15
Hi @trendy -
No I am not sure.
What is the impact of having port 5 of the clan as untagged?
I am unsure how the ports are referenced. The physical setup is depicted below -
WAN is connected to the upstream and Lan cable is hooked into my laptop.
trendy
November 30, 2020, 4:54pm
16
What is the output of swconfig dev eth0 show ?
JordC
November 30, 2020, 5:20pm
17
The output is as follows -
Global attributes:
enable_vlan: 1
Port 0:
uvr: 0
vsr: 0
vinr: 0
tvm: 0
pvid: 1
link: port:0 link:down
Port 1:
uvr: 0
vsr: 0
vinr: 0
tvm: 0
pvid: 1
link: port:1 link:down
Port 2:
uvr: 0
vsr: 0
vinr: 0
tvm: 0
pvid: 1
link: port:2 link:down
Port 3:
uvr: 0
vsr: 0
vinr: 0
tvm: 0
pvid: 1
link: port:3 link:down
Port 4:
uvr: 0
vsr: 0
vinr: 0
tvm: 0
pvid: 1
link: port:4 link:up speed:100baseT full-duplex auto
Port 5:
uvr: 0
vsr: 0
vinr: 0
tvm: 0
pvid: 2
link: port:5 link:down
Port 6:
uvr: 0
vsr: 0
vinr: 0
tvm: 0
pvid: 1
link: port:6 link:up speed:1000baseT full-duplex auto
VLAN 1:
vid: 1
enable: 1
ports: 0 1 2 4 6t
VLAN 2:
vid: 2
enable: 1
ports: 5 6t
trendy
November 30, 2020, 5:31pm
18
JordC:
link: port:5 link:down
Is the cable connected to the wan port properly connected to the lan port of the router?
1 Like
JordC
November 30, 2020, 5:35pm
19
Yes, cable to WAN is working okay. I tested it just now to be sure though. Same ethernet cable which was working before the HH5A was reset.
trendy
November 30, 2020, 5:38pm
20
Well, if the port 5 doesn't come up you won't have much luck.
