"no MAC Address found in DHCP server logs" and how to make a bridge

I am using a NETGEAR R6120 running OpenWrt and I have been trying to get it to act as a hub for a few IoT devices to connect to my university's Wi-Fi, as the university's device registration and connection have been unreliable or impossible on those devices. But I have been running into two major issues; briefly:

1. When I try to visit the device registration page, there is an error "We are unable to register your device because there was no MAC Address found in DHCP server logs for your machine," and
2. I have not been able to set up a proper Wi-Fi repeater.

Here is how I have been doing things: I have a Win10 desktop that is connected to the router via Ethernet. It is getting a static IP on the 192.168.2.0/24 subnetwork that the router has for its LAN configuration (interface LAN, device br-lan, which is devices eth0.1 and wlan0-2). I am using the Bitvise SSH client to connect to the router at 192.168.2.1, and I am using the client's SOCKS tunneling functionality to set up proxy forwarding on one of my local ports. In a different browser (Firefox) I have the proxy set to that so I can see what the router sees. The desktop is also connected to the Internet via Wi-Fi (not from the router) so that this browser (Chrome) can be used normally.

When I set the WAN interface on the router to connect to a Wi-Fi network with full Internet access, such as a hotspot on my phone, then Firefox works just fine; the router is connected to the Internet. When I try connecting it to my university's guest Wi-Fi, I am able to access the interstitial "Acknowledge our terms of service" page. I can then click "Accept" and it is connected to the Internet as before.

But when I set the WAN interface to connect to my university's normal Wi-Fi, it struggles to even get redirected to the interstitial page; I need to visit the website using HTTP instead of HTTPS to get it to load. And when it does load, it tells me that error above, namely that the university's DHCP server logs indicate no MAC address for the router. Could this be due to the proxy? As I understand it, what the computer sees should be what the router would see if it were doing the connection itself, though I am not 100% sure of this because there does not seem to be an OpenWrt browser (cf this).

Is there a known reason that the router would not be sending its MAC address to the DHCP server? Or do I need to escalate to the university's sysadmins to see what is going on? I have been told by neighbors that some routers' off-the-shelf firmware and interface have allowed them to register their devices with no issues, so I think there should be a way for me to figure this out on my own.

The second piece of the puzzle is how to get the router to properly bridge connections. Because even though I can tunnel the proxy connection through SSH, that does not mean that I can connect arbitrary devices to the Internet through the router. When the router's upstream Wi-Fi was connected to the Internet through my phone's hotspot, the Ethernet connection on my desktop was still claiming not to have an Internet connection. I also connected a laptop to the OpenWrt Wi-Fi (also on device br-lan) via DHCP and it did not ever get any Internet connection.

This is almost certainly a problem with my knowledge and not with the router. I have been struggling to understand the documentation -- pieces seem to be out of date, or in broken English, or have missing parts that make them difficult to follow. Here are the things I have tried:

• Just normally setting up the LAN and WAN interfaces, and putting them in the same firewall group with ACCEPT/ACCEPT/ACCEPT for input/output/forward both with and without Masquerading (as suggested here);
• Doing the above but setting the WAN interface to be in mode 'sta'; note that this had to be done in the CLI rather than LuCI (which did not seem to have a good way of representing that mode). This was following the ideas laid out here;
• Following the instructions here that basically do the above but with Client (WDS) and Access Point (WDS) as modes. This did not work; changing just the client to WDS made it not work, and trying to join the interfaces and then set the DNS forwarding to the address of the AP router (192.168.43.1 for the phone) initially took down the router (the "Physical Settings" options were moved!). Once I enabled STP it still did not work even when I set the gateway of the local interface to be the IP address it was assigned by the phone (192.168.43.220). When both the Client and Server are on the LAN interface, the upstream connection is listed as having a Static address protocol with an Address of the one set (192.168.2.1) with a gateway on the other network (192.168.43.220), supplanting the normal upstream connection to the phone. Even the proxied Firefox browser failed to connect when I tried this.
• Following the instructions here for the Wi-Fi repeater. I tried setting the "Local IPv4 address" for the repeater bridge to be the address it was assigned by whatever Internet service it was connected to: my phone, or the guest university Wi-Fi, but nothing seemed to work. I did make sure it was in the same firewall group as the LAN and the WWAN. Rather confusingly, both the WAN and WWAN have been able to connect, so I have been able to have 2 upstream connections at the same time. It is a useful way to check firewall connections but it can be confusing with respect to devices: they are devices wlan0 (which is really radio0.network2, apparently) and wlan0-1 with the same MAC addresses except one begins with 8C and the other begins with 8E.

For the life of me I cannot figure out where I am going wrong. Should I try manual routing with ip route add?

I think the problem with your proxy is it is being detected as a man in the middle, so the encryption may be seen as compromised.

From what I understand, you’re trying to configure a repeater or bridge. But what you’re trying to do with the proxy is to setup as a wisp. I think what you want to do is connect the router as a wireless client like a wisp and act as a gateway to your own network. My guess is that if you set it up this way, you will get the captive portal splash screen with the first client that connects through your router. Hopefully after that everything should work.

Thank you for the response.

By "WISP" do you mean "AP"? I can't find any meaningful hits for "WISP" in the OpenWRT Wiki.

Wisp stands for wireless internet service provider. See this artice: http://www.minihere.com/how-to-configure-openwrt-wifi-router-wisp-apclient-mode.html

That guide looks to be in broken English and missing many steps. It is not clear what is done where. I also do not see how that is any different from my attempts above. In my current setup, the OpenWrt network is the Master, in mode "Access Point" in LuCI, while the university network is in mode "Client."

How should the devices be arranged?

Please send your network config as it is now to better understand how its currently setup

Here is /etc/config/network:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd81:e864:dce9::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'
	option stp '1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.2.1'

config device
	option name 'eth0.2'
	option macaddr '8c:3b:ad:e9:bc:76'

config interface 'wan'
	option proto 'dhcp'
	option device 'radio0.network2'

config interface 'wan6'
	option device 'eth0.2'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '4 6t'

config interface 'wwan'
	option proto 'dhcp'
	option device 'wlan0-1'

config device
	option name 'wlan0'
	option macaddr '8E:3B:AD:E9:BC:75'

Here is /etc/config/wireless:

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/10300000.wmac'
	option channel '1'
	option band '2g'
	option htmode 'HT20'
	option disabled '0'
	option legacy_rates '1'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt'
	option encryption 'psk2'
	option key '[redacted]'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'
	option disabled '1'

config wifi-iface 'wifinet0'
	option device 'radio0'
	option encryption 'none'
	option mode 'sta'
	option network 'wan'
	option ssid 'Stanford'
	option ifname 'wlan0'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'sta'
	option ssid 'Verizon-SM-G930V-78AB'
	option encryption 'psk2'
	option key '[redacted]'
	option network 'wwan'

Here are several LuCI screenshots.

Status/Overview:

image933×832 58.2 KB

Network/Interfaces:

image946×653 47.7 KB

Network/Wireless:

image949×764 61.8 KB

Network/Firewall:

image950×854 40.1 KB

As I stated in my first post, I have a desktop (FORTRESS) that is connected to the router via Ethernet. It is being given a static IP on the 192.168.2.x subnet, and it is SSHing into the router. I am using the desktop's primary browser to write this post, as the desktop is connected to the university wireless. But I am also tunneling SOCKS through the SSH connection and my secondary browser is using that as a proxy.

I also have a laptop (BASE) that I am just connecting wirelessly to the router. It is not doing any SSHing.

To restate the issues I am having:

(1) When the router is connected to my phone's hotspot, namely the network with SSID Verizon-..., then the secondary browser that is tunneling into the router and using it as a proxy can connect to the Internet. But my laptop cannot, so there is something not working about the bridge -- the router is connected to the Internet, but the devices connected to the router cannot access the Internet.

(2) More insidiously, when I turn off my phone's hotspot and only connect the router to my university network (Stanford), then the proxied browser loads the captive portal, but I cannot register the router because, as the IT error page says, "We are unable to register your device because there was no MAC Address found in DHCP server logs for your machine." But the device on the router associated with the connection to the university network clearly does have a MAC address -- perhaps the university network expects devices like phones and computers that send device data in a broader format that includes a particular MAC address field, but simpler devices like the router do not. But to connect to the network at all it has to be sending its MAC address somehow, right? I sought out this forum to see if anyone had any guess as to what was going on with the MAC issue, in addition to to the access point problem above.

You are bridging the networks together but you should be keeping them separate and routing between them. Create a wan firewall zone and assign the wan and wwan networks to it and allow forwarding.

I think the proxy problem is a conflict between the proxy host and client. The error says theres no match, not that theres no mac address at all. I think what happening is the schools system sees the mac address of your desktop when you open the captive portal and doesn’t match it with the dhcp logs of the initial connection (the router).

Argh. I think I screwed the pooch. I tried separating the firewall zones as stated, and while forwarding seemed to allow the proxy to stay connected, auxiliary devices were still not able to connect through. I believe the splash screen failed with the same error.

Anyway, there was some annoyance with devices, interfaces, and wireless connections that was frustrating me -- I kept trying to label something with "wan" but it forced a device name "radio0.network2", while trying to make sense of "wwan" worked.

To clear the air I tried to reset using firstboot and reboot now, but annoyingly I had used a nightly build. After the reboot, I connected it to my phone's hotspot with the CLI so that I could opkg install luci, but this did not work because of a kernel mismatch. I then made the ill-fated decision to run:
opkg list-upgradable | cut -f 1 -d ' ' | xargs -r opkg upgrade
that I had found on StackOverflow and this really messed up the packages. It was so bad that even ls did not work because of not being able to find various C identifiers (variables with __ in their names). For a brief period, I was able to SSH to the machine, but I could not open a terminal. I tried doing nmrpflash with the stable, 21.0.2 image, but neither 192.168.1.200 nor 192.168.2.200 worked. And then I powercycled the router and now it seems to be bricked.

I fear it is severely bricked. When I try connecting to its Ethernet ports and set up a static IP I cannot ping it or SSH to it; the only light that is on is the flashing power button. Holding the hard reset button for any number of seconds (up to 90) does not show any response to the power button; it does not give any indication that it is actually resetting. On restart, the power LED is on for many seconds, then flashes quickly for a couple seconds, then flashes at a regular pace. Nothing else happens.

I am frustrated and angry with myself. Is there any hope of recovery, or is the router e-waste? I am guessing that its boot sequence is failing somewhere because of the messed up packages, but I have no way of interacting with it to confirm this.

I bought a new router, a TP-Link Archer A6 (AC1200), that others in the complex suggested. Its native access point mode was still insufficient, but by roughly following what was said in this post and the guides I was able to get the bridge set up as desired. As randyrodriguez pointed out, the main issue was that I was putting them all in the same zone.

I am still curious if there is a way to recover the Netgear router, so this issue is not quite closed.

You want the simplest possible routed client. Basically this is default configuration except the connection to the Internet will be a wifi client instead of an Ethernet cable.

Re-flash the router so you have default configuration. Connect your PC Ethernet to the router LAN port and log in. Do not connect the PC to any other networks. Remove the Ethernet option device from the wan network interface. Wifi devices are added by /etc/config/wireless not within /etc/config/network. Again there should be no option device on the wan interface in /etc/config/network.

Configure wireless of mode sta and credentials to connect to the university. I assume it is not WPA-EAP ("Enterprise") authentication, instead it is a captive portal. If it is EAP you need to step back and upgrade hostapd to the full version instead of the default hostapd, which does not support that type of authentication.

The 'option network wan' in /etc/config/wireless attaches the wifi client to the wan network. The wan is in the wan firewall zone and the lan is in lan. It is essential to route not bridge here because the university only expects one MAC address and will only give you one IP address. The masquerade (aka NAT) setting which is the default must remain on.

Hello Mike. You are addressing the previous problem, not the problem at hand. I cannot flash the Netgear router with your instructions because it is bricked. And I have already set up the TP-Link router to do what I need it to. Your words are probably more useful in the Wiki pages that I kept stumbling through.

Most Netgear models support debricking with nmrpflash. Since you have a Windows PC, use Netgear's official NMRP server application to recover it back to stock firmware, then install OpenWrt again.

Like I said above, it is not recognized by nmrpflash, since it is not recognized by anything even when the Ethernet is plugged in. I can try again; perhaps I missed something there. Again please read my situation carefully before replying.

nrmpflash works during the first couple of seconds after power on, the only way that would stop working is if the bootloader is corrupted, which would cause no lights to flash at all.

Another thing to try is failsafe mode. Just when the light starts flashing rapidly, press and release the reset button several times (also try the WPS button). If that was successful it will change to flashing very rapidly-- which means OpenWrt is running in failsafe mode. Static IP your PC to 192.168.1.10 and SSH to the router at 192.168.1.1.