Maybe I solved the SSID and lan association problem by changing the lan1 device from br-lsn to wlan1
where wlan1 = Wireless Network: Master wifi1 (lan1).
The change is as follows:
2. lan1
protocol: static address
device: wlan1
ipv4 address: 192.168.2.200
ipv4 netmask: 255.255.255.0
firewall setting - Create / Assign firewall-zone: lan1
DHCP Server start: 210
limit 10
Now if I connect to wifi I have a network address 192.168.2.0/24 while if I connect to wifi1 I have a network address 192.168.3.0/24
I am attaching the log of the command you asked me to execute after the modification described above:
(In the chat wifi = wifi1816vpn in the log and wifi1 = wifi1826vpn1)
root@xxxxxxxx:~# ubus call system board; \
> uci export network; uci export wireless; \
> uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; \
> ip -4 addr ; ip -4 ro li tab all ; ip -4 ru
{
"kernel": "5.4.154",
"hostname": "xxxxxxxx",
"system": "ARMv7 Processor rev 1 (v7l)",
"model": "Linksys WRT3200ACM",
"board_name": "linksys,wrt3200acm",
"release": {
"distribution": "OpenWrt",
"version": "21.02.1",
"revision": "r16325-88151b8303",
"target": "mvebu/cortexa9",
"description": "OpenWrt 21.02.1 r16325-88151b8303"
}
}
package network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'xxxxxxxxxxxxxx/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.2.1'
config device
option name 'wan'
option macaddr 'xxxxxxxxxxxxx'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
config interface 'LAN1'
option proto 'static'
option auto '0'
option netmask '255.255.255.0'
option ipaddr '192.168.3.1'
option device 'wlan1'
package wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
option htmode 'VHT80'
option cell_density '0'
option country 'IT'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option macaddr 'xxxxxxxxxxxxxxxxx'
option encryption 'psk2'
option ssid 'wifi1826vpn'
option key 'xxxxxxxxxxxxxxxxxxxxxxxx'
config wifi-device 'radio1'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
option htmode 'HT20'
option country 'IT'
option cell_density '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option mode 'ap'
option macaddr 'xxxxxxxxxxxxxxxx'
option ssid 'wifi1826vpn1'
option encryption 'psk2'
option key 'xxxxxxxxxxxxxxxxxxxxxxxxx'
option network 'LAN1'
config wifi-device 'radio2'
option type 'mac80211'
option channel '34'
option hwmode '11a'
option path 'platform/soc/soc:internal-regs/f10d8000.sdhci/mmc_host/mmc0/mmc0:0001/mmc0:0001:1'
option htmode 'VHT80'
option disabled '1'
config wifi-iface 'default_radio2'
option device 'radio2'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'LAN1'
option interface 'LAN1'
option leasetime '12h'
option start '100'
option limit '150'
list ra_flags 'none'
package firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'lan1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'LAN1'
config zone
option name 'OpenVPN'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list device 'tun+'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list device 'tun0'
list device 'tun1'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'
config forwarding
option src 'lan'
option dest 'OpenVPN'
config forwarding
option src 'lan1'
option dest 'OpenVPN'
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
7: wan@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.1.119/24 brd 192.168.1.255 scope global wan
valid_lft forever preferred_lft forever
11: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.2.1/24 brd 192.168.2.255 scope global br-lan
valid_lft forever preferred_lft forever
60: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 500
inet 10.28.0.6/16 scope global tun0
valid_lft forever preferred_lft forever
61: tun1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN qlen 500
inet 10.27.0.4/16 scope global tun1
valid_lft forever preferred_lft forever
69: wlan1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
inet 192.168.3.1/24 brd 192.168.3.255 scope global wlan1
valid_lft forever preferred_lft forever
0.0.0.0/1 via 10.27.0.1 dev tun1
default via 192.168.1.1 dev wan src 192.168.1.119
10.27.0.0/16 dev tun1 scope link src 10.27.0.4
10.28.0.0/16 dev tun0 scope link src 10.28.0.6
128.0.0.0/1 via 10.27.0.1 dev tun1
xxx.xxx.xxx.xxx via 192.168.1.1 dev wan
xxx.xxx.xxx.xxx via 192.168.1.1 dev wan
192.168.1.0/24 dev wan scope link src 192.168.1.119
192.168.2.0/24 dev br-lan scope link src 192.168.2.1
192.168.3.0/24 dev wlan1 scope link src 192.168.3.1
broadcast 10.27.0.0 dev tun1 table local scope link src 10.27.0.4
local 10.27.0.4 dev tun1 table local scope host src 10.27.0.4
broadcast 10.27.255.255 dev tun1 table local scope link src 10.27.0.4
broadcast 10.28.0.0 dev tun0 table local scope link src 10.28.0.6
local 10.28.0.6 dev tun0 table local scope host src 10.28.0.6
broadcast 10.28.255.255 dev tun0 table local scope link src 10.28.0.6
broadcast 127.0.0.0 dev lo table local scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
local 127.0.0.1 dev lo table local scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
broadcast 192.168.1.0 dev wan table local scope link src 192.168.1.119
local 192.168.1.119 dev wan table local scope host src 192.168.1.119
broadcast 192.168.1.255 dev wan table local scope link src 192.168.1.119
broadcast 192.168.2.0 dev br-lan table local scope link src 192.168.2.1
local 192.168.2.1 dev br-lan table local scope host src 192.168.2.1
broadcast 192.168.2.255 dev br-lan table local scope link src 192.168.2.1
broadcast 192.168.3.0 dev wlan1 table local scope link src 192.168.3.1
local 192.168.3.1 dev wlan1 table local scope host src 192.168.3.1
broadcast 192.168.3.255 dev wlan1 table local scope link src 192.168.3.1
0: from all lookup local
32766: from all lookup main
32767: from all lookup default