OpenWrt 22 not working with Nintendo Switch

Installing and Using OpenWrt
1

I upgraded from Openwrt 21 to 22 and Nintendo Switch no longer able to upload/download. I suspected it has to do with the new firewall. I opened up recommended ports to see if that has an impact but it doesn’t. So I am looking for other avenues that could cause this behavior. What I could see on the Switch is that Openwrt 22 pulls the wrong global IP address when I do the internet connection test on Switch. I replicated this behavior on a second router I have so it doesn’t seem to be a freak thing but rather something in Openwrt 22 that functions differently. I downgraded back to Openwrt 21 and I’m back to having a Switch connection, but unsatisfied sitting on a now outdated end of life firmware version. Does anybody else with a Switch have issues ?

Side note… main router is trusty Netgear 7800 and second router I tested is Netgear R8000 I have sitting around.

2

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
3

Thanks for the hint. I would have to connect up the 22 router again and I assume what you propose means running a remote ssh connection through a terminal ? Although I have used and configured Openwrt for a long time I have stuck to the gui so far. I am asking here because I realize what’s causing these issues might be above my pay grade, so to speak. I will report back with your requested results when I have them together.

4

Yes. This should be very simple. Just copy and paste those commands and it'll output the text of the configuration files. From there, we can take a look at what might be going on.

Maybe... maybe not :wink: -- no time like the present to learn a new way of working with your OpenWrt router!

5

If you updated from 21.x to 22.x version of OpenWRT, it is best to start from scratch/clean config and build from there. I know this is tedious but based on my experience, not doing so usually borks the firewall setup.

6

Hi gang, I'm having the same problem. Did anyone ever find a resolution to this? An additional wrinkle: the Nintendo Switch can connect to the wireless LAN, but from there can't seem to connect to the WAN. This would seem to support OP's hypothesis about firewall issues.

Stuff I've already tried

  • Like OP I tried Nintendo's recommended port forwarding setup, but this didn't do anything and I was sketchy about how broad it was so I removed the relevant settings

  • Confirmed with another machine that the ethernet port is working

    • I have a NUC which usually sits on the same port from which I was able to ping google.com
    • I flushed all of the DHCP settings I had for the NUC and restarted the router
    • I can also wget the homepage for my personal website
    • The NUC is having trouble connecting to debian's package repos right now, and am wondering if the problem is related

  • Ran service stop firewall but the Switch continued to have connection problems. This did resolve the repo issues mentioned in the above bullet point however

Additional info
Router: Archer A7 (AC1750)
Firmware: OpenWrt 22.03.2 r19803-9a599fee93 / LuCI openwrt-22.03 branch git-22.288.45147-96ec0cd

/etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd8a:7c83:9056::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '100.100.0.1'

config device
	option name 'eth0.2'
	option macaddr 'REDACTED'

config interface 'wan'
	option device 'eth0.2'
	option proto 'dhcp'

config interface 'wan6'
	option device 'eth0.2'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '2 3 4 5 0t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '1 0t'

/etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'REDACTED'
	option encryption 'psk2'
	option key 'REDACTED'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/ahb/18100000.wmac'
	option channel '1'
	option band '2g'
	option htmode 'HT20'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'REDACTED'
	option encryption 'psk2'
	option key 'REDACTED'

/cat/etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config host
	option name 'ecb5faa6dc8c'
	option dns '1'
	option mac 'REDACTED'
	option ip '100.100.0.231'
	option leasetime 'infinity'

config domain
	option name 'REDACTED'
	option ip '100.100.0.2'

config host
	option name 'Chromecast'
	option ip '100.100.0.247'
	option mac 'REDACTED'

config host
	option name 'hifiberry'
	option ip '100.100.0.149'
	option mac 'REDACTED'
	option leasetime 'infinity'

config domain
	option name 'bjork.local'
	option ip '100.100.0.149'

config host
	option name 'RE220'
	option ip '100.100.0.209'
	option mac 'REDACTED'

config host
	option name 'bjork'
	option ip '100.100.0.204'
	option mac 'REDACTED'

config host
	option name 'homeassistant'
	option ip '100.100.0.158'
	option mac 'REDACTED'

config host
	option name 'kodi'
	option duid '00020000AB1103464DB6FC807F62'

config host
	option name 'bjork'
	option ip '100.100.0.186'
	option mac 'REDACTED'

config host
	option ip '100.100.0.100'
	option mac 'REDACTED

cat /etc/config/firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option synflood_protect '1'
	option forward 'REJECT'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option input 'REJECT'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config redirect
	option name 'Transparent Proxy Redirect'
	option src 'lan'
	option proto 'tcp'
	option src_ip '!100.100.0.1'
	option src_dport '80'
	option dest_ip '100.100.0.1'
	option dest_port '8888'
7

You should use a different subnet for your lan. You used public ip addresses...

8

Thanks for the advice. Changed to a 10.0.0.0 subnet and the problem persists. What else you got?

9

Why do you need this? What is it for?

1 Like
10

It’s left over from when I ran tinyproxy. I no longer run that, but must have forgotten to remove the redirect. I’m guessing that’s the problem causing the ‘apt update’ issues I mentioned. Since the Switch continued having connection issues after firewall was disabled I’m not as confident about this fixing that problem. Will remove when I get back to my home network and update.

11

Haven’t checked in here for a while, sorry. It just so happened that I needed to upgrade to a new router. I use 23.05.0-rc2 and it seems to be going fine. But I certainly kept having the issues that I originally described and could never determine the source of the problem.
It is important to note that the Switch seems to have a quirk where you need to do a hard shutdown (hold down power button until it turns off) when network settings change. Don’t bother using the switch menu to do restart or turn off. Use the power button.

1 Like
12

This was it! Removed it from the config and restarted firewall and the Switch connects without problem now. Thank for the help rj!