OpenWrt guest wlan has no internet

Did some changes to the files. You still need those informations?

Part of the Ubiquiti configuration system is a script to revert to static IP if no DHCP is received. This is done on the single regular LAN, it doesn't launch another LAN. There isn't anything like that readily built into OpenWrt. I keep a spare router on hand to temporarily put the DHCP client APs on a network in those cases.

Thanks for letting me know about this. So, I have to write a script for that. What is the purpose of aliases then?

I tried the same a couple of months ago on my UniFi AP AC PRO and got exactly to the same point: client connects and gets an IP from the guest wlan but "no internet" available.
How did you get to fix it? Can you share your config files?
Thank you in advance.

Follow what @mk24 said. Here is my metwork and firewall configuration files:

/etc/config/network:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd46:52a4:07b4::/48'

config interface 'lan'
	option ifname 'eth0'
	option proto 'dhcp'
	option hostname 'unify'

config interface 'guest'
	option proto 'static'
	option ipaddr '10.0.1.1'
	option netmask '255.255.255.0'
	option dns '8.8.8.8, 8.8.4.4'

/etc/config/firewall:

config zone 'guest_zone'
	option name 'guest'
	option network 'guest'
	option input 'REJECT'
	option forward 'REJECT'
	option output 'ACCEPT'

config forwarding 'guest_forwarding'
	option src 'guest'
	option dest 'lan'

config rule 'guest_rule_dns'
	option name 'Allow DNS Queries'
	option src 'guest'
	option dest_port '53'
	option proto 'udp'
	option target 'ACCEPT'

config rule 'guest_rule_dhcp'
	option name 'Allow DHCP request'
	option src 'guest'
	option src_port '68'
	option dest_port '67'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'Deny Guest -> LAN'
	option src 'guest'
	option dest 'lan'
	option proto 'all'
	option target 'DROP'
	option dest_ip '192.168.1.0/24'

/etc/config/dhcp:

config dhcp 'guest'
	option interface 'guest'
	option start '50'
	option limit '200'
	option leasetime '1h'

Also add these two lines in lan zone in firewall config file:

    option masq '1'
    option mtu_fix '1'
1 Like

I haven't read the whole topic, sorry.

  1. You should open ports for DNS, and DHCP in 'guest_zone'. Open destination port, don't add source port.
  2. Why masq '1' in lan?
  3. Where is wan?
  4. Where is wireless config?

Port is open for DNS and DHCP in separate rules.

There is only one ethernet prot in Unifi AC lite so using only lan.

Thanks! I'll try that asap.

Pay attention to wireless config also.

Can you elaborate in detail? I am not good in this field so consider me as a noob.

You've provided all configs except wireless one. There should be section in wireless config.

This is the wireless configuration.

Yes, you don't give section from this config, although give sections from network, and firewall.

He already gave it in the opening post and it is correct since the only important part there is assigning the guest wifi-iface to the "guest" network:

option network 'guest'

Firewall rules say Deny guest to lan. That might be your issue.