I'm having an issue with OpenWrt on x86 setup.
New setup with openwrt:
1 have setup my Openwrt X86 which has eth0 & eth1.
eth1=wan
eth0=eth0.1 - lan 192.168.4.0/24
eth0.20 - vlan20 10.0.20.0/24
Netgear managed switch is setup with trunk port
T=untagged, lan
= tagged, vlan20
With the above setup, Openwrt behind my main Opnsense router everything in Openwrt works, I can browse internet and depending on which port on the netgear switch I get specified IP on my pc/laptop.
My Opnsense setup is X86 router with eth1 & eth0 running Opnsense & Unifi switch 60W.
same setup as above except here I'm using an Unifi managed switch Lan and Vlan profile. This setup works flawlessly.
Now the issue,
If I take the Opnsense out and replace with Openwrt router, the Vlan devices gets Ip address but no Lan devices receives
any IP.
So, the question is, there's something with Openwrt Lan interface setup and unifi switch.
Pls advice and ask if I'm missing any critical info.
/etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdc0:0ad1:e372::/48'
config interface 'lan'
option proto 'static'
option ipaddr '192.168.4.1'
option netmask '255.255.255.0'
option ip6assign '60'
option ifname 'eth0.1'
config interface 'wan'
option ifname 'eth1'
option proto 'dhcp'
option peerdns '0'
list dns '9.9.9.9'
list dns '1.1.1.1'
config interface 'wan6'
option ifname 'eth1'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
config interface 'VLAN20'
option proto 'static'
option ipaddr '10.0.20.1'
option netmask '255.255.255.0'
option ifname 'eth0.20'
/etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
ist icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option network 'VLAN20'
option forward 'REJECT'
option output 'ACCEPT'
option name 'VLAN20'
option input 'REJECT'
config forwaeding
option src 'VLAN20'
option dest 'wan'
config redirect
option dest_port '51820'
option src 'wan'
option name 'WG(VPN'
option src_dport '51820'
option target 'DNAT'
option dest_ip '192.168.4.8'
option dest 'lan'
list proto 'udp'
config rule
option dest_port '53'
option name 'VLAN20 DNS'
option target 'ACCEPT'
option src 'VLAN20'
option dest 'wan'
config rule
option name 'VLAN20 DHCP'
option target 'ACCEPT'
list proto 'udp'
option src 'VLAN20'
option src_port '67 68'
option dest_port '67 68'
config forwarding
option dest 'wan'
option src 'lan'
config forwarding
option dest 'wan'
option src 'VLAN20'
config forwarding
option dest 'VLAN20'
option src 'lan'