OpenWrt on ASUS RT-AX53U, only specific devices can connect

Hi, i got the new router today and been messing with it for hours. I got openwrt installed on it using a factory image, no issues and then upgraded using a sysupgrade image, also no issues as far as i can tell.

Turned on wireless for both 2.4 and 5Ghz networks with passwords and using WPA2 security. I have also set the network when editing to lan, wan and wan6. Both are in AP mode because i think thats the default for a main router. On both my phone and main pc i am able to connect to both SSID's however anyone else on my network is not able to, during the process of connecting it would take a long time to connect and even when its connected it says no internet.

I can see on the dashboard in associated stations that i see the host and the network its connected to, and can see RX rate / TX rate and see for example:
86.7 Mbit/s, 20 MHz, MCS 12, Short GI
72.2 Mbit/s, 20 MHz, MCS 7, Short GI

Trying to download any addons or updating always yeilds errors, for example trying to update some addon:

Executing package manager
Downloading https://downloads.openwrt.org/releases/23.05.4/targets/ramips/mt7621/packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/23.05.4/targets/ramips/mt7621/packages/Packages.gz

Downloading https://downloads.openwrt.org/releases/23.05.4/packages/mipsel_24kc/base/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/23.05.4/packages/mipsel_24kc/base/Packages.gz

Downloading https://downloads.openwrt.org/releases/23.05.4/packages/mipsel_24kc/luci/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/23.05.4/packages/mipsel_24kc/luci/Packages.gz

Downloading https://downloads.openwrt.org/releases/23.05.4/packages/mipsel_24kc/packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/23.05.4/packages/mipsel_24kc/packages/Packages.gz

Downloading https://downloads.openwrt.org/releases/23.05.4/packages/mipsel_24kc/routing/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/23.05.4/packages/mipsel_24kc/routing/Packages.gz

Downloading https://downloads.openwrt.org/releases/23.05.4/packages/mipsel_24kc/telephony/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/23.05.4/packages/mipsel_24kc/telephony/Packages.gz
Errors
Failed to send request: Operation not permitted
Failed to send request: Operation not permitted
Failed to send request: Operation not permitted
Failed to send request: Operation not permitted
Failed to send request: Operation not permitted
Failed to send request: Operation not permitted
Collected errors:
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/23.05.4/targets/ramips/mt7621/packages/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/23.05.4/packages/mipsel_24kc/base/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/23.05.4/packages/mipsel_24kc/luci/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/23.05.4/packages/mipsel_24kc/packages/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/23.05.4/packages/mipsel_24kc/routing/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/23.05.4/packages/mipsel_24kc/telephony/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.
The opkg update command failed with code 6.

I have also resetted the router and redid all settings again as well as sysupgrading it. Whats the problem?

This should have been LAN only, functonally it is one bridge only but luci does not enforce it.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

... or just reset it, and start from scratch.

unless WAN and LAN subnet don't overlap, there's no real reason for changing the LANs or WANs, unless you need to provide upstream logon details (PPPoE, etc).

But if its just LAN then i won't be able to connect via Wifi right?

wifi and wired LAN are bridged, it's one shared happy network by default.
at least it was, until you misconfigured it :slight_smile:

1 Like

Im having trouble trying to find what i screwed up. by resetting do you mean holding down the reset button? I have already done that

Do it from web interface

there's a reset feature in the webUI.

root@OpenWrt:~# ubus call system board
{
        "kernel": "5.15.162",
        "hostname": "OpenWrt",
        "system": "MediaTek MT7621 ver:1 eco:3",
        "model": "ASUS RT-AX53U",
        "board_name": "asus,rt-ax53u",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.4",
                "revision": "r24012-d8dd03c46f",
                "target": "ramips/mt7621",
                "description": "OpenWrt 23.05.4 r24012-d8dd03c46f"
        }
}
root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr ''
        option netmask ''

config globals 'globals'
        option ula_prefix ''
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'wan'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr ''
        option netmask ''
        option ip6assign ''

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'
        option type 'bridge'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option reqprefix 'auto'
        option type 'bridge'

config device
        option name 'wan'

config interface 'wwan'
        option proto 'dhcp'
root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
        option channel '1'
        option band '2g'
        option htmode 'HE20'
        option cell_density '0'
        option country 'AU'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan wan wan6'
        option mode 'ap'
        option ssid 'D8_2.4Ghz'
        option encryption 'psk2'
        option key ''

config wifi-device 'radio1'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0+1'
        option channel '36'
        option band '5g'
        option htmode 'HE80'
        option cell_density '0'
        option country 'AU'
root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '0'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'
        option port '54'
        list server ''
        list address ''

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        list dhcp_option ''
        list dhcp_option ''
        list dns ''

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config host
        option name 'DESKTOP-'
        option ip ''
        option mac ''
root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'
        option flow_offloading '1'
        option flow_offloading_hw '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'
        list network 'wwan'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

I've removed any ip address or the like, some have just "" which means whatever inside i have masked/deleted

Is it through System -> Backup/Flash Firmware and then under Restore, click on the button Perform Reset?

yes, correct.

Change this option to contain "lan" only.

1 Like

ok ill do so.

you're exposing your lan devices to internet with this...

after resetting?

if you're resetting you don't have to do anything, you're safe again.

The network should contain lan only, in case you add guest/iot bridge and wifi - only one single interface where wifi clients are bridged.

Yeah I’m trying to add wifi, which is why I assumed I had to turn WAN on

How long does a reset take? It’s been roughly 8 minutes since I started it.

a min or two, you realize wifi is off again, after a reset ?