OpenWrt on Linksys1900acs v2 can't have both wireless bands working

egzakutacno · February 7, 2023, 10:59pm

Fresh setup of Openwrt 22.03.2 on Linksys 1900acs v2

Openwrt is connected with ethernet to my main router which is giving internet and DHCP to openwrt.
While starting wireless antennas on openwrt for the first time, i get 2.4ghz and 5ghz, and i can connect to to them normally.

here is the tricky part:

i am using openwrt router to give out vpn to it's connected devices. (that is its main purpose) but in order to have vpn connection i have to change my interface from BR-LAN to WLAN0 or WLAN1.
as soon as i do that i lose one of them, meaning if i choose wlan0 then i can connect to 5ghz only. i can see 2.4 but im stuck at obtaining IP address. I have tried adding another interface to serve as 2.4 or 5 (depending which one was already up) and giving it static IP, but I couldn't get it to give me access to internet, although I could connect to it. I probably messed up IP addresses.

while writing this i have had the weirdest thing happen, as i only had 5ghz antenna up, and i wanted to turn on 2.4 antenna so i can take all the info on it to post here, as soon as i just enabled 2.4 antenna i lost connection to both of them, and after reboot, i could only connect to 2.4 and not to 5... BUT i was connected to 5 for few days..

WIRELESS:


config wifi-device 'radio0'
	option type 'mac80211'
	option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
	option band '5g'
	option htmode 'VHT80'
	option country 'CN'
	option channel '157'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option encryption 'none'
	option macaddr '58:ef:68:b7:1d:32'
	option ssid '55'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
	option channel '1'
	option band '2g'
	option htmode 'HT20'
	option country 'CN'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option encryption 'none'
	option macaddr '58:ef:68:b7:1d:31'
	option ssid '24'

NETWORK :


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd7a:c87e:1409::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option device 'wlan1'

config device
	option name 'wan'
	option macaddr '5a:ef:68:b7:1d:30'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

psherman · February 8, 2023, 3:15am

No, you don't need to change it, and you shouldn't. In fact, wlan0/wlan1 should never appear in the network config... instead, you link the SSID to the desired network in the wireless config.

Beyond that, if you want a network to be available on more than one physical interface (i.e. ethernet and/or 2.4G wifi and/or 5G wifi), it must be in a bridge.

change the device below back to br-lan

Why did you feel that you needed to change this in order to allow your client devices to use the VPN? No changes to your lan (or br-lan device) should be necessary.

egzakutacno · February 8, 2023, 3:27am

hi, thanks for taking the time to help me.

firstly, something that just happened now. i wanted just to rename 5ghz network to something else, for sake of simplicity.. i changed it to the same name as 2.4 and just added -5g at the end of it.
i did that while on 5ghz network, as i cant connect to 2.4. the moment i hit SAVE i again lost connection to both antennas, they are still visible, but cant connect to them. i rebooted the router and now i can only connect to 2.4, and i can't use 5ghz.

secondly, the reason that i have to change from br-lan to lan is because i dont have vpn tunneling traffic through it, for some reason.
if i leave it on br-lan, i can access bing but not google, as i live currently in china. bing is ok, google is a no no.

now i will try and make changes you just told me, and see what happens.

psherman · February 8, 2023, 3:34am

I'd have to see the latest config to make any recommendations, but fixing the lan (by using device br-lan) should be the first priority. Do this before anything else. Then test to see if you can connect to the wifi networks and let me know the status.

That will not fix your problem... I would imagine it didn't improve the situation anyway -- it probably didn't make the VPN work, and it broke the connectivity on the second wifi radio.

More than likely, the issue is related to the firewall...
What VPN protocol are you using? How is it configured? Are you able to see if it has properly established the tunnel (logs or handshake information ,etc.)?

And let's see your /etc/config/firewall file

egzakutacno · February 8, 2023, 3:49am

I lost all connections to openwrt when I switched to br-lan, did factory reset, let me install all that I need to show you. Be right back...

egzakutacno · February 8, 2023, 4:14am

ok, im back. have everything up and running. current situation:

i can connect to both bands, and they are br-lan by default. i can access internet with both of them but, Chinese internet. If i start VPN, i can still access only chinese websites. at this point i usually change from br-lan to wlan1, or wlan0 and i get vpn working, but only one band is usable. which i didn't do now.

FIREWALL

config defaults
	option syn_flood	1
	option input		ACCEPT
	option output		ACCEPT
	option forward		REJECT
# Uncomment this line to disable ipv6 rules
#	option disable_ipv6	1

config zone
	option name		lan
	list   network		'lan'
	option input		ACCEPT
	option output		ACCEPT
	option forward		ACCEPT

config zone
	option name		wan
	list   network		'wan'
	list   network		'wan6'
	option input		REJECT
	option output		ACCEPT
	option forward		REJECT
	option masq		1
	option mtu_fix		1

config forwarding
	option src		lan
	option dest		wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
	option name		Allow-DHCP-Renew
	option src		wan
	option proto		udp
	option dest_port	68
	option target		ACCEPT
	option family		ipv4

# Allow IPv4 ping
config rule
	option name		Allow-Ping
	option src		wan
	option proto		icmp
	option icmp_type	echo-request
	option family		ipv4
	option target		ACCEPT

config rule
	option name		Allow-IGMP
	option src		wan
	option proto		igmp
	option family		ipv4
	option target		ACCEPT

# Allow DHCPv6 replies
# see https://github.com/openwrt/openwrt/issues/5066
config rule
	option name		Allow-DHCPv6
	option src		wan
	option proto		udp
	option dest_port	546
	option family		ipv6
	option target		ACCEPT

config rule
	option name		Allow-MLD
	option src		wan
	option proto		icmp
	option src_ip		fe80::/10
	list icmp_type		'130/0'
	list icmp_type		'131/0'
	list icmp_type		'132/0'
	list icmp_type		'143/0'
	option family		ipv6
	option target		ACCEPT

# Allow essential incoming IPv6 ICMP traffic
config rule
	option name		Allow-ICMPv6-Input
	option src		wan
	option proto	icmp
	list icmp_type		echo-request
	list icmp_type		echo-reply
	list icmp_type		destination-unreachable
	list icmp_type		packet-too-big
	list icmp_type		time-exceeded
	list icmp_type		bad-header
	list icmp_type		unknown-header-type
	list icmp_type		router-solicitation
	list icmp_type		neighbour-solicitation
	list icmp_type		router-advertisement
	list icmp_type		neighbour-advertisement
	option limit		1000/sec
	option family		ipv6
	option target		ACCEPT

# Allow essential forwarded IPv6 ICMP traffic
config rule
	option name		Allow-ICMPv6-Forward
	option src		wan
	option dest		*
	option proto		icmp
	list icmp_type		echo-request
	list icmp_type		echo-reply
	list icmp_type		destination-unreachable
	list icmp_type		packet-too-big
	list icmp_type		time-exceeded
	list icmp_type		bad-header
	list icmp_type		unknown-header-type
	option limit		1000/sec
	option family		ipv6
	option target		ACCEPT

config rule
	option name		Allow-IPSec-ESP
	option src		wan
	option dest		lan
	option proto		esp
	option target		ACCEPT

config rule
	option name		Allow-ISAKMP
	option src		wan
	option dest		lan
	option dest_port	500
	option proto		udp
	option target		ACCEPT


### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
#	option src		lan
#	option src_ip	192.168.45.2
#	option dest		wan
#	option proto	tcp
#	option target	REJECT

# block a specific mac on wan
#config rule
#	option dest		wan
#	option src_mac	00:11:22:33:44:66
#	option target	REJECT

# block incoming ICMP traffic on a zone
#config rule
#	option src		lan
#	option proto	ICMP
#	option target	DROP

# port redirect port coming in on wan to lan
#config redirect
#	option src			wan
#	option src_dport	80
#	option dest			lan
#	option dest_ip		192.168.16.235
#	option dest_port	80
#	option proto		tcp

# port redirect of remapped ssh port (22001) on wan
#config redirect
#	option src		wan
#	option src_dport	22001
#	option dest		lan
#	option dest_port	22
#	option proto		tcp

### FULL CONFIG SECTIONS
#config rule
#	option src		lan
#	option src_ip	192.168.45.2
#	option src_mac	00:11:22:33:44:55
#	option src_port	80
#	option dest		wan
#	option dest_ip	194.25.2.129
#	option dest_port	120
#	option proto	tcp
#	option target	REJECT

#config redirect
#	option src		lan
#	option src_ip	192.168.45.2
#	option src_mac	00:11:22:33:44:55
#	option src_port		1024
#	option src_dport	80
#	option dest_ip	194.25.2.129
#	option dest_port	120
#	option proto	tcp

vpn that im using is v2rayA and xray they are packages for VPN called 12vpx

egzakutacno · February 8, 2023, 4:18am

vpn is called 12vpx and they are using XRAY and v2rayA apps. i have found the vpn file and im posting it as is, its weird that is written in one long line.

{"log":{"access":"","error":"none","loglevel":"info"},"inbounds":[{"port":20170,"protocol":"socks","listen":"127.0.0.1","sniffing":{"enabled":false,"destOverride":["http","tls"],"metadataOnly":false},"settings":{"auth":"noauth","udp":true},"streamSettings":null,"tag":"socks_ipv4"},{"port":20171,"protocol":"http","listen":"127.0.0.1","sniffing":{"enabled":false,"destOverride":["http","tls"],"metadataOnly":false},"streamSettings":null,"tag":"http_ipv4"},{"port":20172,"protocol":"http","listen":"127.0.0.1","sniffing":{"enabled":false,"destOverride":["http","tls"],"metadataOnly":false},"streamSettings":null,"tag":"rule-http_ipv4"},{"port":32345,"protocol":"dokodemo-door","listen":"127.0.0.1","sniffing":{"enabled":true,"destOverride":["http","tls"],"metadataOnly":false},"settings":{"network":"tcp,udp","followRedirect":true},"streamSettings":{"sockopt":{"tproxy":"tproxy"}},"tag":"transparent_ipv4"},{"port":36467,"protocol":"dokodemo-door","listen":"127.0.0.1","sniffing":{"enabled":false,"metadataOnly":false},"settings":{"address":"127.0.0.1"},"streamSettings":null,"tag":"api-in_ipv4"},{"port":20170,"protocol":"socks","listen":"::1","sniffing":{"enabled":false,"destOverride":["http","tls"],"metadataOnly":false},"settings":{"auth":"noauth","udp":true},"streamSettings":null,"tag":"socks_ipv6"},{"port":20171,"protocol":"http","listen":"::1","sniffing":{"enabled":false,"destOverride":["http","tls"],"metadataOnly":false},"streamSettings":null,"tag":"http_ipv6"},{"port":20172,"protocol":"http","listen":"::1","sniffing":{"enabled":false,"destOverride":["http","tls"],"metadataOnly":false},"streamSettings":null,"tag":"rule-http_ipv6"},{"port":32345,"protocol":"dokodemo-door","listen":"::1","sniffing":{"enabled":true,"destOverride":["http","tls"],"metadataOnly":false},"settings":{"network":"tcp,udp","followRedirect":true},"streamSettings":{"sockopt":{"tproxy":"tproxy"}},"tag":"transparent_ipv6"},{"port":36467,"protocol":"dokodemo-door","listen":"::1","sniffing":{"enabled":false,"metadataOnly":false},"settings":{"address":"127.0.0.1"},"streamSettings":null,"tag":"api-in_ipv6"}],"outbounds":[{"tag":"proxy","protocol":"trojan","settings":{"servers":[{"address":"23.94.170.70","password":"559983c2-db71-4bb2-91dc-a9c51b1b0322","port":18155}]},"streamSettings":{"network":"tcp","security":"tls","tlsSettings":{"allowInsecure":false,"serverName":"dapjuwgefbub.superxnetwork.com"},"sockopt":{"mark":128}}},{"tag":"direct","protocol":"freedom","settings":{"domainStrategy":"UseIP"},"streamSettings":{"sockopt":{"mark":128}}},{"tag":"block","protocol":"blackhole","settings":{}},{"tag":"dns-out","protocol":"dns","settings":{"port":53,"address":"119.29.29.29","network":"udp"},"streamSettings":{"sockopt":{"mark":128}}}],"routing":{"domainStrategy":"IPOnDemand","domainMatcher":"mph","rules":[{"type":"field","outboundTag":"direct","ip":["23.94.170.70"],"port":"18155"},{"type":"field","outboundTag":"direct","inboundTag":["dns"]},{"type":"field","outboundTag":"direct","inboundTag":["transparent_ipv4","transparent_ipv6"],"ip":["geoip:private","127.0.0.1/8","192.168.2.121/24","192.168.1.1/24","::1/128","fe80::5aef:68ff:feb7:1d30/64","fe80::58ef:68ff:feb7:1d30/64","fd3b:e729:4014::1/60","fe80::5aef:68ff:feb7:1d30/64","fe80::5aef:68ff:feb7:1d31/64","fe80::5aef:68ff:feb7:1d32/64"],"port":"53"},{"type":"field","outboundTag":"direct","inboundTag":["rule-http_ipv4","rule-socks","rule-http_ipv6"],"domain":["domain:push-apple.com.akadns.net","domain:push.apple.com"]},{"type":"field","outboundTag":"proxy","inboundTag":["rule-http_ipv4","rule-socks","rule-http_ipv6"],"domain":["geosite:geolocation-!cn"]},{"type":"field","outboundTag":"proxy","inboundTag":["rule-http_ipv4","rule-socks","rule-http_ipv6"],"domain":["geosite:google"]},{"type":"field","outboundTag":"direct","inboundTag":["rule-http_ipv4","rule-socks","rule-http_ipv6"],"domain":["geosite:cn"]},{"type":"field","outboundTag":"proxy","inboundTag":["rule-http_ipv4","rule-socks","rule-http_ipv6"],"ip":["geoip:hk","geoip:mo"]},{"type":"field","outboundTag":"direct","inboundTag":["rule-http_ipv4","rule-socks","rule-http_ipv6"],"ip":["geoip:private","geoip:cn","127.0.0.1/8","192.168.2.121/24","192.168.1.1/24","::1/128","fe80::5aef:68ff:feb7:1d30/64","fe80::58ef:68ff:feb7:1d30/64","fd3b:e729:4014::1/60","fe80::5aef:68ff:feb7:1d30/64","fe80::5aef:68ff:feb7:1d31/64","fe80::5aef:68ff:feb7:1d32/64"]},{"type":"field","outboundTag":"direct","inboundTag":["transparent_ipv4","transparent_ipv6"],"domain":["domain:push-apple.com.akadns.net","domain:push.apple.com"]},{"type":"field","outboundTag":"proxy","inboundTag":["transparent_ipv4","transparent_ipv6"],"domain":["geosite:geolocation-!cn"]},{"type":"field","outboundTag":"proxy","inboundTag":["transparent_ipv4","transparent_ipv6"],"domain":["geosite:google"]},{"type":"field","outboundTag":"direct","inboundTag":["transparent_ipv4","transparent_ipv6"],"domain":["geosite:cn"]},{"type":"field","outboundTag":"proxy","inboundTag":["transparent_ipv4","transparent_ipv6"],"ip":["geoip:hk","geoip:mo"]},{"type":"field","outboundTag":"direct","inboundTag":["transparent_ipv4","transparent_ipv6"],"ip":["geoip:private","geoip:cn","127.0.0.1/8","192.168.2.121/24","192.168.1.1/24","::1/128","fe80::5aef:68ff:feb7:1d30/64","fe80::58ef:68ff:feb7:1d30/64","fd3b:e729:4014::1/60","fe80::5aef:68ff:feb7:1d30/64","fe80::5aef:68ff:feb7:1d31/64","fe80::5aef:68ff:feb7:1d32/64"]},{"type":"field","outboundTag":"api-out","inboundTag":["api-in_ipv4","api-in_ipv6"]},{"type":"field","outboundTag":"proxy","network":"tcp,udp"}]},"dns":{"hosts":{"courier.push.apple.com":"1-courier.push.apple.com"},"servers":["localhost"],"tag":"dns"},"api":{"tag":"api-out","services":["LoggerService"]}}

psherman · February 8, 2023, 5:11am

Glad that this part is solved The lan network and br-lan should not need to be modified for VPN related things.

Again, I cannot understand how changing the wifi networks with respect to the lan would suddently make the VPN work (and I highly doubt that it did actually have anything to do with it working if it ever did), since fundamentally this isn't a change required for VPN access in any normal situation.

You should consult with the people who provided the script and/or maintain this VPN/proxy service for help regarding how this is supposed to work and how you can verify that it is actually working.

This is a JSON string. But you'll have to ask the people who provided this stuff for help.

Meanwhile, based on your original subject line (about both wifi bands not working at the same time), I would say that your problem is solved.

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

(Obviously you may still have questions about the VPN/Proxy, but I would suggest that it may be best answered in a new thread that focuses specifically on the VPN/Proxy issue. This may or may not really be an OpenWrt issue, though, and may require help from the originators of that json data).

egzakutacno · February 8, 2023, 5:16am

thank you for your time and help. i will contact them. and yes, this is not a problem of openwrt as it works from the start.

system · February 18, 2023, 5:17am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.