OpenWRT One - no Internet/DNS in the device

Hello,

I have brand new OpenWRT One device.
Connected it to my router via Ethernet cable in One's LAN port.
I created WiFi access point, it works nicely. All traffic is handled by my main home router. One can see my local machines and talk to them.
I have local DNS resolver in my network, any machine connected to my router via DHCP will be served nicely and will get working.

Problem: OpenWRT One cannot get online itself. I can't download packages via GUI or opkg update (via ssh):

# opkg update
Downloading https://downloads.openwrt.org/releases/24.10.0-rc5/targets/mediatek/filogic/packages/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.org/releases/24.10.0-rc5/targets/mediatek/filogic/packages/Packages.gz

Downloading https://downloads.openwrt.org/releases/24.10.0-rc5/packages/aarch64_cortex-a53/base/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.org/releases/24.10.0-rc5/packages/aarch64_cortex-a53/base/Packages.gz

Things I've tried:

• Factory reset
• Upgraded system from 24.10rc2 to 24.10rc5 via luci
• Connected home router cable to WAN port (which assiged IP to One from my main router DHCP), and another computer to LAN, I can browse luci and ping 8.8.8.8, but I cannot ping my home router
• Connected home router cable to LAN port (which gives it static IP set in br-lan interface, I can browse luci and ping my home router but cannot ping 8.8.8.8
• Connected home router cable to LAN port and set my home router IP as IPv4 gateway in br-lan interface settings. I can now ping my home router and 8.8.8.8, but opkg update is still returning errors. Full return:

root@OpenWrt:~# opkg update
Downloading https://downloads.openwrt.org/releases/24.10.0-rc5/targets/mediatek/filogic/packages/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.org/releases/24.10.0-rc5/targets/mediatek/filogic/packages/Packages.gz

Downloading https://downloads.openwrt.org/releases/24.10.0-rc5/packages/aarch64_cortex-a53/base/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.org/releases/24.10.0-rc5/packages/aarch64_cortex-a53/base/Packages.gz

Downloading https://downloads.openwrt.org/releases/24.10.0-rc5/targets/mediatek/filogic/kmods/6.6.69-1-83c6d4e14f7353564d3cadaf38a15bef/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.org/releases/24.10.0-rc5/targets/mediatek/filogic/kmods/6.6.69-1-83c6d4e14f7353564d3cadaf38a15bef/Packages.gz

Downloading https://downloads.openwrt.org/releases/24.10.0-rc5/packages/aarch64_cortex-a53/luci/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.org/releases/24.10.0-rc5/packages/aarch64_cortex-a53/luci/Packages.gz

Downloading https://downloads.openwrt.org/releases/24.10.0-rc5/packages/aarch64_cortex-a53/packages/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.org/releases/24.10.0-rc5/packages/aarch64_cortex-a53/packages/Packages.gz

Downloading https://downloads.openwrt.org/releases/24.10.0-rc5/packages/aarch64_cortex-a53/routing/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.org/releases/24.10.0-rc5/packages/aarch64_cortex-a53/routing/Packages.gz

Downloading https://downloads.openwrt.org/releases/24.10.0-rc5/packages/aarch64_cortex-a53/telephony/Packages.gz
Failed to send request: Operation not permitted
*** Failed to download the package list from https://downloads.openwrt.org/releases/24.10.0-rc5/packages/aarch64_cortex-a53/telephony/Packages.gz

Collected errors:
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/24.10.0-rc5/targets/mediatek/filogic/packages/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/24.10.0-rc5/packages/aarch64_cortex-a53/base/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/24.10.0-rc5/targets/mediatek/filogic/kmods/6.6.69-1-83c6d4e14f7353564d3cadaf38a15bef/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/24.10.0-rc5/packages/aarch64_cortex-a53/luci/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/24.10.0-rc5/packages/aarch64_cortex-a53/packages/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/24.10.0-rc5/packages/aarch64_cortex-a53/routing/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/24.10.0-rc5/packages/aarch64_cortex-a53/telephony/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

I am sure I am doing something trivially wrong, can anyone help? Thank you!

While you haven't really laid out your configuration (hint, hint), that behaviour is not unexpected.

By default, any devices with >=2 ethernet ports defaults to being configured as router, that means:

• WAN, DHCP client
• LAN, static IP (192.168.1.1), DHCP-server (plus the IPv6 equivalents) on

You can't just connect it by its lan port (without reconfiguration) and expect it to work as AP, you will have to:

• make the DHCP server ignore the lan interface (same for IPv6, RA, DHCPv6, SLAAC)
• reconfigure the LAN interface settings, be it to DHCP-client or a static configuration (with an IP matching your existing router's subnetting and not conflicting with existing IPs) involving gateway and DNS addresses pointing at your existing router

Thank you. That's what I ended up doing!
I connected my router to LAN port.
Set br-lan gateway to my router IP.
Set DNS Forwards in luci's Network/DHCP and DNS/Forwards menu to my homeserver IP which does DNS for entire LAN.
Now, OpenWRT One can access the internet and have DNS resolved. opkg works!

/etc/resolv.conf still points to 127.0.0.1 (as default), that's because local dnsmasq inside One is forwarding DNS requests to my homeserver, as I asked it.

I think to simplify this, I think I could disable dnsmasq service entirely, and just set nameserver in /etc/resolv.conf to an IP of my homeserver? I don't need DNS and DHCP services in OpenWRT One, everything is done by the router and homeserver inside LAN.

Question: should I connect router cable to WAN port? That makes more sense for my configuration as AP only?

The ports can be assigned to any network interface directly or via a bridge. That is to say that the function of the wan and lan ports can be arbitrarily changed based on how you want to use them. However, in the default configuration, the wan port is assumed to be connected to an untrusted upstream network (such as the internet).

If you want to physically use the wan port when configuring a basic bridged-AP type setup, you can delete the wan and wan6 network interfaces and then add the wan port to br-lan.