OpenWrt One no LAN connection

DocBrown · April 1, 2026, 6:28pm

Got a brand new One. Consol works, WAN works (updated). No LAN access. No dhcp (up and running). I did all the Linux crack head stuff commands i can think of, even asked my llm, all services up and running, luci running, firewall disabled. LAN device on handshake works, but there is no access to the One on LAN. Updated latest FW (USB), same. eth0 ist up, addr added, flushed, br-lan manual settet, dnsmasq all checked, running, config checked lan os not ignored … did ntf rule flush, nothing.

Did try multi devices, 2 laptops, … 2 cables, added switch, even used coross over cable

Am i 2 stupid for this “One”? Well i send it back to the seller either way, this is nothing for the retail market.

hw 24.03 - 2025.01.06-mp

psherman · April 1, 2026, 6:59pm

Since the console works, let's see the config to try to find out what's wrong...

Please connect to your OpenWrt device and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):

Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

DocBrown · April 1, 2026, 8:23pm

Lets see the config (default, did a few resets)

ubus call system board
{
        "kernel": "6.6.57",
        "hostname": "OpenWrt",
        "system": "ARMv8 Processor rev 4",
        "model": "OpenWrt One",
        "board_name": "openwrt,one",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "SNAPSHOT",
                "description": "OpenWrt SNAPSHOT",
                "revision": "r27876+1-3098b4bf07",
                "target": "mediatek/filogic",
                "builddate": "1729584976"
        }
}

cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd7a:488b:28dc::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'eth0'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth0'
        option proto 'dhcpv6'



cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/18000000.wifi'
        option band '2g'
        option channel '1'
        option htmode 'HE20'
        option num_global_macaddr '7'
        option disabled '1'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/soc/18000000.wifi+1'
        option band '5g'
        option channel '36'
        option htmode 'HE80'
        option num_global_macaddr '7'
        option disabled '1'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'
		

 cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'


cat /etc/config/firewall
config defaults
        option syn_flood        1
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
# Uncomment this line to disable ipv6 rules
#       option disable_ipv6     1

config zone
        option name             lan
        list   network          'lan'
        option input            ACCEPT
        option output           ACCEPT
        option forward          ACCEPT

config zone
        option name             wan
        list   network          'wan'
        list   network          'wan6'
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
        option masq             1
        option mtu_fix          1

config forwarding
        option src              lan
        option dest             wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
        option name             Allow-DHCP-Renew
        option src              wan
        option proto            udp
        option dest_port        68
        option target           ACCEPT
        option family           ipv4

# Allow IPv4 ping
config rule
        option name             Allow-Ping
        option src              wan
        option proto            icmp
        option icmp_type        echo-request
        option family           ipv4
        option target           ACCEPT

config rule
        option name             Allow-IGMP
        option src              wan
        option proto            igmp
        option family           ipv4
        option target           ACCEPT

# Allow DHCPv6 replies
# see https://github.com/openwrt/openwrt/issues/5066
config rule
        option name             Allow-DHCPv6
        option src              wan
        option proto            udp
        option dest_port        546
        option family           ipv6
        option target           ACCEPT

config rule
        option name             Allow-MLD
        option src              wan
        option proto            icmp
        option src_ip           fe80::/10
        list icmp_type          '130/0'
        list icmp_type          '131/0'
        list icmp_type          '132/0'
        list icmp_type          '143/0'
        option family           ipv6
        option target           ACCEPT

# Allow essential incoming IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Input
        option src              wan
        option proto    icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        list icmp_type          router-solicitation
        list icmp_type          neighbour-solicitation
        list icmp_type          router-advertisement
        list icmp_type          neighbour-advertisement
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT

# Allow essential forwarded IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Forward
        option src              wan
        option dest             *
        option proto            icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT

config rule
        option name             Allow-IPSec-ESP
        option src              wan
        option dest             lan
        option proto            esp
        option target           ACCEPT

config rule
        option name             Allow-ISAKMP
        option src              wan
        option dest             lan
        option dest_port        500
        option proto            udp
        option target           ACCEPT


### EXAMPLE CONFIG SECTIONS
# do not allow a specific ip to access wan
#config rule
#       option src              lan
#       option src_ip   192.168.45.2
#       option dest             wan
#       option proto    tcp
#       option target   REJECT

# block a specific mac on wan
#config rule
#       option dest             wan
#       option src_mac  00:11:22:33:44:66
#       option target   REJECT

# block incoming ICMP traffic on a zone
#config rule
#       option src              lan
#       option proto    ICMP
#       option target   DROP

# port redirect port coming in on wan to lan
#config redirect
#       option src                      wan
#       option src_dport        80
#       option dest                     lan
#       option dest_ip          192.168.16.235
#       option dest_port        80
#       option proto            tcp

# port redirect of remapped ssh port (22001) on wan
#config redirect
#       option src              wan
#       option src_dport        22001
#       option dest             lan
#       option dest_port        22
#       option proto            tcp

### FULL CONFIG SECTIONS
#config rule
#       option src              lan
#       option src_ip   192.168.45.2
#       option src_mac  00:11:22:33:44:55
#       option src_port 80
#       option dest             wan
#       option dest_ip  194.25.2.129
#       option dest_port        120
#       option proto    tcp
#       option target   REJECT

#config redirect
#       option src              lan
#       option src_ip   192.168.45.2
#       option src_mac  00:11:22:33:44:55
#       option src_port         1024
#       option src_dport        80
#       option dest_ip  194.25.2.129
#       option dest_port        120
#       option proto    tcp

psherman · April 1, 2026, 8:29pm

No reason that shouldn't work...

You should probably try to install a stable release.

please define what this means? LAN access to what and from what?

What do you mean no dhcp yet it is "up and running"?

Can you reach LuCI? Why is the firewall disabled?

Please describe your test methods and what is happening on the lan device in terms of IP address? Have you tried static IP?

Is the client device directly connected to the One, or is it connected through a switch or AP or other infrastructure devices?

DocBrown · April 1, 2026, 8:39pm

As far as i know there is a LAN, TCP handshake that runs between two devices in a nework to handle what speed a device can do and such stuff. That works, devices do connect to the LAN port of the One but there is no “real” connection, no data transfer. Over WAN i can find it in my network, even ping it as you can see, the default config allows it. But over LAN port, nothing.

In my opinion, this is not a config issue. There should be some data transfer between two devices, something to sniff no matter how bad my config is. I mad a small LAN data sniffer back in the days, there is nothing going on on the LAN port besides the handshake itself.

I did a few software resets, did the clear & reset images and NOR switch. All the stuff seems to work but not my LAN port. Did open up the case, can’t see any damage on the network port itself (doent meant it is not broken in some way) or solder points. Maybe a firmware can fix it?

No idea how to fix this by myself, dont got the time for it.

Thanks, ill send it back. Looks like a cool device.

psherman · April 1, 2026, 8:41pm

To clarify, the wan of the OpenWrt One is connected to your existing network's lan? (and specifically not a direct connection to the internet)?

If so... what is the output of:

ifstatus wan | grep address

DocBrown · April 1, 2026, 8:45pm

The WAN port was connected once to use the opkg update command.

Yes, WAN is not “direct” to the internet, it is inside my network. The device got internet access to update. There is no reason to share my local network, it will not fix the LAN port issue.

psherman · April 1, 2026, 8:46pm

It might.

Is your upstream network 192.168.1.0/24?? If so, that's your problem.

DocBrown:

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

you cannot have the wan and lan using an overlapping subnet. In that case, you need to change one or the other (the easy one to change is the OpenWrt One's lan -- make its address something like 192.168.52.1).

DocBrown · April 1, 2026, 8:50pm

Sure, but since 3 resets and one throw out of the window, it was not connected anymore ot my local network. To clearfy, my local network is a class a not c, starts with 10, not 192. But since the One is not connected and resettet multiple times, he does not know that network i run.

psherman · April 1, 2026, 8:53pm

Ok... well, given that you've been rather sparse on the details and somewhat unwilling to provide them when asked, we can't really help.

FWIW, RFC1918 addresses do not reveal any sensitive data about your network. And in this case, it's not the issue if you're on the 10. netblock instead of 192.168.1.0/24. But nonetheless, it's safe to provide that information and necessary in many cases to successfully debug issues.

That said, you seem more interested in returning the device than troubleshooting to see if it is a device hardware issue, firmware, config, or some other problem.

DocBrown · April 1, 2026, 9:03pm

So, you want me to the the One out of the box again, and send you the WAN output? It is the default output you get, because it is not connected to the WAN and was not connected to the WAN port since a few soft and hard resets. To what end?

It will not connect to LAN with default settings. Thats it. Can you fix that by config?

Again: It is not a matter of bad config, there is ZERO = 0 data transfer on LAN port. There is ALWAY some transfer over LAN if two devices are connected, there is always something going on. Dosent matter if you use a win, linux, mac or playstation, os and apps always send somehting.

Not so on my One.

psherman · April 1, 2026, 9:09pm

Nah.

You seem angry, though. I get the frustration of a possible hardware defect (and I can’t rule that out). But for the future, remember that the more info you can provide the better.

DocBrown · April 1, 2026, 9:15pm

Thanks, i’m not angry, i just don’t care anymore. 2 buch time for the One already.

elder_tinkerer · April 2, 2026, 8:10am

Hello,
i just ask the following questions to make sure i understood you right:

Your LAN is a 10.x.x.x network
The ONE WAN is not connected
If you just connect a device with DHCP enabled (PC, Notebook, whatever with a single ethernet cable, no other connection) only to the ONE LAN port you won't get neither an IPv4 (in the 192.168.1.x range) nor an IPv6 address.

Because you are sure that both the cable and the device are otherwise working absolutely without problems, i also would assume that your ONE is defective.
That might happen, but of course it really s*cks.
Better luck next time...