Openwrt seemingly blocking DHCP after a while

Installing and Using OpenWrt
21

Continuing my monologue, two updates:

I did not update to 24.10, still one 23.05, I missed the the attended sysudpate refused to update (and rightfully so). I need to run some scripts to expand a specific partition to upgrade it seems, I will look at this.

Secondly, even though I have configured the router to reboot every night, I hit the issue again just today. These are two sequential syslog lines, the second one is the first occurrence of the type for as long as the syslog goes:

Thu May  8 03:19:01 2025 cron.err crond[1508]: time disparity of 46470 minutes detected
Thu May  8 05:10:34 2025 daemon.warn dnsmasq-dhcp[1]: no address range available for DHCP request via br-lan.1001

I'm starting to think there's some hardware defect. Why would the clock have such an issue? NTP is working.

After rebooting, most of the syslogs from today are lost, the previous days are still here, but today, the first log lines are now:

Thu May  8 20:09:10 2025 cron.err crond[1503]: time disparity of 47480 minutes detected
Thu May  8 20:09:10 2025 daemon.err uhttpd[1588]: [info] luci: accepted login on / for root from 192.168.1.106

(the root login is me rebooting openwrt)

22

I'm a bit confused about the specific circumstances of this issue...

You mention that you have to power cycle the switch to regain DHCP functionality after it fails. You also said that it fails anytime the main router is rebooted. This behavior is obviously not expected, but not only that, the trigger itself doesn't really make sense.

Meanwhile, I'm seeing this:

and I'm trying to figure out why any qos stuff is installed on the switch. Or is this from the router?

And then there's this...

Is this from the router or the switch?

Let's review the complete configs from each device (network, dhcp, firewall). And also, are there any non-standard/default packages installed on either device? If so, please specify what is installed and where.

23

Sorry, I should avoid mixing up the terms router and switch.

The UniFi Edge Router X (ER X) is actually a router which I installed openwrt on and use as a switch. Thatā€™s why I keep mixing up the terms, apologies for this.

The home router is opnsense.

The logs in this thread are all from the openwrt box (UniFi ERX) which is configured as managed switch (config is below).

cat /etc/config/dhcp 
config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option cachesize '1000'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option ra 'relay'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'mgmt'
	option interface 'mgmt'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv6 'server'
	list dns '2a02:8106:65:8400::1'
cat /etc/config/network 
config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd68:c0fd:f8dc::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'
	list ports 'eth1'
	list ports 'eth2'
	list ports 'eth3'

config interface 'lan'
	option device 'br-lan.1001'
	option proto 'dhcp'
	option delegate '0'

config interface 'mgmt'
	option proto 'static'
	option device 'eth4'
	option ipaddr '192.168.200.1'
	option broadcast '192.168.200.255'
	list ip6addr 'fd00:200::'
	option ip6gw 'fd00:200::'
	option netmask '255.255.255.0'

config bridge-vlan
	option device 'br-lan'
	option vlan '1001'
	list ports 'eth0:u*'
	list ports 'eth1:u*'
	list ports 'eth2:u*'
	list ports 'eth3:t'

config interface 'guestwifi'
	option proto 'none'
	option device 'br-lan.1010'

config interface 'lan6'
	option proto 'dhcpv6'
	option device 'br-lan.1001'
	option reqaddress 'try'
	option reqprefix 'auto'

config bridge-vlan
	option device 'br-lan'
	option vlan '1010'
	list ports 'eth0:t'
	list ports 'eth1:t'
	list ports 'eth2:t'
	list ports 'eth3:t'
cat /etc/config/firewall 
config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'
	option drop_invalid '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'
	list network 'lan6'
	list network 'mgmt'
24

Let's start by ensuring that the lan DHCP server is not active at all. Remove the line with the - in it:

Next, let's make the mgmt dhcp server IPv4 only and remove the invalid line. Again, delete the - lines:

Similarly, in the network file, we're going to remove all the following lines:

and we'll remove the lan6 interface entirely:

Don't forget to remove lan6 from the firewall:

Restart and test.

25

Thanks a lot for taking the time to look into this.

I have implemented the changes you suggested, I rebooted and removed the 0 1 * * * /sbin/reboot line from cron. I will check syslogs for the dhcp error.

cat /etc/config/dhcp 
config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option cachesize '1000'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'mgmt'
	option interface 'mgmt'
	option start '100'
	option limit '150'
	option leasetime '12h'
cat /etc/config/network 
config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd68:c0fd:f8dc::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'
	list ports 'eth1'
	list ports 'eth2'
	list ports 'eth3'

config interface 'lan'
	option device 'br-lan.1001'
	option proto 'dhcp'
	option delegate '0'

config interface 'mgmt'
	option proto 'static'
	option device 'eth4'
	option ipaddr '192.168.200.1'
	option netmask '255.255.255.0'

config bridge-vlan
	option device 'br-lan'
	option vlan '1001'
	list ports 'eth0:u*'
	list ports 'eth1:u*'
	list ports 'eth2:u*'
	list ports 'eth3:t'

config interface 'guestwifi'
	option proto 'none'
	option device 'br-lan.1010'

config bridge-vlan
	option device 'br-lan'
	option vlan '1010'
	list ports 'eth0:t'
	list ports 'eth1:t'
	list ports 'eth2:t'
	list ports 'eth3:t'
cat /etc/config/firewall 
config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'
	option drop_invalid '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'
	list network 'mgmt'
26

That was fast, just had to turn off and reenable WiFi on my phone:

Fri May 9 08:01:07 2025 daemon.warn dnsmasq-dhcp[1]: no address range available for DHCP request via br-lan.1001

But, the phone works and has a valid IPv4 (which is a static DHCP assignment in the opnsense router).

I don't get why openwrt thinks it is a DHCP server here, though. (at least, that's how I read the log line)

27

Is this coming from the er-x?

What is the output of

ifstatus lan
28

I didn't notice this, but removing the relay line seems to have automatically added this. Should I put "relay" back in?

yes, this is from the erx openwrt switch.

ifstatus lan 
{
	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 1070,
	"l3_device": "br-lan.1001",
	"proto": "dhcp",
	"device": "br-lan.1001",
	"updated": [
		"addresses",
		"routes",
		"data"
	],
	"metric": 0,
	"dns_metric": 0,
	"delegation": false,
	"ipv4-address": [
		{
			"address": "192.168.1.122",
			"mask": 24
		}
	],
	"ipv6-address": [
		
	],
	"ipv6-prefix": [
		
	],
	"ipv6-prefix-assignment": [
		
	],
	"route": [
		{
			"target": "0.0.0.0",
			"mask": 0,
			"nexthop": "192.168.1.1",
			"source": "192.168.1.122/32"
		}
	],
	"dns-server": [
		"192.168.1.1"
	],
	"dns-search": [
		"schlabalatz.ninja"
	],
	"neighbors": [
		
	],
	"inactive": {
		"ipv4-address": [
			
		],
		"ipv6-address": [
			
		],
		"route": [
			
		],
		"dns-server": [
			
		],
		"dns-search": [
			
		],
		"neighbors": [
			
		]
	},
	"data": {
		"dhcpserver": "192.168.1.1",
		"hostname": "erx-eth0",
		"leasetime": 5184000,
		"ntpserver": "192.168.1.1"
	}
}
29

My mistake, option dhcpv4 'server' was already present before remove the ra relay line (and ra and dhcpv4 are not the same also...).

Just to be clear: when the issue starts becoming impacting, my phone for example does not get an IPv4 anymore. It's not specific to IPv6.

30

No, donā€™t read the relay line. This was there already and it is done for it to remain in normal situations. In truth, the log message is probably not an issue, but letā€™s make sure that there is nothing on the lan dhcp server:

Make the lan dhcp section look like this:

config dhcp 'lan'
	option interface 'lan'
	option ignore '1'

Reboot and test.

31

I edited dhcp config:

cat /etc/config/dhcp 
config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option cachesize '1000'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'mgmt'
	option interface 'mgmt'
	option start '100'
	option limit '150'
	option leasetime '12h'

then rebooted. But disabling/enabling wifi on the phone still immediately triggers the same log line:

Fri May 9 08:13:54 2025 daemon.warn dnsmasq-dhcp[1]: no address range available for DHCP request via br-lan.1001

You might be right and it's non impacting, but it's strange.

32

I donā€™t understand how or why the lan interface is listening for dhcp requests. It should not be at all - that server is disabled and the whole er-x should be transparent/passive from a dhcp perspective.

33

At least I feel less stupid, my issue isn't that trivial.

So I removed the dhcp config on the mgmt interface, and at least there are not log line anymore when I turn wifi off and back on on my phone.

config dhcp 'mgmt'
	option interface 'mgmt'
-	option start '100'
-	option limit '150'
-	option leasetime '12h'
+	option ignore '1'

Seems like dhcpd is listening on br-lan.1001 when it's enabled on the mgmt interface, which I cannot really explain...

35

So I might have found something.

If I reenable DHCP server on the mgmt intf BUT move this interface to a different firewall zone, the specific log line "daemon.warn dnsmasq-dhcp[1]: no address range available for DHCP request via br-lan.1001" is not triggered anymore when toggling wifi on my phone.

I'll monitor this for a week.

I also need to figure out how to actually fully configure mgmt interface to be able to reach LAN from there (also really, I only need to be able to access the GUI or the erx openwrt switch), it's kind of my dirty console access).

36

This is looking good. No more "no address range available for DHCP request" log lines...

Current config:

cat /etc/config/dhcp 
config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '0'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option cachesize '1000'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'mgmt'
	option interface 'mgmt'
	option start '100'
	option limit '150'
cat /etc/config/network 
config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd68:c0fd:f8dc::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'
	list ports 'eth1'
	list ports 'eth2'
	list ports 'eth3'

config interface 'lan'
	option device 'br-lan.1001'
	option proto 'dhcp'
	option delegate '0'

config interface 'mgmt'
	option proto 'static'
	option device 'eth4'
	option ipaddr '192.168.200.1'
	option netmask '255.255.255.0'

config bridge-vlan
	option device 'br-lan'
	option vlan '1001'
	list ports 'eth0:u*'
	list ports 'eth1:u*'
	list ports 'eth2:u*'
	list ports 'eth3:t'

config interface 'guestwifi'
	option proto 'none'
	option device 'br-lan.1010'

config bridge-vlan
	option device 'br-lan'
	option vlan '1010'
	list ports 'eth0:t'
	list ports 'eth1:t'
	list ports 'eth2:t'
	list ports 'eth3:t'

config interface 'lan6'
	option proto 'dhcpv6'
	option device '@lan'
	option reqaddress 'try'
	option reqprefix 'auto'
	option delegate '0'
cat /etc/config/firewall 
config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'
	option drop_invalid '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'
	list network 'lan6'

config zone
	option name 'mgmt'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	list network 'mgmt'

config rule
	option name 'Allow from mgmt to lan'
	option src 'mgmt'
	option dest 'lan'
	option target 'ACCEPT'
	list proto 'all'

Compared to our last attempt, the only thing that I see being different is that lan6 is now an alias of lan and mgmt intf (which has a DHCP server configured) is now in its own firewall zone.