Openwrt x86 Dumb AP no DHCP WiFi

Hi!

I struggeling with a issue for weeks now.... I hope you can help me out.

I created a dumb AP this way:

1. Disconnect the (soon-to-be) Dumb AP from your network, and connect your computer to it with an Ethernet cable.
2. Use the web interface to go to Network → Interfaces and select the LAN interface.
3. Enter an IP address “next to” your main router on the field “IPv4 address”. (If your main router has IP 192.168.1.1, enter 192.168.1.2). Set DNS and gateway to point into your main router to enable internet access for the dumb AP itself
4. Then scroll down and select the checkbox “Ignore interface: Disable DHCP for this interface.”
5. Click “IPv6 Settings” tab and set everything to “disabled”.
6. In the top menu go to System → Startup, and disable firewall, dnsmasq and odhcpd in the list of startup scripts.
7. Click the Save and Apply button. Hard-Restart your router if you're not able to connect anymore.
8. Go to http://192.168.1.2 (or whatever address you specified) and check if the settings for the LAN interface are the same.
9. Use an Ethernet to connect one of the LAN ports on your main router to one of the LAN/switch ports of your “new” dumb AP. (There's no need to connect the WAN port of the Dumb AP.)
10. You are done.

My main router is the DHCP server.
If I put the LAN interface in DHCP client mode, it get a IP.
But my WiFi client does not get a IP adres.

I deleted my WAN interface, so It cant be a routing issue.

It seams like a sort kind of DHCP relay issue?!?

Sophos XG (DHCP enabled) <==== >OpenWRT dumb AP <===> WiFi Client (Laptop/Tel)

Is your LAN interface (the one towards the Sophos XG) bridged with the Wifi Network?
Basically you should have a br-lan that covers your LAN ports and your Wifi Networks.

Yes it is.
What do you mean by br-lan?
Do you have link to the how-to?

Great thanks!!!!

Well the howto is what you actually copied from in your first post.

You can check the lower part if the webinterface one didn't worked.

Generally default configuration creates a bridge (br-lan) between your LAN ports and your Wifi unless you have removed that.

To add your wifi networks to the bridge go to Network -> Wirless. On your wifi click edit and ensure it is assigned to the LAN bridge

br-lan is the kernel name, for configuration it is just called lan. The brctl show command is useful to confirm that a bridge has been set up and includes both the Ethernet and the wifi interfaces.

Since most x86 deployments are in a wired role and wifi hardware varies, x86 builds do not ship with any wifi support built in. So you need to have compatible hardware and install quite a bit of software to make wifi work at all. It would be best to do this with the rest of the install remaining at a default configuration. Test that a client is able to connect to the wifi and get an IP address from the default DHCP server. Then convert to a dumb AP.

Where did you read that he is using Openwrt on x86? Maybe I overlooked something but I would have thought that the "OpenWRT dump AP" is jsut a normal OpenWRT router.

Sorry I forget to tell I use x86 with a netgear USB:
http://en.techinfodepot.shoutwiki.com/wiki/Netgear_A6210

In normal modus it works fine...very fast!

image1161×358 15.9 KB

Okay, I rebuild my setup:
192.168.0.254 is the Sophos XG

image916×639 24.4 KB

image961×697 21.3 KB

image923×596 13 KB

root@OpenWrt:~# brctl show
bridge name bridge id STP enabled interfaces
br-lan 7fff.000c29a7b63a yes eth0
wlan0

Result is that the openwrt router it self can ping the gateway 192.168.0.254.
If connect a Wireless device it does not get a IP from the gateway.
If I set the ip manual, I can ping the Openwrt router but I'm not able to ping the gateway.

So It looks like there is no data transfer from WiFi over the OpenWrt router.

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l  /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*

root@OpenWrt:~# ubus call system board; \
> uci export network; uci export wireless; \
> uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user; \
> ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
> ls -l  /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*
{
        "kernel": "4.14.195",
        "hostname": "OpenWrt",
        "system": "AMD Opteron(tm) X3418 APU",
        "model": "VMware, Inc. VMware Virtual Platform",
        "board_name": "vmware-inc-vmware-virtual-platform",
        "release": {
                "distribution": "OpenWrt",
                "version": "19.07.4",
                "revision": "r11208-ce6496d796",
                "target": "x86/64",
                "description": "OpenWrt 19.07.4 r11208-ce6496d796"
        }
}
package network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '192.168.0.1'
        option igmp_snooping '1'
        option delegate '0'
        option stp '1'
        list dns '1.1.1.1'
        option gateway '192.168.0.254'

package wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'pci0000:00/0000:00:16.0/0000:0b:00.0/usb1/1-2/1-2:1.0'
        option channel 'auto'
        option hwmode '11g'
        option htmode 'HT40'
        option country 'NL'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ieee80211w '1'
        option key 'password'
        option encryption 'psk2'
        option ssid 'Magnetron_24GHzB'

package dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option ignore '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

package firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option synflood_protect '1'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
11: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    inet 192.168.0.1/24 brd 192.168.0.255 scope global br-lan
       valid_lft forever preferred_lft forever
default via 192.168.0.254 dev br-lan
192.168.0.0/24 dev br-lan scope link  src 192.168.0.1
broadcast 127.0.0.0 dev lo table local scope link  src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1
broadcast 192.168.0.0 dev br-lan table local scope link  src 192.168.0.1
local 192.168.0.1 dev br-lan table local scope host  src 192.168.0.1
broadcast 192.168.0.255 dev br-lan table local scope link  src 192.168.0.1
0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default
lrwxrwxrwx    1 root     root            16 Sep  6 16:19 /etc/resolv.conf -> /tmp/resolv.conf
lrwxrwxrwx    1 root     root            21 Sep 21 20:51 /tmp/resolv.conf -> /tmp/resolv.conf.auto
-rw-r--r--    1 root     root            35 Sep 21 21:23 /tmp/resolv.conf.auto
==> /etc/resolv.conf <==
# Interface lan
nameserver 1.1.1.1

==> /tmp/resolv.conf <==
# Interface lan
nameserver 1.1.1.1

==> /tmp/resolv.conf.auto <==
# Interface lan
nameserver 1.1.1.1

Try to remove stp from lan interface.
Also disable ieee80211w, especially if you have not installed wpad/hostapd full or the driver doesn't support it.

Test that plugging a laptop into your backhaul cable (the one connected to eth0 from the main router) gets an IP and has Internet access.

I disabled it ...still it connects to WiFi , but no DHCP and witth a fixed IP I can't reach any other device on the network (only the Openwrt Router.

Looks like it is isolated.

@mk24
Yes it has.
When I run it in nat modes, it can Internet etc...

This being a VM the settings of the VM hypervisor networking are important. For VirtualBox I would use "Bridged Adapter" to have a complete bridge to the outside network. I don't know what the VMware equivalent is.

This is the setup:

image1048×371 53.8 KB

If the virtual Opwenwrt router is installed the traditional way (Nat) everything is working fine.
The WAN interface gets a ip from the Sophos XG and I can surf the internet.

The swith,DHCP and routing etc.. is working fine.

But in dumb AP mode, the WiFi device is not getting a IP, also it is not possible to ping de Sophos XG.
So it looks like the Openwrt router is not routing the traffic in AP modes.

It looks like a hypervisor networking issue.
Most likely it restricts broadcast traffic to the virtual switch scope.
Reconfigure the downstream virtual network to use routed or bridged mode.

If that is true....then DHCP would not work if Openwrt was running in traditional modes.
The WAN interface gets a DHCP IP.

Broadcast works in the scope of the virtual switch.
That's why OpenWrt upstream DHCP works fine.

But the wireless interface is not really a part of the virtual switch.
So, the the downstream DHCP works only for VM in the routed mode.

image453×547 9.9 KB

I'm stuck how to fix it...ther are no options to select in these option on the vSwitch.

Strange thing is ...... Openwrt Luci -> Diagnostics -> ping 192.168.0.2 ping:

PING 192.168.0.254 (192.168.0.254): 56 data bytes
64 bytes from 192.168.0.254: seq=0 ttl=64 time=0.708 ms
64 bytes from 192.168.0.254: seq=1 ttl=64 time=0.548 ms
64 bytes from 192.168.0.254: seq=2 ttl=64 time=0.411 ms
64 bytes from 192.168.0.254: seq=3 ttl=64 time=0.476 ms
64 bytes from 192.168.0.254: seq=4 ttl=64 time=0.413 ms

--- 192.168.0.254 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 0.411/0.511/0.708 ms

Fixed IP WiFi on the Laptop (because I does not get a IP adres)
I'm able to ping 192.168.0.1 (LAN interface Openwrt)
But not any other devices on the lan.