Opkg and ping don’t work but I have internet access

Good morning,
I have full internet access but the command opkg update doesn't work (opkg_download: Check your network settings and connectivity ); also the ping command doesn't work.
How can I fix?
Thank you in advance,
Mario

root@OpenWrt:~# ubus call system board
{
	"kernel": "5.10.176",
	"hostname": "OpenWrt",
	"system": "Qualcomm Atheros QCA956X ver 1 rev 0",
	"model": "TP-Link Archer C6 v2 (EU/RU/JP)",
	"board_name": "tplink,archer-c6-v2",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "22.03.5",
		"revision": "r20134-5f15225c1e",
		"target": "ath79/generic",
		"description": "OpenWrt 22.03.5 r20134-5f15225c1e"
	}
}
root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fded:2354:22ed::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.1.2'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '2 3 4 5 0t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '1 0t'

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option encryption 'psk2'
	option key ''
	option ssid ''

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/ahb/18100000.wmac'
	option channel '1'
	option band '2g'
	option htmode 'HT20'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid ''
	option encryption 'psk2'
	option key ''

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

root@OpenWrt:~# cat /etc/config/firewall

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

Here are some useful information about my router and configuration files

there's no wan interface, set DNS and default GW manually on lan interface

2 Likes

Oh good...it's not just me

I have done everything...including turning off DoH, pinging the download website...going to it thru a browser...NOTHING...command line or Luci won't get the packages updates

Must be something on their end

Something on what end?

The original poster doesn't have a Internet interface configured. Is that your issue too?

if you mean the end in front of the keyboard, then you're correct.

2 Likes

Nope...fixed it...time on the router was like defaulted to something in 2013 (time was so off...the timesyncd thing couldn't/wouldn't even attempt to sync to the correct time)

In Luci

Had to go to System--> General Settings and hit sync with browser about 4-5 times until the date updated to the correct time...once that happened...worked like a boss!

PEBKAC

In the future, you may want to make a separate thread for a separate issue to get direct attention and not to hijack another person's thread.

In any case, glad you got it working and welcome to the community!

1 Like

Yeah, on systems without a battery backup on the clock chip*, ntpd will scan some files (as I recall, in /etc/) for the newest one, and use that file's mod date for the initial clock setting. If this is too old, then certs won't work because ssl thinks you're playing games with them, and thus https and anything else that uses ssl will fail.

If this becomes a frequent issue on your router, then you could set up a cron job, say once a day, do something like this and you'll get close enough...

touch /etc/urandom.seed

* I.e., pretty much anything non-x86 or non-Pi.

But...the newest file is from 2013?

Doesn't this imply that the poster may be running a quite old version of OpenWrt?

1 Like

It would seem so, but I had this happen on one of my old boxes running 22.03 (my Archer C7???). I had installed 22.03.0, turned it off and forgot about it for a year, then it wouldn't do a bunch of things until I figured this out and gave it a touch. (Now my .bashrc does the touch every time I ssh into it, so it's up-to-date when I do auc upgrades and restores the /etc/* files.)

1 Like

I created a new wan interface and I configured it in the following way:

config interface 'wan'
	option proto 'static'
	option device 'br-lan'
	list dns '192.168.1.1'
	option ipaddr '192.168.1.1'

Th opkg and ping commands, however, still don't work. I receive always the same error: opkg_download: Check your network settings and connectivity.
How can I solve?

That wan interface overlaps your lan interface's subnet, so it will not work. I'm going to guess (although I could be wrong) that this will actually conflict with your upstream router. Further, it is missing a gateway, and br-lan is now assigned to two different interfaces. So that new wan interface is almost certainly wrong.

Let's start a little more basic:

  • What is upstream of this device? Is it a cable/dsl modem or an ONT? Another router? A modem+router combo?
  • Assuming it is a router, what is the lan address of the router?
  • Is this OpenWrt device intended to be used as a router or an AP?