Particular wifi device connection issues

Installing and Using OpenWrt
1

I have recently moved to a GL-MT6000 with OpenWRT 24.10.5. Previously I was using OpenWrt (with an older version of software) on a BL1300, with a separate AP running FreshTomato. In the previous set up everything was working okay.

With the new set up, wifi seems to work well in the main, across both 2.4 and 5 frequencies. I am using the same channels as before.

However I have a few of the same particular device (smart plugs) that struggle to connect.

On power up they connect fine. After a while they appear to drop off. At this time, they will pop up on the “Associated Stations” screen, but not have an IP address (I use static addressing).

Power cycling the plug brings them back. My suspicion is that they will drop off when the DHCP lease expires. EDIT: after setting the lease time of a problematic device to 2 minutes, it appears to stay connected after renewal.

Is there something obvious I need to set?

2

Let's see the configs to check for any suspect settings:

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):

Screenshot 2025-10-20 at 8.14.14 PM

Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Short leases like this are not ideal and typically only mask the actual underlying issues.

3

The 2m was set just to test if the renewal was the issue. I've set it back now. The requested:

{
        "kernel": "6.6.119",
        "hostname": "",
        "system": "ARMv8 Processor rev 4",
        "model": "GL.iNet GL-MT6000",
        "board_name": "glinet,gl-mt6000",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "24.10.5",
                "revision": "r29087-d9c5716d1d",
                "target": "mediatek/filogic",
                "description": "OpenWrt 24.10.5 r29087-d9c5716d1d",
                "builddate": "1766005702"
        }
}

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'
        list ports 'lan5'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '10.10.0.1'
        option netmask '255.255.0.0'
        option ip6assign '60'

config interface 'wan'
        option device 'eth1'
        option proto 'dhcp'
        option hostname '*'
        option peerdns '0'

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/18000000.wifi'
        option band '2g'
        option channel '11'
        option cell_density '0'
        option htmode 'HE20'
        option country 'GB'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid ''
        option encryption 'sae-mixed'
        option key ''
        option ocv '0'
        option disassoc_low_ack '0'
        option wpa_disable_eapol_key_retries '1'

config wifi-iface 'wifinet2'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid ''
        option encryption 'sae-mixed'
        option isolate '1'
        option key ''
        option ocv '0'
        option disassoc_low_ack '0'
        option wpa_disable_eapol_key_retries '1'

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local ''
        option domain ''
        option expandhosts '1'
        option cachesize '1000'
        option authoritative '1'
        option leasefile '/tmp/dhcp.leases'
        option localservice '1'
        option localuse '1'
        option ednspacket_max '1232'
        list address '//67.215.65.132'
        option boguspriv '0'
        option nonegcache '1'
        list bogusnxdomain '67.215.65.132'
        option logqueries '1'
        list server '/mask.icloud.com/'
        list server '/mask-h2.icloud.com/'
        list server '/use-application-dns.net/'
        list server '127.0.0.1#5053'
        list server '127.0.0.1#5054'
        option readethers '1'
        option doh_backup_noresolv '-1'
        option noresolv '1'
        list doh_backup_server '/mask.icloud.com/'
        list doh_backup_server '/mask-h2.icloud.com/'
        list doh_backup_server '/use-application-dns.net/'
        list doh_backup_server '127.0.0.1#5053'
        list doh_backup_server '127.0.0.1#5054'
        list doh_server '127.0.0.1#5053'
        list doh_server '127.0.0.1#5054'
        list addnhosts '/var/run/adblock-fast/dnsmasq.addnhosts'

config dhcp 'lan'
        option interface 'lan'
        option start '10.10.99.1'
        option limit '50'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'
        option piofolder '/tmp/odhcpd-piofolder'

config host
        option name 'plug'
        option dns '1'
        option ip '10.10.9.4'
        list mac ''

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'
        option flow_offloading '1'
        option flow_offloading_hw '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        list network 'lan'

config zone
        option name 'wan'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'
        list network 'wan'
        list network 'wan6'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'
4

Why are you using a 16?

Do not use sae-mixed as this causes problems on some client devices:

Instead, use WPA2 (psk2) or WPA3 sae encryption.

Do you actually need isolation enabled?

Your DoH settings could cause problems. You might want to review this to make sure that it's not causing issues with the client devices that might use ping tests or other methods to determine connectivity.

Normally, the start should just be a standard offset, not a full address.

This will relate also to your decision to use a /16 which is generally considered bad practice.

There are also a whole bunch of standard firewall rules that appear to have been deleted. Why?

5

The bulk of these settings (IP address, space, dynamic IP range, DoH) have been ported from the previous setup. The isolation option is from the SSID that the problematic device is not connecting to.

The only addition is the wifi-iface that was copied (as far as possible) from the previous AP.

If I confirm connectivity going back to using the AP would that confirm that the migrated set up is not the issue?

6

But why are you using a /16? This is unnecessarily large. /24 is the typical and default for a number of good reasons... and there are some devices (iot types specifically) that are poorly coded and assume /24.

Sure, but since they both connect to the same network, there is little purpose in the isolate function. That is to say that a device on the 'isolated' network will be able to reach a device in the 'non-isolated' network and vice versa.

Anyway, I would recommend that you consider starting with a fresh config and make only the minimum required change to get it to work with your environment. Then, test the problematic devices. If that works, add one config item at a time, testing after each change. This way you can isolate the specific culprit and then focus on why it is causing problems.

1 Like
7

Starting again is a bit of a long job so I'll add it to my to do list. Is there a way to do that without a total factory reset (eg by moving the /etc/config/ directory)? If so that's something I can try much sooner.

My confusion is in that they work after a cold boot with the above options, but then just give up.

8

In anticipation of starting again, I have reinstated the separate WAP, and no longer see the issue (Ie a plug connected through the WAP remains connected).

Given that the wifi connection works initially I'm struggling to understand where the issue is. Is there something peculiar about the way OpenWrt bridges Wifi and Lan that might be causing a renewal issue?