PPPoE Fiber DTAG - recieved an IP but no traffic - mwan3 - solved!

Installing and Using OpenWrt Network and Wireless Configuration
1

Team,

I setup an interface for Fiber (DTAG) temporary, recieved an IPv4 but have no traffic...
Firewall was assigned to wan.

Bildschirmfoto vom 2025-03-29 17-05-11
Bildschirmfoto vom 2025-03-29 17-05-11621×180 14.3 KB

Network:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd2d:2ed7:06c9::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	option bridge_empty '1'
	list ports 'lan1'
	list ports 'lan4'
	list ports 'lan5'

config device
	option name 'lan1'
	option macaddr '94:83:c4:a6:01:6e'

config device
	option name 'lan2'
	option macaddr '94:83:c4:a6:01:6e'

config device
	option name 'lan3'
	option macaddr '94:83:c4:a6:01:6e'

config device
	option name 'lan4'
	option macaddr '94:83:c4:a6:01:6e'

config device
	option name 'lan5'
	option macaddr '94:83:c4:a6:01:6e'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.152.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device
	option name 'eth1'
	option macaddr '94:83:c4:a6:01:6c'

config interface 'wan'
	option device 'eth1'
	option proto 'dhcp'
	option metric '10'

config interface 'WGSERVER'
	...

config wireguard_WGSERVER
	...

config wireguard_WGSERVER
	...

config wireguard_WGSERVER
	...

config wireguard_WGSERVER
	...

config interface 'WAN2_5G'
	option proto 'dhcp'
	option device 'lan2'
	option metric '20'

config device
	option type '8021q'
	option ifname 'lan2'
	option vid '2'
	option name 'lan2.2'

config device
	option type '8021q'
	option ifname 'lan3'
	option vid '7'
	option name 'lan3.7'

config interface 'Glasfaser'
	option proto 'pppoe'
	option device 'lan3.7'
	option username '...'
	option password '...'
	option ipv6 '0'

Firewall:

config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'
	list network 'WGSERVER'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'WAN2_5G'
	list network 'Glasfaser'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option src 'lan'
	option src_dport '53'
	option name 'AdGuardHome DNS Interception'
	option src_ip '!192.168.152.1'
	option dest_ip '192.168.152.1'
	option dest_port '53'

config nat
	option name 'Prevent hardcoded DNS'
	list proto 'tcp'
	list proto 'udp'
	option src 'lan'
	option dest_ip '192.168.152.1'
	option dest_port '53'
	option target 'MASQUERADE'

config rule
	option name 'VPN'
	list proto 'udp'
	option src 'wan'
	option dest_port '...'
	option target 'ACCEPT'
2

Doesn't ping work, or doesn't DNS work?

3

No ping 8.8.8.8

is the wan interface a must or can any other lan interface tagged to vlan7 be used?

Sat Mar 29 21:36:11 2025 daemon.info pppd[5350]: Terminating on signal 15
Sat Mar 29 21:36:11 2025 daemon.info pppd[5350]: Connect time 14.2 minutes.
Sat Mar 29 21:36:11 2025 daemon.info pppd[5350]: Sent 4193 bytes, received 6057 bytes.
Sat Mar 29 21:36:11 2025 daemon.notice netifd: Network device 'pppoe-Glasfaser' link is down
Sat Mar 29 21:36:11 2025 daemon.notice pppd[5350]: Connection terminated.
Sat Mar 29 21:36:11 2025 daemon.info pppd[5350]: Connect time 14.2 minutes.
Sat Mar 29 21:36:11 2025 daemon.info pppd[5350]: Sent 4193 bytes, received 6057 bytes.
Sat Mar 29 21:36:12 2025 daemon.info pppd[5350]: Exit.
Sat Mar 29 21:36:12 2025 daemon.notice netifd: Interface 'Glasfaser' is now down
Sat Mar 29 21:36:12 2025 daemon.notice netifd: Interface 'Glasfaser' is setting up now
Sat Mar 29 21:36:12 2025 daemon.info dnsmasq[1]: reading /tmp/resolv.conf.d/resolv.conf.auto
Sat Mar 29 21:36:12 2025 daemon.info dnsmasq[1]: using nameserver 192.168.152.1#53
Sat Mar 29 21:36:12 2025 daemon.info dnsmasq[1]: using nameserver 192.168.0.1#53
Sat Mar 29 21:36:12 2025 daemon.info dnsmasq[1]: using only locally-known addresses for test
Sat Mar 29 21:36:12 2025 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Sat Mar 29 21:36:12 2025 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Sat Mar 29 21:36:12 2025 daemon.info dnsmasq[1]: using only locally-known addresses for local
Sat Mar 29 21:36:12 2025 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Sat Mar 29 21:36:12 2025 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Sat Mar 29 21:36:12 2025 daemon.info dnsmasq[1]: using only locally-known addresses for lan
Sat Mar 29 21:36:12 2025 user.notice mwan3-hotplug[11927]: mwan3 hotplug on Glasfaser not called because interface disabled
Sat Mar 29 21:36:12 2025 daemon.info pppd[12074]: Plugin pppoe.so loaded.
Sat Mar 29 21:36:12 2025 daemon.info pppd[12074]: PPPoE plugin from pppd 2.4.9
Sat Mar 29 21:36:12 2025 daemon.notice pppd[12074]: pppd 2.4.9 started by root, uid 0
Sat Mar 29 21:36:17 2025 daemon.info pppd[12074]: PPP session is 185
Sat Mar 29 21:36:17 2025 daemon.warn pppd[12074]: Connected to f8:c1:16:11:51:00 via interface lan3.7
Sat Mar 29 21:36:17 2025 kern.info kernel: [  869.862700] pppoe-Glasfaser: renamed from ppp0
Sat Mar 29 21:36:17 2025 daemon.info pppd[12074]: Renamed interface ppp0 to pppoe-Glasfaser
Sat Mar 29 21:36:17 2025 daemon.info pppd[12074]: Using interface pppoe-Glasfaser
Sat Mar 29 21:36:17 2025 daemon.notice pppd[12074]: Connect: pppoe-Glasfaser <--> lan3.7
Sat Mar 29 21:36:20 2025 daemon.info pppd[12074]: Remote message: SRU=165000#SRD=330000#
Sat Mar 29 21:36:20 2025 daemon.notice pppd[12074]: PAP authentication succeeded
Sat Mar 29 21:36:20 2025 daemon.notice pppd[12074]: peer from calling number F8:C1:16:11:51:00 authorized
Sat Mar 29 21:36:20 2025 daemon.notice pppd[12074]: local  IP address 87.184.65.107
Sat Mar 29 21:36:20 2025 daemon.notice pppd[12074]: remote IP address 62.155.241.232
Sat Mar 29 21:36:20 2025 daemon.notice pppd[12074]: primary   DNS address 217.237.150.115
Sat Mar 29 21:36:20 2025 daemon.notice pppd[12074]: secondary DNS address 217.237.151.205
Sat Mar 29 21:36:20 2025 daemon.notice pppd[12074]: local  LL address fe80::4c8d:737b:8e02:5385
Sat Mar 29 21:36:20 2025 daemon.notice pppd[12074]: remote LL address fe80::fac1:16ff:fe11:5100
Sat Mar 29 21:36:20 2025 daemon.notice netifd: Network device 'pppoe-Glasfaser' link is up
Sat Mar 29 21:36:20 2025 daemon.notice netifd: Interface 'Glasfaser' is now up
Sat Mar 29 21:36:20 2025 daemon.info dnsmasq[1]: reading /tmp/resolv.conf.d/resolv.conf.auto
Sat Mar 29 21:36:20 2025 daemon.info dnsmasq[1]: using nameserver 192.168.152.1#53
Sat Mar 29 21:36:20 2025 daemon.info dnsmasq[1]: using nameserver 217.237.150.115#53
Sat Mar 29 21:36:20 2025 daemon.info dnsmasq[1]: using nameserver 217.237.151.205#53
Sat Mar 29 21:36:20 2025 daemon.info dnsmasq[1]: using nameserver 192.168.0.1#53
Sat Mar 29 21:36:20 2025 daemon.info dnsmasq[1]: using only locally-known addresses for test
Sat Mar 29 21:36:20 2025 daemon.info dnsmasq[1]: using only locally-known addresses for onion
Sat Mar 29 21:36:20 2025 daemon.info dnsmasq[1]: using only locally-known addresses for localhost
Sat Mar 29 21:36:20 2025 daemon.info dnsmasq[1]: using only locally-known addresses for local
Sat Mar 29 21:36:20 2025 daemon.info dnsmasq[1]: using only locally-known addresses for invalid
Sat Mar 29 21:36:20 2025 daemon.info dnsmasq[1]: using only locally-known addresses for bind
Sat Mar 29 21:36:20 2025 daemon.info dnsmasq[1]: using only locally-known addresses for lan
4

That should be fine as you removed it from br-lan. Although you might consider just using the WAN port (eth1), unless there is a good reason you don't want to? But in general, your config seems fine at first glance (but I haven't looked at it in much detail).

This seems like a routing problem. Can you post a screenshot of Status -> Routing as well as a complete screenshot of Network -> Interfaces, or, via SSH, issue ip a && ip r commands and post the results?

5

As I had written, the solution should be temporary via LAN4, not via WAN as usually written here.

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1504 qdisc mq state UP group default qlen 1000
    link/ether 2a:44:18:18:86:b5 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::2844:18ff:fe18:86b5/64 scope link 
       valid_lft forever preferred_lft forever
3: eth1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc cake state DOWN group default qlen 1000
    link/ether 94:83:c4:a6:01:6c brd ff:ff:ff:ff:ff:ff
4: lan2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc cake state UP group default qlen 1000
    link/ether 94:83:c4:a6:01:6e brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.115/24 brd 192.168.0.255 scope global lan2
       valid_lft forever preferred_lft forever
    inet6 fe80::9683:c4ff:fea6:16e/64 scope link 
       valid_lft forever preferred_lft forever
5: lan3@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 94:83:c4:a6:01:6e brd ff:ff:ff:ff:ff:ff
    inet6 fe80::9683:c4ff:fea6:16e/64 scope link 
       valid_lft forever preferred_lft forever
6: lan4@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN group default qlen 1000
    link/ether 94:83:c4:a6:01:6e brd ff:ff:ff:ff:ff:ff
7: lan5@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN group default qlen 1000
    link/ether 94:83:c4:a6:01:6e brd ff:ff:ff:ff:ff:ff
8: lan1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether 94:83:c4:a6:01:6e brd ff:ff:ff:ff:ff:ff
14: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 94:83:c4:a5:40:89 brd ff:ff:ff:ff:ff:ff
    inet 192.168.152.1/24 brd 192.168.152.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 fd2d:2ed7:6c9::1/60 scope global noprefixroute 
       valid_lft forever preferred_lft forever
    inet6 fe80::9683:c4ff:fea6:16e/64 scope link 
       valid_lft forever preferred_lft forever
16: lan3.7@lan3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 94:83:c4:a6:01:6e brd ff:ff:ff:ff:ff:ff
    inet6 fe80::9683:c4ff:fea6:16e/64 scope link 
       valid_lft forever preferred_lft forever
18: WGSERVER: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
    link/none 
    inet 10.0.49.1/24 brd 10.0.49.255 scope global WGSERVER
       valid_lft forever preferred_lft forever
21: ifb4eth1: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc cake state UNKNOWN group default qlen 32
    link/ether 62:df:9d:f3:cf:59 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::60df:9dff:fef3:cf59/64 scope link 
       valid_lft forever preferred_lft forever
27: phy1-ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether 94:83:c4:a5:40:8a brd ff:ff:ff:ff:ff:ff
    inet6 fe80::9683:c4ff:fea5:408a/64 scope link 
       valid_lft forever preferred_lft forever
28: phy0-ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether 94:83:c4:a5:40:89 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::9683:c4ff:fea5:4089/64 scope link 
       valid_lft forever preferred_lft forever
29: phy0-ap1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether 96:83:c4:a5:40:89 brd ff:ff:ff:ff:ff:ff permaddr 94:83:c4:a5:40:89
    inet6 fe80::9483:c4ff:fea5:4089/64 scope link 
       valid_lft forever preferred_lft forever
30: phy1-ap1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP group default qlen 1000
    link/ether 96:83:c4:a5:40:8a brd ff:ff:ff:ff:ff:ff permaddr 94:83:c4:a5:40:8a
    inet6 fe80::9483:c4ff:fea5:408a/64 scope link 
       valid_lft forever preferred_lft forever
33: ifb4lan2: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc cake state UNKNOWN group default qlen 32
    link/ether 42:e7:91:81:19:95 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::40e7:91ff:fe81:1995/64 scope link 
       valid_lft forever preferred_lft forever
36: pppoe-Glasfaser: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN group default qlen 3
    link/ppp 
    inet 87.184.65.107 peer 62.155.241.232/32 scope global pppoe-Glasfaser
       valid_lft forever preferred_lft forever
    inet6 fe80::4c8d:737b:8e02:5385 peer fe80::fac1:16ff:fe11:5100/128 scope link 
       valid_lft forever preferred_lft forever
default via 62.155.241.232 dev pppoe-Glasfaser proto static 
default via 192.168.0.1 dev lan2 proto static src 192.168.0.115 metric 20 
10.0.49.0/24 dev WGSERVER proto kernel scope link src 10.0.49.1 
10.0.49.2 dev WGSERVER proto static scope link 
10.0.49.3 dev WGSERVER proto static scope link 
10.0.49.4 dev WGSERVER proto static scope link 
10.0.49.5 dev WGSERVER proto static scope link 
62.155.241.232 dev pppoe-Glasfaser proto kernel scope link src 87.184.65.107 
192.168.0.0/24 dev lan2 proto static scope link metric 20 
192.168.152.0/24 dev br-lan proto kernel scope link src 192.168.152.1

Bildschirmfoto vom 2025-03-29 22-06-32
Bildschirmfoto vom 2025-03-29 22-06-32672×771 70.8 KB

Currently there is no connect on WAN interface.

6

mmmh , looks like in your multi-wan setup most traffic goes via WAN2_5G instead...

My assumption would be not specifying the route metric for the first should have precedence, but I am not your kernel. So in your shoes that is what I was looking at, trying to set an explicit metric smaller than 20 for the first route.

7

Thats ok, because I have installed mwan3 for failover..and you can see it works perfectly...
But should it be an impact not to implement the new interface to mwan3?

8

If you use mwan3, I would certainly add this new interface to/via mwan3 as well. I might misunderstand your question though.

1 Like
9

Ok, try it again:

I have setup LAN4 as new temporary wan interface to connect Fiber.
Later I will rebuild this setup - it's a test of the Fiber on openwrt router...
After setup I received an IP but no traffic.
When I disabled the WAN_5G interface no traffic at all...

Due to you hint with routing/mwan3 the question is, if these setup should have impact or not at Fiber connection - it is neccessary to implement the new interface to mwan3 to use it??

10

Ah alright!

Maybe just to verify, can you run ping -I pppoe-Glasfaser 8.8.8.8 (the option is a capital i)? If you get replies, it means that your device can send out traffic via Glasfaser interface and it actually is a routing issue.

This would have been my assumption too, but you never know …

Yes @neurotransmitter, try setting metric 10 (just as it already is with wan).

Regarding mwan3, I have no experience with it so I can't comment other than it doesn't seem to be a bad idea to add it there.

1 Like
11

I have implement the new interface [LAN4 - Glasfaser] to mwan3 without any effect...

Bildschirmfoto vom 2025-03-29 22-57-19
Bildschirmfoto vom 2025-03-29 22-57-191229×468 44.6 KB

I had stopped WAN_5G and there were no traffic...

12

OK - Problem solved and your hints were the right way:

Stopped mwan3 process
Stopped WAN_5G connection/interface

Now I must integrate the new temporary interface to mwan3...but why I have to do this - it is not possible to run the new interface separatly??

13

Great you got it to work!

What behaviour do you expect with multiple WAN links? Only one can be the default...

14

Well, I thought I had the option of deciding which interfaces I can select for failover.

15

I mean, isn't this what mwan3 is for? Probably you just need to configure it accordingly. The wiki page seems quite comprehensive.

1 Like
16

The Wiki and the forum were excellent companions for setting up mwan3!!

1 Like
17

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.