I am trying to experiment using bridge mode in my ISP router no.1 ( Huawei HS8545M5 stock firmware) to connected my Main router no2 (DLink dir 867 OPENWRT firmware 21.02) using pppoe protocol.
My earlier working setup before working bridge mode was:
Router1 use "Route Wan" to connect to ISP's fibre optics using pppoe protocol. "See attached picture no 1 for configuration details"
Router1 RJ45 ethernet port named "LAN 1' is connected in DHCP mode to Router2's RJ45 ethernet cable named "WAN"
Route2 OPENWRT firmware two interface were added by default WAN in DHCP protocol and WAN6 is DHCPv6 protocol.
The internet works as it's suppose to in this mode.
But now i want to use router1 as brigde.
The router2 will connect to ISP using pppoe and provide a local area network to all my devices access to internet.
In router1, I change the configuration to bridge mode, see attached picture 2.
In router2, under interfaces>WAN, I switched protocol from DHCP to PPPOE, and i entered the username password provided by ISP.
After saving the configuration, i can see the WAN port is connected as there are packets changes in TX and Rx, and also i can see an ip address assigned to my WAN port. See attached picture 3
However i don't have any internet access at the LAN port or WIFI.
In openwrt i went to diagnostic and tried ping but results displayed are "bad connection"
Since this is not working
Next i tried creating VLAN ID (provided by ISP) as per steps in this video, by Van Tech
But instead of DHCP i used PPPOE.
But doing so the WAN refuses to connect with an error.
See attached picture 4
I tried remove VLAN_ID from the router1 so that packets domt get tagged twice but still no results in WAN connection.
Can anyone point me to a guide of how to configure?
I am a noob, and struggling with this for past 3 days.
Most guides i searched were for openwrt version 19 and earlier.
Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have
ubus call system board; \
uci export network; uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user
Hello trendy.
I used ssh and got this.
I mostly work with Luci gui.
So i have to edit any files in the router as part of a solution, please also let me know how to access these files..
Thanks.
:~# ubus call system board; \
> uci export network; uci export dhcp; uci export firewall; \
> head -n -0 /etc/firewall.user
{ "kernel": "5.4.179", "hostname": "OpenWrt",
"system": "MediaTek MT7621 ver:1 eco:3", "model": "D-Link DIR-867 A1", "board_name": "dlink,dir-867-a1",
"release": { "distribution": "OpenWrt", "version": "21.02.2",
"revision": "r16495-bf0c965af0", "target": "ramips/mt7621", "description": "OpenWrt 21.02.2 r16495-bf0c965af0"
} } package network config interface 'loopback' option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option packet_steering '1'
option ula_prefix 'fd09:811d:0d55::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
option vlan_filtering '1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.200.1'
config device
option name 'wan'
option mtu '1500'
option mtu6 '1500'
config interface 'WAN'
option device 'wan'
option proto 'pppoe'
option username 'username1'
option password 'xxxxxxxxx'
option ipv6 'auto'
package dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
package firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'WAN'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
Revert back the configuration on step 3 you have in the first post that you were able to acquire an IP and post the following:
Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ip -6 addr ; ip -6 ro li tab all ; ip -6 ru; \
ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; \
ping -c 3 1.1.1.1; ping -c 3 google.com
FYI the results i have posted earlier was also using the configuration in step3 where i acquired an ip address.
And here is the output of yout 4th post commands.
:~# ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
> ip -6 addr ; ip -6 ro li tab all ; ip -6 ru; \
> ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; \
> ping -c 3 1.1.1.1; ping -c 3 google.com
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
19: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.200.1/24 brd 192.168.200.255 scope global br-lan
valid_lft forever preferred_lft forever
21: pppoe-WAN: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 qdisc fq_codel state UNKNOWN qlen 3
inet 20.0.3.34 peer 20.0.0.1/32 scope global pppoe-WAN
valid_lft forever preferred_lft forever
default via 20.0.0.1 dev pppoe-WAN
20.0.0.1 dev pppoe-WAN scope link src 20.0.3.34
192.168.200.0/24 dev br-lan scope link src 192.168.200.1
local 20.0.3.34 dev pppoe-WAN table local scope host src 20.0.3.34
broadcast 127.0.0.0 dev lo table local scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
local 127.0.0.1 dev lo table local scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
broadcast 192.168.200.0 dev br-lan table local scope link src 192.168.200.1
local 192.168.200.1 dev br-lan table local scope host src 192.168.200.1
broadcast 192.168.200.255 dev br-lan table local scope link src 192.168.200.1
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1504 state UP qlen 1000
inet6 fe80::5ad5:6eff:fee4:7812/64 scope link
valid_lft forever preferred_lft forever
7: wan@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::5ad5:6eff:fee4:7815/64 scope link
valid_lft forever preferred_lft forever
17: ifb4wan: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 state UNKNOWN qlen 32
inet6 fe80::c3a:efff:fe53:e04e/64 scope link
valid_lft forever preferred_lft forever
19: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fd09:811d:d55::1/60 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::5ad5:6eff:fee4:7812/64 scope link
valid_lft forever preferred_lft forever
20: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
inet6 fe80::5ad5:6eff:fee4:7813/64 scope link
valid_lft forever preferred_lft forever
21: pppoe-WAN: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1492 state UNKNOWN qlen 3
inet6 fe80::55c2:dcc2:63ad:1025/128 scope link
valid_lft forever preferred_lft forever
fd09:811d:d55::/64 dev br-lan metric 1024
unreachable fd09:811d:d55::/48 dev lo metric 2147483647
fe80::633:89ff:fe3d:f78b dev pppoe-WAN metric 1
fe80::55c2:dcc2:63ad:1025 dev pppoe-WAN metric 256
fe80::/64 dev ifb4wan metric 256
fe80::/64 dev eth0 metric 256
fe80::/64 dev br-lan metric 256
fe80::/64 dev wlan0 metric 256
fe80::/64 dev wan metric 256
local ::1 dev lo table local metric 0
anycast fd09:811d:d55:: dev br-lan table local metric 0
local fd09:811d:d55::1 dev br-lan table local metric 0
anycast fe80:: dev ifb4wan table local metric 0
anycast fe80:: dev eth0 table local metric 0
anycast fe80:: dev br-lan table local metric 0
anycast fe80:: dev wlan0 table local metric 0
anycast fe80:: dev wan table local metric 0
local fe80::c3a:efff:fe53:e04e dev ifb4wan table local metric 0
local fe80::55c2:dcc2:63ad:1025 dev pppoe-WAN table local metric 0
local fe80::5ad5:6eff:fee4:7812 dev eth0 table local metric 0
local fe80::5ad5:6eff:fee4:7812 dev br-lan table local metric 0
local fe80::5ad5:6eff:fee4:7813 dev wlan0 table local metric 0
local fe80::5ad5:6eff:fee4:7815 dev wan table local metric 0
multicast ff00::/8 dev ifb4wan table local metric 256
multicast ff00::/8 dev eth0 table local metric 256
multicast ff00::/8 dev br-lan table local metric 256
multicast ff00::/8 dev wlan0 table local metric 256
multicast ff00::/8 dev wan table local metric 256
multicast ff00::/8 dev pppoe-WAN table local metric 256
0: from all lookup local
32766: from all lookup main
4200000001: from all iif lo lookup unspec 12
4200000019: from all iif br-lan lookup unspec 12
4200000021: from all iif pppoe-WAN lookup unspec 12
lrwxrwxrwx 1 root root 16 Feb 17 01:59 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r-- 1 root root 47 Mar 22 19:12 /tmp/resolv.conf
-rw-r--r-- 1 root root 59 Mar 22 19:12 /tmp/resolv.conf.d/resolv.conf.auto
-rw-r--r-- 1 root root 43 Mar 22 19:12 /tmp/resolv.conf.ppp
/tmp/resolv.conf.d:
-rw-r--r-- 1 root root 59 Mar 22 19:12 resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1
==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error
==> /tmp/resolv.conf.ppp <==
nameserver 45.116.2.238
nameserver 8.8.8.8
==> /tmp/resolv.conf.d/resolv.conf.auto <==
# Interface WAN
nameserver 45.116.2.238
nameserver 8.8.8.8
PING 1.1.1.1 (1.1.1.1): 56 data bytes
--- 1.1.1.1 ping statistics ---
3 packets transmitted, 0 packets received, 100% packet loss
ping: bad address 'google.com'
Your pppoe seems to come up correctly. There is even a nameserver acquired. The IP address though doesn't seem to be right, as the address block belongs to microsoft, while the nameserver to some ISP in Goa.
Can you verify with your ISP that the IP you got is correct or is there any misconfiguration from your side?
ISP doesn't help much. As per then since their router is working and as i have a internet connection they won't help in any other way.
So as another test
I have just restored back to my working configuration. Router1 in "route wan" mode and router 2 in "DHCP" mode.
And i ran your command again.
I am found the same ip's in my working internet setup
20.0.0.1 dev pppoe-WAN scope link src 20.0.3.34
nameserver 45.116.2.238
So i guess the ip address are correct.
However regarding my setup.
I assuming that my setup in router1 is correct. It is working as a bridge. Since it is assigning an ip address
But regarding router2 running OPENWRT,
I not sure if add or change any configs.
Because all i did was switch protocol of WAN from DHCP to PPPOE and entered username and password. Is this correct way to setup pppoe connection?
I have seen different videos explaining we need to add VLAN id. And tagged untagged some ports in Switch tab. But i do not understand how to work it out in 21.02 firmware as switch option has been removed.
That's why asking for a guide or some pointer, cause i think i am missing something.
When you check the "Enable VLAN" box in the ONT, it is going to add / strip VLAN tags between your port and the fiber. So you'll be working with untagged pppoe packets on LAN1, which become tagged 82 as they go to the fiber. So the untagged setup on your router should be correct. If that box were not checked, then you would need to tag the packets on your router.
Can you ping the ISP's first router, 20.0.0.1? Usually those are set up to accept pings. This is a good way to test that your link over the fiber is intact. If that works but you can't reach the Internet, they may have rejected your MAC address and not allowed you a connection to the Internet. You can also try a traceroute to see if your attempts to reach the Internet go past that first router then get dropped.
@mk24 like you suggested in router2 openwrt network > ping i could ping the router. Traceroute to 8.8.8.8 failed though.
So i found the Mac address listed in wan information of the ISP router1, and used it on Router2's wan Mac address. And it worked.
I am using bridge mode on my router1 and successfully using router2 in pppoe as i am typing this post.
