Problem to establish a connection with ISP Telekom


I have bought a Linksys WRT1900ACS-EU router on which I want to run OpenWRT. The installation worked fine, but unfortunately I cannot connect to my ISP.

I live in Germany and my provider is Telekom. My access data should be work. They do this for example with the Vigor 165.

The following settings have been made. I noticed that VLAN 7 has been set:

Am I doing something wrong?

Best regards

You should not be tagging both CPUs with both vlans.
By default one cpu is tagged on vlan1 for the lan and the other is tagged in vlan2 for the wan.

1 Like

Thanks for your answer, Trendy.
Unfortunately, right now I don't understand how it has to look right. Can you help me a little, please?

I don't have this router, so I cannot tell. And I could not find some reference configuration in the forum for your router.
Safe choice is to reset to defaults and start over, unless someone else can guide you.

With DTAG you need to use VLAN 7. But the Vigor 165 takes care of that by default. So on OpenWrt you don't need the tag.

I'm not used to the Luci web interface. But I guess in /etc/config/network you have something like this:

config interface 'wan'
    option ifname 'eth0.7'

config switch_vlan
    option vlan '7'
    option ports '1t 6t'

But you can use something like this:

config interface 'wan'
    option ifname 'eth0.2'

config switch_vlan
    option vlan '2'
    option ports '1 6t'

The above is from an Archer V2, so it will likely not be the same for your router. But the point I want to make is that you don't need to configure VLAN 7 between your router and the modem, because the Vigor is already taking care of it on its WAN port (by default anyway).

Other than as @trendy said, this looks correct to send tagged packets to the modem. Having both CPU ports receiving packets from VLAN 7 isn't going to break anything, but you should turn VLAN 7 off on eth1.

You can easily switch between tagged and untagged to the modem by changing the setting on the WAN port in the switch. You don't have to change the VLAN number back to 2.

Examine the log file to see if any pppoe negotiation is occurring.

Thats inside the log:

Could you give any manual from your provider? From your picture VLAN 7 is used as wan, so you should configure wan as tagged 7 port, and eth0.7 correspondingly.

The Vigor modem takes care of the vlan tag towards the provider. The OpenWrt router does not have to use a VLAN tag on its WAN port. If @PlanetDyna removes the VLAN tagging from OpenWrt WAN port it should work. It works like this for me.

@PlanetDyna when you log into the Vigor and go to Internet Access -> General Setup you see both ADSL and VDSL2 enabled with VLAN tag 7 and prio 0? If you go to PPPoE/PPPoA you see the client mode disabled? This is the default.

On OpenWrt in switch config your screenshots show tagged with vlan 7 on WAN port. Mine shows untagged and works like that.

I think it's weird that you have both both CPU (eth0) and CPU (eth1) showing up as tagged for both your VLANs. Looking at I think it should be CPU (eth0) tagged 7 (and off for 1) and CPU (eth1) tagged 1 (and off for 7).

1 Like

I misunderstood.
The Linksys router is supposed to establish the Internet connection. The Vigor is no longer needed.

There is no DSL hardware in a WRT1900. It cannot be attached directly to a DSL line. You still need a modem in between.


This is a little embarrassing. But of course you were right. I'm sorry. OpenWRT is working fine now.

What unfortunately does not work is the port forwarding. Is there anything else I need to consider besides this setting? The IPs and ports are definitely correct.

In this configuration the Vigor establishes the Internet connection and is connected to the Linksys via the WAN port. In the Vigor the ports are forwarded to the IP of the Linksys.

Looks correct. See if you have hits in the firewall redirect rules to verify that Vigor forwards them properly too.
iptables-save -c | grep DNAT

Thats inside.

root@OpenWrt:~# iptables-save -c | grep DNAT
[0:0] -A zone_lan_prerouting -s -d -p tcp -m tc                                                                                                                                p --dport 25674 -m comment --comment "!fw3: SFTP (reflection)" -j DNAT --to-dest                                                                                                                                ination
[0:0] -A zone_lan_prerouting -s -d -p tcp -m tc                                                                                                                                p --dport 7070 -m comment --comment "!fw3: Guacamole (reflection)" -j DNAT --to-                                                                                                                                destination
[0:0] -A zone_lan_prerouting -s -d -p udp -m ud                                                                                                                                p --dport 28399 -m comment --comment "!fw3: OpenVPN (reflection)" -j DNAT --to-d                                                                                                                                estination
[0:0] -A zone_wan_prerouting -p tcp -m tcp --dport 25674 -m comment --comment "!                                                                                                                                fw3: SFTP" -j DNAT --to-destination
[68:3584] -A zone_wan_prerouting -p tcp -m tcp --dport 7070 -m comment --comment                                                                                                                                 "!fw3: Guacamole" -j DNAT --to-destination
[8:336] -A zone_wan_prerouting -p udp -m udp --dport 28399 -m comment --comment                                                                                                                                 "!fw3: OpenVPN" -j DNAT --to-destination
[0:0] -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "!fw3                                                                                                                                : Accept port forwards" -j ACCEPT
[0:0] -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3:                                                                                                                                 Accept port redirections" -j ACCEPT
[385:19274] -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment                                                                                                                                 "!fw3: Accept port forwards" -j ACCEPT
[0:0] -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "!fw3:                                                                                                                                 Accept port redirections" -j ACCEPT

Only Guacamole and OpenVPN have hits.
Do these 2 work for you?

@Trendy: Thanks for your help! Unfourtunately its not working. I have opened a seprate Thread for this issue.

Thank you all for your help. I was able to solve the problem. The thread can be closed with this.

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.