Problems with DHCP and DNS in dumb AP mode?

surfrock66 · March 31, 2022, 2:07am

I'm a relatively new user of OpenWRT, and while I understand a lot, I'm still very much in my journey learning networking. I've got a TP-Link RE450v2 that I've just installed openWRT on. I want to use it in "Dumb AP" mode. I've been attempting to follow this guide:

I have a gateway at 10.1.1.1 and a DHCP and DNS server at 10.1.2.10. The IP of this device is 10.1.1.22. It is on the network and accessible over LuCi and SSH. I have disabled dnsmasq and odhcpd per the guide (and the firewall). I removed the bridge device, so there is a eth0 device (with a static IP, gateway set to 10.1.1.1, mask set to /16). In the advanced settings of the LAN interface, I have a dns server defined, the 10.1.2.10 server. I then have 2 SSID's each on 2.4 and 5, a normal and guest one (I'll be separating those later, for now they're just separate ssid's on the same network)

When I go to diagnostic tools, I can successfully ping my dhcp/dns server via IP, but any pings by hostname fail with "bad address." All nslookups also fail with ";; connection timed out; no servers could be reached." When I try to connect with a phone, it hangs at "Obtaining IP Address." If I set a static IP and connect, I get no internet.

I'm not sure what else to try. Was deleting the bridge device the correct course of action? Is something under "DHCP and DNS" under the network menu something to mess with? I tried adding my DNS server to "DNS forwardings" and that didn't change anything.

It seems like somehow traffic isn't being forwarded? I'm sure I did something wrong, but I'm not sure what. Any advice or next diagnostic steps are appreciated; this is one of three identical devices and when I get this right here, I'll be copying the config to the other AP's.

frollic · March 31, 2022, 4:39am

You don't need all those settings.

Only reason an AP would need an IP, is so it can be managed, everything else would be handled by the main router.

eduperez · March 31, 2022, 5:38am

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

surfrock66 · March 31, 2022, 3:51pm

To reiterate because it wasn't clear in the configs below, the dnsmasq, odhcpd, and firewall services are disabled per the guide:

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'

config interface 'lan'
	option proto 'static'
	option ip6assign '60'
	option device 'eth0'
	option ipaddr '10.1.1.22'
	option gateway '10.1.1.1'
	list dns '10.1.2.10'
	list dns '8.8.8.8'
	list dns_search 'home.surfrock66.com'
	option delegate '0'
	option type 'bridge'
	option ipv6 '0'
	option netmask '255.255.0.0'

root@tplink-re450v2-ap-theater:~# cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0'
	option band '5g'
	option cell_density '0'
	option htmode 'VHT80'
	option channel 'auto'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option key 'REDACTED'
	option encryption 'psk2+tkip+ccmp'
	option ssid 'Surfrock66 Wireless 5Ghz Test'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/ahb/18100000.wmac'
	option band '2g'
	option htmode 'HT20'
	option channel '11'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option encryption 'psk2+tkip+ccmp'
	option key 'REDACTED'
	option ssid 'Surfrock66 Wireless 2.4Ghz Test'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option encryption 'psk2+tkip+ccmp'
	option key 'REDACTED'
	option ssid 'Surfrock66 Wireless 5Ghz Guest'
	option network 'lan'

config wifi-iface 'wifinet3'
	option device 'radio1'
	option mode 'ap'
	option ssid 'Surfrock66 Wireless 2.4Ghz Guest'
	option encryption 'psk2+tkip+ccmp'
	option key 'REDACTED'

root@tplink-re450v2-ap-theater:~# cat /etc/config/dhcp

config dnsmasq
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option ednspacket_max '1232'
	option noresolv '1'
	option nohosts '1'
	list server '10.1.2.10'
	option localservice '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option ignore '1'
	option dynamicdhcp '0'
	list ra_flags 'none'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

surfrock66 · March 31, 2022, 3:54pm

I don't understand, don't you need an IP to manage the openwrt device? It's got 1 ethernet port and multiple radios, it's meant to be a range extender that can also act as an AP.

Edit: Sorry misread your comment; that's basically the goal here, the router should do everything, so I disabled the services per the guide. The only reason to not use the stock firmware was because it didn't support multiple ssid's, so I'm trying to put openWRT on there in as slim a config as possible.

frollic · March 31, 2022, 4:06pm

Well, some config is wrong, since the AP should be a transparent device.

Whatever errors you're getting, you should be getting without it, too.

surfrock66 · March 31, 2022, 7:44pm

I think that's the issue, I can't see why the AP isn't asking as a transparent device, and I'm not familiar enough with OpenWRT to figure out why. It almost seems like traffic isn't getting in and out of the device, like a routing thing? But that seems too complex for what I've done. I don't think I've deviated from baseline config too much, but in setting up the static IP on the eth0 interface, maybe I messed something up routing wise? Not being able to DNS resolve seems odd.

frollic · March 31, 2022, 8:19pm

It's not supposed to route, nor does it need to resolve names to do its job.

Try using only this in your /etc/config/network lan section

config interface 'lan'
	option proto 'static'
	option device 'eth0'
	option ipaddr '10.1.1.22'
	option gateway '10.1.1.1'
    option netmask '255.255.0.0'

surfrock66 · March 31, 2022, 8:50pm

Made that change, restarted the device. No difference; android client still hangs at "Obtaining IP Address". Using diagnostic tools, I can ping the dhcp server fine, but I can't resolve hostnames as the ap is not aware of any dns.

frollic · March 31, 2022, 9:07pm

that's not a problem, since it only should apply to the openwrt device itself.

surfrock66 · March 31, 2022, 9:10pm

It seems DHCP requests aren't making it through; I see nothing in the openwrt log that is a clue, but on the dhcp server I'm not even seeing requests. Any idea how to troubleshoot that? The dhcp server is the 10.1.2.10 device, so it pings by IP.

mk24 · March 31, 2022, 9:15pm

The bridge device is the link between the WiFi AP(s) and the Ethernet cable. You need to keep it.
The use of option type bridge within a config interface block is deprecated and should not be used with version 21.02 or later.
Basically the less you change from default configuration, the more likely it is to work.

Give the AP an address within the LAN you will be connecting to. Set the gateway and DNS to the main router on that LAN. As others said, this address is used only to log into the AP and for its internal Internet access (such as setting the kernel clock with NTP). Any setting of dns etc will not affect the wifi users; they are bridged through to the main router and it fully controls how they reach the Internet. Thus the name "dumb AP". It is a wifi to wireless converter. It doesn't block or alter or route anything.

In a home network, there should be only one DHCP server. (Multiple DHCP servers is a really complicated thing). So shut down the DHCP server on the lan. Some instructions say to stop the dnsmasq process entirely, but that limits your options when you want to expand the OpenWrt box to be more than a dumb AP. So instead go into /etc/config/dhcp and delete everything under lan except for this:

config dhcp 'lan'
    option interface 'lan'
    option ignore '1'

The firewall does not affect layer 2 traffic so you can leave it running.

frollic · March 31, 2022, 9:16pm

try running tcpdump on the re450, check if you can see any traffic, at all.

if you need to install additional packages temp populate /etc/resolv.conf with some DNS, like 8.8.8.8

surfrock66 · March 31, 2022, 9:16pm

This is the key, I deleted that device. I should try to recreate it huh...or wipe and restore? Any advice on creating the bridge device again?

frollic · March 31, 2022, 9:21pm

reset will be the fastest, and safest way.

papdee · April 1, 2022, 1:42am

try to give your lan interface another ip address of 10.0.2.22 and see if that solves your issues

surfrock66 · April 1, 2022, 6:48pm

Reflashing and not deleting the bridge interface fixed it, thanks! I don't even know where I saw that would be a good idea, I was probably inferring from a comment or something.

tmomas · April 2, 2022, 7:46am

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

system · April 12, 2022, 7:47am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.