Reinstalled 21.02.1 on Raspberry Pi 4, clients have no internet access

Hi, I have been running Openwrt 21.02 RC4 on RPI 4 for the last six months and it has been very solid. I was doing some investigating of a problem with TV streaming services and took the opportunity to do a system upgrade to 21.02.1. I did this and then restored a backup of my previous configuration. This seemed to work okay and then completely crashed, and I was not even able to access the pi through luci or ssh. I have reinstalled the 21.02.1 stable factory image and decided to try to configure manually. I have the lan set up and the wan set up using a PPOE (protocol required by my ISP). I can successfully Ping internet addresses from luci and ssh but I cannot get browser or other app access to the internet on my network. The firewall is the standard default. I have checked against previous configurations and configuration files seem identical.

Could anyone suggest what I could try next?

I use a usb ethernet adapter for the wan connection into my modem and the Pis single ethernet port is connected to a TP Link smart switch.

Thanks in advance.


Assuming it's not a switch issue (VLANs, or something), check the DNSes your clients get from your RPis DHCP.

You could also try to bypass the switch, by connecting one device directly to the RPis LAN ethernet port.

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l  /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*

Thank you it was the DNS issue.

I feel stupid because I have set it this way in the past, but decided not to because my settings had the IPs of two DNS servers from my ISP showing. I thought that would be sufficient. Why do Peer DNS Servers not work? It doesnt seem logical.

Anyway thanks again and sorry for wasting your time.

If you keep the default setting, OpenWrt will use the nameservers advertised by the ISP as forwarder of all queries. Also OpenWrt will advertise itself as nameserver to all clients.
I am not sure what was the problem in your case, but if you could run the following before and after the problem was solved we could have a better understanding.
uci export network; uci export dhcp; ifstatus wan; ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*

Hi there
Apologies for the delay in replying to this. I don't get much time to work on this stuff. I have run the command as as requested on the current working configuration, The only differences between this and the non working config is that the Interface Wan had "peer dns" enabled, it had "mtu" as default and there were no dns servers listed.

I have also noticed as a result of running these commands that in some of the file listings below there remains the IP addresses of my ISPs dns servers. I have identified them with the address "y.y.y.y" I dont know the significance of this. This current config has been working fine since I last posted,

Thanks in advance for any advice you offer.

root@OpenWrt:~# uci export network; uci export dhcp; ifstatus wan; ls -l /etc/re
solv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /t
package network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr ''
	option netmask ''

config globals 'globals'
	option ula_prefix 'IPV6 address::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'

config interface 'lan'
	option proto 'static'
	option ipaddr ''
	option netmask ''
	option ip6assign '60'
	option device 'br-lan'

config interface 'wan'
	option proto 'pppoe'
	option username 'usename'
	option password 'password'
	option ipv6 'auto'
	option device 'eth1.101'
	option peerdns '0'
	option mtu '1492'
	list dns ''
	list dns ''

config device
	option type 'bridge'
	option name 'eth1.101'
	list ports 'eth1'
	option mtu '1500'

config route
	option interface 'lan'
	option target ''
	option gateway ''
	option mtu '1492'

package dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
	list ra_flags 'none'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'WAN'
	option interface 'WAN'
	list ra_flags 'none'

config domain
	option name 'WifiAccessPoint'
	option ip ''

	"up": true,
	"pending": false,
	"available": true,
	"autostart": true,
	"dynamic": false,
	"uptime": 360348,
	"l3_device": "pppoe-wan",
	"proto": "pppoe",
	"device": "eth1.101",
	"updated": [
	"metric": 0,
	"dns_metric": 0,
	"delegation": true,
	"ipv4-address": [
			"address": "x.x.x.x.",
			"mask": 32,
			"ptpaddress": "x.x.x.x."
	"ipv6-address": [
	"ipv6-prefix": [
	"ipv6-prefix-assignment": [
	"route": [
			"target": "",
			"mask": 0,
			"nexthop": "x.x.x.x",
			"source": ""
	"dns-server": [
	"dns-search": [
	"neighbors": [
	"inactive": {
		"ipv4-address": [
		"ipv6-address": [
		"route": [
		"dns-server": [
		"dns-search": [
		"neighbors": [
	"data": {
lrwxrwxrwx    1 root     root            16 Oct 24 10:01 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r--    1 root     root            47 Jan 11 15:27 /tmp/resolv.conf
-rw-r--r--    1 root     root            54 Jan 11 11:53 /tmp/resolv.conf.d/
-rw-r--r--    1 root     root            48 Jan 11 11:48 /tmp/resolv.conf.ppp

-rw-r--r--    1 root     root            54 Jan 11 11:53
==> /etc/resolv.conf <==
search lan
nameserver ::1

==> /tmp/resolv.conf <==
search lan
nameserver ::1

==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error

==> /tmp/resolv.conf.ppp <==
nameserver y.y.y.y
nameserver y.y.y.y

==> /tmp/resolv.conf.d/ <==
# Interface wan

Remove this from wan, it is automatically reduced to 1492 when interface protocol is pppoe.

It would be better to post them both, as I don't understand where the nameservers were not listed exactly.

Remove this completely.

Why is this a bridge? What is the point of setting the mtu?

What is the IP address? If you have rebind protection enabled and the nameservers have private IP, it can be the reason you cannot use them.