Got a problem with my installation: for the past year I have had openwrt running flawlessly with my static ip from ISP…today the ISP told me to switch over to PPPoE and gave me the new login credentials.
Once I changed the interface on WAN from static IP to PPPoE, I lost internet access.
When I do network diagnostics everything appears to be good (0 packet loss etc) so it seems that the router is still getting an internet connection, but both wifi and Ethernet connections aren’t getting internet.
Would this be something on firewall settings or something else I need to fix? The weird thing is when I re-enter the static ip settings to try to go back to my previous setup, that also now has the same issue.
Appreciate any help anyone can give, thanks!
Please copy the output of the following commands and post it here using the "Preformatted text </>
" button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
Config Network:
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd0a:b426:4e56::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.1.1'
config interface 'wan'
option ifname 'eth1.2'
option proto 'pppoe'
option ipv6 'auto'
option password 'redacted'
option username 'redacted'
config interface 'wan6'
option ifname 'eth1.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 5t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4 6t'
config interface 'tun0'
option ifname 'tun0'
option proto 'none'
option auto '0'
config interface 'vpnclient'
option proto 'none'
option ifname 'ovpnc0'
config interface 'vpnserver'
option proto 'none'
option ifname 'ovpns0'
option auto '1'
config interface 'nordvpntun'
option proto 'none'
option ifname 'tun0'
Config - Firewall:
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option mtu_fix '1'
option network 'tun0 wan wan6'
option masq '1'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config redirect
option dest_port '32400'
option src 'wan'
option name 'NAS'
option src_dport '32400'
option target 'DNAT'
option dest_ip '192.168.1.85'
option dest 'lan'
list proto 'tcp'
config zone
option network 'tun0'
option name 'VPN'
option mtu_fix '1'
option input 'REJECT'
option forward 'REJECT'
option masq '1'
option output 'ACCEPT'
config forwarding
option dest 'VPN'
option src 'lan'
config zone
option name 'vpnfirewall'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'nordvpntun'
config forwarding
option src 'lan'
option dest 'vpnfirewall'
config zone
option masq '1'
option input 'REJECT'
option forward 'REJECT'
option mtu_fix '1'
option output 'ACCEPT'
option network 'lan'
config forwarding
option src 'lan'
config zone
option network 'nordvpntun'
option name 'NordVPN'
option mtu_fix '1'
option input 'REJECT'
option forward 'REJECT'
option masq '1'
option output 'ACCEPT'
config forwarding
option dest 'NordVPN'
option src 'lan'
config zone
option input 'ACCEPT'
option forward 'ACCEPT'
option output 'ACCEPT'
config forwarding
option dest 'wan'
config zone
option name 'WANNEW'
option input 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
option output 'ACCEPT'
config forwarding
option dest 'wan'
option src 'WANNEW'
config zone
option input 'ACCEPT'
option name 'LAN'
option output 'ACCEPT'
option forward 'ACCEPT'
config forwarding
option dest 'wan'
option src 'LAN'
config forwarding
option dest 'LAN'
option src 'lan'
config forwarding
option dest 'wan'
option src 'lan'
Config - DHCP:
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option rebind_protection '0'
list server '103.86.96.100'
list server '103.86.99.100'
option noresolv '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config host
option mac ''
option ip '192.168.1.85'
config host
option mac ''
option ip '192.168.1.125'
Config - Wireless:
config wifi-device 'radio0'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
option htmode 'VHT80'
option country 'RO'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option key ''
option encryption 'psk2'
option ssid 'Wifi DT 5G'
option mobility_domain '1a2b'
option ft_psk_generate_local '1'
option ieee80211r '1'
option ft_over_ds '0'
option dtim_period '3'
config wifi-device 'radio1'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
option htmode 'HT20'
option country 'RO'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option key ''
option encryption 'psk2'
option ssid 'Wifi DT 2G'
option mobility_domain '1a2b'
option ft_psk_generate_local '1'
option ieee80211r '1'
option ft_over_ds '0'
option dtim_period '3'
config wifi-device 'radio2'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'platform/soc/soc:internal-regs/f10d8000.sdhci/mmc_host/mmc0/mmc0:0001/mmc0:0001:1'
option htmode 'VHT80'
option country 'RO'
option disabled '1'
Your firewall file is quite messed up. Remove all of the following:
Thanks so much for your help, I removed all of that from the firewall file, unfortunately still no internet
Do you have VPNs running? If so, disable all of them.
pipedreams86:
option noresolv '1'
This could also be a problem. Try setting this to 0.
On a computer connected to your router, try pinging 8.8.8.8 and then try another ping to google.com
Report the results.
I usually do, but I have disabled for now until I get internet back.
Not sure if it helps but this is the network diagnostic results:
PING openwrt.org (139.59.209.225): 56 data bytes
64 bytes from 139.59.209.225: seq=0 ttl=52 time=41.580 ms
64 bytes from 139.59.209.225: seq=1 ttl=52 time=41.817 ms
64 bytes from 139.59.209.225: seq=2 ttl=52 time=42.119 ms
64 bytes from 139.59.209.225: seq=3 ttl=52 time=41.597 ms
64 bytes from 139.59.209.225: seq=4 ttl=52 time=41.950 ms
--- openwrt.org ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 41.580/41.812/42.119 ms
what version of OpenWrt are you running?
ubus call system board
It’s: OpenWrt 19.07.6 r11278-8055e38794
It has been running flawlessly right up until I changed over the internet connection type from Static IP to PPPoE…and the weird thing is that when I change it back to static, the connection is still out
If the ISP has moved to PPPoE and disabled your old static method, this would not be surprising.
What happens with the ping test I requested from a computer connected to your router?
I tried 8.8.8.8 and google, and both requests timed out. No packets received etc….
What IP address do you see on the PPPoE WAN of your OpenWrt router? (just the first two octets, in bold: aaa.bbb .ccc.ddd)
Is this the IPv4? If so they are: 82.79
The IPv6 is: fe80::542f
Really appreciate all your help!
Ok... that's all fine. I wanted to make sure that the ISP wasn't giving you an RFC1918 address.
Let's see the latest firewall file.
Ok this is what I have now for firewall:
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option mtu_fix '1'
option network 'tun0 wan wan6'
option masq '1'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config redirect
option dest_port '32400'
option src 'wan'
option name 'DT NAS Plex'
option src_dport '32400'
option target 'DNAT'
option dest_ip '192.168.1.85'
option dest 'lan'
list proto 'tcp'
config zone
option name 'vpnfirewall'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'nordvpntun'
config forwarding
option src 'lan'
option dest 'vpnfirewall'
Looks like we're missing the lan > wan forwarding. I may have accidentally told you to delete it.
config forwarding
option src 'lan'
option dest 'wan'