Router + ISP bridge modem = VOIP IP

strange thing happens here.

every time my ONT reboots, the openwrt router on ipv4 Wan gets a ip in the range of 10.15.XX.XXX

i know this ip is related to VLAN 220 and used for VOIP.

if i restart the interface, a normal internet ip in the range of 177.153.X.XXX returns and ipv4 connection works. If i sucessive restart the interface, i always get internet IP instead of VOIP, only the boot return a VOIP IP range.

any1 know a way to solve this?

where do i put these commands?

any way i can use Luci interface for it?

thank you very much

1 Like

would be nice if Luci has a interface for setting up exclude ip ranges like this command.

after a couple days of testing, i noticed that this command did not work, unfortunately

this is the result

==> /etc/hotplug.d/iface/00-netstate <==
[ ifup = "$ACTION" ] && {
	uci_toggle_state network "$INTERFACE" up 1
	[ -n "$DEVICE" ] && {
		uci_toggle_state network "$INTERFACE" ifname "$DEVICE"
	}
}

==> /etc/hotplug.d/iface/11-sqm <==
#!/bin.sh

. /lib/functions.sh

[ -n "$DEVICE" ] || exit 0

list_ports() {
    local section
    local find_name
    local devname
    section="$1"
    find_name="$2"
    devname=$(config_get "$section" "name")
    [ "$devname" = "$find_name" ] || return
    config_get "$section" "ports"
}

ports_for_device() {
    local devname
    devname=$1
    [ -z "$devname" ] && return
    config_load network
    config_foreach list_ports device "$devname"
}

ALL_DEVICES=$(echo $DEVICE $(uci -q get network.$INTERFACE.ifname) $(ports_for_device $(uci -q get network.$INTERFACE.device)) | tr ' ' '\n' | sort -u)

restart_sqm() {
    for dev in $ALL_DEVICES; do
        /usr/lib/sqm/run.sh stop $dev
        /usr/lib/sqm/run.sh start $dev
    done
}

[ "$ACTION" = ifup ] && /etc/init.d/sqm enabled && restart_sqm

if [ "$ACTION" = ifdown ]; then
    for dev in $ALL_DEVICES; do
        /usr/lib/sqm/run.sh stop $dev
    done
fi

==> /etc/hotplug.d/iface/20-firewall <==
#!/bin/sh

has_zone() {
	fw4 -q network "$INTERFACE" >/dev/null && return 0
	eval $(ubus call "network.interface.$INTERFACE" status | jsonfilter -e 'ZONE=@.data.zone')
	fw4 -q zone "$ZONE" >/dev/null
}

[ "$ACTION" = ifup -o "$ACTION" = ifupdate ] || exit 0
[ "$ACTION" = ifupdate -a -z "$IFUPDATE_ADDRESSES" -a -z "$IFUPDATE_DATA" ] && exit 0

/etc/init.d/firewall enabled || exit 0

has_zone || exit 0

logger -t firewall "Reloading firewall due to $ACTION of $INTERFACE ($DEVICE)"
fw4 -q reload

==> /etc/hotplug.d/online/10-wan-ipaddr <==
. /lib/functions/network.sh
network_flush_cache
network_find_wan WAN_IF
network_get_ipaddr WAN_ADDR "${WAN_IF}"
if [ "${WAN_IF}" != "${INTERFACE}" ]
then exit 0
fi
case ${WAN_ADDR} in
(10.*|192.168.*) ;;
(*) exit 0 ;;
esac
sleep 10
ifup ${INTERFACE}
head: /etc/udhcpc.user.d/*: No such file or directory
root@OpenWrt:~# 

1 Like

what is this? a pkg to download and install?

i pasted that code on my router via SSH, still not functioning. if i reboot ISP modem at bridge, first IP that openwrt gets is the VOIP range of 10.XXX.X.XX

same thing happened if i reboot ISP modem and Openwrt Router, still need to restart WAN interface after obtaining the first VOIP IP to get a internet IP on ipv4.

btw how can i remove that hotplug config to return back to default settings?

can you point me out the code i have to paste into SSH? im really newbie into openwrt configuration

this is the result

root@OpenWrt:~# uci show network; uci show dhcp; uci show firewall
network.loopback=interface
network.loopback.device='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.packet_steering='1'
network.@device[0]=device
network.@device[0].name='br-lan'
network.@device[0].type='bridge'
network.@device[0].ports='lan1' 'lan2' 'lan3' 'lan4'
network.lan=interface
network.lan.device='br-lan'
network.lan.proto='static'
network.lan.ipaddr='192.168.2.1'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='64'
network.lan.defaultroute='0'
network.lan.delegate='0'
network.lan.ip6hint='5'
network.lan.ip6ifaceid='::99'
network.wan=interface
network.wan.device='wan'
network.wan.proto='dhcp'
network.wan.peerdns='0'
network.wan.dns='1.1.1.1' '1.0.0.1'
network.wan6=interface
network.wan6.device='wan'
network.wan6.proto='dhcpv6'
network.wan6.reqaddress='try'
network.wan6.reqprefix='auto'
network.wan6.peerdns='0'
network.wan6.dns='2606:4700:4700::1111' '2606:4700:4700::1001'
network.ONT=interface
network.ONT.proto='static'
network.ONT.device='@wan'
network.ONT.ipaddr='192.168.1.2'
network.ONT.netmask='255.255.255.0'
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].cachesize='1000'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.d/resolv.conf.auto'
dhcp.@dnsmasq[0].localservice='1'
dhcp.@dnsmasq[0].ednspacket_max='1232'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='12h'
dhcp.lan.dhcpv4='server'
dhcp.lan.ra='server'
dhcp.lan.dhcpv6='server'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'
firewall.@defaults[0]=defaults
firewall.@defaults[0].input='REJECT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@defaults[0].synflood_protect='1'
firewall.@defaults[0].flow_offloading='1'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].network='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[1].network='ONT' 'wan' 'wan6'
firewall.@zone[1].masq='1'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
root@OpenWrt:~# ip address show; ip route show table all; ip rule show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1504 qdisc mq state UP qlen 1000
    link/ether b4:b0:24:82:34:f6 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::b6b0:24ff:fe82:34f6/64 scope link 
       valid_lft forever preferred_lft forever
3: wan@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc tbf state UP qlen 1000
    link/ether b4:b0:24:82:34:f6 brd ff:ff:ff:ff:ff:ff
    inet 10.22.158.4/21 brd 10.22.159.255 scope global wan
       valid_lft forever preferred_lft forever
    inet 192.168.1.2/24 brd 192.168.1.255 scope global wan
       valid_lft forever preferred_lft forever
    inet6 2804:d41:375:1d9::1/128 scope global dynamic noprefixroute 
       valid_lft 3571sec preferred_lft 3571sec
    inet6 fe80::b6b0:24ff:fe82:34f6/64 scope link 
       valid_lft forever preferred_lft forever
4: lan1@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether b4:b0:24:82:34:f6 brd ff:ff:ff:ff:ff:ff
5: lan2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether b4:b0:24:82:34:f6 brd ff:ff:ff:ff:ff:ff
6: lan3@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether b4:b0:24:82:34:f6 brd ff:ff:ff:ff:ff:ff
7: lan4@eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN qlen 1000
    link/ether b4:b0:24:82:34:f6 brd ff:ff:ff:ff:ff:ff
19: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
    link/ether b4:b0:24:82:34:f6 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.1/24 brd 192.168.2.255 scope global br-lan
       valid_lft forever preferred_lft forever
    inet6 2804:d41:c31e:bb05::99/64 scope global dynamic noprefixroute 
       valid_lft 3571sec preferred_lft 3571sec
    inet6 fe80::b6b0:24ff:fe82:34f6/64 scope link 
       valid_lft forever preferred_lft forever
20: phy0-ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether b4:b0:24:82:34:f7 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::b6b0:24ff:fe82:34f7/64 scope link 
       valid_lft forever preferred_lft forever
21: phy1-ap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
    link/ether b4:b0:24:82:34:f8 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::b6b0:24ff:fe82:34f8/64 scope link 
       valid_lft forever preferred_lft forever
44: ifb4wan: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc tbf state UNKNOWN qlen 32
    link/ether ea:b1:3f:24:37:1d brd ff:ff:ff:ff:ff:ff
    inet6 fe80::e8b1:3fff:fe24:371d/64 scope link 
       valid_lft forever preferred_lft forever
default via 10.22.152.1 dev wan  src 10.22.158.4 
10.22.152.0/21 dev wan scope link  src 10.22.158.4 
192.168.1.0/24 dev wan scope link  src 192.168.1.2 
192.168.2.0/24 dev br-lan scope link  src 192.168.2.1 
local 10.22.158.4 dev wan table local scope host  src 10.22.158.4 
broadcast 10.22.159.255 dev wan table local scope link  src 10.22.158.4 
local 127.0.0.0/8 dev lo table local scope host  src 127.0.0.1 
local 127.0.0.1 dev lo table local scope host  src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local scope link  src 127.0.0.1 
local 192.168.1.2 dev wan table local scope host  src 192.168.1.2 
broadcast 192.168.1.255 dev wan table local scope link  src 192.168.1.2 
local 192.168.2.1 dev br-lan table local scope host  src 192.168.2.1 
broadcast 192.168.2.255 dev br-lan table local scope link  src 192.168.2.1 
default from 2804:d41:375:1d9::1 via fe80::a67b:2cff:fe4d:ee1f dev wan  metric 512 
default from 2804:d41:c31e:bb00::/56 via fe80::a67b:2cff:fe4d:ee1f dev wan  metric 512 
2804:d41:c31e:bb05::/64 dev br-lan  metric 256  expires 0sec
2804:d41:c31e:bb05::/64 dev br-lan  metric 1024 
unreachable 2804:d41:c31e:bb00::/56 dev lo  metric 2147483647 
fe80::/64 dev eth0  metric 256 
fe80::/64 dev br-lan  metric 256 
fe80::/64 dev phy0-ap0  metric 256 
fe80::/64 dev wan  metric 256 
fe80::/64 dev phy1-ap0  metric 256 
fe80::/64 dev ifb4wan  metric 256 
local ::1 dev lo table local  metric 0 
local 2804:d41:375:1d9::1 dev wan table local  metric 0 
anycast 2804:d41:c31e:bb05:: dev br-lan table local  metric 0 
local 2804:d41:c31e:bb05::99 dev br-lan table local  metric 0 
anycast fe80:: dev eth0 table local  metric 0 
anycast fe80:: dev br-lan table local  metric 0 
anycast fe80:: dev phy0-ap0 table local  metric 0 
anycast fe80:: dev wan table local  metric 0 
anycast fe80:: dev phy1-ap0 table local  metric 0 
anycast fe80:: dev ifb4wan table local  metric 0 
local fe80::b6b0:24ff:fe82:34f6 dev eth0 table local  metric 0 
local fe80::b6b0:24ff:fe82:34f6 dev br-lan table local  metric 0 
local fe80::b6b0:24ff:fe82:34f6 dev wan table local  metric 0 
local fe80::b6b0:24ff:fe82:34f7 dev phy0-ap0 table local  metric 0 
local fe80::b6b0:24ff:fe82:34f8 dev phy1-ap0 table local  metric 0 
local fe80::e8b1:3fff:fe24:371d dev ifb4wan table local  metric 0 
multicast ff00::/8 dev eth0 table local  metric 256 
multicast ff00::/8 dev br-lan table local  metric 256 
multicast ff00::/8 dev phy0-ap0 table local  metric 256 
multicast ff00::/8 dev wan table local  metric 256 
multicast ff00::/8 dev phy1-ap0 table local  metric 256 
multicast ff00::/8 dev ifb4wan table local  metric 256 
0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default 
root@OpenWrt:~# 

using:

# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.

sleep 180 && service network restart &
exit 0

the router automatic restart wan interface and problem is solved.

credits to @dsouza

1 Like

Good to know it works. As we discussed in the Brazilian forum, you may try restarting only the wan interface by replacing the above solution in the /etc/rc.local file by:

# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.

sleep 180 && ifdown wan && sleep 3 && ifup wan &
exit 0

Anyway, this is only a workaround. Ideally you would need to understand why the VoIP VLAN is being exposed to your WAN interface (I'm assuming you are filtering the Internet VLAN in the bridge connection in your ONT, this is a starting point to be investigated).

BTW, is Vivo your ISP? I had it sometime ago, and I had a similar problem, but I was using the provided ISP HGU in bridge mode with my R4S OpenWrt router. I finally solved it as documented here (in Portuguese). If Vivo is your provider, then this is likely an issue in the ISP PPPoE server.

1 Like

did test succesfully the command

# Put your custom commands here that should be executed once
# the system init finished. By default this file does nothing.

sleep 180 && ifdown wan && sleep 3 && ifup wan &
exit 0

and it works.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.