[Solved] Router-set-up advertising

Hi I am using gl-inet-ar150 soc 9330 openwrt my build using kernel 4.9

my diffconfig

CONFIG_TARGET_ar71xx=y
CONFIG_TARGET_ar71xx_generic=y
CONFIG_TARGET_ar71xx_generic_DEVICE_gl-ar150=y
CONFIG_COLLECT_KERNEL_DEBUG=y
CONFIG_KERNEL_DYNAMIC_DEBUG=y
CONFIG_KERNEL_DYNAMIC_FTRACE=y
CONFIG_KERNEL_ENABLE_DEFAULT_TRACERS=y
CONFIG_KERNEL_FTRACE=y
CONFIG_KERNEL_FTRACE_SYSCALLS=y
CONFIG_KERNEL_FUNCTION_GRAPH_TRACER=y
CONFIG_KERNEL_FUNCTION_PROFILER=y
CONFIG_KERNEL_FUNCTION_TRACER=y
# CONFIG_KERNEL_KALLSYMS is not set
CONFIG_PACKAGE_ethtool=y
CONFIG_PACKAGE_iftop=y
CONFIG_PACKAGE_iperf3=y
CONFIG_PACKAGE_iputils-arping=y
CONFIG_PACKAGE_iputils-ping=y
CONFIG_PACKAGE_iputils-traceroute6=y
CONFIG_PACKAGE_libncurses=y
CONFIG_PACKAGE_libpcap=y
CONFIG_PACKAGE_libsysfs=y
CONFIG_PACKAGE_netcat=y
CONFIG_PACKAGE_terminfo=y

when connecting to an existing router Lan port

and having in etc/config/network

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0'
        option proto 'dhcp'   
        option gateway '198.162.1.1'
        option netmask '255.255.255.0'

I don't have any problem at all to connect to internet through

the gl-inet-ar150 wifi bridged lan

router ----eth cable--- gl inet ar150 ---- wifi radio ---my PC

I can even set the router to gave my gl inet ar150 a specific IP address based on MAC .

I can then acces my gl-inet-ar150 by ssh at port 22.

What is driving me crazy is that if I use (as I have always been doing to configure my gl inet ar150)

a set up where I have

gl inet ar150---wifi ---my Pc

I am able able to access the router on port 22 by ssh

while

gl inet ar150 -----eth cable--- my PC

with etc/config/network (same as gl inet ar150---wifi ---my Pc settings)

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0'
        option proto 'static'   
        option ipaddr '198.162.1.1'
        option netmask '255.255.255.0'

and then I tell my PC with manual iPv4 setting

being 198.162.1.5 as IP name
and netmask 24 (255.255.255.0)
and gateway 198.162.1.1

I won't be able to access the router on port 22 by ssh.

Strange thing is that the eth link is up,

my PC isnt able to connect to gl inet ar150: if I ping 198.168.1.1 from PC I got unreachable host

but if I ping my PC from gl inet ar150 (serial console) even just once (ping 198.168.1.5) the I can ping back
from my PC to gl inet ar150 and I can connect by ssh to my gl inet ar150 from my PC on port 22 .

What is different between the two set ups ?? What I am missing about router advertising ??

I should point out that my special setting has only a eth0 device as per my

[Solved] Swconfig router and switch gl.inet ar150 posts

where I get hopefully the router using only one MAC controller that goes to the switch where

I can see port 1 and port 5 as the two rj45 plug named lan and wan in the original normal openwrt settings).

Hi surfing around the wiki

why the old one https://oldwiki.archive.openwrt.org/doc/techref/odhcpd

mention odhcpd (running on my build)

while new https://openwrt.org/docs/guide-user/base-system/dhcp_configuration

talks about it but like only with strange indication

my etc/config/dhcp says

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'server'
        option ra 'server'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4

Obviously as usual I am missing something trivial (not to me) but important...

I was wondering if my problem could be something related to that since the old wiki says

Warning: radvd package has been deprecated since Barrier Breaker, and has been removed in Chaos Calmer. Use odhcpd instead. 

When running OpenWrt as a LAN device (that is, it is part of a network on a separate main router), turn off the OpenWrt DHCP server. Set option ignore to 1 for DHCPv4, and either set disabled or remove entirely the DHCPv6 options.

This is required whether OpenWrt is a DHCP client or it has a static IP.

Hi mk24,

thank you very much for your reply. ,I'll try it in the next days and I'll let you know.

What make me very uneasy is that in my normal openwrt build I don't need to do that when I use the LAN

configuration and I able to connect to sh port.. I'll counter check it again but I am quite sure in the normal set

I didnt have any problem at all setting it as a Lan device, but with the new switch configuration I loose that

ability I am wondering if I did screw something else in these last mod. Thank you a lot

Also if you have configured the LAN as a DHCP client, you must connect that OpenWrt router onto a network that has a DHCP server. If you connect such a router with a simple cable directly to a PC it will not have an IP address and you will not be able to communicate with it.

I usually configure AP's, VPN clients, etc. as DHCP clients. It is important to keep a spare router, configured as a DHCP server, on hand to connect to them when necessary to set up an off-line network for configuration.

Problem is that I set up the router as NO dhcp server with static protocol and setting the pc on manual with the router ip as gateway and an up in the same rage I can easily connect to port 22 to drop bear but in my second reconfigured ar150 set up with everything that goes through a switch I cannot do that anymore. I tried to figure out what was happening monitoring the PC Card via Wireshark but I am not really god at filtering packets in any case seems like router advertising went missing in second configuration respect to normal one. I’ll try again with tcpdump or dhcpdump but I’ll have to rebuild both the set ups again to include the packages or download them from repo maybe.

tried

tcpdump tcpdump -i eth0 -nev udp port 68

apparently there are not dhcp servers running in my LAN to LAN configurations

still need to ping PC to enable ssh on router in modded firmware

I'll try to compare wiresharked traffic to see if I can figure out some discrepancies

OK figured out what follow monitoring PC port:

setup_1 (openwrt default)

as soon I ssh through Lan to Router

  *863 38.760209167   PC                    Broadcast             ARP      42     Who has 198.168.1.1? Tell 192.168.1.8
   864 38.760400293   Router                PC                    ARP      60     192.168.1.1 is at o0:85:7i:17:77:22
   865 38.760408876   192.168.1.8           192.168.1.1           TCP      74     50325 → 22 [SYN] 
   866 38.760827519   192.168.1.1           192.168.1.8           TCP      74     50325 → 50325 [SYN, ACK] 
   867 38.760848515   192.168.1.8           192.168.1.1           TCP      66     50325 → 22 [ACK] 
   868 38.761505010   192.168.1.8           192.168.1.1           SSHv2    94     Client: Protocol (SSH-SharkSSH)
   869 38.761779574   192.168.1.1           192.168.1.8           TCP      66     22 → 60111 [ACK] 
   870 38.766496093   192.168.1.1           192.168.1.8           SSHv2    372    Server: Protocol (SSH-2.0-dropbear), Key Exchange Init


*= ssh initiation

setup_2 modded openwrt

     *1 0.000000000    PC    		     Broadcast             ARP      42     Who has 192.168.1.1? Tell 192.168.1.8
      2 1.031432817    PC                    Broadcast             ARP      42     Who has 192.168.1.1? Tell 192.168.1.8
      3 2.055453814    PC                    Broadcast             ARP      42     Who has 192.168.1.1? Tell 192.168.1.8
      4 3.079560558    PC                    Broadcast             ARP      42     Who has 192.168.1.1? Tell 192.168.1.8
      5 4.103456615    PC                    Broadcast             ARP      42     Who has 192.168.1.1? Tell 192.168.1.8
      6 5.127390651    PC                    Broadcast             ARP      42     Who has 192.168.1.1? Tell 192.168.1.8

   ***9 14.572453527   Router                Broadcast             ARP      60     Who has 192.168.1.8? Tell 192.168.1.1


     10 14.572494474   PC                    Router                ARP      42     192.168.1.8 is at 14:21:97:4k:b2:88
     11 14.572626168   192.168.1.1           192.168.1.8           ICMP     98     Echo (ping) request  id=0x0499, seq=1/256, ttl=64 (reply in 12)
     12 14.572656033   192.168.1.8           192.168.1.1           ICMP     98     Echo (ping) reply    id=0x0499, seq=1/256, ttl=64 (request in 11)
     13 15.572284012   192.168.1.1           192.168.1.8           ICMP     98     Echo (ping) request  id=0x0499, seq=2/512, ttl=64 (reply in 14)
     14 15.572317946   192.168.1.8           192.168.1.1           ICMP     98     Echo (ping) reply    id=0x0499, seq=2/512, ttl=64 (request in 13)

    *15 19.623452576   PC                    Router                ARP      42     Who has 192.168.1.1? Tell 192.168.1.8
     16 19.623630422   Router                PC                    ARP      60     192.168.1.1 is at o0:85:7i:17:77:22
     17 24.647557408   192.168.1.8           192.168.1.1           TCP      74     7482 → 22 [SYN]
     18 24.648034032   192.168.1.1           192.168.1.8           TCP      74     22 → 7482 [SYN, ACK] 
     19 24.648057369   192.168.1.8           192.168.1.1           TCP      66     7482 → 22 [ACK] 
     20 24.648813142   192.168.1.8           192.168.1.1           SSHv2    94     Client: Protocol (SSH-SharkSSH)
     21 24.649094255   192.168.1.1           192.168.1.8           TCP      66     22 → 7482 [ACK] Seq=1 
     22 24.653853571   192.168.1.1           192.168.1.8           SSHv2    372    Server: Protocol (SSH-2.0-dropbear), Key Exchange Init
     23 24.653869986   192.168.1.8           192.168.1.1           TCP      66     7482 → 22 [ACK]
     24 24.655247281   192.168.1.8           192.168.1.1           SSHv2    738    Client: Key Exchange Init

*= ssh initiation        ***=ping to 192.168.1.8 from Router

I can add that in setup_2 I get:

On Router

root@OpenWrt:/# arp -a
IP address       HW type     Flags       HW address            Mask     Device


root@OpenWrt:/# ip route
192.168.1.0/24 dev br-lan scope link  src 192.168.1.1 

############################### AFTER PING ################################

root@OpenWrt:/# arp -a
IP address       HW type     Flags       HW address            Mask     Device
192.168.1.8      0x1             0x2       14:21:97:4k:b2:88     *           br-lan


root@OpenWrt:/# ip route
192.168.1.0/24 dev br-lan scope link  src 192.168.1.1 

On PC

zt@zt-zoot:# arp 
OpenWrt.lan (192.168.1.1) at <incomplete> on eth0

zt@zt-zoot:# ip route
default via 192.168.1.1 dev eth0 proto static  metric 100 
 192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.8  metric 100 

############################### AFTER PING ################################

zt@zt-zoot:# arp 
OpenWrt.lan (192.168.1.1) at o0:85:7i:17:77:22 [ether] on eth0

zt@zt-zoot:# ip route
default via 192.168.1.1 dev eth0 proto static  metric 100 
 192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.8  metric 100 

The two setup 1 and 2 are identical in respect to config/system and config/dhcp so why this difference ??
I can't really figure out.

Second question:

in


root@OpenWrt:/# arp -a
IP address         HW type     Flags       HW address            Mask    Device
192.168.1.8      0x1             0x2       14:21:97:4k:b2:88        *                  br-lan

What the * below Mask stands for ? Wasnt able to find out in any kind of arp manuals

usually under mask you get the subnet mask.

I guess I’ll have to do the same on the router mirrored port (will it work ?? ) to check if the arp requests are getting to it from PC in case my setup isn’t working I’ll have to use tcdump. But first I’ll have to learn how it works. Unless wireshark is in the opkg package repository.

I was reading here: Packet lose on bridged vlans

with my new switch configuration

br-lan uses eth0.1 and wlan0 (so I think I mapped interface to physical port ! Am I ?)

Problem is still there can't get ping to router and ssh or Luci

untill I ping even non existent target on the subnet from router itself.

I’ll think I have to check the firewall as per:

lane, lan3 and lan4 appeared in the firewall configuration after I made separate interfaces lan2 for eth0.2 lan3 for eth0.3

Described above

Ok need to recap I am talking about modded ar150 with eth0 connected to switch no eth1
to be able to use both rj45 plugs as part of a switch ([Solved] Swconfig router and switch gl.inet ar150 and here Swconfig versus etc/config/network)

---- first switch set up no Vlan

just eth0 and wlan0

no access to ssh or luci without pinging subnet from router if connected to eth0

no problem connecting through wlan0.

--- upgraded switch configuration to be able to use Luci (set up actually created by Luci itself)

no access to ssh or luci without pinging subnet from router if connected to eth0.1
(actually as before I connect to br-lan)

no problem connecting through wlan0.

Strange add up

if I ping from router I can connect to eth0.1

If I stop eth0.1 and connect through wlan0 to Luci, that's fine, then if I stop

I have arp saying

IP address       HW type     Flags       HW address            Mask     Device
192.168.1.235    0x1         0x2       21:HH:79:k7:47:55     *        br-lan
192.168.1.8      0x1         0x0         14:21:97:4k:b2:88     *        br-lan

But I can't connect to eth0.1 or Luci untill I reping the from the router to the subnet
(even non existent target as 192.168.1.14) ???

Google tell me that br-lan through wlan0 192.168.1.235 flags 0x2 is complete

while br-lan through vlan eth0.1 192.168.1.8 flags 0x0 is incomplete

but I though incomplete was in the previous config (without Vlan where MAC for 192.168.1.8 was missing !!)

What am I missing ?

Where to look for rules that drop arp from outside ?

Firewall ? br-lan set up ? any other strange config option ?

Is it something to prevent arp spoofing ?

Thanks in advance, please...

EDITED

don't ask me how (I mean how 0x0 became 0x2) but even with flag as 0x2

root@OpenWrt:/# arp
IP address       HW type     Flags       HW address            Mask     Device
192.168.1.7      0x1         0x0         00:00:00:00:00:00     *        br-lan
192.168.1.235    0x1         0x2         21:HH:79:k7:47:55    *        br-lan
192.168.1.8      0x1         0x2         14:21:97:4k:b2:88       *        br-lan

it behaves the same as above

AGAIN

As soon as I disconnect the router eth0.1 from Pc even if arp says

root@OpenWrt:/# arp
IP address       HW type     Flags       HW address            Mask     Device
192.168.1.5      0x1         0x0         00:00:00:00:00:00     *        br-lan
192.168.1.8      0x1         0x2         14:21:97:4k:b2:88     *        br-lan

when I reconnect eth0.1 I need to reping the subnet from console to have the
PC able to ssh and open Luci on the router

Disabling the firewall won't change the router behaviour.

Analysis of pcap files TCPDUMPed from the router (using as -i eth0 or eth0.1 or br-lan)

won't list any kind of Gratuitous ARP or ARP request, while in normal

ar150 configuration eth1 eth0 wlan0 tcpdumped file shows both
Gratuitous ARP (not answered: of course it is a fake reply) and ARP requests
with router answers.

It's like the switch doesn't let Broadcast traffic throught it but at the same time the mirrored ports
shows the arp request. ???
Forgot

ip link set eth0 promisc on

need to redo: same result

Solved it was under my eyes on my random modified file to get the switch working.

I re read the entire post and I understand that could be difficult to understand ,my fault, and many thanks to whom replied to me. To clarify what I mean I need to underline that my:

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0'
        option proto 'static'   
        option ipaddr '198.162.1.1'
        option netmask '255.255.255.0'

works with normal ar150 config were I connect PC to router LAN with PC having same config plus gateway as 192.162.1.1 and I am able to ssh ti router

While was not working with my modified a r150

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.