Flashed OpenWrt to a SD card (with extra drivers for tplink usb <-> ethernet adapter)
Connected my PC to the rpi built-in Ethernet port and went to 192.168.1.1
Updated the password/ssh settings
Plugged in the rpi to the AP using the usb/ethernet adapter
Created a wan network named wan, with protocol DHCP client, and device eth1
Unfortunately I can't seem to access the AP config page since I have no internet access. Furthermore when connecting to the AP, my laptop gets a 169.254.x.x ip address which I believe means that it's not getting an address from the DHCP server on the router:
Is the AP running its vendor firmware? (I'm going to guess that it is because that model is not supported by OpenWrt).
You need to follow the user guide for setting up that device first
When the DHCP server is not available in your network, the EAP has the DHCP fallback IP
address, which is 192.168.0.254 by default.
Meanwhile, you have a wan on eth1 set to DHCP client, but it sounds like you've connected your AP to that port... that won't work because the AP is expecting a lan connection (where there is likely a DHCP server on the upstream router -- your Pi).
Please clarify what is connected to each port now (and what the purpose of each port will be in the final config if it's different) and then post your current configuration:
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
The AP is running vendor firmware and as best I can tell is set up correctly. I finally managed to access the config page by assigning my laptop a static ip and then using a fixed ip to access the config page.
Meanwhile, you have a wan on eth1 set to DHCP client, but it sounds like you've connected your AP to that port... that won't work because the AP is expecting a lan connection (where there is likely a DHCP server on the upstream router -- your Pi).
I'm not sure what this means.
My current port config is: laptop <-> ethernet port on rpi AP <-> usb-ethernet-adapter <-> usb port on rpi
The final port config is: starlink <-> ethernet port on rpi AP <-> usb-ethernet-adapter <-> usb port on rpi (same as current)
Output from requested commands (comment blocks omitted)
root@OpenWrt:~# ubus call system board
{
"kernel": "5.15.162",
"hostname": "OpenWrt",
"system": "ARMv8 Processor rev 3",
"model": "Raspberry Pi 4 Model B Rev 1.5",
"board_name": "raspberrypi,4-model-b",
"rootfs_type": "ext4",
"release": {
"distribution": "OpenWrt",
"version": "23.05.4",
"revision": "r24012-d8dd03c46f",
"target": "bcm27xx/bcm2711",
"description": "OpenWrt 23.05.4 r24012-d8dd03c46f"
}
}
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'XXXX:XXXX:XXXX::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option proto 'dhcp'
option device 'eth1'
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
option channel '36'
option band '5g'
option htmode 'VHT80'
option disabled '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood 1
option input REJECT
option output ACCEPT
option forward REJECT
# Uncomment this line to disable ipv6 rules
# option disable_ipv6 1
config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT
config zone
option name wan
list network 'wan'
list network 'wan6'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1
config forwarding
option src lan
option dest wan
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4
# Allow IPv4 ping
config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT
config rule
option name Allow-IGMP
option src wan
option proto igmp
option family ipv4
option target ACCEPT
# Allow DHCPv6 replies
# see https://github.com/openwrt/openwrt/issues/5066
config rule
option name Allow-DHCPv6
option src wan
option proto udp
option dest_port 546
option family ipv6
option target ACCEPT
config rule
option name Allow-MLD
option src wan
option proto icmp
option src_ip fe80::/10
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family ipv6
option target ACCEPT
# Allow essential incoming IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT
# Allow essential forwarded IPv6 ICMP traffic
config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT
config rule
option name Allow-IPSec-ESP
option src wan
option dest lan
option proto esp
option target ACCEPT
config rule
option name Allow-ISAKMP
option src wan
option dest lan
option dest_port 500
option proto udp
option target ACCEPT
The point is that you've got the AP connected on the wan side of your network. The wan port doesn't have (and should almost never have) a DHCP server running on the wan interface as it is intended for upstream connections.
You need to connect the AP to port eth0 on your Pi (i.e. the buit-in port) in order for it to work the way you want. The usb adapter (eth1) is for the internet connection, not your AP.
Sorry for the delay - I just tried swapping the Ethernet cables and it works as expected. Thank you very much for the solution, but I think I’m a bit confused:
What does the DHCP client protocol mean on the wan side? Is there an assumed DHCP server on the RPi? Would this mean that the modem (starlink dish in my case) receives an IP address from the RPi?
And what does static address protocol on the lan side mean? Does this mean that the AP has a static IP address but still uses the (default) DHCP server on the RPi for IP addresses for devices that connect to it?
It means that the wan interface will request an address via DHCP. This is common for many ISPs and networks -- basically you plug in your equipment and it automatically gets an IP and other critical network parameters in order to connect to the upstream network.
More nuance is required here because the answer is no and yes.
There is a DHCP server on the upstream network, and that is how your Pi gets an IP address on the wan interface. Therefore there is no DHCP server needed on your Pi.
Your lan does (usually) have a DHCP server, too. But this is different -- this is for your downstream devices to be able to automatically get an address on the lan.
No. The starlink device will provide an address to the wan of your Pi (or to whatever is connected).
A static IP address is a constant (i.e. static), manually configured address. It also needs a subnet mask/size to indicate the scope of the network. Your router must have at least two addresses (in non-overlapping networks) in order to route -- often we think of it as an upstream/wan and a downstream/lan. In your case (and the common use case) he upstream is automatically configured with the address using DHCP. The server runs on the upstream network and provides an address to the client on your router.
Your router also needs a local address on your lan. This is the address of the gateway (and often DNS server, too) on your lan, and you'll of course use the static address to reach the device for configuration and the like.
While a DHCP server on your lan is technically optional, it is enabled by default as it is a practical necessity in many networks. A DHCP server provides addresses to the devices on your lan so that they don't need to be manually configured (those devices have DHCP client enabled on their side). The DHCP server can only run if the network interface has a protocol 'static' and the DHCP server will issue IPs within the network that is defined by the address + subnet mask/size.
