RPi4B with wo ethernet interfaces, one wi-fi. Not getting DHCP leases provided on lan interfaces.
OpenWrt ROUTER System Information (OpenWrt)
Raspberry Pi 4 Model B Rev 1.2
NAME="OpenWrt"
VERSION="25.12.3"
ID="openwrt"
ID_LIKE="lede openwrt"
Linux OpenWrt 6.12.85 #0 SMP Mon May 4 22:30:45 2026 aarch64 GNU/Linux
Revision : c03112
Model : Raspberry Pi 4 Model B Rev 1.2
Throttled flag : throttled=0x0
Camera : supported=0 detected=0, libcamera interfaces=0
OpenWrt ROUTER System PiHAT - eht1 and 3 USB
Waveshare USB 3.2 Gen1 and Gigabit Ethernet HUB HAT for
Raspberry Pi 4 B 3 B+ 3 B 2B Zero Zero 2 W Zero WH,
3X USB 3.2 Gen1 Ports, 1x Gigabit Ethernet Port,
Compatible with USB 3.0/2.0/1.1
Network Layout
-------------
|Pretend ISP|
| Land |
-------------
|
| < (Copper)
|
------------------
| 10.232.10.0/24 | < (Unmanaged)
| Switch |
------------------
|
|
|
('eth0' Static 10.232.10.11) >|
------------- \|/ < (Wifi 'lan' DHCP 192.168.1.0/24)
| RPi4B |_________|
| OpenWrt |
-------------
| < (Copper 'lan' 'eth1' 192.168.1.0/24)
|
|
----------
| Switch | < (Unmanaged)
----------
|
|
(Copper 'lan' eth0 DHCP) > |
------------
| RPi4B |
|Scissorpaws| < (Wifi Client)
-------------
Networking Information (OpenWrt), Router
[root@OpenWrt]# ifconfig
br-lan Link encap:Ethernet HWaddr m.m.m.m
inet addr:x.x.x.x Bcast:x.x.x.x Mask:x.x.x.x
inet6 addr: y::y.y.y.y/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:746 (746.0 B)
eth0 Link encap:Ethernet HWaddr m.m.m.m
inet addr:x.x.x.x Bcast:x.x.x.x Mask:x.x.x.x
inet6 addr: fdbc:8777:y::y.y.y.y/60 Scope:Global
inet6 addr: y::y.y.y.y/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:50558 errors:0 dropped:0 overruns:0 frame:0
TX packets:26018 errors:0 dropped:20 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:11254132 (10.7 MiB) TX bytes:2977810 (2.8 MiB)
eth1 Link encap:Ethernet HWaddr m.m.m.m
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:x.x.x.x Mask:x.x.x.x
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:10845 errors:0 dropped:0 overruns:0 frame:0
TX packets:10845 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:969332 (946.6 KiB) TX bytes:969332 (946.6 KiB)
phy0-ap0 Link encap:Ethernet HWaddr m.m.m.m
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:135 errors:0 dropped:0 overruns:0 frame:0
TX packets:168 errors:0 dropped:1 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:22250 (21.7 KiB) TX bytes:27988 (27.3 KiB)
NOTE: 'eth1' is for 'lan' CAT5 machines through a switch.
/etc/config/dhcp (OpenWrt), Router
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option local '/lan/'
option expandhosts '1'
option cachesize '1000'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
option domain 'lan'
option authoritative '1'
option nonwildcard '0'
list server '8.8.8.8'
list server '8.8.4.4'
list listen_address '192.168.1.1'
list notinterface 'wan'
config dhcp 'lan'
option interface 'br-lan'
option start '100'
option limit '150'
option leasetime '1h'
option dhcpv4 'server'
list dhcp_option '3,192.168.1.1'
list dhcp_option '6,8.8.8.8'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
/etc/config/firewall (OpenWrt), Router
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
option input 'REJECT'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
# ALLOW LAN TO INTERNET
config forwarding
option src 'lan'
option dest 'wan'
# BASIC RULES
config rule
option name 'Allow-DHCP-Renew'
option src 'lan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option target 'ACCEPT'
config rule
option name 'Allow-SSH-Specific-Net'
option src 'wan'
option src_ip '10.232.10.0/24'
option dest_port '22'
option proto 'tcp'
option target 'ACCEPT'
/etc/config/network (OpenWrt), Router
config interface 'loopback'
option device 'lo'
option proto 'static'
list ipaddr '127.0.0.1/8'
config globals 'globals'
option ula_prefix 'fdbc:8777:b5ee::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth1'
list ports 'phy0-ap0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option force_link '1'
config interface 'wan'
option device 'eth0'
option proto 'static'
option ip6assign '60'
option ipaddr '10.232.10.11'
option netmask '255.255.255.0'
option gateway '10.232.10.1'
list dns '8.8.8.8'
/etc/config/system (OpenWrt), Router
config system
option hostname 'OpenWrt'
option timezone 'CST6CDT,M3.2.0,M11.1.0'
option zonename 'America/Chicago'
option ttylogin '0'
option log_size '128'
option urandom_seed '0'
option clock_hourcycle 'h23'
option log_proto 'udp'
option cronloglevel '7'
config timeserver 'ntp'
list server '0.openwrt.pool.ntp.org'
list server '1.openwrt.pool.ntp.org'
list server '2.openwrt.pool.ntp.org'
list server '3.openwrt.pool.ntp.org'
/etc/config/uhttpd (OpenWrt), Router
config uhttpd 'main'
list listen_http '0.0.0.0:80'
list listen_http '[::]:80'
list listen_https '0.0.0.0:443'
list listen_https '[::]:443'
option redirect_https '0'
option home '/www'
option rfc1918_filter '1'
option max_requests '3'
option max_connections '100'
option cert '/etc/uhttpd.crt'
option key '/etc/uhttpd.key'
option cgi_prefix '/cgi-bin'
list lua_prefix '/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
option script_timeout '60'
option network_timeout '30'
option http_keepalive '20'
option tcp_keepalive '1'
option ubus_prefix '/ubus'
list ucode_prefix '/cgi-bin/luci=/usr/share/ucode/luci/uhttpd.uc'
config cert 'defaults'
option days '397'
option key_type 'ec'
option bits '2048'
option ec_curve 'P-256'
option country 'ZZ'
option state 'Somewhere'
option location 'Unknown'
option commonname 'OpenWrt'
/etc/config/wireless (OpenWrt), Router
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
option band '5g'
option channel '36'
option htmode 'VHT80'
option cell_density '0'
option disabled '0'
option country 'US'
config wifi-iface
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'psk2'
option key 'SuperSecretPassword'
I have an additional RPi4B configured (Scissorpaws) for testing. With the above configuration I get NO DHCP leases from 'lan' using a Cell-Phone or the RPi4B Scissorpaws - UDP port 68 is not open on the (OpenWrt) router:
[root@OpenWrt]# brctl show
bridge name bridge id STP enabled interfaces
br-lan 7fff.00e04c68015d no eth1
phy0-ap0
[root@OpenWrt]# netstat -naup
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:53 0.0.0.0:* 7129/dnsmasq
udp 0 0 :::53 :::* 7129/dnsmasq
[root@OpenWrt]# logread -f
Wed May 13 09:39:07 2026 daemon.info hostapd: phy0-ap0: STA 8e:XX:XX:XX:XX:78 IEEE 802.11: associated
Wed May 13 09:39:07 2026 daemon.notice hostapd: phy0-ap0: AP-STA-CONNECTED 8e:XX:XX:XX:XX:78 auth_alg=open
Wed May 13 09:39:07 2026 daemon.info hostapd: phy0-ap0: STA 8e:XX:XX:XX:XX:78 WPA: pairwise key handshake completed (RSN)
Wed May 13 09:39:07 2026 daemon.notice hostapd: phy0-ap0: EAPOL-4WAY-HS-COMPLETED 8e:XX:XX:XX:XX:78
Wed May 13 09:39:25 2026 daemon.info hostapd: phy0-ap0: STA 8e:XX:XX:XX:XX:78 IEEE 802.11: disassociated
Wed May 13 09:39:25 2026 daemon.notice hostapd: phy0-ap0: AP-STA-DISCONNECTED 8e:XX:XX:XX:XX:78
Wed May 13 09:39:25 2026 daemon.info hostapd: phy0-ap0: STA 8e:XX:XX:XX:XX:78 IEEE 802.11: disassociated
EAPOL-4WAY-HS-COMPLETED followed by AP-STA-DISCONNECTED shows up here.
If I kill off all of the dnsmasq instances:
[root@OpenWrt]# killall -9 dnsmasq
[root@OpenWrt]# killall -9 dnsmasq
killall: dnsmasq: no process killed
... and run these COMMANDs before dnsmasq re-spawns:
[root@OpenWrt]# dnsmasq -i br-lan --dhcp-range=192.168.1.100,192.168.1.249,12h \
-l /tmp/dhcp.leases \
--dhcp-option=3,192.168.1.1 \
--dhcp-option=6,8.8.8.8 \
--dhcp-authoritative \
--no-ping
[root@OpenWrt]# brctl show
bridge name bridge id STP enabled interfaces
br-lan 7fff.00e04c68015d no eth1
phy0-ap0
[root@OpenWrt]# logread -f
Wed May 13 09:42:54 2026 daemon.info dnsmasq[8082]: started, version 2.91 cachesize 150
Wed May 13 09:42:54 2026 daemon.info dnsmasq[8082]: compile time options: IPv6 GNU-getopt no-DBus UBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-nftset no-auth no-DNSSEC no-ID loop-detect inotify dumpfile
Wed May 13 09:42:54 2026 daemon.info dnsmasq-dhcp[8082]: DHCP, IP range 192.168.1.100 -- 192.168.1.249, lease time 12h
Wed May 13 09:42:54 2026 daemon.info dnsmasq[8082]: reading /etc/resolv.conf
Wed May 13 09:42:54 2026 daemon.warn dnsmasq[8082]: ignoring nameserver 127.0.0.1 - local interface
Wed May 13 09:42:54 2026 daemon.warn dnsmasq[8082]: ignoring nameserver ::1 - local interface
Wed May 13 09:42:54 2026 daemon.info dnsmasq[8082]: read /etc/hosts - 6 names
I then get DHCP leases and DNS works on 'lan':
[root@OpenWrt]# netstat -naup
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
udp 0 0 0.0.0.0:53 0.0.0.0:* 8082/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 8082/dnsmasq
udp 0 0 :::53 :::* 8082/dnsmasq
... now UDP port 68 is open, DHCP and DNS working.
[root@OpenWrt]# logread -f
Wed May 13 09:43:05 2026 daemon.info hostapd: phy0-ap0: STA 8e:XX:XX:XX:XX:78 IEEE 802.11: disassociated
Wed May 13 09:43:05 2026 daemon.notice hostapd: phy0-ap0: AP-STA-DISCONNECTED 8e:XX:XX:XX:XX:78
Wed May 13 09:43:05 2026 daemon.info hostapd: phy0-ap0: STA 8e:XX:XX:XX:XX:78 IEEE 802.11: disassociated
Wed May 13 09:43:08 2026 daemon.info hostapd: phy0-ap0: STA 8e:XX:XX:XX:XX:78 IEEE 802.11: associated
Wed May 13 09:43:08 2026 daemon.notice hostapd: phy0-ap0: AP-STA-CONNECTED 8e:XX:XX:XX:XX:78 auth_alg=open
Wed May 13 09:43:08 2026 daemon.info hostapd: phy0-ap0: STA 8e:XX:XX:XX:XX:78 WPA: pairwise key handshake completed (RSN)
Wed May 13 09:43:08 2026 daemon.notice hostapd: phy0-ap0: EAPOL-4WAY-HS-COMPLETED 8e:XX:XX:XX:XX:78
Wed May 13 09:43:08 2026 daemon.info dnsmasq-dhcp[8082]: DHCPREQUEST(br-lan) 192.168.1.165 8e:XX:XX:XX:XX:78
Wed May 13 09:43:08 2026 daemon.info dnsmasq-dhcp[8082]: DHCPACK(br-lan) 192.168.1.165 8e:XX:XX:XX:XX:78 motorola-razr-2024
This behavior is consistent, it always works after killing dnsmasq and running the above COMMAND manually, a reboot sets it back to not working. It cannot get DHCP over wireless, its MAC address shows in the logs, but no lease.
I have tried many tweaks and configurations. I have brutalized the google AI for hours, and have read dozens of articles on the forums.
Is my bridge device correctly configured?
Findings:
Shutting down or restarting /etc/init.d/firewall changes nothing.
Restarting /etc/init.d/networking does nothing.
Restarting /etc/init.d/dhcp does nothing.
Restarting /etc/init.d/dnsmasq does nothing.
Cannot nail down what AP-STA-DISCONNECTED is doing there.
Killing dnsmasq and running the manual command works, but is not a viable for working with luci.