It's great to be back using Open-WRT after years of slumming it with crappy proprietary interfaces. I had a silky smooth experience installing OpenWrt 19.07.1 r10911-c155900f66 on my new Lynksys WRT-1900ACS and have been pretty happy with its performance.
I successfully used these instructions https://openwrt.org/docs/guide-user/network/wifi/guestwifi/configuration to create a functional guest network on the 2.4 GHz radio. I then tried repeating that process (not including the script) to create a second guest network on the 5 GHz radio. The second network seems has been established but doesn't work properly. If a WiFi client manages to associate it reports no internet connectivity.
I see the following error messages in the system log that may point to the problem but I can't work out what I need to do get the second guest network functioning.
daemon.warn dnsmasq-dhcp[3251]: DHCP packet received on wlan0-1 which has no address
Any advice would be welcome.
Thanks to all the contributors to the OpenWRT project.
to help, we'll need to see your config files... please post the following ones (copy/paste into the 'prreformatted text' formatting feature):
/etc/config/network
network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd95:12ba:a87c::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option ifname 'eth1.2'
option proto 'dhcp'
config interface 'wan6'
option ifname 'eth1.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 5t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '4 6t'
config interface 'guest'
option proto 'static'
option ipaddr '192.168.3.1'
option netmask '255.255.255.0'
firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone 'guest'
option name 'guest'
option network 'guest'
option forward 'REJECT'
option output 'ACCEPT'
option input 'REJECT'
config forwarding 'guest_fwd'
option src 'guest'
option dest 'wan'
config rule 'guest_dhcp'
option name 'guest_DHCP'
option src 'guest'
option target 'ACCEPT'
option proto 'udp'
option dest_port '67-68'
config rule 'guest_dns'
option name 'guest_DNS'
option src 'guest'
option target 'ACCEPT'
option dest_port '53'
wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
option htmode 'VHT80'
option country 'AU'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option macaddr '26:f5:a2:ba:83:8d'
option key 'XXXXXXXXXX'
option encryption 'psk2'
option ssid 'XXXXXXXXXX'
config wifi-device 'radio1'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
option htmode 'HT20'
option country 'AU'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option macaddr '26:f5:a2:ba:83:8c'
option key 'XXXXXXXXXX'
option ssid 'XXXXXXXXXX'
option encryption 'psk2'
config wifi-iface 'wifinet2'
option encryption 'psk2'
option device 'radio1'
option mode 'ap'
option network 'guest'
option key 'XXXXXXXXXX'
option isolate '1'
option ssid 'XXXXXXXXXX'
config wifi-iface 'wifinet3'
option device 'radio0'
option mode 'ap'
option network 'guest'
option key 'XXXXXXXXXX'
option encryption 'psk2'
option isolate '1'
option ssid 'XXXXXXXXXX'
dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option localservice '1'
option cachesize '300'
option dnsforwardmax '300'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
...
config dhcp 'guest'
option interface 'guest'
option start '100'
option leasetime '12h'
option limit '150'
It seems unpredictable which one of the two guest networks works. I just tested with my mobile found and found I could connect to the 5GHz Guest network and not the 2.4GHz Guest network. The phone can associate with the 2.4GHz Guest access point but seems to fail to obtain an IP address. Now other devices can connect to the 5GHz Guest network but fail to connect to the 2.4GHz Guest network.
Both non-Guest networks continue to work.
DHCP lease issue?
I don't see anything obvious that is wrong with your configuration.
ianwroberts:
DHCP lease issue?
Not likely unless you're dealing with hundreds of devices (you have a pool of 150 DHCP assigned addresses available).
Stupid question -- have you tried restarting your router?
Another idea -- you could use the built-in switch to test the DHCP and network functionality of the guest network. Take one of your 4 ports and assign it to a new VLAN (untagged), then add that new VLAN to the guest network interface. When you plug a device into the associated ethernet port, you should be able to figure out if this is network/firewall/dhcp related, or something with wireless specifically.
Yes, I have tried rebooting the router.
I'll think my way through your suggested VLAN experiment - looks like I'm about to learn more networking stuff.
Thanks for your time.
cheers
ian
This is what I see when I use a command line tool to attempt a connections:
nmcli -a c up "Bluetongue Guest 2.4GHz"
Error: Connection activation failed: IP configuration could not be reserved (no available address, timeout, etc.)
Hint: use 'journalctl -xe NM_CONNECTION=6b44e9de-bb05-4016-b108-7177a3e8bbf7 + NM_DEVICE=wlp2s0' to get more details.
journalctl -xe NM_CONNECTION=6b44e9de-bb05-4016-b108-7177a3e8bbf7 + NM_DEVICE=wlp2s0
Mar 11 17:03:08 tiddliwinks NetworkManager[859]: [1583908388.0817] device (wlp2s0): Activation: starting connection 'Bluetongue Guest 2.4GHz' (6b44e9de-bb05-4016-b108-7177a3e8bbf7)
Mar 11 17:03:08 tiddliwinks NetworkManager[859]: [1583908388.0823] device (wlp2s0): state change: disconnected -> prepare (reason 'none', sys-iface-state: 'managed')
Mar 11 17:03:08 tiddliwinks NetworkManager[859]: [1583908388.0889] device (wlp2s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Mar 11 17:03:08 tiddliwinks NetworkManager[859]: [1583908388.0979] device (wlp2s0): Activation: (wifi) access point 'Bluetongue Guest 2.4GHz' has security, but secrets are required.
Mar 11 17:03:08 tiddliwinks NetworkManager[859]: [1583908388.0980] device (wlp2s0): state change: config -> need-auth (reason 'none', sys-iface-state: 'managed')
Mar 11 17:03:08 tiddliwinks NetworkManager[859]: [1583908388.1128] device (wlp2s0): state change: need-auth -> prepare (reason 'none', sys-iface-state: 'managed')
Mar 11 17:03:08 tiddliwinks NetworkManager[859]: [1583908388.1156] device (wlp2s0): state change: prepare -> config (reason 'none', sys-iface-state: 'managed')
Mar 11 17:03:08 tiddliwinks NetworkManager[859]: [1583908388.1173] device (wlp2s0): Activation: (wifi) connection 'Bluetongue Guest 2.4GHz' has security, and secrets exist. No new secrets needed.
Mar 11 17:03:08 tiddliwinks NetworkManager[859]: [1583908388.2447] device (wlp2s0): supplicant interface state: disconnected -> scanning
Mar 11 17:03:09 tiddliwinks NetworkManager[859]: [1583908389.1725] device (wlp2s0): supplicant interface state: scanning -> authenticating
Mar 11 17:03:09 tiddliwinks NetworkManager[859]: [1583908389.1749] device (wlp2s0): supplicant interface state: authenticating -> associating
Mar 11 17:03:09 tiddliwinks NetworkManager[859]: [1583908389.1970] device (wlp2s0): supplicant interface state: associating -> 4-way handshake
Mar 11 17:03:09 tiddliwinks NetworkManager[859]: [1583908389.2100] device (wlp2s0): supplicant interface state: 4-way handshake -> completed
Mar 11 17:03:09 tiddliwinks NetworkManager[859]: [1583908389.2108] device (wlp2s0): Activation: (wifi) Stage 2 of 5 (Device Configure) successful. Connected to wireless network "Bluetongue Guest 2.4GHz"
Mar 11 17:03:09 tiddliwinks NetworkManager[859]: [1583908389.2122] device (wlp2s0): state change: config -> ip-config (reason 'none', sys-iface-state: 'managed')
Mar 11 17:03:09 tiddliwinks NetworkManager[859]: [1583908389.2133] dhcp4 (wlp2s0): activation: beginning transaction (timeout in 45 seconds)
Mar 11 17:03:54 tiddliwinks NetworkManager[859]: [1583908434.3337] dhcp4 (wlp2s0): request timed out
Mar 11 17:03:54 tiddliwinks NetworkManager[859]: [1583908434.3339] dhcp4 (wlp2s0): state changed unknown -> timeout
Mar 11 17:03:54 tiddliwinks NetworkManager[859]: [1583908434.3497] dhcp4 (wlp2s0): canceled DHCP transaction
Mar 11 17:03:54 tiddliwinks NetworkManager[859]: [1583908434.3499] dhcp4 (wlp2s0): state changed timeout -> done
Mar 11 17:03:54 tiddliwinks NetworkManager[859]: [1583908434.3575] device (wlp2s0): state change: ip-config -> failed (reason 'ip-config-unavailable', sys-iface-state: 'managed')
Mar 11 17:03:54 tiddliwinks NetworkManager[859]: [1583908434.3640] device (wlp2s0): Activation: failed for connection 'Bluetongue Guest 2.4GHz'
Mar 11 17:03:54 tiddliwinks NetworkManager[859]: [1583908434.3668] device (wlp2s0): state change: failed -> disconnected (reason 'none', sys-iface-state: 'managed')
Mar 11 17:03:54 tiddliwinks NetworkManager[859]: [1583908434.5126] sup-iface[0x55b106c44100,wlp2s0]: connection disconnected (reason -3)
Mar 11 17:03:54 tiddliwinks NetworkManager[859]: [1583908434.5168] device (wlp2s0): supplicant interface state: completed -> disconnected
Everything seems correct on the config files, I would like to see some logs from the router when a client tries to connect.
Solving my own problem now...
I had a closer look at the way the wlan was configured in the OpenWrt 19.07.1 r10911-c155900f66 and noticed it was set to bridge the two wlan interfaces (and eth0) which makes sense - something needs to connect those three interfaces.
So, I changed the configuration of my Guest network (Physical Settings tab), turned on bridging and selected the two new guest WiFi interfaces (I don't want guest access to eth0), saved and applied the changes and rebooted and all seems fine now.
(I just need to find out how to change the status of this topic now...)
system
March 21, 2020, 8:18am
11
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.
