[Solved] Dumb AP: devices which tries to access WiFi stuck at "Obtaining IP address"

Otey · January 9, 2024, 10:16pm

Hi, everyone.

I use OPNsense as my router, and now I start using OpenWRT as dump AP. I have followed the wiki instruction, everything goes well until I found that any device cannot get the WiFi connection. In Android devices, it stucks at the process Obtaining IP address until timeout. firewall, dnsmasq, odhcpd are all disable, and the firewall rule in OPNsense have not configure yet (able to access internet and its own local area network).

There's three interface connect to my AP: lan, user, guest, suppose just shown in lan, user and guest are giving WIFI access for different devices. I've just create one WiFi connection and found that it doesn't work even I switch different networks(lan/user/guest). The platform is x86 and chipset of the AP is MT7921.

Here's my /etc/config/network and /etc/config/wireless

* */etc/config/network* *

config interface 'loopback'
   option device 'lo'
   option proto 'static'
   option ipaddr '127.0.0.1'
   option netmask '255.0.0.0'

config interface 'lan'
   option proto 'static'
   option device 'eth0'
   option ipaddr '192.168.1.2'
   option netmask '255.255.255.0'
   option gateway '192.168.1.1'
   list dns '192.168.1.1'
   option type 'bridge'

config interface 'user'
   option proto 'static'
   option device 'eth1'
   option type 'bridge'
   option ipaddr '192.168.10.2'
   option netmask '255.255.255.0'
   option gateway '192.168.10.1'
   list dns '192.168.10.1'

config interface 'guest'
   option proto 'static'
   option device 'eth2'
   option ipaddr '192.168.11.2'
   option netmask '255.255.255.0'
   option gateway '192.168.11.1'
   list dns '192.168.11.1'
   option type 'bridge'

* */etc/config/network* *

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:07.0'
	option channel 'auto'
	option band '2g'
	option htmode 'HE20'
	option cell_density '0'
	option country 'US'

config wifi-iface 'wifinet0'
	option device 'radio0'
	option mode 'ap'
	option ssid 'My WIFI'
	option encryption 'psk2'
	option key 'password'
	option network 'user'

How can I fix it? Thank you.

Edit 1: Just want to mention that the AP itself is able to access internet and able to update packages.

ncompact · January 9, 2024, 10:22pm

do three ethernet cables lead from this device to the three gateways you inserted?

I assume an error you will have a connection cable between this device and your OPNsense router,

so you will have to create three vlans on the OPNsense and have it manage both the packet routing and any other dhcp services, etc ...

Otey · January 9, 2024, 10:51pm

Yes, three cables. No VLAN used

I've just rechecked the connection cables between my OPNsense and my OpenWRT AP and they are right.

ncompact · January 9, 2024, 10:54pm

if you have three connection cables between this device and your OPNsense router you can set your eth1 user interface as dhcp and verify that it obtains an IP address from the OPNsense router

psherman · January 9, 2024, 10:58pm

There are many errors here.

let's start with this:

ubus call system board

Otey · January 9, 2024, 11:03pm

I had set all the interface as DHCP and they did get ip address.

Otey · January 9, 2024, 11:05pm

Here's my ubus call system board

{
	"kernel": "5.15.137",
	"hostname": "OpenWRT",
	"system": "Intel(R) Core(TM) i5-8250U CPU @ 1.60GHz",
	"model": "Xen HVM domU",
	"board_name": "xen-hvm-domu",
	"rootfs_type": "ext4",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.2",
		"revision": "r23630-842932a63d",
		"target": "x86/64",
		"description": "OpenWrt 23.05.2 r23630-842932a63d"
	}
}

psherman · January 9, 2024, 11:06pm

So the configuration you posted earlier was from an x86 machine that is being used as an AP?

Otey · January 9, 2024, 11:08pm

Yes. the configuration is supposed to used as an AP.

psherman · January 9, 2024, 11:12pm

Understood.

It is not generally advisable to use an x86 system for an AP because you will typically get lower wifi performance than a proper purpose-built AP (or all-in-one wifi router), and you will also typically use considerably more electrical power than a dedicated AP. But assuming there are no issues with your wifi chipset being used in AP mode, it will function.

So... on to fixing things:

The AP should only have an address on a single network -- the network that is used to manage the device (typically either the most trusted lan or a dedicated management network). What network is used for this purpose?
Are there 3 unique upstream routers (i.e. 192.168.1.1, 10.1, and 11.1) or is this all coming from a single router? If a single device, what is it (ubus call system board -- assuming it is running OpenWrt)

Otey · January 9, 2024, 11:30pm

So... As I mentioned there are three networks on my AP.

lan (192.168.1.1): The most trusted area network. I want this network be the only network that able to manage the OpenWRT AP with LuCI or ssh but nothing else.
user (192.168.10.1): This network is supposed to give specific members' devices network access by WiFi, and able to access some services inside my lan.
guest (192.168.11.1): This network is supposed to give guests/other members' devices network access by WiFi only. But I haven't try that yet.

They are all coming from a single router, my OPNsense.
The ubus call system board is on above. And that is the only information I can get after command ubus call system board . Is it suppose to have more information?

Thank you!

psherman · January 9, 2024, 11:38pm

Then this network will be the only one that has an address on the OpenWrt side.

These other two will be unmanaged (no address, just a wired-wireless bridge).

Why are you using 3 physical connections? Have you considered using VLANs instead?

This is only relevant for the OpenWrt side of things -- I asked in case we were talking about another OpenWrt device as your main router; irrelevant given that you are using OPNsense.

So...
First things first, you must define bridges outside the network stanzas like this:

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'

config device
	option name 'br-user'
	option type 'bridge'
	list ports 'eth1'

config device
	option name 'br-guest'
	option type 'bridge'
	list ports 'eth2'

Next, we'll edit the lan to use br-lan and we'll get rid of the bridge:

config interface 'lan'
   option device 'br-lan'
   option proto 'static'
   option ipaddr '192.168.1.2'
   option netmask '255.255.255.0'
   option gateway '192.168.1.1'
   list dns '192.168.1.1'

And finally, we'll make the other two networks unmanaged and they will use their respective bridges:

config interface 'user'
   option proto 'none'
   option device 'br-user'

config interface 'guest'
   option proto 'none'
   option device 'br-guest'

Reboot and test. I expect that it will work.

I would recommend using VLANs instead of 3 individual ports, and I also would encourage you to consider a proper wifi AP rather than an x86 device. But, the above stuff should work in general.

Otey · January 9, 2024, 11:55pm

Well that's complicated...

All in all, thank you! It works now, I've never though I just have to turn the user interface and guest interface as bridge.

Thank you!

psherman · January 9, 2024, 11:57pm

great!

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks!

system · January 19, 2024, 11:59pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.