[SOLVED] LEDE On Raspberry Pi 3 - Unable to connect to internet

lede-newbie · May 8, 2018, 9:10pm

Hi,

I'm using LEDE on my Raspberry Pi 3 (lede-17.01.4-brcm2708-bcm2710-rpi-3-ext4-sdcard.img)

I have configured the Pi as an access point and my internet connection is via Pi's Ethernet port.

My configuration is as follows:

# /etc/config/network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd5b:df3d:00ba::/48'

config interface 'wan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '10.42.0.2'
	option gateway '10.42.0.1'
	option dns '10.42.0.1'
	option ifname 'eth0'
        option defaultroute '1'

config interface 'vpn'
	option proto 'none'
	option ifname 'tun0'

config interface 'lan'
	option proto 'static'
	option ipaddr '192.168.8.1'
	option netmask '255.255.255.0'
	option gateway '192.168.8.1'
	option dns '192.168.8.1'

# /etc/config/firewall 

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan'

config zone
	option name 'VPN_FW'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option network 'vpn'

config forwarding
	option dest 'VPN_FW'
	option src 'lan'

config forwarding
        option dest 'wan'
        option src 'lan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config rule
	option enabled '1'
	option target 'ACCEPT'
	option proto 'tcp udp'
	option dest_port '53'
	option name 'DNS-Lookup'
	option src 'lan'

# /etc/config/network 

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd5b:df3d:00ba::/48'

config interface 'wan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '10.42.0.2'
	option gateway '10.42.0.1'
	option dns '10.42.0.1'
	option ifname 'eth0'
	option defaultroute '1'

config interface 'vpn'
	option proto 'none'
	option ifname 'tun0'

config interface 'lan'
	option proto 'static'
	option ipaddr '192.168.8.1'
	option netmask '255.255.255.0'
	option gateway '192.168.8.1'
	option dns '192.168.8.1'

I can't for the life of me figure out why the Pi cannot connect to the internet -- since it cannot connect to the internet, it is unable to establish a VPN connection.

mikma · May 9, 2018, 10:17am

You shouldn't configure gateway and DNS to the router's own IP address. Leave them empty instead in the LAN interface.

lede-newbie · May 9, 2018, 11:07am

Thank You @mikma

Updated the lan section as follows:

config interface 'lan'
	option proto 'static'
	option ipaddr '192.168.8.1'
	option netmask '255.255.255.0'

Still can't seem to connect

mikma · May 9, 2018, 12:36pm

Are you able to ping from the router shell (or web interface)?

ping 10.42.0.1

ping 8.8.8.8

ping openwrt.org

lede-newbie · May 9, 2018, 1:04pm

Yes, I just booted the Pi to test the ping commands above and the reboot seems to have done the trick.
I can now update the package lists and also connect to the internet via the Pi. (and ping works too!)

Thank You so very much @mikma

I'll test this a few more times and then resolve this question.