[Solved] No internet when using Wi-Fi router to connect to existent Wi-Fi network

Hello,
(networking newbie here)

Backstory

I've been trying for a while to setup a Wi-Fi router (TL-WR841N aka TL router, 192.168.2.1) as a Wi-Fi receiver in an area without a wired connection so I can have internet access in a PC (connected to TL via ethernet). I've started by trying to set it up using WBS with the default TP-Link firmware, but without success. It seems that the router provided by my ISP (Hitron GVE39320 aka ISP router, 192.168.1.1), which I'm trying to connect to, does not support it. I've decided to try OpenWrt, downloaded it, crossed my fingers, flashed it and everything went smoothly!

Steps performed

It seems that what I'm trying to achieve is described here, I've followed these steps twice but without success.

Troubleshooting (attempt #1)

• TL is connected to ISP router (not sure why it says NONE, the Wi-Fi network of the ISP router has a password)

  Wireless
  Generic 802.11bgn Wireless Controller (radio0)	
  [Signal: -55 dBm / Noise: -95 dBm]
  78%	SSID: XYZ
  Mode: Client
  Channel: 2 (2.417 GHz)
  Bitrate: 52 Mbit/s
  BSSID: XX:XX:XX:XX:XX:XX
  Encryption: WPA2 PSK (NONE)
  

• ISP router assigns IP to TL router, that same IP (192.168.1.4) shows up in LUCI

  TL IPv4 WAN Status (LUCI Status Network)
  **Address:** 192.168.1.4
  **Netmask:** 255.255.255.0
  **Gateway:** 192.168.1.1
  **DNS 1:** 192.168.1.1
  **Connected:** 0h 9m 17s
  

• from LUCI I can:
  1. ping, traceroute and nslookup google.com
• from the PC connected to TL I can:
  1. nslookup google.com
• from the PC connected to TL I don't/can't:
  1. have internet access
  2. ping google.com

Version

• OpenWrt Chaos Calmer 15.05.1 / LuCI 15.05-149-g0d8bbd2 Release (git-15.363.78009-956be55)

Questions

1. Do I have to setup anything in the ISP router?
2. I'm not very confident in the firewall configuration, is there is a good way to post it here?

Please let me know which other info I should provide.
Thank you for the awesome software!

@nibbler, welcome to the community!

Renumber your LAN so it doesn't match WAN. Simple.

Very old BTW, and now unsupported.

Thank you for the quick reply!
As far as I understand my TL router LAN does not match the WAN. The WAN, from the TL router point of view, is 192.168.1.x and its LAN is 192.168.2.x.
Am I misunderstanding something?

You don't show this. Apologies, you did in your first sentence.

Please provide copy of /etc/config/network and /etc/config/wireless

and /etc/config/network

I had to ssh into TL router, not sure if there is a way to do this in LUCI.

Did you miss-typed the third file?
Thank you again

firewall

(so far network and wireless look good. You shoulda kept the default WAN firewall config and be OK...if you added WWAN to the WAN firewall zone, that is. )

I don't think I did... Just checked and I think it is

• Did you create this?
• I assume eth0 is an Ethernet switch?
• Was Port 0 tagged in the default config?

Did you add this?

I followed the steps here, using LUCI, I didn't added anything by hand. That name does not match anything I've seen in LUCI, I'll give another look.

I've tried different configurations, but before posting I've reset the TL router and followed the above link from the beginning.

I'm not sure about my answers, but:

No

No

No

switch976×516 38 KB

That appears to be properly configured. Check IP config on the PC make sure it has properly set up its gateway and DNS to be the TP-Link (routed client) router. The PC should ping 192.168.2.1 of course and also the main router 192.168.1.1. Try a traceroute to a numeric public IP address see if it at least gets to the main router.

What is the output of ip -4 addr; ip -4 ru; ip -4 ro; iptables-save -c ?

I think found something weird when getting the data to replay to you.
Commands run from a PC connected to TL router via ethernet.

Good.

Bad.

Weird. Traceroute is showing the IP I usually have when connecting to ISP route via Wi-Fi (192.168.1.203)...

I'm switching between the 2 networks while troubleshooting, is this an issue?

From the PC connected to TL router:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
inet 192.168.2.164/24 brd 192.168.2.255 scope global dynamic noprefixroute enp2s0
valid_lft 43061sec preferred_lft 43061sec
inet 192.168.1.203/24 brd 192.168.1.255 scope global noprefixroute enp2s0
valid_lft forever preferred_lft forever
0:	from all lookup local 
32766:	from all lookup main 
32767:	from all lookup default 
default via 192.168.1.201 dev enp2s0 proto static metric 100 
169.254.0.0/16 dev enp2s0 scope link metric 1000 
192.168.1.0/24 dev enp2s0 proto kernel scope link src 192.168.1.203 metric 100 
192.168.2.0/24 dev enp2s0 proto kernel scope link src 192.168.2.164 metric 100 
Failed to list table names in /proc/net/ip_tables_names: Permission denied

Should I run iptables-save with sudo?

I actually wanted you to run this on the TL, but it revealed the issue.

You already have an IP from the WAN network on the interface.
Moreover this doesn't look right. default via 192.168.1.201 dev enp2s0 proto static metric 100
Should be 192.168.2.1.

Does this mean it is cached somewhere? I've hard-reset the ISP router, which has a tab for DNS in which it had that IP (192.168.1.203) associated with the PC I am making tests with (switching between the 2 networks).

It sure is still active on your PC. Normally you can turn off the ethernet then on and it should disappear. If not reboot your pc and keep it connected only on OpenWrt.

I've rebooted the PC and obtained the same results...

Not sure if it is still relevant but here is the output of ip -4 addr; ip -4 ru; ip -4 ro; iptables-save -c run in TL router:

root@OpenWrt:~# ip -4 addr; ip -4 ru; ip -4 ro; iptables-save -c
-ash: ip: not found
-ash: ip: not found
-ash: ip: not found
# Generated by iptables-save v1.4.21 on Sat May 23 18:17:05 2020
*nat
:PREROUTING ACCEPT [1205:225071]
:INPUT ACCEPT [146:11195]
:OUTPUT ACCEPT [179:13724]
:POSTROUTING ACCEPT [1:336]
:delegate_postrouting - [0:0]
:delegate_prerouting - [0:0]
:postrouting_lan_rule - [0:0]
:postrouting_rule - [0:0]
:postrouting_wan_rule - [0:0]
:prerouting_lan_rule - [0:0]
:prerouting_rule - [0:0]
:prerouting_wan_rule - [0:0]
:zone_lan_postrouting - [0:0]
:zone_lan_prerouting - [0:0]
:zone_wan_postrouting - [0:0]
:zone_wan_prerouting - [0:0]
[1205:225071] -A PREROUTING -j delegate_prerouting
[179:13724] -A POSTROUTING -j delegate_postrouting
[179:13724] -A delegate_postrouting -m comment --comment "user chain for postrouting" -j postrouting_rule
[1:336] -A delegate_postrouting -o br-lan -j zone_lan_postrouting
[0:0] -A delegate_postrouting -o eth1 -j zone_wan_postrouting
[178:13388] -A delegate_postrouting -o wlan0 -j zone_wan_postrouting
[1205:225071] -A delegate_prerouting -m comment --comment "user chain for prerouting" -j prerouting_rule
[147:11268] -A delegate_prerouting -i br-lan -j zone_lan_prerouting
[0:0] -A delegate_prerouting -i eth1 -j zone_wan_prerouting
[1058:213803] -A delegate_prerouting -i wlan0 -j zone_wan_prerouting
[1:336] -A zone_lan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_lan_rule
[147:11268] -A zone_lan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_lan_rule
[178:13388] -A zone_wan_postrouting -m comment --comment "user chain for postrouting" -j postrouting_wan_rule
[178:13388] -A zone_wan_postrouting -j MASQUERADE
[1058:213803] -A zone_wan_prerouting -m comment --comment "user chain for prerouting" -j prerouting_wan_rule
COMMIT
# Completed on Sat May 23 18:17:05 2020
# Generated by iptables-save v1.4.21 on Sat May 23 18:17:05 2020
*raw
:PREROUTING ACCEPT [3946:499456]
:OUTPUT ACCEPT [2699:509854]
:delegate_notrack - [0:0]
[3946:499456] -A PREROUTING -j delegate_notrack
COMMIT
# Completed on Sat May 23 18:17:05 2020
# Generated by iptables-save v1.4.21 on Sat May 23 18:17:05 2020
*mangle
:PREROUTING ACCEPT [3946:499456]
:INPUT ACCEPT [3016:298194]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [2699:509854]
:POSTROUTING ACCEPT [2699:509854]
:fwmark - [0:0]
:mssfix - [0:0]
[3946:499456] -A PREROUTING -j fwmark
[0:0] -A FORWARD -j mssfix
[0:0] -A mssfix -o eth1 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
[0:0] -A mssfix -o wlan0 -p tcp -m tcp --tcp-flags SYN,RST SYN -m comment --comment "wan (mtu_fix)" -j TCPMSS --clamp-mss-to-pmtu
COMMIT
# Completed on Sat May 23 18:17:05 2020
# Generated by iptables-save v1.4.21 on Sat May 23 18:17:05 2020
*filter
:INPUT ACCEPT [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [0:0]
:delegate_forward - [0:0]
:delegate_input - [0:0]
:delegate_output - [0:0]
:forwarding_lan_rule - [0:0]
:forwarding_rule - [0:0]
:forwarding_wan_rule - [0:0]
:input_lan_rule - [0:0]
:input_rule - [0:0]
:input_wan_rule - [0:0]
:output_lan_rule - [0:0]
:output_rule - [0:0]
:output_wan_rule - [0:0]
:reject - [0:0]
:syn_flood - [0:0]
:zone_lan_dest_ACCEPT - [0:0]
:zone_lan_forward - [0:0]
:zone_lan_input - [0:0]
:zone_lan_output - [0:0]
:zone_lan_src_ACCEPT - [0:0]
:zone_wan_dest_ACCEPT - [0:0]
:zone_wan_dest_REJECT - [0:0]
:zone_wan_forward - [0:0]
:zone_wan_input - [0:0]
:zone_wan_output - [0:0]
:zone_wan_src_REJECT - [0:0]
[3016:298194] -A INPUT -j delegate_input
[0:0] -A FORWARD -j delegate_forward
[2699:509854] -A OUTPUT -j delegate_output
[0:0] -A delegate_forward -m comment --comment "user chain for forwarding" -j forwarding_rule
[0:0] -A delegate_forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[0:0] -A delegate_forward -i br-lan -j zone_lan_forward
[0:0] -A delegate_forward -i eth1 -j zone_wan_forward
[0:0] -A delegate_forward -i wlan0 -j zone_wan_forward
[0:0] -A delegate_forward -j reject
[0:0] -A delegate_input -i lo -j ACCEPT
[3016:298194] -A delegate_input -m comment --comment "user chain for input" -j input_rule
[2605:248348] -A delegate_input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[6:360] -A delegate_input -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j syn_flood
[272:36872] -A delegate_input -i br-lan -j zone_lan_input
[0:0] -A delegate_input -i eth1 -j zone_wan_input
[139:12974] -A delegate_input -i wlan0 -j zone_wan_input
[0:0] -A delegate_output -o lo -j ACCEPT
[2699:509854] -A delegate_output -m comment --comment "user chain for output" -j output_rule
[2520:496130] -A delegate_output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
[1:336] -A delegate_output -o br-lan -j zone_lan_output
[0:0] -A delegate_output -o eth1 -j zone_wan_output
[178:13388] -A delegate_output -o wlan0 -j zone_wan_output
[0:0] -A reject -p tcp -j REJECT --reject-with tcp-reset
[129:12614] -A reject -j REJECT --reject-with icmp-port-unreachable
[6:360] -A syn_flood -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -m limit --limit 25/sec --limit-burst 50 -j RETURN
[0:0] -A syn_flood -j DROP
[1:336] -A zone_lan_dest_ACCEPT -o br-lan -j ACCEPT
[0:0] -A zone_lan_forward -m comment --comment "user chain for forwarding" -j forwarding_lan_rule
[0:0] -A zone_lan_forward -m comment --comment "forwarding lan -> wan" -j zone_wan_dest_ACCEPT
[0:0] -A zone_lan_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT
[0:0] -A zone_lan_forward -j zone_lan_dest_ACCEPT
[272:36872] -A zone_lan_input -m comment --comment "user chain for input" -j input_lan_rule
[0:0] -A zone_lan_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT
[272:36872] -A zone_lan_input -j zone_lan_src_ACCEPT
[1:336] -A zone_lan_output -m comment --comment "user chain for output" -j output_lan_rule
[1:336] -A zone_lan_output -j zone_lan_dest_ACCEPT
[272:36872] -A zone_lan_src_ACCEPT -i br-lan -j ACCEPT
[0:0] -A zone_wan_dest_ACCEPT -o eth1 -j ACCEPT
[178:13388] -A zone_wan_dest_ACCEPT -o wlan0 -j ACCEPT
[0:0] -A zone_wan_dest_REJECT -o eth1 -j reject
[0:0] -A zone_wan_dest_REJECT -o wlan0 -j reject
[0:0] -A zone_wan_forward -m comment --comment "user chain for forwarding" -j forwarding_wan_rule
[0:0] -A zone_wan_forward -p esp -m comment --comment "@rule[7]" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -p udp -m udp --dport 500 -m comment --comment "@rule[8]" -j zone_lan_dest_ACCEPT
[0:0] -A zone_wan_forward -m conntrack --ctstate DNAT -m comment --comment "Accept port forwards" -j ACCEPT
[0:0] -A zone_wan_forward -j zone_wan_dest_REJECT
[139:12974] -A zone_wan_input -m comment --comment "user chain for input" -j input_wan_rule
[0:0] -A zone_wan_input -p udp -m udp --dport 68 -m comment --comment Allow-DHCP-Renew -j ACCEPT
[0:0] -A zone_wan_input -p icmp -m icmp --icmp-type 8 -m comment --comment Allow-Ping -j ACCEPT
[10:360] -A zone_wan_input -p igmp -m comment --comment Allow-IGMP -j ACCEPT
[0:0] -A zone_wan_input -m conntrack --ctstate DNAT -m comment --comment "Accept port redirections" -j ACCEPT
[129:12614] -A zone_wan_input -j zone_wan_src_REJECT
[178:13388] -A zone_wan_output -m comment --comment "user chain for output" -j output_wan_rule
[178:13388] -A zone_wan_output -j zone_wan_dest_ACCEPT
[0:0] -A zone_wan_src_REJECT -i eth1 -j reject
[129:12614] -A zone_wan_src_REJECT -i wlan0 -j reject
COMMIT
# Completed on Sat May 23 18:17:05 2020

Then make sure that you have not configured the IPs manually on the PC, on NetworkManager for example.

I'm now replying from the PC connected to the TL router!

I swear I didn't had the IP in the Networking Manager configuration but deleting the ethernet configuration and creating a new one solved the issue! This was achieved in the PC GUI running Ubuntu 18.04.4 LTS. Just deleted and created a new one with the default settings.

Thank you @lleachii, @mk24 and @trendy, for your time and quick replies!!!

Please mark this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.