Hi,
I am struggling with what should be a pretty basic setup:
- LAN server and router 10.11.13.1/24 (with a static route for network 10.11.17.0/24 to gateway 10.11.13.10)
- OpenWrt AP 10.11.13.10 with an intended functionality of a "dumb" AP/switch on the LAN and extra functionality of a separate Guest AP network (hence a being gateway for 10.11.17.0/24).
OpenWrt is setup so that lan
interface bridges all physical ports (marked as LAN and WAN) and also wlan "AP1". This part works fine, all clients (wireless and LAN) connected to OpenWRT get IP address from the LAN server/router and can talk to LAN and to the internet.
Now, I have created a parallel WLAN AP "Guest", assigned it to the network infernet
, enabled DHCP server on this interface for 10.11.17.1/24 subnet. In firewall, I put all to "accept" for testing purposes and set up zone forwarding from infernet
to lan
and vice versa.
(Once well tested, the plan is to use firewall to restrict access from "infernet" to "lan" and allow only public internet.)
When a client connects to the guest WLAN Guest, it gets an IP address from pool 10.11.17.0/24, but that's all - the client cannot ping 10.11.17.1 and also nothing from LAN or internet. The client is also not pingable from openWRT (ssh console).
OpenWrt 18.06.1, device Asus RT-N56U.
P.S. The trouble seems to be a broken routing table - see at the bottom.
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11g'
option path 'pci0000:00/0000:00:01.0/0000:01:00.0'
option channel '7'
option legacy_rates '1'
option country 'CZ'
option txpower '20'
option htmode 'HT40'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option key '************'
option encryption 'psk2'
option ssid 'AP1'
option network 'lan'
config wifi-device 'radio1'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'platform/10180000.wmac'
option htmode 'HT20'
option country 'CZ'
option legacy_rates '1'
option txpower '23'
config wifi-iface 'default_radio1'
option device 'radio1'
option mode 'ap'
option encryption 'psk2'
option key '*********'
option ssid 'AP5G'
option disabled '1'
option network 'lan'
config wifi-iface
option device 'radio0'
option mode 'ap'
option ssid 'Guest'
option key '*********'
option network 'infernet'
option encryption 'psk2'
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd38:a2ae:1569::/48'
config interface 'lan'
option type 'bridge'
option proto 'dhcp'
option hostname 'rt-n56u'
option ifname 'eth0.1 eth0.2'
config device 'lan_dev'
option name 'eth0.1'
option macaddr '0a:60:6e:e9:3c:89'
config device 'wan_dev'
option name 'eth0.2'
option macaddr '08:60:6e:e9:3c:88'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
option enable_vlan4k '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 3 4 8t'
config interface 'infernet'
option proto 'static'
option ipaddr '10.11.17.1'
option netmask '255.255.255.0'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option drop_invalid '1'
option forward 'ACCEPT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option network 'lan'
option forward 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option name 'infernet'
option output 'ACCEPT'
option input 'ACCEPT'
option network 'infernet'
option forward 'ACCEPT'
config rule
option target 'ACCEPT'
option src 'infernet'
option name 'Allow_INFERNET_DHCP'
option proto 'udp'
option dest_port '67-68'
option enabled '0'
config rule
option target 'ACCEPT'
option src 'infernet'
option name 'Allow_INFERNET_DNS'
option dest_port '53'
option enabled '0'
config forwarding
option dest 'infernet'
option src 'lan'
config forwarding
option dest 'lan'
option src 'infernet'
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option rebind_protection '0'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'infernet'
option start '100'
option leasetime '12h'
option limit '150'
option interface 'infernet'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
What draw my attention is the routing table:
root@OpenWrt:~# ip route
default via 10.11.17.1 dev wlan0-1
10.11.13.0/24 dev br-lan scope link src 10.11.13.10
10.11.17.0/24 via 10.11.13.10 dev br-lan src 10.11.13.10
10.11.17.0/24 dev wlan0-1 scope link src 10.11.17.1
I would expect the default via 10.11.13.1 dev br-lan. Also the two routes to 10.11.17.0/24 looked weird.
Once updated (manually on console):
root@OpenWrt:~# ip route
default via 10.11.13.1 dev br-lan
10.11.13.0/24 dev br-lan scope link src 10.11.13.10
10.11.17.0/24 dev wlan0-1 scope link src 10.11.17.1
all started to work as expected.
Is there a way how to achieve this via LuCI? (If not, I have to check how to force the above working routes manually so that they are set up after reboot.)