[Solved] WAN/Internet connection setup doesn’t work (Zyxel wsm20)

Hi all, since I am new to this stuff I knew I would eventually end up here, but I had confidence it would be not this early in my journey lol.

The flashing of my Zyxel Multy M1 was successful but I have trouble setting up the internet connection/WAN interface.

I am using a dreytek vigor 167 upstream of the router in modem mode providing the internet.
My suspicion is that the default config of openwrt uses the same subset(?) of IPs as the vigor device so no routing occurs. By default both are also reachable on 192.168.1.1.

But i already tried changing the LAN1 Interface of the vigor to 192.168.10.1 and 192.168.1.200 and it didnt change anything. I think i just dont understand how all this works together.

Here is my current lan interface configuratio (should be default)

OpenWrt818×648 29.6 KB

I can only post 1 pic as a new user so:
The Modem has also a LAN interface that is connected to the openwrt device via wire.
IPv4 address: 192.168.1.200 (i changed this from 192.168.1.1)
Submask 255.255.255.0

1. Set the Vigor to a different subnet, like 192.168.10.1
2. Connect the Vigor to the WAN port of the M1
3. Set up PPPoE or whatever dial-in method your ISP requires on the WAN interface (it's in DHCP client mode by default).

Thanks for the reply i need to ask some stupid follow up questions:

So only the IP adress or the 255.255.255.0 to 255.255.0.0 aswell?

This is my ISP so im not sure if I can do it via PPPoE but i will try. The Vigor already does the VLAN tagging and that should be fine as far as i understand.

Only the IP address, the subnet mask should to stay at 255.255.255.0.

If it already does the VLAN tagging then changing the WAN interface on the OpenWrt side and entering your credentials should be enough.

I was just about to write it didn’t work but I had the glorious idea to reset the settings in case I changed something else and jep, now it works. Thank you again!

Okay nvm the router seems to have internet (so Software list update works, pings) but my client that is connected via LAN does not.

As devices I have Lan1-4, br-lan which bundles the lan1-4 ports, eth0 that’s not used anywhere and wan. I think my interfaces/devices are not correctly configured? the interface lan uses br-lan. Shouldn’t this be correct?

The WSM20 only has four Ethernet ports, one of them is WAN. So there is br-lan, consisting of lan1-lan3, and wan. It's DSA, so eth0 is actually all ports. br-lan needs to be in firewall zone lan, whereas wan is in the wan zone. This should all work out of the box.

Without having a look at your config files, it's now hard to tell what might be wrong.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall

Pardon, I meant LAN1-3 ofc And the explanaition with DSA was super helpful, thanks!

{
	"kernel": "5.15.134",
	"hostname": "ZAP-r",
	"system": "MediaTek MT7621 ver:1 eco:3",
	"model": "ZyXEL WSM20",
	"board_name": "zyxel,wsm20",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.0",
		"revision": "r23497-6637af95aa",
		"target": "ramips/mt7621",
		"description": "OpenWrt 23.05.0 r23497-6637af95aa"
	}
}

// network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd19:310e:c2bb::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option device 'wan'
	option proto 'pppoe'
	option username '123456789@t-online.de'
	option password 'myISPpassword'
	option ipv6 'auto'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

// dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	list dhcp_option '6,1.1.1.1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

// firewall

config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'DROP'
	option output 'ACCEPT'
	option forward 'DROP'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'se10::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

I should probably also make sure its not a DNS problem, is there a quick way to check?

It was indeed DNS. I turned off the option 'Use DNS servers provided by peer' and entered cloudflare 1.1.1.1 in the wan and wan6 interface, this worked. i also deleted the list dhcp_option '6,1.1.1.1' before ofc.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.