[Solved]Wi-fi no internet

Opscisa · October 1, 2024, 8:44pm

Hello everyone.Tell me please. There is no Internet connection when connecting to Wi-fi Amnesia5g, while the connection to my vps works and when using a vpn connection through the client installed on the phone, everything works. Here is my configuration, most likely I messed up something in the firewall settings?:

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd32:543a:9d0a::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.0.251'
        option netmask '255.255.255.0'
        option gateway '192.168.0.1'
        list dns '192.168.0.1'

config device
        option name 'eth0.2'
        option macaddr 'b0:be:76:e0:b6:57'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0 6t'

config interface 'VPN'
        option proto 'static'
        option device 'br-vpn'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'

config device
        option type 'bridge'
        option name 'br-vpn'
        list ports 'eth0.3'

config switch_vlan
        option device 'switch0'
        option ports '6t 1'
        option vlan '3'

config interface 'awg0'
        option proto 'amneziawg'
        option private_key '**'
        list dns '1.1.1.1'
        list dns '1.0.0.1'
        option awg_jc '3'
        option awg_jmin '40'
        option awg_jmax '70'
        option awg_s1 '8'
        option awg_s2 '9'
        option awg_h1 '**'
        option awg_h2 '**'
        option awg_h3 '**'
        option awg_h4 '**'
        option mtu '1280'
        list addresses '10.8.1.3/32'

config amneziawg_awg0
        option description '7550'
        option public_key '**'
        option preshared_key '**'
        option persistent_keepalive '25'
        option endpoint_host '**'
        option endpoint_port '56054'
        list allowed_ips '0.0.0.0/0'
        list allowed_ips '::/0'

root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option masq '1'
        list network 'lan'

config zone
        option name 'vpn'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'VPN'

config rule
        option name 'VPN_DHCP'
        list proto 'udp'
        option src 'vpn'
        option dest_port '67-68'
        option target 'ACCEPT'

config rule
        option name 'VPN_DNS'
        option src 'vpn'
        option dest_port '53'
        option target 'ACCEPT'

config rule
        option name 'Block_VPN_from_Lan'
        list proto 'all'
        option src 'vpn'
        option dest 'lan'
        list dest_ip '192.168.0.1/24'
        option target 'REJECT'

config zone
        option name 'awg_client'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option mtu_fix '1'
        option masq '1'
        list network 'awg0'

config forwarding
        option src 'vpn'
        option dest 'awg_client'

config dnsmasq
        option domainneeded '1
        option localise_queries 1
        option rebind_protection 1
        option rebind_localhost 1
        option local /lan/
        option domain lan
        option expandhosts 1'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option localservice '1'
        option ednspacket_max '1232'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option ignore '1'
        option dhcpv6 'disabled'
        option ra 'disabled'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'VPN'
        option interface 'VPN'
        option start '100'
        option limit '150'
        option leasetime '12h'

config host
        option name 'LGwebOSTV'
        option ip '192.168.2.109'
        option mac 'A8:23:FE:92:07:57'

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/10300000.wmac'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option cell_density '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'TP-Link_B656'
        option encryption 'psk2'
        option key '**'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
        option cell_density '0'
        option htmode 'VHT80'
        option band '5g'
        option channel 'auto'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'VPN'
        option mode 'ap'
        option ssid 'Amnesia5G'
        option encryption 'psk2'
        option key '**'

Thank you in advance for your help

trendy · October 1, 2024, 9:13pm

Firewall is fine.

You need to do Policy Based Routing and you have 3 options:

mwan3 package
pbr package
a set of rules/routes for each internet connection.

You have 2 gateways, the lan and the amnezia. If you don't do policy routing all packets are forwarded to the lan gateway. With policy routing packets from vpn interface can use the gateway of amnezia.

Opscisa · October 1, 2024, 9:18pm

Please tell me how to do this through policies or pbr based on the existing configuration?

pavelgl · October 2, 2024, 6:47am

Given that the setup is based on guest wifi on a dumbAP, you shouldn't need pbr.

At first glance everything looks correct, except you missed the the option route_allowed_ips '1' in the peer section (which is really important).

Also, port 1 cannot be an untagged member of more than 1 vlan, so remove it from vlan1 (first make sure that port 1 is not used as an uplink to the main router).

Opscisa · October 2, 2024, 8:12am

Thank you very much!
You helped me again.

system · October 12, 2024, 8:13am

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.