Some client can obtain ip but some client is unable to obtain ip address

Hello ,

I am facing this problem where some of my client is able to obtain ip from my router but some client is stuck at " obtaining ip address " when connecting either wired or wirelesss.

below are my configuration files.

cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdab:0ac0:e69f::/48'
        option packet_steering '1'

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option _orig_ifname 'eth0'
        option _orig_bridge 'true'
        option ifname 'eth2 eth3'
        option ipaddr '192.168.7.1'

config interface 'wan'
        option _orig_ifname 'eth1'
        option _orig_bridge 'false'
        option ifname 'eth0'
        option proto 'dhcp'
        option metric '10'

config interface 'WANB'
        option proto 'dhcp'
        option ifname 'eth1'
        option delegate '0'
        option metric '20'

 cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option fullcone '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'DROP'
        option network 'lan'
        option masq '1'
        option mtu_fix '1'

config zone
        option name 'wan'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option input 'DROP'
        option forward 'DROP'
        option network 'wan WANB'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config include 'zerotier'
        option type 'script'
        option path '/etc/zerotier.start'
        option reload '1'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'any'
        option reload '1'

config include 'adbyby'
        option type 'script'
        option path '/var/etc/adbyby.include'
        option reload '1'

config rule 'adblock'
        option name 'adblock'
        option target 'DROP'
        option src 'wan'
        option proto 'tcp'
        option dest_port '8118'

config include 'ipsecd'
        option type 'script'
        option path '/etc/ipsec.include'
        option reload '1'

config rule 'ike'
        option name 'ike'
        option target 'ACCEPT'
        option src 'wan'
        option proto 'udp'
        option dest_port '500'

config rule 'ipsec'
        option name 'ipsec'
        option target 'ACCEPT'
        option src 'wan'
        option proto 'udp'
        option dest_port '4500'

config rule 'ah'
        option name 'ah'
        option target 'ACCEPT'
        option src 'wan'
        option proto 'ah'

config rule 'esp'
        option name 'esp'
        option target 'ACCEPT'
        option src 'wan'
        option proto 'esp'

config include 'passwall'
        option type 'script'
        option path '/var/etc/passwall.include'
        option reload '1'

config include 'passwall_server'
        option type 'script'
        option path '/var/etc/passwall_server.include'
        option reload '1'

config include 'softethervpn'
        option type 'script'
        option path '/usr/share/softethervpn/firewall.include'
        option reload '1'

config include 'v2ray_server'
        option type 'script'
        option path '/usr/share/v2ray_server/firewall.include'
        option reload '1'

config rule 'kms'
        option name 'kms'
        option target 'ACCEPT'
        option src 'wan'
        option proto 'tcp'
        option dest_port '1688'

config include 'openclash'
        option type 'script'
        option path '/var/etc/openclash.include'
        option reload '1'

config include 'shadowsocksr'
        option type 'script'
        option path '/var/etc/shadowsocksr.include'
        option reload '1'

config include 'wrtbwmon'
        option type 'script'
        option path '/etc/wrtbwmon.include'
        option reload '1'

config include 'mia'
        option type 'script'
        option path '/etc/mia.include'
        option reload '1'

config rule 'openvpn'
        option name 'openvpn'
        option target 'ACCEPT'
        option src 'wan'
        option proto 'tcp udp'
        option dest_port '1194'

config zone 'vpn'
        option name 'vpn'
        option input 'ACCEPT'
        option forward 'ACCEPT'
        option output 'ACCEPT'
        option masq '1'
        option network 'vpn0'

config include 'unblockmusic'
        option type 'script'
        option path '/var/etc/unblockmusic.include'
        option reload '1'

config forwarding
        option dest 'lan'
        option src 'wan'

config forwarding
        option dest 'wan'
        option src 'lan'


cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option nonwildcard '1'
        option localservice '1'
        option filter_aaaa '1'
        option port '53'
        list server '127.0.0.1#5351'
        option noresolv '1'

config dhcp 'lan'
        option interface 'lan'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        option ra_management '1'
        option start '30'
        option limit '200'
        option leasetime '30m'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config srvhost
        option srv '_vlmcs._tcp'
        option target 'OpenWrt'
        option port '1688'
        option class '0'
        option weight '100'

eth0 is used for lan as well.

lan firewall zone has masq and mtu_fix enabled, though it shouldn't
Interface vpn0 is defined in vpn zone but not in network interfaces and has masq enabled.
wan->lan forwarding is enabled.

Hello Trendy,

Thank you very much for your reply. I am beginner in openwrt. In fact, i just started using it a few days ago.

with regards to eth0 is being used in lan, may i know if you are referring to this ?

2020-11-22_22h01_33855×230 5.96 KB

I am using x86 with 4 port as router ( eth0, eth1, eth2, eth3) and eth0 & eth1 will be used for wan with load balancing and eth2 & eth3 will be used for lan.

Anyway do i just delete off that sentence from config file?

And with regards to lan firewall zone has masq & mtu_fix enabled, are you referring to below?

2020-11-22_22h05_281679×431 35.9 KB

I think if i uncheck lan=> wan masquerading button, i wasn't able to get to internet. Maybe i was wrong, I do face lan device unable to connect to internet on my first day. If i remember, only after i enable it, i was able to connect to internet.

and with regards to VPN, I wasnt using vpn. I am not sure if i press anywhere wrongly to get it there.

i have tried to make changes. Lets hope the problem will be solved =)

 cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdab:0ac0:e69f::/48'
        option packet_steering '1'

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ifname 'eth2 eth3'
        option ipaddr '192.168.7.1'

config interface 'wan'
        option ifname 'eth0'
        option proto 'dhcp'
        option metric '10'
        option delegate '0'

config interface 'WANB'
        option proto 'dhcp'
        option ifname 'eth1'
        option delegate '0'
        option metric '20'


 cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option fullcone '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'DROP'
        option network 'lan'

config zone
        option name 'wan'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option input 'DROP'
        option network 'wan WANB'
        option forward 'ACCEPT'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config include 'zerotier'
        option type 'script'
        option path '/etc/zerotier.start'
        option reload '1'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'any'
        option reload '1'

config include 'adbyby'
        option type 'script'
        option path '/var/etc/adbyby.include'
        option reload '1'

config rule 'adblock'
        option name 'adblock'
        option target 'DROP'
        option src 'wan'
        option proto 'tcp'
        option dest_port '8118'

config include 'ipsecd'
        option type 'script'
        option path '/etc/ipsec.include'
        option reload '1'

config rule 'ike'
        option name 'ike'
        option target 'ACCEPT'
        option src 'wan'
        option proto 'udp'
        option dest_port '500'

config rule 'ipsec'
        option name 'ipsec'
        option target 'ACCEPT'
        option src 'wan'
        option proto 'udp'
        option dest_port '4500'

config rule 'ah'
        option name 'ah'
        option target 'ACCEPT'
        option src 'wan'
        option proto 'ah'

config rule 'esp'
        option name 'esp'
        option target 'ACCEPT'
        option src 'wan'
        option proto 'esp'

config include 'passwall'
        option type 'script'
        option path '/var/etc/passwall.include'
        option reload '1'

config include 'passwall_server'
        option type 'script'
        option path '/var/etc/passwall_server.include'
        option reload '1'

config include 'softethervpn'
        option type 'script'
        option path '/usr/share/softethervpn/firewall.include'
        option reload '1'

config include 'v2ray_server'
        option type 'script'
        option path '/usr/share/v2ray_server/firewall.include'
        option reload '1'

config rule 'kms'
        option name 'kms'
        option target 'ACCEPT'
        option src 'wan'
        option proto 'tcp'
        option dest_port '1688'

config include 'openclash'
        option type 'script'
        option path '/var/etc/openclash.include'
        option reload '1'

config include 'shadowsocksr'
        option type 'script'
        option path '/var/etc/shadowsocksr.include'
        option reload '1'

config include 'wrtbwmon'
        option type 'script'
        option path '/etc/wrtbwmon.include'
        option reload '1'

config include 'mia'
        option type 'script'
        option path '/etc/mia.include'
        option reload '1'

config rule 'openvpn'
        option name 'openvpn'
        option target 'ACCEPT'
        option src 'wan'
        option proto 'tcp udp'
        option dest_port '1194'

config include 'unblockmusic'
        option type 'script'
        option path '/var/etc/unblockmusic.include'
        option reload '1'

config forwarding
        option dest 'lan'
        option src 'wan'

config forwarding
        option dest 'wan'
        option src 'lan'


 cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option nonwildcard '1'
        option localservice '1'
        option filter_aaaa '1'
        option port '53'
        list server '127.0.0.1#5351'
        option noresolv '1'

config dhcp 'lan'
        option interface 'lan'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        option ra_management '1'
        option start '30'
        option limit '200'
        option leasetime '30m'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config srvhost
        option srv '_vlmcs._tcp'
        option target 'OpenWrt'
        option port '1688'
        option class '0'
        option weight '100'

yes, better remove it, if it is not used.

Then you might have connected the cables in wrong port? lan definitely doesn't need masquerade enabled. wan does need it.

Also in wan zone

change that to DROP.

This forwarding is not advised, as it may expose lan to the internet and you don't need it anyway.

Is there anything in common for the hosts which cannot acquire dhcp settings? Are they connected to the same port or on the same switch?

I think after i remove this masquerade and mss clamping option, and everything that you have mention, everything working normal now.

i do not get obtaining ip errror anymore for whole of today. I think it solve my problem.

Thank you very much for your help. I was looking for solutions at google for the whole day but unable to find out probem. till you helped me

Your initial setup was too much modified. The default just works as it should, as long as you configure the interfaces per port properly.

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.

thank you.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.