SSH not working from any device to Ubuntu 24.04.02 LTS

wittypixel · April 10, 2025, 5:15pm

Hi OpenWrt newbie here and Linux amateur. I installed OpenWrt on my mx4300 to challenge myself and increase that linux muscle for work and for life : )

So I've tried from windows terminal and a macbook. both SSH and ping fail to work. pinging times out eventually but shows the following "destination host unreachable" same from both mac and windows

PS C:\Users\drago> ping 192.168.1.141

Pinging 192.168.1.141 with 32 bytes of data:
Reply from 192.168.1.155: Destination host unreachable.

SSH server is installed in ubuntu and enabled
SSH is enabled in openwrt and I can SSH in using the windows computer
All devices are under the same wifi network so no tunneling here or external connections involved
SSH aside the devices can contact the internet fine
I can SSH into the router mx4300 no issues and was able to SSH prior to flashing openwrt

Fimrware/Kernel

Firmware Version	OpenWrt SNAPSHOT r29162-1cb5297ac3 / LuCI Master 25.098.67059~e79e702

Kernel Version	6.6.85

SSH Settings

openwrt system logs

[ 5005.665138] ath11k c000000.wifi phy1-ap0: entered allmulticast mode
[ 5005.670923] ath11k c000000.wifi phy1-ap0: entered promiscuous mode
[ 5005.677164] br-lan: port 4(phy1-ap0) entered blocking state
[ 5005.683119] br-lan: port 4(phy1-ap0) entered forwarding state
[ 5005.937847] br-lan: port 4(phy1-ap0) entered disabled state
[ 5017.130915] br-lan: port 4(phy1-ap0) entered blocking state
[ 5017.130965] br-lan: port 4(phy1-ap0) entered forwarding state
[ 5198.602360] ath11k c000000.wifi phy1-ap0: left allmulticast mode
[ 5198.602427] ath11k c000000.wifi phy1-ap0: left promiscuous mode
[ 5198.607556] br-lan: port 4(phy1-ap0) entered disabled state
[ 5200.102780] br-lan: port 4(phy1-ap0) entered blocking state
[ 5200.102823] br-lan: port 4(phy1-ap0) entered disabled state
[ 5200.107210] ath11k c000000.wifi phy1-ap0: entered allmulticast mode
[ 5200.112989] ath11k c000000.wifi phy1-ap0: entered promiscuous mode
[ 5200.119087] br-lan: port 4(phy1-ap0) entered blocking state
[ 5200.125254] br-lan: port 4(phy1-ap0) entered forwarding state
[ 5200.460335] br-lan: port 4(phy1-ap0) entered disabled state
[ 5211.704426] br-lan: port 4(phy1-ap0) entered blocking state
[ 5211.704477] br-lan: port 4(phy1-ap0) entered forwarding state
[ 7237.840636] nss-dp 3a001800.dp5 lan1: PHY Link is down
[ 7237.840903] br-lan: port 1(lan1) entered disabled state
[ 7239.920766] nss-dp 3a001800.dp5 lan1: PHY Link up speed: 10
[ 7239.920828] br-lan: port 1(lan1) entered blocking state
[ 7239.925170] br-lan: port 1(lan1) entered forwarding state
[ 9921.628205] ath11k c000000.wifi: failed to flush transmit queue, data pkts pending 1
[34034.759262] nss-dp 3a001800.dp5 lan1: PHY Link is down
[34034.759529] br-lan: port 1(lan1) entered disabled state
[34036.839393] nss-dp 3a001800.dp5 lan1: PHY Link up speed: 1000
[34036.839456] br-lan: port 1(lan1) entered blocking state
[34036.844144] br-lan: port 1(lan1) entered forwarding state
[37323.276342] nss-dp 3a001800.dp5 lan1: PHY Link is down
[37323.276610] br-lan: port 1(lan1) entered disabled state
[37325.356423] nss-dp 3a001800.dp5 lan1: PHY Link up speed: 10
[37325.356483] br-lan: port 1(lan1) entered blocking state
[37325.360827] br-lan: port 1(lan1) entered forwarding state
[38969.614129] nss-dp 3a001800.dp5 lan1: PHY Link is down
[38969.629324] br-lan: port 1(lan1) entered disabled state
[38971.694361] nss-dp 3a001800.dp5 lan1: PHY Link up speed: 1000
[38971.694423] br-lan: port 1(lan1) entered blocking state
[38971.699110] br-lan: port 1(lan1) entered forwarding state
[39008.414305] ath11k c000000.wifi: failed to flush transmit queue, data pkts pending 1

Mijzelf · April 10, 2025, 5:19pm

Did you enable client isolation?

frollic · April 10, 2025, 5:20pm

Disable the Ubuntu firewall.

wittypixel · April 10, 2025, 5:21pm

nope just checked an it's off by default it seems

wittypixel · April 10, 2025, 5:22pm

So I could do that but it was working prior to getting openwrt setup (has a tp link before). I would prefer to try getting to the root cause

frollic · April 10, 2025, 5:24pm

You mean your TP-Link router bypassed your Ubuntu firewall in some way ?

That sounds..... "secure" ?

wittypixel · April 10, 2025, 5:31pm

So I didn't question why it was working before but I just know it was since I tested it out last week. I'm primarily SSHing from the windows 11 machine into my Ubuntu PC.

Also worth mentioning in the ubuntu settings SSH is enabled

Mijzelf · April 10, 2025, 5:32pm

So you've got 3 devices, a Windows box, an Ubuntu box, and a router/accesspoint. All connected by wifi. You was able to connect from Windows to Ubuntu over ssh, then you exchanged the router/accesspoint, and now you can't. Right?
Are you sure the Ubuntu box still has the same IP?
Can you ssh to Ubuntu from the router?

psherman · April 10, 2025, 5:33pm

There is likely nothing in your openwrt config that could cause this issue. We will review to verify, though.

Double check that your ubunutu host has the expected ip address. And you can also test that the ssh server is working on the Ubuntu host by trying to ssh to localhost (while on that computer).

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

wittypixel · April 10, 2025, 5:51pm

Yup it does, I used 'ifconfig' to confirm before I tried SSH

wittypixel · April 10, 2025, 5:58pm

Summary

root@OpenWrt:~# ubus call system board
ireless
cat /etc/config/dhcp
cat /etc/config/fir{
"kernel": "6.6.85",
"hostname": "OpenWrt",
"system": "ARMv8 Processor rev 4",
"model": "Linksys MX4300",
"board_name": "linksys,mx4300",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "SNAPSHOT",
"firmware_url": "https://downloads.openwrt.org/",
"revision": "r29162-1cb5297ac3",
"target": "qualcommax/ipq807x",
"description": "OpenWrt SNAPSHOT r29162-1cb5297ac3",
"builddate": "1744126806"
}
}
root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'REDACTED'

config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'

config device
option name 'lan1'
option macaddr 'REDACTED'

config device
option name 'lan2'
option macaddr 'REDACTED'

config device
option name 'lan3'
option macaddr 'REDACTED'

config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'

config interface 'wan'
option device 'wan'
option proto 'dhcp'

config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc@0/c000000.wifi'
option band '5g'
option channel '36'
option htmode 'HE80'
option cell_density '0'

config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'REDACTED'
option encryption 'sae-mixed'
option key 'REDACTED'
option ocv '0'

config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc@0/c000000.wifi+1'
option band '2g'
option channel 'auto'
option cell_density '0'

config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'REDACTED'
option encryption 'psk-mixed'
option key 'REDACTED'

config wifi-device 'radio2'
option type 'mac80211'
option path 'platform/soc@0/c000000.wifi+2'
option band '5g'
option channel 'auto'
option htmode 'HE80'
option cell_density '0'

config wifi-iface 'default_radio2'
option device 'radio2'
option network 'lan'
option mode 'ap'
option ssid 'REDACTED'
option encryption 'sae-mixed'
option key 'REDACTED'
option ocv '0'

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'

config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'

config dhcp 'wan'
option interface 'wan'
option ignore '1'

config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'

root@OpenWrt:~# cat /etc/config/firewall

psherman · April 10, 2025, 5:59pm

I can guarantee that openwrt is not responsible for your issue.

Did you check the ip address of your Ubuntu machine? Did you check the ssh server by sshing to localhost?

frollic · April 10, 2025, 6:10pm

Unrelated, but sae-mixed is a terrible pick for wifi security.

psherman · April 10, 2025, 6:12pm

As is psk-mixed.

You should use wpa2 (psk2) or wpa3 (sae) only. Do not use mixed mode.

But as mentioned, this is not related to your issue.

wittypixel · April 10, 2025, 7:31pm

I feel the same, and thanks for all the help so far!

Aside from a one time wifi issue (no devices connecting) because I forgot to turn off the TP Link last night lol, which had the same SSIDs, everything has been pretty flawless and smooth compared to when i tried out dd-wrt.

Now for the localhost SSH that worked without any issues.

psherman · April 10, 2025, 7:33pm

Ok… did you check the IP address of the Ubuntu machine?

wittypixel · April 10, 2025, 7:39pm

My bad i did, it's still 192.168.1.141, hasn't changed.

Also changed all 3 radios to wpa3 (sae) thank you both for that!! forgot to switch it back when troubleshooting wifi last night

Dante · April 10, 2025, 7:44pm

How did you enable SSH in Ubuntu? If you enabled it through the GUI, it might have only been enabled for a specific network. And changing switch router/firmware might appear as a different network due to different MACs, SSIDs, etc.

mk24 · April 10, 2025, 7:49pm

Can you ping or ssh the Ubuntu PC from the router? This will work even if client isolation is active.

psherman · April 10, 2025, 7:57pm

And can the Ubuntu machine ping the router and other hosts on the network?