Hello!
The DHCP client does not receive a DNS list, what can be done? Is there any instruction on how to fix DNS problems?
Let’s start by looking at the configuration.
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
2 Likes
what model and version of the device and what version of the firmware ? 
Here is the information:
root@OpenWrt:~# ubus call system board
{
"kernel": "5.15.167",
"hostname": "OpenWrt",
"system": "MediaTek MT7621 ver:1 eco:3",
"model": "ASUS RT-AX53U",
"board_name": "asus,rt-ax53u",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.5",
"revision": "r24106-10cc5fcd00",
"target": "ramips/mt7621",
"description": "OpenWrt 23.05.5 r24106-10cc5fcd00"
}
}
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd7b:c861:1338::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wwan'
option proto 'dhcp'
option auto '0'
config interface 'ANT'
option proto 'pptp'
option server '10.0.0.6'
option username '*******'
option password '*******'
option ipv6 'auto'
config interface 'wan'
option proto 'dhcp'
option device 'wan'
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
option channel '1'
option band '2g'
option htmode 'HE20'
option disabled '1'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
config wifi-device 'radio1'
option type 'mac80211'
option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0+1'
option channel '36'
option band '5g'
option htmode 'HE80'
option cell_density '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
option disabled '1'
config wifi-iface 'wifinet2'
option device 'radio1'
option mode 'sta'
option network 'wwan'
option ssid '*******'
option encryption 'psk2'
option key '******'
root@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
list network 'wwan'
list network 'ANT'
list network 'wan'
The firewall is entirely wrong...
This makes no sense and should result in both a device that is not functional as well as one that is potentially an extreme security risk.
What is the purpose of this device on your network? Are you using this as a router? Or something else?
1 Like
I want to use as a router for home net, to bypass YouTube blocking in Russia. I can't set up internet distribution
in that case, the firewall needs to be repaired.
This would likely require some additional methods such as VPN or shadowsocks/proxy type services.
I don't know what this means.
let's restore the proper default firewall configuration
cp /rom/etc/config/firewall /etc/config/firewall
Then add the wwan and ANT networks to the wan firewall zone.
Restart and test again.
1 Like
This would likely require some additional methods such as VPN or shadowsocks/proxy type services.
I want to use this project https://github.com/bol-van/zapret
Thanks a lot! I do this and the internet started working on the computer:
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
list network 'ANT'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
if I write /etc/config/network host vpn it doesn't work:
option server 'vpnnem.a-n-t.ru'
if I write /etc/config/network ip vpn it works done:
option server '10.0.0.6'
The incoming speed is two times lower than on the factory firmware. what could be the problem?
In absolute numbers what are the speeds? A VPN uses the router's CPU to encrypt/decrypt every packet and the MT7621 is not a particularly fast CPU.
I compare with Mercusys AC1200
86 vs 44 Mbit/s
encryption is disabled
sed -i 's/^mppe/#mppe/' /etc/ppp/options.pptp
echo nomppe >> /etc/ppp/options.pptp
The 10.0.0.6 server must not be routed via the public internet) because that is not a public IP address. Interestingly, though, even I see that the domain name resolves to RFC1918 addresses 10.0.0.x where x in this case is 5, 6, 12, 68, and 69. Either your DNS is not resolving properly some of the other servers aren't running properly.
That said, another thing to keep in mind is that PPTP is not secure. It's trivially easy to hack. This means that if there is any reason that someone would want to find out what sites you are visiting, they could easily learn that information from the DNS and/or destination IP addresses (although the contents within the traffic to those services/properities such as YouTube and pretty much anything on the web will almost always be securely encrypted).
That said, another thing to keep in mind is that PPTP is not secure.
This is a requirement of the internet provider.
Either your DNS is not resolving properly some of the other servers aren't running properly.
Is there anything I can do to make it work properly?
ok.
Not really on your end, unless you can specify a different public DNS server (which may or may not work depending on the restrictions on your service).
Edit your /etc/config/dhcp and add a single line at the end of the section:
config dnsmasq
[...]
list rebind_domain 'a-n-t.ru'
then execute /etc/init.d/dnsmasq restart
Thanks a lot! Connected.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.