Trying to isolate my pc using openwrt router from the home modem(VDSL2) internet using ethernet cables

need_skill · July 30, 2024, 7:17am

Hi people,so recently i bought myself a zyxel P2812HNUF1 router installed openwrt on it and tried this wiring:home modem(VDSL2)<openwrt router wan port(using ethernet cable) and conecting openwrt router lan port to my pc.Unfortunately i didn't recieve internet.But when i switched to lan port instead of wan i recieved internet by getting ip from dhcp server.Main gateway was home modem though.This wasn't what i wanted i was still on the same network.I tried to switch cables multiple times (wan,lan) and very rarely wan port actually worked and i was in isolated internet and my main gateway was luci.Idk how it worked but after plugging and unplugging there was still no internet only lan port always worked and had proper ip addresses given by dhcp.Everytime i plugged the cable in wan port i got rubbish ip addresses and i got internet working by manually entering ip addresses(this only worked 1 in 10 times though)other times nothing worked.What can i do to make this setup work everytime without conflicts or issues please explain it to me (a newbie) Thanks in advance.

egc · July 30, 2024, 7:58am

Possible quick fix:
Do not connect your OpenWRT to the modem yet
Connect your PC to the openwrt router
Reset the OpenWRT router
The only thing you have to change is the routers IP address:
Change it from 192.168.1.1 to 192.168.2.1 under Network > Interfaces > Lan > IPv4 address.

In this example I have changed the IP address to 192.168.6.1

need_skill · July 30, 2024, 8:28am

i recieved proper ip but there is no internet still its on 192.168.2.x but there is nothing

egc · July 30, 2024, 8:31am

You have to reboot your PC after changing the LAN IP address to get a new IP address in the 192.168.2.X range

Please connect to your OpenWRT device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact keys, passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/dhcp
cat /etc/config/firewall
ip route show
ifstatus wan

need_skill · July 30, 2024, 8:33am

Rebooted but still no internet

need_skill · July 30, 2024, 8:49am

{
"kernel": "5.15.150",
"hostname": "OpenWrt",
"system": "xRX200 rev 1.1",
"model": "ZyXEL P-2812HNU-F1",
"board_name": "zyxel,p-2812hnu-f1",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "23.05.3",
"revision": "r23809-234f1a2efa",
"target": "lantiq/xrx200",
"description": "OpenWrt 23.05.3 r23809-234f1a2efa"
}
}

config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fdae:a42c:5062::/48'

config atm-bridge 'atm'
option vpi '1'
option vci '32'
option encaps 'llc'
option payload 'bridged'
option nameprefix 'dsl'

config dsl 'dsl'
option annex 'a'
option tone 'av'
option ds_snr_offset '0'

config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'

config device
option name 'lan1'
option macaddr '50:67:f0:f8:07:88'

config device
option name 'lan2'
option macaddr '50:67:f0:f8:07:88'

config device
option name 'lan3'
option macaddr '50:67:f0:f8:07:88'

config device
option name 'lan4'
option macaddr '50:67:f0:f8:07:88'

config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option ip6assign '60'

config device
option name 'dsl0'
option macaddr '50:67:f0:f8:07:89'

config interface 'wan'
option device 'dsl0'
option proto 'pppoe'
option username 'username'
option password 'password'
option ipv6 '1'

config interface 'wan6'
option device '@wan'
option proto 'dhcpv6'

config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'

config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
list ra_flags 'managed-config'
list ra_flags 'other-config'

config dhcp 'wan'
option interface 'wan'
option ignore '1'

config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'

config defaults
option syn_flood 1
option input REJECT
option output ACCEPT
option forward REJECT

Uncomment this line to disable ipv6 rules

option disable_ipv6 1

config zone
option name lan
list network 'lan'
option input ACCEPT
option output ACCEPT
option forward ACCEPT

config zone
option name wan
list network 'wan'
list network 'wan6'
option input REJECT
option output ACCEPT
option forward REJECT
option masq 1
option mtu_fix 1

config forwarding
option src lan
option dest wan

We need to accept udp packets on port 68,

see https://dev.openwrt.org/ticket/4108

config rule
option name Allow-DHCP-Renew
option src wan
option proto udp
option dest_port 68
option target ACCEPT
option family ipv4

Allow IPv4 ping

config rule
option name Allow-Ping
option src wan
option proto icmp
option icmp_type echo-request
option family ipv4
option target ACCEPT

config rule
option name Allow-IGMP
option src wan
option proto igmp
option family ipv4
option target ACCEPT

Allow DHCPv6 replies

see https://github.com/openwrt/openwrt/issues/5066

config rule
option name Allow-DHCPv6
option src wan
option proto udp
option dest_port 546
option family ipv6
option target ACCEPT

config rule
option name Allow-MLD
option src wan
option proto icmp
option src_ip fe80::/10
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family ipv6
option target ACCEPT

Allow essential incoming IPv6 ICMP traffic

config rule
option name Allow-ICMPv6-Input
option src wan
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
list icmp_type router-solicitation
list icmp_type neighbour-solicitation
list icmp_type router-advertisement
list icmp_type neighbour-advertisement
option limit 1000/sec
option family ipv6
option target ACCEPT

Allow essential forwarded IPv6 ICMP traffic

config rule
option name Allow-ICMPv6-Forward
option src wan
option dest *
option proto icmp
list icmp_type echo-request
list icmp_type echo-reply
list icmp_type destination-unreachable
list icmp_type packet-too-big
list icmp_type time-exceeded
list icmp_type bad-header
list icmp_type unknown-header-type
option limit 1000/sec
option family ipv6
option target ACCEPT

config rule
option name Allow-IPSec-ESP
option src wan
option dest lan
option proto esp
option target ACCEPT

config rule
option name Allow-ISAKMP
option src wan
option dest lan
option dest_port 500
option proto udp
option target ACCEPT

EXAMPLE CONFIG SECTIONS

do not allow a specific ip to access wan

#config rule

option src lan

option src_ip 192.168.45.2

option dest wan

option proto tcp

option target REJECT

block a specific mac on wan

#config rule

option dest wan

option src_mac 00:11:22:33:44:66

option target REJECT

block incoming ICMP traffic on a zone

#config rule

option src lan

option proto ICMP

option target DROP

port redirect port coming in on wan to lan

#config redirect

option src wan

option src_dport 80

option dest lan

option dest_ip 192.168.16.235

option dest_port 80

option proto tcp

port redirect of remapped ssh port (22001) on wan

#config redirect

option src wan

option src_dport 22001

option dest lan

option dest_port 22

option proto tcp

FULL CONFIG SECTIONS

#config rule

option src lan

option src_ip 192.168.45.2

option src_mac 00:11:22:33:44:55

option src_port 80

option dest wan

option dest_ip 194.25.2.129

option dest_port 120

option proto tcp

option target REJECT

#config redirect

option src lan

option src_ip 192.168.45.2

option src_mac 00:11:22:33:44:55

option src_port 1024

option src_dport 80

option dest_ip 194.25.2.129

option dest_port 120

option proto tcp

192.168.2.0/24 dev br-lan scope link src 192.168.2.1

{
"up": false,
"pending": false,
"available": false,
"autostart": true,
"dynamic": false,
"proto": "pppoe",
"device": "dsl0",
"data": {

    },
    "errors": [
            {
                    "subsystem": "interface",
                    "code": "NO_DEVICE"
            }
    ]

}

egc · July 30, 2024, 9:14am

Please format your output using the "Preformatted text </> " button, that way it is better readable.

It looks like you are trying to setup with PPPoE, before you had this router how did you got internet?

need_skill · July 30, 2024, 9:22am

With vdsl pppoe connection entering isp username and pass

egc · July 30, 2024, 9:36am

So you had a different router before this one.
Look at the settings of the previous router like protocol ,username password and if there is a need for VLAN or ask your ISP.
You need to copy these settings over to the new router

See also:
https://openwrt.org/docs/guide-user/network/wan/isp-configurations
https://openwrt.org/docs/guide-user/network/wan/wan_interface_protocols

need_skill · July 30, 2024, 9:41am

i did this for turkey which is where i live in found the config also pasted my isp username and pass it said "unknown error (user request)" and connection attempt failed i tried every type of config and settings possible also the connection as i said above worked a few times without setting these up

antonk · July 30, 2024, 10:52am

Sounds like what you're referring to as 'modem' is in fact a router. If that's the case then of course trying to access it with PPPoE won't work.

need_skill · July 30, 2024, 10:58am

Yeah my openwrt is router in this case my tplink is modem but how do i achieve this setup

egc · July 30, 2024, 11:01am

Did you reset to defaults?

need_skill · July 30, 2024, 11:15am

Yes i did still the same

need_skill · July 30, 2024, 11:20am

i think this router is trash i bought it second hand very cheap its not even detecting ethernet cables now

need_skill · July 30, 2024, 11:31am

i am ordering tp link archer c20 i need a router not a modem my main internet is archer vr400 already can these two work like i described with the same setup ?

antonk · July 30, 2024, 1:36pm

Your tp-link archer vr400 is not a modem. It's a modem-router. Currently it's configured to work as a router. If you want to set up another router behind it, you need to either configure vr400 to work in bridge mode (I don't know if it's possible), or configure the other router to work in DHCP client mode.

need_skill · July 30, 2024, 2:40pm

i configured bridge mode i will try with new router