Trying to set up a guest network using the " Guest Wi-Fi basics" cli instructions on the wiki. But I want it on Radio1 & I want WPA2 PSK (CCMP) encryption. I think the wiki references Radio0 and I don't even complete the first step. The Luci instructions are for an old version. Any help appreciated.. Using 23.05.0
Everything went fine except my phone says "connected/no internet? Help!!!
The most common causes for this would be if you didn't set the firewall configuration for the guest network to allow forwarding to the WAN, that your phone can't reach its internet checking server, or that the network's subnet or DNS are not configured properly.
From the phone, try browsing to a common web site such as here, or even to Google. If that doesn't work, try browsing to a known-good IP such as 1.1.1.1 (Cloudflare; fast DNS provider, has web site at the address) and see if you can reach the site that way. If you can get to both, then your phone is using a service to check for an internet connection, but it can't reach that server (Did you use an ad blocking service?) If you can get to it by IP but not by name, there's an issue with DNS. If you can't get to it even by IP, then there's a firewall or routing issue that needs to be corrected.
In the video he doesn't specify a device in the interface -> GuestWIFI. Am I missing something??
Disclaimer: I haven't watched the video. But I can answer in general...
The radios should only be specified in the /etc/config/wireless file. The network file, therefore, should not have any reference to any of the wireless hardware devices. Instead, the SSID stanzas (in the wireless file) include a line for option network where the network is associated with the SSID being configured.
Also, worth noting -- a wifi only network can entirely omit the device line in the interface config provided that the network only attaches to a single radio. If a network is associated with two or more physical interfaces (i.e. multiple radios, or ethernet + wifi), you must create a bridge and set that as the device for the network. A bridge that is only for multiple radios will appear empty, so often people include the bridge_empty option, but this is not required.
I think I found the problem. The video says the traffic rule "Allow_DNS-guest" is not necessary if using public servers. Not true in 23.05.0 !!
Can you point to the timestamp on the video where this statement is made?
I suspect that you weren't using DHCP option 6 -- instead, I'm going to guess that you had DNS servers specified in your guest network interface stanza. What ends up happening is that the DHCP server advertises the router's address for DNS because you haven't specified option 6 and provided the desired public DNS servers. As a side note, but relevant here... the DNS servers that you can specify in the /etc/config/network file are only valid/useful for the network that is the uplink (typically the wan).... it has no effect for downstream networks like your lan or guest.
Regardless of your version of OpenWrt, allowing DNS on the guest network is only required if the network will be using the router as the DNS server. If you use DHCP option 6 to advertise a public DNS server, you do not need to allow port 53 access to the router itself.
I give. What file do I put the DNS server addresses & the option line in?
In the guest DHCP server config (in /etc/config/dhcp), you'd add option 6 and the DNS servers to be advertised. For example, to use Google DNS, it would be this:
option dhcp_option 6,8.8.8.8,8.8.4.4
Thank you. I saw the example in LUCI. The time stamp in the video is 7:31.
Yeah... it looks like the person who created that video was under the mistaken impression that entering the public DNS into the guest network interface would mean that the connected hosts would do the same... as I explained earlier, that setting has no value for downstream networks. And since they created a firewall rule to allow port 53, they never noticed that they had a mistake there -- the correct way is to use option 6.
All of that said, the general configuration and firewall rules to achieve a guest network have not changed in a very long time. Exact syntax (in the underlying text config files) has changed, but the LuCI based approach should be nearly identical even going back to 19.07 or earlier aside from cosmetic differences in the GUI.
1 Like
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.