TTL issue in openwrt repeater – need help to bypass

Installing and Using OpenWrt
1

Dear, I have set my openwrt as a wireless repeater for DPS wifi.

Now everything was working well until today — my local ISP has set their TTL to 1.

Now I’m stuck in a situation where I can get internet in my openwrt router, but not able to access it on other devices.

Can someone help to fix and bypass this?

wifi repeater (DPS interface) TTL needs to be set to 64 or so, so I can connect back my other devices.
I have tried different stuff but nothing worked.

My ISP uses a local MikroTik captive portal.

Now I wonder if it's possible to set TTL to 64 so I can connect other devices behind openwrt?
Here is my /etc/config/wireless:

config wifi-device 'radio0'
	option type 'mac80211'
	option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
	option channel '1'
	option band '2g'
	option htmode 'HT20'
	option disabled '0'
	option country 'AE'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'Rvksu'
	option encryption 'psk2'
	option disabled '0'
	option key 'exmkk73487'
	option ifname 'phy-0'

config wifi-device 'radio1'
	option type 'mac80211'
	option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0+1'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'
	option disabled '0'
	option country 'AE'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'Rvksu-5GHz'
	option encryption 'psk2+tkip+ccmp'
	option disabled '0'
	option key 'exmkk73487'
	option ifname 'phy1'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'sta'
	option network 'wwan'
	option ssid 'DPS'
	option encryption 'none'
2

Try to search the forum for 'ttl 64' - there are plenty of recipes including ip6.

1 Like
3

searched a lot already, but nothing works. TTL still remains 1. My ISP uses MikroTik version 7.8

4

Wireless bridge is unlikely to work between vendors.
Mikrotik supports 80211s mesh, but you need to go via command lines to not enable their proprietary extensions. eg note OpenWrt supports only OPEN and WPA3 crypto while 'tik defaults to wpa2

5

The nftables code.

6

This is the working TTL to convert TTL=1 to TTL=64 in all interfaces

vi /etc/nftables.d/ttl64.nft

chain mangle_prerouting_ttl64 {
      type filter hook prerouting priority 300; policy accept;
      ip ttl set 64
}

fw4 check

/etc/init.d/firewall restart
2 Likes
7

ttl=1 is dhcp and other link-local activities.

2 Likes
8

I did it several times

fw4-firewall
fw4-firewall1057×654 37.3 KB

ttl
ttl1044×1517 43.2 KB

1 Like
9

Thanks, it worked.

1 Like