Ubus doesn't work. Why?

YodaMaster · May 4, 2025, 11:21pm

I installed OpenWRT 25.03 on my raspberry pi and it is ok but I made some settings and now I don't know why Ubus APIs is working just over my cable connection. When I change to wifi conection: it doesnt work, Somebody help?

psherman · May 4, 2025, 11:30pm

Can you elaborate on specifically what you're trying to do -- examples of what is and what is not working, and the context for each of those tests.

Let's also check out your configs:

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

YodaMaster · May 4, 2025, 11:48pm

Hello!
What I'm trying to do is provide wifi access to another device instead of my computer in order to that device could call ubus to change ssid, however it only works using cable connection...

Following the settings:

root@OpenWrt:~# ubus call system board
{
	"kernel": "5.15.134",
	"hostname": "OpenWrt",
	"system": "ARMv8 Processor rev 3",
	"model": "Raspberry Pi 4 Model B Rev 1.5",
	"board_name": "raspberrypi,4-model-b",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.0",
		"revision": "r23497-6637af95aa",
		"target": "bcm27xx/bcm2711",
		"description": "OpenWrt 23.05.0 r23497-6637af95aa"
	}
}
root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd88:3185:be8b::/48'

config interface 'lan'
	option proto 'static'
	option ipaddr '10.0.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option dns '1.1.1.1'
	option device 'br-lan'

config interface 'wan'
	option device 'br-lan'
	option proto 'dhcp'
	option ifname 'eth1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0'

config interface 'lan2'
	option proto 'static'
	option ipaddr '192.168.1.19'
	option netmask '255.255.255.0'
	option device 'eth0.10'

config interface 'api'
	option proto 'static'
	option ipaddr '192.168.1.20'
	option netmask '255.255.255.0'
	option device 'eth0.10'

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/soc/fe300000.mmcnr/mmc_host/mmc1/mmc1:0001/mmc1:0001:1'
	option channel '11'
	option hwmode '11g'
	option htmode 'HT20'
	option country 'BR'
	option disabled '1'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'Guest'
	option encryption 'psk2'
	option key 'MyStrongPassword'
	option isolate '1'
	option disabled '1'

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'
	option noresolv '1'
	option server '1.1.1.1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	option ra_slaac '1'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

root@OpenWrt:~# cat /etc/config/firewall
config defaults
	option syn_flood	1
	option input		ACCEPT
	option output		ACCEPT
	option forward		REJECT
# Uncomment this line to disable ipv6 rules
#	option disable_ipv6	1

config zone
	option name		lan
	list   network		'lan'
	list   network		'lan2'
	list   network		'api'
	option input		ACCEPT
	option output		ACCEPT
	option forward		REJECT

config zone
	option name		wan
	list   network		'wan'
	list   network		'wan6'
	option input		REJECT
	option output		ACCEPT
	option forward		REJECT
	option masq		1
	option mtu_fix		1

config forwarding
	option src		lan
	option dest		wan

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'
	
# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
	option name		Allow-DHCP-Renew
	option src		wan
	option proto		udp
	option dest_port	68
	option target		ACCEPT
	option family		ipv4


config rule
	option name		Allow-IGMP
	option src		wan
	option proto		igmp
	option family		ipv4
	option target		ACCEPT
	
# Allow DHCPv6 replies
# see https://github.com/openwrt/openwrt/issues/5066
config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

# Allow essential incoming IPv6 ICMP traffic
config rule
	option name		Allow-ICMPv6-Input
	option src		wan
	option proto	icmp
	list icmp_type		echo-request
	list icmp_type		echo-reply
	list icmp_type		destination-unreachable
	list icmp_type		packet-too-big
	list icmp_type		time-exceeded
	list icmp_type		bad-header
	list icmp_type		unknown-header-type
	list icmp_type		router-solicitation
	list icmp_type		neighbour-solicitation
	list icmp_type		router-advertisement
	list icmp_type		neighbour-advertisement
	option limit		1000/sec
	option family		ipv6
	option target		ACCEPT

# Allow essential forwarded IPv6 ICMP traffic
config rule
	option name		Allow-ICMPv6-Forward
	option src		wan
	option dest		*
	option proto		icmp
	list icmp_type		echo-request
	list icmp_type		echo-reply
	list icmp_type		destination-unreachable
	list icmp_type		packet-too-big
	list icmp_type		time-exceeded
	list icmp_type		bad-header
	list icmp_type		unknown-header-type
	option limit		1000/sec
	option family		ipv6
	option target		ACCEPT

config rule
	option name		Allow-IPSec-ESP
	option src		wan
	option dest		lan
	option proto		esp
	option target		ACCEPT

config rule
	option name		Allow-ISAKMP
	option src		wan
	option dest		lan
	option dest_port	500
	option proto		udp
	option target		ACCEPT

#config zone
#    option name 'vlan10'
#    option network 'vlan10'
#    option input 'ACCEPT'
#    option output 'ACCEPT'
#    option forward 'REJECT'

#config rule
#    option name 'Allow-HTTPS-from-vlan10'
#    option src 'vlan10'
#    option dest_port '443'
#    option proto 'tcp'
#    option target 'ACCEPT'

config rule
	option name 'Allow-HTTPS-from-api-MAC'
	option src 'lan'
	option src_mac 'mymac'
	option dest_port '443'
	option proto 'tcp'
	option dest_ip '192.168.1.20'
	option target 'ACCEPT'

config rule
	option name 'Allow-SSH-from-specific-MAC'
	option src 'lan'
	option src_mac 'mymac'
	option dest_port '22'
	option proto 'tcp'
	option target 'ACCEPT'

config rule
	option name 'Block-SSH-from-others'
	option src 'lan'
	option dest_port '22'
	option proto 'tcp'
	option target 'REJECT'
	
config rule
	option name 'Limit-HTTPS-Connection-Rate-Avoid-DoS'
	option src 'wan'
	option dest_port '443'
	option proto 'tcp'
	option target 'ACCEPT'
	option limit '10/sec'
	option limit_burst '20'

config rule
	option name 'Block-ICMP-WAN-Evita-Ping-Excessivo'
	option src 'wan'
	option proto 'icmp'
	option family 'ipv4'
	option target 'DROP'
	option limit '5/sec'
	option limit_burst '10'
	
config include
    option path '/etc/firewall.user'
    option fw4_compatible '1'

psherman · May 4, 2025, 11:55pm

There are some significant issues here. What exactly are you trying to achieve? We need to know how you plan to use this device (what it should be doing) in order to recommend resolutions.... right now, the config is entirely wrong (regardless of what you intend).

Also, FWIW, you should upgrade to 24.10.1 which is the latest supported release.

YodaMaster · May 5, 2025, 12:01am

Hum...could you show me what is wrong and how to fix it? Well, I intend to make my router using raspberry PI with OpenWRT for my personal usage and I want to call Ubus API (see example bellow) to automate somethings...

curl --request POST \
  --url https://192.168.1.20/ubus \
  --header 'Content-Type: application/json' \
  --data '{
    "jsonrpc": "2.0",
    "id": 1,
    "method": "call",
    "params": [
      "ded2798f66c64be30d2deb9d9825fbfb",
      "uci",
      "set",
      {
        "config": "wireless",
        "section": "default_radio0",
        "values": {
          "ssid": "Test"
        }
      }
    ]
  }'

psherman · May 5, 2025, 12:08am

Essentially everything in the network config is wrong.

For example. the ifname syntax is obsolete, and you have the 2 devices on the wan (eth1 and br-lan):

Also using br-lan is the lan interface... it shouldn't be using the same device as another network:

You then have two more interfaces using the same subnet with the same device -- the overlapping subnets cause problems as do the use of the same device in two interfaces:

None of this makes any practical sense in the configuration.

this also doesn't really explain what you are actually trying to do...

If that's the case, the entire config should just be wiped and you should start fresh. This will never work properly as a router in the current state of the config.

YodaMaster · May 5, 2025, 12:15am

Could you give me the settings for what I want? My knowledge, as you would notice, is a quite limited....What can I do?

psherman · May 5, 2025, 12:18am

It's still not clear to me how you want to use this device... is this intended to be the router for your network? Can you draw a topology diagram to show how this fits in to your network? (for example, are there switches involved? Wifi APs, etc?)

YodaMaster · May 5, 2025, 12:32am

Ok...It is simple... There is one managed switch with port 10 untagged and 1 and 8 tagged. Also, the raspberry pi (router) is connected by Ethernet from port 8 (tagged) and running OpenWRT providing guest WiFi and Ubus APIs (which I intend to use in ESP8266 for APIs calling in order to automate SSID and password exchanges easier -- totally for my personal home usage). But... testing I noticed the problem: I can't connect Ubus APIs by WiFi, but instead using cable connection.

Bellow: the error...trying to call Ubus API

* Preparing request to https://192.168.1.20/ubus
* Current time is 2025-05-04T22:59:01.898Z
* Enable automatic URL encoding
* Using default HTTP version
* Enable timeout of 30000ms
* Disable SSL validation
* Enable cookie sending with jar of 1 cookie
* Hostname in DNS cache was stale, zapped
*   Trying 192.168.1.20:443...
* connect to 192.168.1.20 port 443 failed: There is no route to the host
* Failed to connect to 192.168.1.20 port 443 after 3069 ms: Couldn't connect to server
* Closing connection 7

psherman · May 5, 2025, 12:44am

I'm not following your description. Could you provide a drawing? (a photo of a sketch on paper is sufficient, as long as everything is labeled, including VLANs on the relevant ports and addresses on the devices).

psherman · May 5, 2025, 1:01am

Why is the internet on the right side of the diagram? Normally, the internet would be coming from the modem (on the left).

Is the Pi's wifi connecting to some upstream internet connection, or is that coming from the modem on the left?

Is the mobile device connecting from the lan or from somewhere remote over the internet?

elbertmai · May 5, 2025, 1:03am

This network topology makes no sense.

Why is the switch and the laptop upstream from the router?
Or are they actually downstream from the router? Which side on the router is the WAN side and the LAN side?
Are there actually two Internet connections, one represented by the modem on the left and a cloud on the right?

YodaMaster · May 5, 2025, 1:06am

Why is the internet on the right side of the diagram? Normally, the internet would be coming from the modem (on the left).
A: You are right, but it was just illustrated for better understand

Is the Pi's wifi connecting to some upstream internet connection, or is that coming from the modem on the left?
A: From the modem, only

Is the mobile device connecting from the lan or from somewhere remote over the internet?
A: LAN

elbertmai · May 5, 2025, 1:09am

This is clearly not the case, as I and @psherman was not able to understand what is actually going on here. The "usual" setup is something like this:

Internet --- Modem --- Router --- Switch --- WiFi --- Mobile, Laptop
            <-- WAN | Firewall | LAN -->

Is there any reason to deviate from this setup?

psherman · May 5, 2025, 1:10am

It's actually much harder to understand the way you've drawn it.

Good.

Do you have a USB-Ethernet adapter for your Pi? Your config seemed to suggest that you do. If so, why does the modem connect to the switch and not directly to the Pi?

And what VLAN is assigned to the port that connects to the modem?

elbertmai · May 5, 2025, 1:13am

Why is the switch between the modem and the router?

YodaMaster · May 5, 2025, 1:15am

It doesn't matter,right?

psherman · May 5, 2025, 1:16am

Yes, it matters significantly...

YodaMaster · May 5, 2025, 1:17am

In that case: I can change it

psherman · May 5, 2025, 1:17am

But you didn't answer the question. Please be sure to answer all the questions we ask since they are material to how we will recommend you configure your system.