Unable to connect to Internet via wifi but router has internet

Hello I am newbie at this openwrt so I have just installed it on TP Link WR840n. The installation went ok. I want to use this as normal router connected to another wireless router. So its like this:
TPLink (WAN Port) ------ Main Router (Lan Port)

I have set up my Tp link with 10.0.0.1 address and I can connect fine via wifi and client was able to get ip address but no internet. I have been reading from this forum, the issue could be on the firewall configuration but not sure what or where?

Below is my config:

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdd4:e60d:7b94::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '10.0.0.1'
        option gateway '10.0.0.1'
        option dns '10.0.0.1 8.8.8.8'
        option igmp_snooping '1'

config interface 'wan'
        option ifname 'eth1'
        option proto 'dhcp'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 0t'

root@OpenWrt:~# cat /etc/config/firewall
config defaults
        option syn_flood        1
        option input            ACCEPT
        option output           ACCEPT
        option forward          REJECT


config zone
        option name             lan
        list   network          'lan'
        option input            ACCEPT
        option output           ACCEPT
        option forward          ACCEPT

config zone
        option name             wan
        list   network          'wan'
        list   network          'wan6'
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
        option masq             1
        option mtu_fix          1

config forwarding
        option src              lan
        option dest             wan


config rule
        option name             Allow-DHCP-Renew
        option src              wan
        option proto            udp
        option dest_port        68
        option target           ACCEPT
        option family           ipv4

config rule
        option name             Allow-Ping
        option src              wan
        option proto            icmp
        option icmp_type        echo-request
        option family           ipv4
        option target           ACCEPT

config rule
        option name             Allow-IGMP
        option src              wan
        option proto            igmp
        option family           ipv4
        option target           ACCEPT


config rule
        option name             Allow-DHCPv6
        option src              wan
        option proto            udp
        option src_ip           fc00::/6
        option dest_ip          fc00::/6
        option dest_port        546
        option family           ipv6
        option target           ACCEPT

config rule
        option name             Allow-MLD
        option src              wan
        option proto            icmp
        option src_ip           fe80::/10
        list icmp_type          '130/0'
        list icmp_type          '131/0'
        list icmp_type          '132/0'
        list icmp_type          '143/0'
        option family           ipv6
        option target           ACCEPT

config rule
        option name             Allow-ICMPv6-Input
        option src              wan
        option proto    icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        list icmp_type          router-solicitation
        list icmp_type          neighbour-solicitation
        list icmp_type          router-advertisement
        list icmp_type          neighbour-advertisement
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT


config rule
        option name             Allow-ICMPv6-Forward
        option src              wan
        option dest             *
        option proto            icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT

config rule
        option name             Allow-IPSec-ESP
        option src              wan
        option dest             lan
        option proto            esp
        option target           ACCEPT

config rule
        option name             Allow-ISAKMP
        option src              wan
        option dest             lan
        option dest_port        500
        option proto            udp
        option target           ACCEPT

config include
        option path /etc/firewall.user


root@OpenWrt:~#

Help is much appreciated. Thanks

Remove the last 3 lines of this stanza. Reboot and test again.

1 Like

thank you for the reply. Delete last three line

config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '10.0.0.1'

same issue. still no internet via wifi.. i can still ping external fine from router

What is the subnet of the upstream network? The lan on your openwrt router must be different than the lan on your main router.

my main router is using 192.168.1.x ip range and my openwrt uses: 10.0.0.x ip range.

The bridge should not be defined inside the interface stanza. Instead, there should be a separate device definition for that.

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '10.0.0.1'

If the above doesn't work, try changing option list ports to option ifname

still no go even with changing the option to option ifname. Maybe we are barking at the wrong tree here? could it be the firewall zone not configure properly.. seem the traffic lan to wan being restricted..

From a WiFi device, try pinging 8.8.8.8. What happens? And if you ping google.com?

yes.. i can ping them from wifi device successfully but if i go to any website, just timed out "your connection was interrupted" from chrome..

What about if you connect to your main router instead?

if i connect to main router via wifi or lan port, worked fine.. hence this is how i can update this ticket now.

Ok. Do you have the same problem on a wired connection to the openwrt router? Or is it WiFi only?

Let’s see your wireless and dhcp configuration files

ok.. tested by connecting laptop directly to lan port on openwrt router.. not getting any ip address from dhcp.. strange..mm..

what command to show DHCP and wireless config?
is this for dhcp?

uci -N show dhcp.@dnsmasq[0]

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Check also that there is no IP conflict between lan and wan.

how so @trendy? both are different ip range. wan is 192.168.1.205, lan on 10.0.0.1

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdd4:e60d:7b94::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        option ifname 'eth0.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '10.0.0.1'

config interface 'wan'
        option ifname 'eth1'
        option proto 'dhcp'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 0t'

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'platform/qca953x_wmac'
        option htmode 'HT20'
        option country 'US'
        option legacy_rates '1'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'xxxxx'
        option encryption 'psk2'
        option key 'xxxxxxx'

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option ra 'server'
        option start '50'
        option limit '150'
        option leasetime '6h'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan'

config include
        option path '/etc/firewall.user'

config zone
        option input 'ACCEPT'
        option forward 'REJECT'
        option output 'ACCEPT'
        option name 'wan'
        option masq '1'
        option mtu_fix '1'
        option network 'wan'

config forwarding
        option dest 'wan'
        option src 'lan'

it was not obvious though.
The rest of the configuration looks fine. If you don't have configured much more, I'd advise to reset the router to default, as the default configuration will work fine out of the box for you. You can then enable wifi and change the lan IP.

1 Like

Fixed the issue. The netmask I used was 255.255.255.0 and my ip range 10.0.0.xx. I changed to 10.0.0.1/255.0.0.0 then reboot, internet fixed now.. I am using the wifi to update this ticket..

Thanks everyone.. btw, how do I mark this as resolved.?