Updated to 23.05 and now have weird issue wifi

Hi all been running openwrt on my network for a while now with VLANS and a managed switch. Recently I upgraded to OpenWrt 23.05.4 as I was going to change out my WRT1900acs to an asus AX53U for the more advanced wifi.

Everything went smoothly and my WIFI speed has almost doubled, But I now have an interesting issue. I use pihole as blocker and local DNS... ie. if I go to "home.domain.com" It will open a homepage. From outside my network it is forbidden. Main domain is hosted by Cloudflare and wildcard forwards everything to nginx proxy Manager.

Advantage of this is something like Emby which is accessible internal and external will still be accessible even though the internet connection is down.

On the lan everything works great with no issues at all, however on wifi for some reason I will often get "ERR_SSL_UNREGONIZED_NAME_ALERT" errors, but then sometimes it works fine. Often Brave will work but firefox fails.. and then vice-versa. Not so bad on laptop, but android devices its very frequent. Plug them in with ethernet (via USB-C) and everything works exactly as intended. I have recreated the WIFI's and issue persists. I am kinda lost atm.

EDIT: General internet access works fine with no issue including going to local stuff visible externally.

Anybody have an ideas on the problem. Configs below.

/etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option localservice '1'
        option ednspacket_max '1232'
        list server '192.168.10.110'
        list server '192.168.10.100'
        option noresolv '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        list dhcp_option '6,192.168.10.110,192.168.10.100'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'servers'
        option interface 'servers'
        option start '100'
        option limit '150'
        option leasetime '12h'
        list dhcp_option '6,192.168.10.110,192.168.10.100'

config dhcp 'iot'
        option interface 'iot'
        option start '100'
        option limit '150'
        option leasetime '12h'
        list dhcp_option '6,192.168.10.110,192.168.10.100'

/etc/config/firewall

config rule
        option src 'lan'
        option dest 'servers'
        option dest_port '53 67 68'
        option target 'ACCEPT'
        option name 'Lan DNS and DNS PiHole'
        list dest_ip '192.168.10.110'
        list dest_ip '192.168.10.100'
        option family 'ipv4'

config rule
        option src 'servers'
        option src_port '53 67 68'
        option dest_port '53 67 68'
        option target 'ACCEPT'
        option name 'Server DNS and DHCP Pihole'
        option dest 'servers'
        list dest_ip '192.168.10.110'
        list dest_ip '192.168.10.100'
        option family 'ipv4'

config rule
        option name 'Guest DNS and DNS PiHole'
        option dest_port '53 67 68'
        option target 'ACCEPT'
        option src 'guest'
        option dest 'servers'
        list dest_ip '192.168.10.110'
        list dest_ip '192.168.10.100'
        option family 'ipv4'

/etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
        option band '2g'
        option htmode 'HE20'
        option cell_density '0'
        option channel '10'

config wifi-device 'radio1'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0+1'
        option band '5g'
        option htmode 'HE80'
        option channel 'auto'
        option cell_density '0'
        option country 'TH'

config wifi-iface 'wifinet0'
        option device 'radio1'
        option mode 'ap'
        option ssid 'monkey_zoo5g'
        option encryption 'psk2'
        option key 'super_secret'
        option network 'lan'
        option ieee80211r '1'
        option mobility_domain '3FAC'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'

config wifi-iface 'wifinet1'
        option device 'radio0'
        option mode 'ap'
        option ssid 'monkey_zoo'
        option encryption 'psk2'
        option key 'super_secret'
        option ieee80211r '1'
        option mobility_domain '3FAD'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'
        option network 'lan'

config wifi-iface 'wifinet2'
        option device 'radio0'
        option mode 'ap'
        option ssid 'Cats_House_2.4GHz'
        option encryption 'psk2'
        option key 'super_secret'
        option ieee80211r '1'
        option mobility_domain '2FAD'
        option ft_over_ds '0'
        option ft_psk_generate_local '1'
        option network 'iot'

/etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdfa:c69a:1874::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'

config interface 'lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option device 'br-lan.1'

config device
        option name 'wan'
        option macaddr '62:38:e0:12:9b:49'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

config bridge-vlan
        option device 'br-lan'
        option vlan '1'
        list ports 'lan1:t'
        list ports 'lan2'
        list ports 'lan3:u*'

config bridge-vlan
        option device 'br-lan'
        option vlan '10'
        list ports 'lan1:t'

config bridge-vlan
        option device 'br-lan'
        option vlan '20'
        list ports 'lan1:t'

config interface 'servers'
        option proto 'static'
        option device 'br-lan.10'
        option ipaddr '192.168.10.1'
        option netmask '255.255.255.0'

config interface 'iot'
        option proto 'static'
        option device 'br-lan.20'
        option ipaddr '192.168.20.1'
        option netmask '255.255.255.0'

config interface 'wq0'
        option proto 'wireguard'
        option private_key 'super_secret'
        option listen_port '51820'
        list addresses '10.0.100.1/24'

You do upstream interception yourself, OpenWRT is not in position to bypass that, nor it is intended to.

I set the network to use dns servers via interfaces DHCP-Options "6,192.168.10.110,192.168.10.100"

As said in the post. NO ISSUES with LAN. everything is working as intended as it always has.

With WIFI that attaches to the LAN and should get those settings, it only works intermittently which is what I don't understand. Used to be solid connection. The network Analyser shows that it is getting those settings.

Update on this. It turns out that it was pure coincidence that the wifi was acting funny over the normal LAN network. I replaced my pihole with Technitium (proper DNS software) and that seemed to sort everything out.

So far so good. Not sure if the 23 release made an issue more prominent, but at least now it is all working as intended.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.