JJK
April 2, 2022, 12:21pm
1
Hi,
I got my OpenWrt configured (OpenWrt 21.02.2) and everything is working over the wire.
I have now additionaly configured the wireless settings (incl. passwd, psk3 ...) and linked it to my network.
Trying to access it from my iphone with given passwd seems to work (kind of), but I am getting "No internet connection". Also I see that I am not getting an IP address from the VLAN range. It looks like I am not getting connected to the network I have attached to the wireless configuration.
Is there more I need to pay attention to when adding wireless to the already working configuration?
What do exactly mean with a linked it to my network? Did you add it to the LAN bridge (br-lan) or do you mean that you set-up a SSID in your wireless adapter?
Maybe it is good to put your /etc/config/network and /etc/config/wireless (replace the key with ***). This helps to diagnose the issue with you.
JJK
April 2, 2022, 3:35pm
3
@Riesenbaby what I mean is that the only thing I did was: under "Device configuration", I linked it to the correct network.
ILAN is a separate VLAN, under "Interfaces" > "Devices", I cannot bridge between the VLAN and wlan0.
xxxxx@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'xxxx:xxxx:xxxx::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config device
option name 'eth0.2'
option macaddr 'd8:0d:17:3f:5c:9c'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
config interface 'wan6'
option device 'eth0.2'
option proto 'dhcpv6'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '0t 2'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t 1'
option vid '2'
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '0t 3 5t'
option vid '10'
config switch_vlan
option device 'switch0'
option vlan '4'
option ports '0t 4 5t'
option vid '90'
config interface 'ILAN'
option proto 'static'
option device 'eth0.10'
option ipaddr '192.168.10.1'
option netmask '255.255.255.0'
option type 'bridge'
config interface 'GLAN'
option proto 'static'
option device 'eth0.90'
option ipaddr '192.168.90.1'
option netmask '255.255.255.0'
option type 'bridge'
config switch_vlan
option device 'switch0'
option vlan '5'
option ports '0t 5t'
option vid '91'
config device
option name 'eth0.91'
option type '8021q'
option ifname 'eth0'
option vid '91'
config interface 'TLAN'
option proto 'static'
option device 'eth0.91'
option ipaddr '192.168.91.1'
option netmask '255.255.255.0'
option type 'bridge'
xxxxxx@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'pci0000:00/0000:00:00.0'
option band '5g'
option htmode 'VHT80'
option channel '40'
option cell_density '0'
option country 'BE'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
option disabled '1'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/ahb/18100000.wmac'
option band '2g'
option htmode 'HT20'
option cell_density '0'
option channel '3'
option country 'BE'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
option disabled '1'
config wifi-iface 'wifinet2'
option device 'radio0'
option mode 'ap'
option ssid 'IRoam'
option encryption 'sae'
option dtim_period '3'
option key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
option ieee80211r '1'
option mobility_domain 'xxxx'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option network 'ILAN'
config wifi-iface 'wifinet3'
option device 'radio1'
option mode 'ap'
option ssid 'GRoam'
option encryption 'sae'
option isolate '1'
option dtim_period '3'
option key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
option ieee80211r '1'
option mobility_domain 'xxxx'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option network 'GLAN'
config wifi-iface 'wifinet4'
option device 'radio1'
option mode 'ap'
option ssid 'TWifi'
option encryption 'sae'
option isolate '1'
option key 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'
option network 'TLAN'
I am trying to connect to ILAN via IRoam
Let's also see your firewall and dhcp files.
JJK
April 2, 2022, 4:23pm
5
Sure, here they are:
xxxxxx@OpenWrt:~# cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled '0'
config include
option path '/etc/firewall.user'
config zone
option name 'ILAN'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'ILAN'
config forwarding
option src 'ILAN'
option dest 'wan'
config zone
option name 'GLAN'
option output 'ACCEPT'
option forward 'REJECT'
list network 'GLAN'
option input 'REJECT'
config forwarding
option src 'GLAN'
option dest 'wan'
config zone
option name 'TLAN'
option output 'ACCEPT'
option forward 'REJECT'
list network 'TLAN'
option input 'ACCEPT'
config forwarding
option src 'TLAN'
option dest 'wan'
config forwarding
option src 'ILAN'
option dest 'TLAN'
config rule
option name 'Guest DHCP and DNS'
option src 'GLAN'
option dest_port '53 67 68'
option target 'ACCEPT'
xxxxxx@OpenWrt:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'ILAN'
option interface 'ILAN'
option start '100'
option limit '150'
option leasetime '12h'
list ra_flags 'none'
config dhcp 'GLAN'
option interface 'GLAN'
option start '100'
option limit '150'
option leasetime '12h'
list ra_flags 'none'
config dhcp 'TLAN'
option interface 'TLAN'
option start '100'
option limit '150'
option leasetime '12h'
list ra_flags 'none'
JJK
April 2, 2022, 4:26pm
6
I also have a dumb ap, with the same configuration (except that it does not act as a router). But for now, I am focussing on getting the WLAN working on the router and go from there.
BTW (just for context): ILAN is the internal lan, GLAN is the guest lan and TLAN is an IoT lan.
mk24
April 2, 2022, 4:26pm
7
Use only lowercase for network names. (The GUI will upcase them for display purposes, it really should not, so ignore that "feature.")
The use of option type bridge inside a config interface block is deprecated.
For each new network (ilan and glan ...) declare a separate br-ilan, br-glan ... like br-lan then use them as the device for the ilan, glan networks.
JJK
April 2, 2022, 4:30pm
8
@mk24 Is not using capitals a convention or is it really part of the solution?
@mk24 is your suggestion to create a bridge with WAN & xlan, then? Isn't it strange that my wired network works perfect without it? Shouln't my wired lan also be affected by an incomplete configuration?
Anyway, I will try your input. Sure it will work.
mk24
April 2, 2022, 4:35pm
9
The br-glan bridge is to bridge wifi and wired within the guest network. Then that network routes to the Internet like lan does, but separately. So your guests can use the Internet but they can't connect to devices in other networks like your trusted lan.
The routing to the Internet is defined in the firewall by having the firewall zone for the network forward to wan. Also each network needs its own DHCP server in /etc/config/dhcp.
al9
April 2, 2022, 9:13pm
10
Hi.
Same problem for me..
BusyBox v1.33.2 (2022-02-16 20:29:10 UTC) built-in shell (ash)
_______ ________ __
| |.-----.-----.-----.| | | |.----.| |_
| - || _ | -__| || | | || _|| _|
|_______|| __|_____|__|__||________||__| |____|
|__| W I R E L E S S F R E E D O M
-----------------------------------------------------
OpenWrt 21.02.2, r16495-bf0c965af0
-----------------------------------------------------
root@OpenWrt:~# cat /etc/config/network
config interface 'loopback'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option device 'lo'
config globals 'globals'
option ula_prefix 'xxx::/48'
config interface 'lan'
option proto 'static'
option netmask '255.255.255.0'
option ip6assiogn '60'
list dns '1.1.1.1'
list dns '8.8.8.8'
option ipaddr '192.168.3.1'
option device 'eth0.1'
option delegate '0'
option type 'bridge'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 5t'
option description 'LAN'
config device
option name 'br-lan'
option type 'bridge'
option ipv6 '0'
list ports 'eth0'
config switch_vlan
option device 'switch0'
option ports '3 5t'
option vlan '2'
option description 'WAN'
config interface 'wan'
option device 'eth0.2'
option proto 'static'
option ipaddr '192.168.1.11'
option netmask '255.255.255.0'
option gateway '192.168.1.1'
option delegate '0'
config device
option name 'eth0'
option ipv6 '0'
config device
option name 'wlan0'
option ipv6 '0'
config device
option name 'eth0.1'
option type '8021q'
option ifname 'eth0'
option vid '1'
option ipv6 '0'
root@OpenWrt:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'pci0000:00/0000:00:01.0'
option htmode 'HT20'
option cell_density '0'
option txpower '4'
option country 'ES'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option ssid 'WLAN0'
option encryption 'sae-mixed'
option key 'xxxxxxxxxxxxxx'
option network 'lan'
root@OpenWrt:~# cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option synflood_protect '1'
option forward 'ACCEPT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option output 'ACCEPT'
option forward 'REJECT'
option mtu_fix '1'
option masq '1'
option input 'ACCEPT'
list network 'wan'
list network 'wan6'
list network 'WAN'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
option enabled '0'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
option enabled '0'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
option enabled '0'
config include
option path '/etc/firewall.user'
config rule
option name 'WEB acess'
option src 'wan'
option src_port '80 443'
option target 'ACCEPT'
config rule
option name 'SSH access'
option src 'wan'
option src_port '22'
option dest_port '22'
option target 'ACCEPT'
Thanks
JJK
April 2, 2022, 10:01pm
11
Nope, did't work.
JJK
April 5, 2022, 11:38am
12
Anyone can help me further?
The ILAN interface must be configured as follows:
config device
option type 'bridge'
option name 'br-ilan'
list ports 'eth0.10'
config interface 'ILAN'
option proto 'static'
option ipaddr '192.168.10.1'
option netmask '255.255.255.0'
option device 'br-ilan'
Restart the network service and run brctl show br-ilan.eth0.10 and wlan0* as members of the bridge.
1 Like
al9
April 10, 2022, 10:45am
14
Hi thanks for you inspiration, on my case works!
Cange:
