Wifi clients not getting IP via DHCP

Hi,

I'm facing an issue with Wifi and DHCP. After starting my router wifi clients are not getting an IP address via DHCP. However, the client trying to obtain an address shows up as associated on LUCI's wifi settings page (sumtimes with a ? as IP address, sometimes with a 169.... v4 address, and sometimes with an v6 address even though IPv6 should be disabled). Systems connected via cable work fine. After restarting dnsmasq the problem seems to be gone and also wifi clients can connect.

I'm running LEDE 17.01.2 on a WRT1900ACSv2 and upgraded from 17.01.1 last weekend. I can't remember facing this issue with 17.01.1. However, since I setup the system just a couple of weeks before and were mostly using cabled systems I'm not really sure if the issue was present in 17.01.1 as well.

Any idea or suggestion?

Thanks in advance
Wolfgang

can you show your files
/etc/config/firewall
/etc/config/network
/etc/config/dnsmasq

Hi rj-45,

there is no dnsmasq file. I assume you would like to see /etc/config/dhcp instead. Find then content of those files below. /etc/dnsmasq.conf adds /etc/dnsmasq.d to include DNS resolution files as well as definitions for static dhcp. Changes to the firewall settings are three additional traffic rules to allow http, http and ssh from WAN to the device itself (just for the time being while setting up the box. WAN is not connected to the internet :wink: )

dhcp:

config dnsmasq
        option domainneeded '1'
	option boguspriv '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.auto'
	option localservice '1'
	option local '/frusty.de/'
	option domain 'frusty.de'
	option nonwildcard '0'

config dhcp 'lan'
	option interface 'lan'
	option leasetime '12h'
	option start '150'
	option limit '100'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'

network:

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd14:3f55:9bd5::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.30.1'

config interface 'wan'
	option ifname 'eth1'
	option _orig_ifname 'eth1'
	option _orig_bridge 'false'
	option proto 'static'
	option netmask '255.255.255.0'
	option gateway '192.168.20.1'
	option broadcast '192.168.20.255'
	option ipaddr '192.168.20.2'
	option dns '192.168.20.1'

config interface 'wan6'
	option ifname 'eth1'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0 1 2 3 5'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '4 6'

and finally firewall

    config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option input 'REJECT'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'tcp'
	option dest_port '80'
	option name 'Allow WebIF from WAN'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'tcp'
	option dest_port '22'
	option name 'Allow SSH from WAN'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option proto 'tcp'
	option dest_port '443'
	option name 'Allow WebIF from WAN (SSL)'

Just noticed one thing which might explain the observed behavior - in particular that restarting dnsmasq seems to resolve the problem. The startup order is

  1. S19dnsmasq
  2. S19firewall
  3. S20network

Does it really make sense to start dnsmasq before starting the network?