Wifi connects but no Internet suddenly

Hi there,

I have a D-Link DIR-860L B1 and my firmware running is LEDE Reboot 17.01.4 r3560-79f57e422d / LuCI lede-17.01 branch (git-17.290.79498-d3f0685)
Kernel Version 4.4.92

My internet connection with desktop pc is working...but since I came home today I noticed on all of my tablets and Smartphones that wifi is connected but no Internet connection.

Can somebody help me to troubleshoot this..

• first I removed the white list of mac addresses this didn't help

• then I removed the WPA/WPA2 PSK protection this didn't help

• then I removed the 2.4 GHz network and added it again this didn't help

• I rebooted several times this didn't help

• I created a new topic and noticed several similar ones here in this forum non of which explains the sudden change in behaviour of my network situation

• I forgot that I configured unbound for this device..when I ping in putty 8.8.8.8 I get an answer however when I ping www.google.com I get a bad address reply.. It seems that the reason why I have an internet connection on my desktop is that I manually configured 208.67.222.222 and 208.67.220.220.

Most of the time I use the web page to change settings, but sometimes I use putty and the commandline.
I hope some of you can help me.
I also included my network config

kind regards
Guy Forssman

Network settings

root@LEDE:~# cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'redacted'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option igmp_snooping '1'
        option ipaddr '192.168.1.3'
        option dns '208.67.222.222 208.67.220.220'

config device 'lan_dev'
        option name 'eth0.1'
        option macaddr '90:8d:78:23:9f:94'

config interface 'wan'
        option ifname 'eth0.2'
        option _orig_ifname 'eth0.2'
        option _orig_bridge 'false'
        option proto 'static'
        option ipaddr '192.168.0.135'
        option netmask '255.255.255.0'
        option gateway '192.168.0.1'

config device 'wan_dev'
        option name 'eth0.2'
        option macaddr '90:8d:78:23:9f:97'

config interface 'wan6'
        option ifname 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0 6t'

root@LEDE:~#

Wireless

root@LEDE:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '36'
        option hwmode '11a'
        option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
        option htmode 'VHT80'
        option country 'BE'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'BvbaSmits5'
        option encryption 'psk-mixed+ccmp'
        option key 'redacted'
        option macfilter 'allow'
        list maclist 'CC:9F:7A:42:95:98'
        list maclist '9C:B2:B2:53:CD:BE'
        list maclist 'C0:EE:FB:42:65:A7'

config wifi-device 'radio1'
        option type 'mac80211'
        option hwmode '11g'
        option path 'pci0000:00/0000:00:01.0/0000:02:00.0'
        option htmode 'HT20'
        option channel '6'
        option country 'BE'

config wifi-iface
        option device 'radio1'
        option mode 'ap'
        option ssid 'BvbaSmits2'
        option network 'lan'
        option encryption 'psk-mixed'
        option key 'redacted'

root@LEDE:~#

In your config, both wired and wireless interfaces are bridged together, so (once a wifi device manages to connect to the router) there should be no distinction between them.

However, tablets and smartphones perform some checks to test the internet connection, and those test could be failing, for some reason. Do you have any kind of restriction on your internet connection? Could you post your firewall and dhcp config files, please?

Another reason could be that your ISP does not allow to share the connection with smartphones and tablets; I have seen that you are forcing a MAC address on the WAN connection. Could that be the case?

thank you for your quick reply...

the mac address list is a white list but I disabled that for testing purposes.
As I was investigating my network problems even further, my wife mentioned that her desktop didn't have Internet, at first I thought that my desktop was directly connected to my ISP but that wasn't the case.
However:
My wife desktop: Obtain an Ip address automatically and Obtain DNS server address automatically
My desktop : Use Ip address 192.168.1.6 and use DNS server 208.67.222.222 and 208.67.220.220

I also configured unbound in the past previous month.
In the cli I can ping 8.8.8.8 but not www.google.com so something must be wrong with my DNS resolving.
How do I get back to the most basic settings for DNS?

Firewall

root@LEDE:~# cat /etc/config/firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config include 'miniupnpd'
        option type 'script'
        option path '/usr/share/miniupnpd/firewall.include'
        option family 'any'
        option reload '1'

config rule
        option target 'ACCEPT'
        option src 'lan'
        option dest 'wan'
        option name 'webserver'
        option src_ip '192.168.1.5'
        option src_port '8081'
        option dest_port '80'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option dest_ip '192.168.1.5'
        option dest_port '88'
        option name 'Webtest'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '80'
        option dest_ip '192.168.1.5'
        option dest_port '8086'
        option name 'MyQnapCloud'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option name 'Http'
        option dest_ip '192.168.1.5'
        option src_dport '81'
        option dest_port '81'
        option enabled '0'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option name 'HTTP2'
        option dest_ip '192.168.1.5'
        option src_dport '2081'
        option dest_port '2081'
        option enabled '0'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option name 'HTTPS'
        option src_dport '81'
        option dest_ip '192.168.1.40'
        option dest_port '81'
        option enabled '0'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '2081'
        option dest_ip '192.168.1.40'
        option dest_port '2081'
        option name 'https2'
        option enabled '0'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option src_dport '1194'
        option dest_ip '192.168.1.5'
        option dest_port '1194'
        option name 'openvpn'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp'
        option src_dport '443'
        option dest_ip '192.168.1.5'
        option name 'Webserver2'
        option dest_port '443'

config redirect
        option target 'DNAT'
        option src 'wan'
        option dest 'lan'
        option proto 'tcp udp'
        option dest_ip '192.168.1.5'
        option dest_port '8081'
        option name 'webserver'
        option enabled '0'
        option src_dport '8081'

root@LEDE:~#

DHCP

root@LEDE:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option localservice '1'
        option nonwildcard '0'
        option port '53535'
        option strictorder '1'
        list server '8.8.8.8'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'server'
        option ra 'server'
        option ra_management '1'
        option force '1'
        list dhcp_option 'option:dns-server,192.168.1.3'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'

config host
        option name 'TL-SG2424P'
        option dns '1'
        option mac 'e8:94:f6:67:4c:a4'
        option ip '192.168.1.4'

config host
        option name 'Win8-AMD64'
        option mac '00:24:1d:12:f7:41'
        option ip '192.168.1.7'

config host
        option name 'Clevo-901c'
        option ip '192.168.1.11'
        option mac '00:90:f5:57:7b:83'

Hi There,

I seem to have found the issue...

As stated earlier I remembered that I configured UNBOUND for more DNS privacy.
I used this https://blog.grobox.de/2018/what-is-dns-privacy-and-how-to-set-it-up-for-openwrt/ .

I noticed some garbage in one of the config files...I removed it and restarted unbound
/etc/init.d/unbound restart.

Still should I switch to [https://blog.cloudflare.com/dns-over-tls-for-openwrt/#settingupdnsovertls]

my error in file

do-tcp: yes
prefetch: yes
qname-minimisation: yes
rrset-roundrobin: yes
use-caps-for-id: yes
:q
quit
UN
 quit
> UN
 quit
> UN

How did you go? Did you manage to fix the issue?
The reason I ask is that my smartphones are doing the same. I'm not very "experienced" in LEDE or any of this for that matter.
I thought my wifi was working fine untill the phones started dropping out after a while. I dont know what is wrong with my settings as it doesnt seem to effect my laptopns or desktop.
If anyone can help me with some basic settings to fix this (i'm using LEDE Reboot 17.01.4) I would greatly appreciate it.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.