WiFi/DHCP issue after upgrading to 24.10.5

I have a strangest issue with a single device on my network, that used to work fine, until I upgraded all my devices from 24.10.1 to 24.10.5 a week ago.

I run a router and a few dumb APs, all on openwrt. There are VLANs configured to segment the network and each VLAN has it’s own wifi SSID.

The device in question is a Fox ESS H3 inverter that got installed about three weeks ago. Installers connected it to the wifi and it was working perfectly, until I updated both routers and APs to 24.10.5.

Now, the device seems to continuously connect, receive an IP address, disconnect and try again, about every 10 seconds.

I’ve tried connecting it to a different AP, changing VLAN, relaxing firewall rules, with no success.

However, if I create a hotspot on my phone, device happily connects to that and stays connected, which tells me something is wrong with my particular set up.

Router logs:

Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 available DHCP range: 192.168.70.100 -- 192.168.70.249
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 client provides name: INVERTER_60HD99205BBM102
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 DHCPDISCOVER(br-lan.70) 80:f3:da:ed:fa:ac
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 tags: internetonly, br-lan.70
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 DHCPOFFER(br-lan.70) 192.168.70.244 80:f3:da:ed:fa:ac
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 requested options: 1:netmask, 3:router, 28:broadcast, 6:dns-server
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 next server: 192.168.70.1
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 sent size: 1 option: 53 message-type 2
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 sent size: 4 option: 54 server-identifier 192.168.70.1
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 sent size: 4 option: 51 lease-time 12h
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 sent size: 4 option: 58 T1 6h
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 sent size: 4 option: 59 T2 10h30m
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 sent size: 4 option: 1 netmask 255.255.255.0
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 sent size: 4 option: 28 broadcast 192.168.70.255
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 sent size: 4 option: 3 router 192.168.70.1
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 sent size: 4 option: 6 dns-server 192.168.70.1
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 available DHCP range: 192.168.70.100 -- 192.168.70.249
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 client provides name: INVERTER_60HD99205BBM102
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 DHCPREQUEST(br-lan.70) 192.168.70.244 80:f3:da:ed:fa:ac
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 tags: internetonly, br-lan.70
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 DHCPACK(br-lan.70) 192.168.70.244 80:f3:da:ed:fa:ac INVERTER_60HD99205BBM102
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 requested options: 1:netmask, 3:router, 28:broadcast, 6:dns-server
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 next server: 192.168.70.1
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 sent size: 1 option: 53 message-type 5
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 sent size: 4 option: 54 server-identifier 192.168.70.1
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 sent size: 4 option: 51 lease-time 12h
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 sent size: 4 option: 58 T1 6h
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 sent size: 4 option: 59 T2 10h30m
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 sent size: 4 option: 1 netmask 255.255.255.0
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 sent size: 4 option: 28 broadcast 192.168.70.255
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 sent size: 4 option: 3 router 192.168.70.1
Fri Jan 2 21:09:41 2026 daemon.info dnsmasq-dhcp[1]: 3669646264 sent size: 4 option: 6 dns-server 192.168.70.1

AP logs:

Fri Jan 2 21:09:40 2026 daemon.info hostapd: phy1-ap0: STA 80:f3:da:ed:fa:ac IEEE 802.11: authenticated
Fri Jan 2 21:09:40 2026 daemon.info hostapd: phy1-ap0: STA 80:f3:da:ed:fa:ac IEEE 802.11: associated (aid 1)
Fri Jan 2 21:09:40 2026 daemon.notice hostapd: phy1-ap0: AP-STA-CONNECTED 80:f3:da:ed:fa:ac auth_alg=open
Fri Jan 2 21:09:40 2026 daemon.info hostapd: phy1-ap0: STA 80:f3:da:ed:fa:ac RADIUS: starting accounting session 84C38BFFAF80C1A2
Fri Jan 2 21:09:40 2026 daemon.info hostapd: phy1-ap0: STA 80:f3:da:ed:fa:ac WPA: pairwise key handshake completed (RSN)
Fri Jan 2 21:09:40 2026 daemon.notice hostapd: phy1-ap0: EAPOL-4WAY-HS-COMPLETED 80:f3:da:ed:fa:ac
Fri Jan 2 21:09:40 2026 daemon.warn dnsmasq-dhcp[1]: DHCP packet received on br-d-interneton which has no address
Fri Jan 2 21:09:41 2026 daemon.warn dnsmasq-dhcp[1]: DHCP packet received on br-d-interneton which has no address
Fri Jan 2 21:09:56 2026 daemon.notice hostapd: phy1-ap0: AP-STA-DISCONNECTED 80:f3:da:ed:fa:ac
Fri Jan 2 21:09:56 2026 daemon.info hostapd: phy1-ap0: STA 80:f3:da:ed:fa:ac IEEE 802.11: authenticated
Fri Jan 2 21:09:56 2026 daemon.info hostapd: phy1-ap0: STA 80:f3:da:ed:fa:ac IEEE 802.11: associated (aid 1)
Fri Jan 2 21:09:56 2026 daemon.notice hostapd: phy1-ap0: AP-STA-CONNECTED 80:f3:da:ed:fa:ac auth_alg=open
Fri Jan 2 21:09:56 2026 daemon.info hostapd: phy1-ap0: STA 80:f3:da:ed:fa:ac RADIUS: starting accounting session 84C38BFFAF80C1A2
Fri Jan 2 21:09:56 2026 daemon.info hostapd: phy1-ap0: STA 80:f3:da:ed:fa:ac WPA: pairwise key handshake completed (RSN)
Fri Jan 2 21:09:56 2026 daemon.notice hostapd: phy1-ap0: EAPOL-4WAY-HS-COMPLETED 80:f3:da:ed:fa:ac
Fri Jan 2 21:09:56 2026 daemon.warn dnsmasq-dhcp[1]: DHCP packet received on br-d-interneton which has no address
Fri Jan 2 21:09:56 2026 daemon.warn dnsmasq-dhcp[1]: DHCP packet received on br-d-interneton which has no address
Fri Jan 2 21:10:08 2026 daemon.notice hostapd: phy1-ap0: AP-STA-DISCONNECTED 80:f3:da:ed:fa:ac

Router is rockchip/armv8, running OpenWrt 24.10.5 r29087-d9c5716d1d / LuCI openwrt-24.10 branch 25.360.60166~f71b938

AP is mvebu/cortexa9, running OpenWrt 24.10.5 r29087-d9c5716d1d / LuCI openwrt-24.10 branch 25.360.60166~f71b938

The only suspicious line in the logs is “DHCP packet received on br-d-interneton which has no address” which I’m not sure how to interpret.

Any help with debugging would be appreciated.

why is there a DHCP on the AP and the main router ?

There’s no DHCP on the AP, at least it is not enabled anywhere. SSIDs are mapped to unmanaged interfaces that use bridge devices.

I’ll turn dnsmasq service down just in case.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):

Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

for both devices.

Router

$ ubus call system board
{
	"kernel": "6.6.119",
	"hostname": "router",
	"system": "ARMv8 Processor rev 4",
	"model": "FriendlyElec NanoPi R4S",
	"board_name": "friendlyarm,nanopi-r4s",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "24.10.5",
		"revision": "r29087-d9c5716d1d",
		"target": "rockchip/armv8",
		"description": "OpenWrt 24.10.5 r29087-d9c5716d1d",
		"builddate": "1766005702"
	}
}

root@router:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option packet_steering '1'
	option ula_prefix 'fdec::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth1'

config interface 'lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option device 'br-lan.1'
	option ip6assign '64'
	option ip6hint '1'
	option ipaddr '192.168.50.1'
	option delegate '0'

config device
	option name 'eth0'
	option rpfilter 'strict'

config device
	option name 'eth1'
	option rpfilter 'strict'

config interface 'WAN'
	option proto 'dhcp'
	option hostname '*'
	option device 'eth0'

config interface 'WAN6'
	option proto 'dhcpv6'
	option reqprefix '48'
	option reqaddress 'force'
	option device 'eth0'
	option norelease '1'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'eth1:u*'

config interface 'internetonly'
	option proto 'static'
	option ipaddr '192.168.70.1'
	option netmask '255.255.255.0'
	option device 'br-lan.70'
	option ip6assign '64'
	option ip6hint '70'
	option delegate '0'

config bridge-vlan
	option device 'br-lan'
	option vlan '70'
	list ports 'eth1:t'

root@router:~# cat /etc/config/wireless
cat: can't open '/etc/config/wireless': No such file or directory

root@router:~# cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	option logdhcp '1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option ra 'server'
	option dhcpv6 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'HOST'
	option interface 'HOST'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option ra 'server'
	option dhcpv6 'server'

config dhcp 'internetonly'
	option interface 'internetonly'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option force '1'
	option ra 'server'
	option dhcpv6 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'WAN6'
	option interface 'WAN6'
	option ignore '1'

config dhcp 'WAN'
	option interface 'WAN'
	option ignore '1'

root@router:~# cat /etc/config/firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'
	option drop_invalid '1'
	option flow_offloading '1'
	option flow_offloading_hw '1'

config zone
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option name 'network'
	list network 'lan'

config zone
	option name 'wan'
	option output 'ACCEPT'
	option masq '1'
	option mtu_fix '1'
	option input 'REJECT'
	option forward 'REJECT'
	list network 'wan'
	list network 'wan6'
	list network 'WAN'
	list network 'WAN6'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option family 'ipv4'
	option target 'ACCEPT'
	list icmp_type 'echo-request'
	option limit '10/second'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option proto 'esp'
	option target 'ACCEPT'
	option dest 'network'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'
	option dest 'network'

config rule
	option name 'Support-UDP-Traceroute'
	option src 'wan'
	option dest_port '33434:33689'
	option proto 'udp'
	option family 'ipv4'
	option target 'REJECT'
	option enabled '0'

config include
	option path '/etc/firewall.user'

config zone
	option name 'internetonl'
	option forward 'REJECT'
	option output 'ACCEPT'
	list device 'br-lan.70'
	option input 'ACCEPT'
	list network 'internetonly'

config forwarding
	option src 'network'
	option dest 'internetonl'

config rule
	list proto 'udp'
	option src '*'
	option dest_port '67'
	option target 'ACCEPT'
	option name 'Allow DHCPv4'
	option family 'ipv4'
	option src_port '68'

config rule
	option name 'Allow DHCPv6'
	list proto 'udp'
	option src '*'
	option dest_port '547'
	option target 'ACCEPT'
	option family 'ipv6'

config rule
	list proto 'udp'
	option src '*'
	option dest_port '5353'
	option target 'ACCEPT'
	option name 'Allow mDNS'

config rule
	option name 'Allow ICMP'
	list proto 'icmp'
	option src '*'
	option target 'ACCEPT'

config rule
	option name 'Allow DNS-over-TLS'
	list proto 'tcp'
	option src '*'
	option dest_port '853'
	option target 'ACCEPT'

config rule
	option name 'Allow DNS'
	list proto 'udp'
	option src '*'
	option dest_port '53'
	option target 'ACCEPT'

config rule
	option name 'Block Plex network discovery'
	list proto 'udp'
	option src '*'
	option dest_port '32412-32414'
	option target 'DROP'

config rule
	option name 'Block port 9999 (temporarily)'
	list proto 'udp'
	option src '*'
	option dest_port '9999'
	option target 'DROP'

config rule
	option name 'Block port 56700 (temporarily)'
	list proto 'udp'
	option src '*'
	option dest_port '56700'
	option target 'DROP'

config rule
	option name 'Block port 9478'
	list proto 'udp'
	option src '*'
	option dest_port '9478'
	option target 'DROP'

config rule
	option name 'Block samba (temporarily)'
	list proto 'udp'
	option src '*'
	option dest_port '137-138'
	option target 'DROP'

config rule
	option name 'Block port 68 (temporarily)'
	list proto 'udp'
	option src '*'
	option dest_port '68'
	option target 'DROP'

config ipset
	option name 'broadcast'
	option family 'ipv4'
	list match 'ip'
	list match 'port'
	option timeout '3'

config rule
	option name 'Allow SSL access from WAN'
	option family 'ipv6'
	list proto 'tcp'
	option src 'wan'
	option dest_port '443'
	option target 'ACCEPT'

config forwarding
	option dest 'network'

config forwarding
	option src 'wan'
	option dest 'network'

config forwarding
	option src 'internetonl'
	option dest 'wan'

config forwarding
	option src 'network'
	option dest 'wan'

AP

root@Linksys:~# ubus call system board
{
	"kernel": "6.6.119",
	"hostname": "Linksys",
	"system": "ARMv7 Processor rev 1 (v7l)",
	"model": "Linksys WRT1900ACS",
	"board_name": "linksys,wrt1900acs",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "24.10.5",
		"revision": "r29087-d9c5716d1d",
		"target": "mvebu/cortexa9",
		"description": "OpenWrt 24.10.5 r29087-d9c5716d1d",
		"builddate": "1766005702"
	}
}

root@Linksys:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option packet_steering '1'

config interface 'lan'
	option device 'br-lan'
	option proto 'dhcp'

config interface 'linksys'
	option proto 'static'
	option ipaddr '10.0.0.1'
	option netmask '255.255.255.0'
	option device 'w2-linksys'

config interface 'internetonly'
	option proto 'none'
	option device 'br-d-interneton'

config device
	option type 'bridge'
	option name 'br-d-interneton'
	list ports 'wan.70'
	option ipv6 '1'
	option ip6segmentrouting '1'
	option igmp_snooping '1'

config device
	option name 'br-lan'
	option type 'bridge'
	option multicast_to_unicast '0'
	list ports 'lan1'

config device
	option type '8021q'
	option ifname 'wan'
	option vid '1'
	option name 'wan.1'

root@Linksys:~# cat /etc/config/wireless

config wifi-device 'radio_5g'
	option type 'mac80211'
	option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'
	option country 'AU'
	option cell_density '0'
	option txpower '23'
	option log_level '3'

config wifi-device 'radio_2g'
	option type 'mac80211'
	option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
	option channel '11'
	option band '2g'
	option country 'AU'
	option cell_density '0'
	option txpower '36'
	option log_level '3'
	option htmode 'HT40'

config wifi-iface 'ap_linksys_2g'
	option device 'radio_2g'
	option network 'linksys'
	option isolate '0'
	option mode 'ap'
	option ssid 'Linksys'
	option encryption 'sae'
	option key '***'
	option wpa_disable_eapol_key_retries '1'
	option ifname 'w2-linksys'
	option ocv '0'
	option macaddr '60:38:e0:05:58:15'

config wifi-iface 'ap_internetonly_2g'
	option device 'radio_2g'
	option mode 'ap'
	option ssid 'internetonly'
	option encryption 'psk2+ccmp'
	list maclist '64:66:b3:0d:a7:a6'
	option ifname 'w2-internetonly'
	option key '***'
	option ieee80211r '1'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'
	option network 'internetonly'
	option bss_transition '1'
	option max_inactivity '10'
	option ieee80211v '1'
	option ieee80211k '1'
	option isolate '1'

config wifi-iface 'ap_internetonly_5g'
	option device 'radio_5g'
	option mode 'ap'
	option ssid 'internetonly'
	option encryption 'psk2+ccmp'
	option macfilter 'deny'
	list maclist '64:66:b3:0d:a7:a6'
	option isolate '1'
	option ifname 'w5-internetonly'
	option key '***'
	option ieee80211r '1'
	option ft_over_ds '0'
	option ft_psk_generate_local '1'
	option network 'internetonly'
	option bss_transition '1'
	option max_inactivity '10'
	option ieee80211v '1'
	option ieee80211k '1'
	option disabled '1'

config wifi-iface 'wifinet8'
	option device 'radio_2g'
	option mode 'ap'
	option ssid 'Solar'
	option encryption 'sae-mixed'
	option key '***'
	option network 'internetonly'
	option disassoc_low_ack '0'
	option ieee80211w '0'

root@Linksys:~# cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'hybrid'
	option ra 'hybrid'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'
	option piofolder '/tmp/odhcpd-piofolder'

config dhcp 'linksys'
	option interface 'linksys'
	option start '100'
	option limit '150'
	option leasetime '12h'

root@Linksys:~# cat /etc/config/firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option flow_offloading '1'
	option flow_offloading_hw '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'linksys'

start by disabling all the extra features on the SSID(s) having issues.

is often disliked by clients, use WPA2.

Thanks, I've created "Solar" SSID specifically to try to have as default experience as possible.
I've started with WPA2 but the hotspot on my phone was WPA2/WPA3 so that was an experiment too.
Neither worked unfortunately

it should, I assume you've tried a diff client on the Solar SSID, ruling out a config error ?

Yes, my phone connects to it and works absolutely fine, even with mobile network turned off.

Alright, it now looks like the latency of DHCP responses was perhaps the main culprit.

I've downgraded both router and AP to 24.10.1, which they were running previously with the device working as expected, with no luck in resolving the issue. That made me think that the previous configuration was working by chance.

I've also noticed that two more iot devices (ESP32 and ESP8266 based) seems to follow the same pattern on requesting IP address again and again. So I guess this is something microcontroller related.

What helped was creating a double NAT, a special interface on the AP with its own DHCP server and that uses NAT to convert the address into something router can handle. Not the prettiest solution but will work for now, while I'm thinking on how to make it better.

Finally found the reason: almost all of my bridge devices had "Send ICMP Redirects" enabled. This resulted in ARP packets duplication which confused IOT devices wifi stacks.

Disabled them everywhere and everything works.

Actually, looks like this wasn't the reason - enabled it back for test and it all still works.

However, I had to tweak my Avahi reflector configuration to make it all work in the end. Changes I made looks to be cosmetical (removed an interface from "allowed interfaces" that used VLAN not handled by anything) so perhaps the real problem is still lurking somewhere.

The ARP duplication is probably the real cause of the IOT devices trouble but what has caused it is unclear to me.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.