Wifi gets assigned wrong IP address and gateway

nng25 · October 6, 2024, 6:25am

When configuring Netgear Nighthawk R8000, I encountered many issues.

OpenWrt 23.05.4 r24012-d8dd03c46f / LuCI openwrt-23.05 branch git-24.086.45142-09d5a38

With the default settings, I updated one Wifi settings (setting password) for it, making it attached to the Lan interface. However, I have the following issues:

No Internet access
I got complains of weak security although it's WPA3-SAE encryption.
The gateway is not the same as that of the upstream router IP.
The assigned IP address is also wrong.

On the other hand, wired/cable Ethernet has correct IP address from the DHCP server and I can surf the Internet.

The WAN IP address is 192.168.2.1 (upstream router). This is different than the default gateway.

Here, it uses 192.168.10.x addresses.

I checked with the OEM firmware and there is no issue.

Here is the file /etc/config/network:

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fda0:356d:85b7::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '10.0.20.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config device
        option name 'wan'
        option macaddr 'xxxxxxxx'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

and the wireless interface:


config wifi-device 'radio0'
        option type 'mac80211'
        option path '18000000.axi/bcma0:7/pci0000:00/0000:00:00.0/0000:01:00.0'
        option channel '149'
        option band '5g'
        option htmode 'VHT80'
        option cell_density '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'Net1'
        option encryption 'sae'
        option key 'xxxxxxxxx'

config wifi-device 'radio1'
        option type 'mac80211'
        option path '18000000.axi/bcma0:8/pci0001:00/0001:00:00.0/0001:01:00.0/0001:02:01.0/0001:03:00.0'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option disabled '1'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

config wifi-device 'radio2'
        option type 'mac80211'
        option path '18000000.axi/bcma0:8/pci0001:00/0001:00:00.0/0001:01:00.0/0001:02:02.0/0001:04:00.0'
        option channel '36'
        option band '5g'
        option htmode 'VHT80'
        option disabled '1'

config wifi-iface 'default_radio2'
        option device 'radio2'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'none'

lleachii · October 6, 2024, 6:34am

You don't show this anywhere - are you saying your Windows machine gets a 192.168.10.x IP only when connected to this Net1 AP?

Your clients should get an IP between 10.0.20.100-150 with a gateway of .1 (i.e. the LAN side of your router). It's not clear what you mean by your WAN statements.

Do you have anything connected to the LAN ports?

That's odd.

Does it tell you what encryption it's using when you open the details?
Does the BSSID (MAC) match your AP?
Do you see this client connected in the OpenWrt's wireless status/overview?

nng25 · October 6, 2024, 7:05am

Yes, I have an Ethernet cable connected to one port to the laptop, and it works fine.

I may have figured this part out. I just test out, manually configure the IP address of the Wifi to see if it works, and it did not work. I then reverted back to DHCP, and there is no more IP address assigned (using ipconfig command). Disconnect and reconnect still show no IP address assigned for the Wifi connection.

The above IP address was from the "previous" configuration of the Lan interface, so it does not conflict with the upstream router. After that, I decided to change to 10.0.20.x instead. There maybe some caching in the laptop for this. The problem is still that why no IP address got assigned for wifi, but works for Ethernet cable.

It says security type is open:

Comparing the BSSID and the MAC address on the bottom of the router, it matches all EXCEPT the right most digit (B vs. A). When I changed the settings from AC to N on the router, the MAC address matches every letter. However, there is still no internet, and warning about security.

No, I don't see it shows as connected. I had a hard time connected this before, also tried with a phone. Most of the times, it says wrong password. That was fixed after the "time" and zone get sets correctly AND a restart.

I also recalled it shows as a blink (show and disappear right away) on the overview status.

lleachii · October 6, 2024, 7:10am

Does the log from the router show anything (i.e. it would tell you definitively if its currently connected).

You clearly don't have an Open config. Also, your config should produce 802.11ac (not 802.11a).

The only thing I noticed thus far, is that you need to set the country code on the radios. Set this, forget the network and test reconnecting, ensuring you connect to the WAP3 SSID.

You can also try renaming the SSID (just for testing purposes).

trendy · October 6, 2024, 7:20am

For testing purposes I would also try to lower the security to WPA2.

nng25 · October 6, 2024, 7:20am

I just got it to work. Security is solved and I got the IP address, by setting the cipher. I will try back with the newer security setting.

lleachii · October 6, 2024, 7:22am

So you lowered to WPA2 to test and it worked?

Cool.

WPA3, correct?

Indeed.

nng25 · October 6, 2024, 7:22am

Never mind

about the newer version WPA3, there is no Cipher for it:

lleachii · October 6, 2024, 7:23am

Are you saying you had success using a null Key when set at WPA3?

Both Windows and OpenWrt are capable of WPA3.

nng25 · October 6, 2024, 7:24am

I had success with WPA2, when specify the Cipher as shown. I couldn't get WPA3-SAE to work. The key is just blanked out for posting purposes.

lleachii · October 6, 2024, 7:25am

OK, yes, that was your original issue. That's what I offered steps to troubleshoot.

Did you do them?

Did you set the country code?
Did you Save & Apply?
Did you forget the SSID and re-join? (this step is important)

nng25 · October 6, 2024, 7:34am

No, I am going to do that ASAP and report right back.

Yes, and yes

and also, using Android phone, it says the password is incorrect. I changed the password, and still same issue.

lleachii · October 6, 2024, 7:35am

Yes, please do and test. It's necessary for 5.4 GHz to work properly in some countries.

Odd.

Android, 11, 12, 13...?

What version of Windows?

Are you using official firmware from downloads.openwrt.org?

What'd the log say?

nng25 · October 6, 2024, 7:47am

I downloaded from here:

https://firmware-selector.openwrt.org/?version=23.05.4&target=bcm53xx%2Fgeneric&id=netgear_r8000

I set the country code to US - United States, forget network and reconnect, but same problem.

nng25 · October 6, 2024, 7:50am

Android 13, Windows 11.

I will get back on this.

nng25 · October 6, 2024, 8:00am

After forget network and just before connect, I already see this:

Here's some log (with some hex numbers obfuscated):

Sun Oct  6 03:52:05 2024 user.info upgrade: Saving config files...
Sun Oct  6 03:53:01 2024 kern.info kernel: [ 9328.525738] device phy0-ap0 left promiscuous mode
Sun Oct  6 03:53:01 2024 kern.info kernel: [ 9328.530630] br-lan: port 1(phy0-ap0) entered disabled state
Sun Oct  6 03:53:02 2024 daemon.notice wpa_supplicant[1454]: Set new config for phy phy0
Sun Oct  6 03:53:02 2024 daemon.notice hostapd: Set new config for phy phy0: /var/run/hostapd-phy0.conf
Sun Oct  6 03:53:02 2024 daemon.notice hostapd: Reload config for bss 'phy0-ap0' on phy 'phy0'
Sun Oct  6 03:53:02 2024 daemon.notice hostapd: phy0-ap0: AP-STA-DISCONNECTED xxxxxxxxxxx
Sun Oct  6 03:53:02 2024 daemon.warn hostapd: phy0-ap0: Could not connect to kernel driver
Sun Oct  6 03:53:02 2024 daemon.notice hostapd: Reloaded settings for phy phy0
Sun Oct  6 03:53:02 2024 daemon.info hostapd: phy0-ap0: STA xxxxxxxx IEEE 802.11: disassociated
Sun Oct  6 03:53:02 2024 daemon.info hostapd: phy0-ap0: STA xxxxxxxx IEEE 802.11: disassociated
Sun Oct  6 03:53:02 2024 daemon.info hostapd: phy0-ap0: STA xxxxxxxx IEEE 802.11: disassociated
Sun Oct  6 03:53:02 2024 daemon.info hostapd: phy0-ap0: STA xxxxxxxx IEEE 802.11: disassociated
Sun Oct  6 03:53:02 2024 daemon.notice netifd: Wireless device 'radio0' is now up
Sun Oct  6 03:53:02 2024 daemon.notice netifd: Network device 'phy0-ap0' link is up
Sun Oct  6 03:53:02 2024 kern.info kernel: [ 9329.713646] br-lan: port 1(phy0-ap0) entered blocking state
Sun Oct  6 03:53:02 2024 kern.info kernel: [ 9329.719254] br-lan: port 1(phy0-ap0) entered disabled state
Sun Oct  6 03:53:02 2024 kern.info kernel: [ 9329.725146] device phy0-ap0 entered promiscuous mode
Sun Oct  6 03:53:02 2024 kern.info kernel: [ 9329.730333] br-lan: port 1(phy0-ap0) entered blocking state
Sun Oct  6 03:53:02 2024 kern.info kernel: [ 9329.735954] br-lan: port 1(phy0-ap0) entered forwarding state
Sun Oct  6 03:53:04 2024 daemon.info dnsmasq[1]: read /etc/hosts - 12 names
Sun Oct  6 03:53:04 2024 daemon.info dnsmasq[1]: read /tmp/hosts/dhcp.cfg01411c - 4 names
Sun Oct  6 03:53:04 2024 daemon.info dnsmasq[1]: read /tmp/hosts/odhcpd - 4 names
Sun Oct  6 03:53:04 2024 daemon.info dnsmasq-dhcp[1]: read /etc/ethers - 0 addresses
Sun Oct  6 03:53:05 2024 daemon.warn odhcpd[1620]: No default route present, overriding ra_lifetime!
Sun Oct  6 03:54:49 2024 daemon.info hostapd: phy0-ap0: STA xxxxxxxx IEEE 802.11: associated
Sun Oct  6 03:54:49 2024 daemon.info hostapd: phy0-ap0: STA xxxxxxxx IEEE 802.11: disassociated
Sun Oct  6 03:54:49 2024 daemon.info hostapd: phy0-ap0: STA xxxxxxxx IEEE 802.11: associated
Sun Oct  6 03:54:49 2024 daemon.info hostapd: phy0-ap0: STA xxxxxxxx IEEE 802.11: disassociated
Sun Oct  6 03:54:49 2024 daemon.info hostapd: phy0-ap0: STA xxxxxxxx IEEE 802.11: disassociated
Sun Oct  6 03:54:49 2024 kern.warn kernel: [ 9436.383718] br-lan: received packet on phy0-ap0 with own address as source address (addr:xxxxxxxx, vlan:0)
Sun Oct  6 03:54:49 2024 daemon.info hostapd: phy0-ap0: STA xxxxxxxx IEEE 802.11: associated
Sun Oct  6 03:54:49 2024 kern.warn kernel: [ 9436.406341] br-lan: received packet on phy0-ap0 with own address as source address (addr:xxxxxxxx, vlan:0)
Sun Oct  6 03:54:49 2024 daemon.info hostapd: phy0-ap0: STA xxxxxxxx IEEE 802.11: disassociated

nng25 · October 6, 2024, 9:09am

Another twist to this, after I applied the following changes to the network, Wifi stops working again, even with the WPA2 and SAE settings. The ethernet cable still works.

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'
	list ports 'lan3'
	list ports 'lan4'

config bridge-vlan
	option device 'br-lan'
	option vlan '3'
	list ports 'lan1:t'
	list ports 'lan2:u*'

config interface 'lan'
        option device 'br-lan.1'
        option proto 'static'
        option ip6assign '60'
        list ipaddr '10.0.20.1/24'

config interface 'lan_children'
        option proto 'none'
        option device 'br-lan.3'

psherman · October 6, 2024, 12:30pm

Did you say that there is an upstream router? Is this particular device being used as an ap only?

How is this device connected to the upstream network?

If there is an upstream router, what is its lan address/subnet?

Do you expect the devices that connect to this unit to be on the same subnet as the upstream?

nng25 · October 6, 2024, 3:24pm

Thank you for inquiring into the details. I know a lot of time, it helps. As currently, I tried to get OpenWrt to work on this device with various functionalities (Wifi and Ethernet) just to get the basic going. Yesterday, I even flashed the OEM firmware just to make sure everything works. After getting Wifi and security to work, I would want to have it works as an AP with multiple VLAN. It will get address from PFSense via an Ethernet cable as a trunk. It will have many VLAN subnets, for children, TVs, IOTs, guests, etc.

Currently, I want to have at least 1 working Lan for me to connect to, and a second Lan that I can try to configure.

This device connects to the upstream router via a cable. Initially, the cable is in the WAN port, going to the upstream router, with the IP of 192.168.2.1, which provides DHCP in the subnet of 255.255.255.0. Later, I will use a Lan port to go to a PFSense device.

I maybe wrong in this assumption, but I thought that the Wifi should work, even when I unplug the upstream cable. Meaning if I can't provide "WAN' internet, I can still get to the OpenWRT via Wifi, as long as the configuration is providing local DHCP for it. The Lan interface thought to be providing the IP address, and I would think that Wifi would work similarly to the Ethernet cable.

With all respect, that's how I think, not that they're correct, so please correct/educate me.

Eventually, my plan is to have PFSense to front all of my subnets. From PFSense, I would have admin subnet, parent subnet, with their own cables. The OpenWRT device will have another cable and providing multiple VLAN for plural of subnets and the current upstream router will be removed.

psherman · October 6, 2024, 5:46pm

If your intent is to use this as an AP for an upstream pfsense router, you should directly configure that for this context. Don’t try to configure it in any other way, as it will just be more work and may not work as expected.

So, that’s said, let’s do this:

reset the OpenWrt device to defaults.
post the network config file here after the reset is complete.
Provide the following information for how the AP should be setup:

What physical port on the AP will be used for the uplink to the pfsense router?
What VLANs are on that uplink?
- provide the VLAN IDs and ideally the function/name of each
- are they all tagged, or is one VLAN untagged
- If one is untagged, which one?
What is the VLAN that will be used to manage the AP?
What address do you want the AP to use on the management network?
What do you want the other ports on the AP to do? For example (making this up):
- Port lan1: uplink
- Port lan2: main lan untagged
- Port lan3: guest network untagged
- Port lan4: trunk with main and guest lan, both tagged