Wifi no connection with android while others do have connection

Hi all, I am running OpenWRT 19.7.4 on a FritzBox 4040 behind the ISP's router. The setup is still very basic but LAN and Wifi clients generally get internet connection. The problem is with wifi: a Win10 Laptop gets proper connection while an android 7 (Lineage 14.1) phone doesnt. The phone is pingable from openwrt but it cant ping the ISP router (192.168.1.1).
I tried the wifi ihterface with and without masquerading and MMS clamping - no diiference in behaviour. BTW: there are two static routes in the router: 192.168.150.0/24 to gw 192.168.1.2 and 192.168.200.0/24 to gw 192.168.1.2.
I am completely new to WRT and would appreciate any help or hint you can give in order to investigate further.
Thx

Here are my main configs:

cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdfb:2f3c:dbd0::/48'

config interface 'lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ipaddr '192.168.200.1'
        list dns '192.168.1.101'
        option gateway '192.168.1.1'
        option ifname 'eth0'

config interface 'wan'
        option proto 'static'
        list dns '192.168.1.101'
        option gateway '192.168.1.1'
        option ifname 'eth1'
        list ipaddr '192.168.1.2/24'

config interface 'wan6'
        option ifname 'eth1'
        option proto 'dhcpv6'
        option reqprefix 'auto'
        option reqaddress 'none'
        option auto '0'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 0'

config interface 'WLAN'
        option proto 'static'
        list ipaddr '192.168.150.0/24'
        list dns '192.168.1.101'
        option gateway '192.168.1.1'
        option ip6assign '64'
        option delegate '0'



cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option hwmode '11g'
        option path 'platform/soc/a000000.wifi'
        option htmode 'HT20'
        option channel '10'
        option txpower '20'
        option country 'DE'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'ap'
        option key '...'
        option ssid 'kasimiro'
        option encryption 'psk2'
        option network 'WLAN'
        option disassoc_low_ack '0'

config wifi-device 'radio1'
        option type 'mac80211'
        option hwmode '11a'
        option path 'platform/soc/a800000.wifi'
        option htmode 'HT40'
        option channel '40'
        option txpower '20'
        option country 'DE'
        option disabled '1'

config wifi-iface 'wifinet2'
        option wpa_disable_eapol_key_retries '1'
        option ssid 'kasimiro'
        option encryption 'psk2'
        option device 'radio1'
        option mode 'ap'
        option key '.....'
        option network 'WLAN'
        option disabled '1'

cat /etc/config/firewall

config defaults
        option output 'ACCEPT'
        option synflood_protect '1'
        option drop_invalid '1'
        option input 'ACCEPT'
        option forward 'DROP'

config zone
        option name 'wan'
        option output 'ACCEPT'
        option network 'wan wan6'
        option input 'ACCEPT'
        option forward 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option log '1'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option network 'lan'
        option forward 'ACCEPT'
        option output 'ACCEPT'

config zone
        option name 'wlan_fw_kn'
        option input 'ACCEPT'
        option network 'WLAN'
        option forward 'ACCEPT'
        option output 'ACCEPT'
        option masq '1'
        option log '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option src 'lan'
        option name 'KN_ping'
        option dest '*'
        option target 'ACCEPT'
        list proto 'icmp'

config rule
        option target 'REJECT'
        option src 'lan'
        option dest 'wan'
        list dest_ip '8.8.8.8'
        list proto 'all'
        option enabled '0'
        option name 'K_lan_8888'
        list src_ip '192.168.200.182'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config forwarding
        option dest 'wan'
        option src 'wlan_fw_kn'

config rule
        option dest_port '80'
        option src 'lan'
        option dest 'wan'
        option target 'ACCEPT'
        list proto 'tcp'
        option name 'KN_HTTP'
        option enabled '0'

config rule
        option dest_port '443'
        option src 'lan'
        option name 'KN_HTTPS'
        option dest 'wan'
        option target 'ACCEPT'
        list proto 'tcp'
        option enabled '0'

In each network interface, the "gateway" is the node in that network that forwards packets to other network.

The "gateway" parameter is not the gateway that will be sent to DHCP clients, that info goes into the DHCP configuration. It is the gateway that the router itself will use. You must only use the gateway parameter on the interfaces that connect your router to the internet, and must be an IP address inside the network segment.

3 Likes

Thank you, eduperez!
Ok, that means for me that I have to remove the "option gateway" parameter for WLAN and LAN interface in my /etc/config/network, right? I leave the option gateway '192.168.1.1' in the WAN interface because this interface is connected to the ISP router...
I did the above modifications but still the Win10 Laptop is connected to the internet while the android gets an IP lease but can't access the internet. Ping from android to the Laptop is possible, but ping 192.168.1.1 (ISP router) or 192.168.1.101 (pihole) or 192.168.200.1 (openWRT) give "network is unreachable".

This is my dhcp config:

cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv6 'server'
        option ra 'server'
        option ra_management '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'WLAN'
        option leasetime '12h'
        option limit '150'
        option interface 'WLAN'
        option start '10'

config host
        option mac '00:68:EB:68:F4:CC'
        option ip '192.168.200.181'

So, did I get your point or are there more things to correct in my configs?

Remove these from lan and WLAN.

Remove from wlan_fw_kn zone

Better remove these, as the pihole might return a private IP in an internal lookup.

Thank you, Trendy, too.
That's what I did bit it still didnt help. Still the Win10 Laptop gets internet connection but 3 different android devices don't. These 3 dont have problems in other wifi networks.
I'm quite confused, does anybody have another idea?
I didnt find anything related to android and openWRT in the forums....
Thanks in advance an have a nice evening!

logread (filtered on the IP of one of the androids):
...
Tue Jan 5 21:44:27 2021 daemon.info hostapd: wlan0: STA 00:90:4c:c5:12:38 IEEE 802.11: authenticated
Tue Jan 5 21:44:27 2021 daemon.info hostapd: wlan0: STA 00:90:4c:c5:12:38 IEEE 802.11: associated (aid 2)
Tue Jan 5 21:44:27 2021 daemon.notice hostapd: wlan0: AP-STA-CONNECTED 00:90:4c:c5:12:38
Tue Jan 5 21:44:27 2021 daemon.info hostapd: wlan0: STA 00:90:4c:c5:12:38 WPA: pairwise key handshake completed (RSN)
Tue Jan 5 21:44:30 2021 daemon.info dnsmasq-dhcp[1573]: DHCPDISCOVER(wlan0) 00:90:4c:c5:12:38
Tue Jan 5 21:44:30 2021 daemon.info dnsmasq-dhcp[1573]: DHCPOFFER(wlan0) 192.168.150.131 00:90:4c:c5:12:38
Tue Jan 5 21:44:30 2021 daemon.info dnsmasq-dhcp[1573]: DHCPREQUEST(wlan0) 192.168.150.131 00:90:4c:c5:12:38
Tue Jan 5 21:44:30 2021 daemon.info dnsmasq-dhcp[1573]: DHCPACK(wlan0) 192.168.150.131 00:90:4c:c5:12:38 android-592890221749aeff
...

netstat -l -n -p | grep -e dnsmasq
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1573/dnsmasq
tcp 0 0 192.168.200.0:53 0.0.0.0:* LISTEN 1573/dnsmasq
tcp 0 0 192.168.1.2:53 0.0.0.0:* LISTEN 1573/dnsmasq
tcp 0 0 192.168.150.0:53 0.0.0.0:* LISTEN 1573/dnsmasq
tcp 0 0 ::1:53 :::* LISTEN 1573/dnsmasq
tcp 0 0 fe80::2e3a:fdff:fe1c:a2be:53 :::* LISTEN 1573/dnsmasq
tcp 0 0 fe80::2e3a:fdff:fe1c:a2bf:53 :::* LISTEN 1573/dnsmasq
tcp 0 0 fe80::2e3a:fdff:fe1c:a2c0:53 :::* LISTEN 1573/dnsmasq
udp 0 0 127.0.0.1:53 0.0.0.0:* 1573/dnsmasq
udp 0 0 192.168.200.0:53 0.0.0.0:* 1573/dnsmasq
udp 0 0 192.168.1.2:53 0.0.0.0:* 1573/dnsmasq
udp 0 0 192.168.150.0:53 0.0.0.0:* 1573/dnsmasq
udp 0 0 0.0.0.0:67 0.0.0.0:* 1573/dnsmasq
udp 0 0 ::1:53 :::* 1573/dnsmasq
udp 0 0 fe80::2e3a:fdff:fe1c:a2be:53 :::* 1573/dnsmasq
udp 0 0 fe80::2e3a:fdff:fe1c:a2bf:53 :::* 1573/dnsmasq
udp 0 0 fe80::2e3a:fdff:fe1c:a2c0:53 :::* 1573/dnsmasq

ip address show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 2c:3a:fd:1c:a2:be brd ff:ff:ff:ff:ff:ff
inet 192.168.200.0/24 brd 192.168.200.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::2e3a:fdff:fe1c:a2be/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
link/ether 2c:3a:fd:1c:a2:bf brd ff:ff:ff:ff:ff:ff
inet 192.168.1.2/24 brd 192.168.1.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::2e3a:fdff:fe1c:a2bf/64 scope link
valid_lft forever preferred_lft forever
5: wlan1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 2c:3a:fd:1c:a2:c1 brd ff:ff:ff:ff:ff:ff
6: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
link/ether 2c:3a:fd:1c:a2:c0 brd ff:ff:ff:ff:ff:ff
inet 192.168.150.0/24 brd 192.168.150.255 scope global wlan0
valid_lft forever preferred_lft forever
inet6 fe80::2e3a:fdff:fe1c:a2c0/64 scope link
valid_lft forever preferred_lft forever

ip route show table all
default via 192.168.1.1 dev eth1
192.168.1.0/24 dev eth1 scope link src 192.168.1.2
192.168.150.0/24 dev wlan0 scope link src 192.168.150.0
192.168.200.0/24 dev eth0 scope link src 192.168.200.0
broadcast 127.0.0.0 dev lo table local scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
local 127.0.0.1 dev lo table local scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
broadcast 192.168.1.0 dev eth1 table local scope link src 192.168.1.2
local 192.168.1.2 dev eth1 table local scope host src 192.168.1.2
broadcast 192.168.1.255 dev eth1 table local scope link src 192.168.1.2
local 192.168.150.0 dev wlan0 table local scope host src 192.168.150.0
broadcast 192.168.150.0 dev wlan0 table local scope link src 192.168.150.0
broadcast 192.168.150.255 dev wlan0 table local scope link src 192.168.150.0
local 192.168.200.0 dev eth0 table local scope host src 192.168.200.0
broadcast 192.168.200.0 dev eth0 table local scope link src 192.168.200.0
broadcast 192.168.200.255 dev eth0 table local scope link src 192.168.200.0
unreachable fdfb:2f3c:dbd0::/48 dev lo metric 2147483647 error -113
fe80::/64 dev eth0 metric 256
fe80::/64 dev eth1 metric 256
fe80::/64 dev wlan0 metric 256
local ::1 dev lo table local metric 0
anycast fe80:: dev eth1 table local metric 0
anycast fe80:: dev eth0 table local metric 0
anycast fe80:: dev wlan0 table local metric 0
local fe80::2e3a:fdff:fe1c:a2be dev eth0 table local metric 0
local fe80::2e3a:fdff:fe1c:a2bf dev eth1 table local metric 0
local fe80::2e3a:fdff:fe1c:a2c0 dev wlan0 table local metric 0
ff00::/8 dev eth0 table local metric 256
ff00::/8 dev eth1 table local metric 256
ff00::/8 dev wlan0 table local metric 256

Do you see any inconsistencies or anomalies?

Try to ping and tracepath from the phone to the Internet by IP and domain name.
https://play.google.com/store/apps/details?id=com.termux

from one of the android phones:

ping google.com -> unknown host google.com
tracepath google.com -> no address associated with google.com

ping 8.8.8.8 -> network unreachable
tracepath 8.8.8.8 -> send failed; Resume: pmtu 65535 (???)

No idea if this helps...

1 Like

This looks like the default route is missing on the phone.
Make sure the phone has obtained a valid DHCP lease and IP address.
Also disable VPNs if any.

Yeah, the above cited logread let me think that DHCP was working fine:

Tue Jan 5 21:44:30 2021 daemon.info dnsmasq-dhcp[1573]: DHCPACK(wlan0) 192.168.150.131 00:90:4c:c5:12:38 android-592890221749aeff

Thats exactly the IP/hostname/MAC which is shown in the phone...
Blokada VPN is also disabled.

Grmpf...

Communication with the phone is fine and has completed the dhcp negotiation.

This is not a valid address to listen to.

nor this one.

This one is.
Fix the IPs to 192.168.200.1 and 192.168.150.1

2 Likes

Thank you again, trendy, for spending time on my probably stupid config!
This fully helped!!!

Only one question for my understanding: I am quite sure that I already tried 192.168.150.1 for the WLAN interface. But I didnt try it together with *200.1 for the LAN interface. So why do the LAN interface settings interfere with WLAN? If the WLAN interface listens correctly on *.150.1:53 for DNS why should it care for incorrect LAN interface settings?

For what it's worth, it should not matter. If one interface is not configured properly it should not affect the others.

1 Like

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.