Hi,
I have a HP Laserjet Neverstop 1200W with wifi.
It seems that these stupid printers work only when printing is initiated within the same wifi network/subnet - anyone experienced similar behaviour?
I have 2 SSIDs configured as different vlans, each with its own subnet, for the sake of vlan1 routed out via vpn, and vlan2 routed out to internet directly.
printer is on vlan1.
So whenever our laptops or phones are connected to vlan2, printing does not work, just gets stuck. even though printer is pingable, I can even reach its web interface, but printing itself gets stuck.
It's not the end of the world to switch over to another wifi network to print something, but it's just bloodly annoying, I hate impractical things
I have no limitations between the subnets, they are not isolated in any way, both zones are configured as ACCEPT ACCEPT ACCEPT to each other.
any ideas how to work around this, what seems to be HP wireless printing limitation?
Hi @megacar1
if printer is really "sensitive" to own subnet, you could try with firewal
something like
if packet arrive from vlan2 (laptops) and destination is vlan1, IP of Printer, then Masquerade
this way, printer will see only own subnet
one more thing
try to install HP printer when you are on Vlan2 (laptops)
this way, HP driver will be forced to use IP address of printer and not mdns/pnp/whatewer for printing port
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </>
" button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
hi
main router (wifi disabled on this one)
root@blanja:~# ubus call system board
{
"kernel": "5.10.176",
"hostname": "blanja",
"system": "Qualcomm Atheros QCA9558 ver 1 rev 0",
"model": "TP-Link TL-WR1043ND v2",
"board_name": "tplink,tl-wr1043nd-v2",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "22.03.5",
"revision": "r20134-5f15225c1e",
"target": "ath79/generic",
"description": "OpenWrt 22.03.5 r20134-5f15225c1e"
}
}
root@blanja:~# cat /etc/config/network
config interface 'loopback'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option device 'lo'
config globals 'globals'
config interface 'LAN'
option proto 'static'
option ipaddr '192.168.4.1'
option netmask '255.255.255.0'
option delegate '0'
option device 'eth1'
option type 'bridge'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '0 4 3 2 1'
option description 'LAN'
config switch_vlan
option device 'switch0'
option vlan '2'
option vid '2'
option ports '6 5'
option description 'WAN'
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '0t 4t 3t 2t 1t'
option vid '3'
option description 'NOVPN'
config switch_vlan
option device 'switch0'
option vlan '4'
option ports '0t 4t 3t 2t 1t'
option vid '4'
option description 'GUEST'
config interface 'LTE'
option device 'eth0'
option proto 'static'
option ipaddr '192.168.70.2'
option netmask '255.255.255.0'
option gateway '192.168.70.1'
option delegate '0'
config interface 'NOVPN'
option proto 'static'
option netmask '255.255.255.0'
option delegate '0'
option ipaddr '192.168.5.1'
option device 'eth1.3'
option type 'bridge'
config interface 'GUEST'
option proto 'static'
option device 'eth1.4'
option ipaddr '192.168.6.1'
option netmask '255.255.255.0'
config interface 'VPN'
option proto 'wireguard'
option private_key '***'
list addresses '10.9.0.2/32'
option listen_port '51830'
option delegate '0'
option force_link '1'
option defaultroute '0'
option mtu '1420'
config wireguard_VPN 'wg0'
option public_key '***'
option route_allowed_ips '1'
option persistent_keepalive '0'
option endpoint_port '51830'
list allowed_ips '10.9.0.1/32'
list allowed_ips '0.0.0.0/0'
list allowed_ips '10.9.0.3/32'
option endpoint_host '***'
root@blanja:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11g'
option country 'US'
option path 'platform/ahb/18100000.wmac'
option cell_density '0'
option htmode 'HT20'
option channel '2'
option txpower '25'
option disabled '1'
config wifi-iface 'wifinet0'
option device 'radio0'
option mode 'ap'
option encryption 'psk2'
option key '*'
option max_inactivity '180'
option network 'NOVPN'
option ssid 'mado'
option ieee80211r '1'
option mobility_domain 'd011'
option ft_over_ds '0'
option ft_psk_generate_local '1'
option disabled '1'
config wifi-iface 'wifinet1'
option device 'radio0'
option mode 'ap'
option encryption 'psk2'
option isolate '1'
option key '**'
option network 'GUEST'
option max_inactivity '180'
option ssid 'gosti'
option disabled '1'
root@blanja:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option domain 'doma'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option nonwildcard '0'
option noresolv '1'
option strictorder '1'
option filterwin2k '1'
option serversfile '/var/run/simple-adblock.servers'
option allservers '1'
option nonegcache '1'
option local '/doma/'
list doh_backup_server '1.1.1.1'
option confdir '/tmp/dnsmasq.d'
list server '192.168.4.10'
option localservice '0'
config dhcp 'doma'
option interface 'LAN'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'wan'
option interface 'WAN'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
config domain
config dhcp 'GUEST'
option interface 'GUEST'
option start '100'
option limit '150'
option leasetime '12h'
root@blanja:~# cat /etc/config/firewall
config rule
option name 'Allow-DHCP-Renew'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
option src '*'
config rule
option name 'Allow-Ping'
option src 'WAN'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'WAN'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'WAN'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'WAN'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Wireguard'
option src 'WAN'
option proto 'udp'
option dest_port '51830'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'WAN'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'WAN'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option src 'WAN'
option dest 'LAN'
option proto 'esp'
option target 'ACCEPT'
option name 'VPN IPSec'
config rule
option src 'WAN'
option dest 'LAN'
option dest_port '51830'
option proto 'udp'
option target 'ACCEPT'
option name 'VPN Wireguard'
config rule
option src 'LAN'
option src_mac '50:C7:BF:4B:C7:FB'
option target 'REJECT'
option name 'HS100-Plug1'
option dest '*'
config rule
option src 'LAN'
option name 'HS100-Plug2'
option src_mac '50:C7:BF:4B:D2:A6'
option dest '*'
option target 'REJECT'
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option flow_offloading '1'
option flow_offloading_hw '1'
option synflood_protect '1'
config zone
option name 'LAN'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option mtu_fix '1'
list network 'LAN'
config zone
option name 'WAN'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'LTE'
config include
option path '/etc/firewall.user'
config zone
option name 'VPN'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option input 'ACCEPT'
option forward 'ACCEPT'
list network 'VPN'
config forwarding
option dest 'VPN'
option src 'LAN'
config forwarding
option dest 'LAN'
option src 'VPN'
config rule
option target 'ACCEPT'
option src 'VPN'
option name 'VPN Ping'
config forwarding
option dest 'WAN'
option src 'LAN'
config forwarding
option dest 'LAN'
option src 'WAN'
config zone
option name 'GUEST'
option input 'ACCEPT'
option forward 'REJECT'
option masq '1'
option output 'ACCEPT'
list network 'GUEST'
config include 'pbr'
option fw4_compatible '1'
option type 'script'
option path '/usr/share/pbr/pbr.firewall.include'
config forwarding
option src 'GUEST'
option dest 'VPN'
config forwarding
option src 'VPN'
option dest 'GUEST'
config forwarding
option src 'GUEST'
option dest 'WAN'
config forwarding
option src 'WAN'
option dest 'GUEST'
config zone
option name 'NOVPN'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'NOVPN'
config forwarding
option src 'NOVPN'
option dest 'VPN'
config forwarding
option src 'NOVPN'
option dest 'WAN'
config forwarding
option src 'VPN'
option dest 'NOVPN'
config forwarding
option src 'WAN'
option dest 'NOVPN'
config forwarding
option src 'LAN'
option dest 'NOVPN'
config forwarding
option src 'NOVPN'
option dest 'LAN'
config rule
option name 'GUEST'
option src 'GUEST'
option target 'REJECT'
option dest_port '443 22'
wifi AP:
root@tanjur:~# ubus call system board
{
"kernel": "5.10.176",
"hostname": "tanjur",
"system": "Qualcomm Atheros QCA956X ver 1 rev 0",
"model": "Ubiquiti UniFi AC Lite",
"board_name": "ubnt,unifiac-lite",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "22.03.5",
"revision": "r20134-5f15225c1e",
"target": "ath79/generic",
"description": "OpenWrt 22.03.5 r20134-5f15225c1e"
}
}
root@tanjur:~# cat /etc/config/network
config interface 'loopback'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option device 'lo'
config globals 'globals'
config interface 'lan'
option proto 'static'
option ipaddr '192.168.4.10'
option netmask '255.255.255.0'
option gateway '192.168.4.1'
option dns '192.168.4.1'
option delegate '0'
option device 'br-lan'
option ipv6 'off'
config interface 'VLAN3'
option proto 'static'
option ipaddr '192.168.5.10'
option netmask '255.255.255.0'
option delegate '0'
option device 'br-VLAN3'
config interface 'VLAN4'
option proto 'static'
option ipaddr '192.168.6.10'
option netmask '255.255.255.0'
option delegate '0'
option device 'br-VLAN4'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
config device
option name 'br-VLAN3'
option type 'bridge'
list ports 'eth0.3'
config device
option name 'br-VLAN4'
option type 'bridge'
list ports 'eth0.4'
root@tanjur:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option nonwildcard '1'
option localservice '1'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
list server '/mask.icloud.com/'
list server '/mask-h2.icloud.com/'
list server '/use-application-dns.net/'
list server '127.0.0.1#5053'
list server '127.0.0.1#5054'
option doh_backup_noresolv '-1'
option noresolv '1'
list doh_backup_server '/mask.icloud.com/'
list doh_backup_server '/mask-h2.icloud.com/'
list doh_backup_server '/use-application-dns.net/'
list doh_backup_server '127.0.0.1#5053'
list doh_backup_server '127.0.0.1#5054'
config dhcp 'lan'
option interface 'lan'
option ignore '1'
option dhcpv6 'disabled'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
root@tanjur:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11a'
option path 'pci0000:00/0000:00:00.0'
option country 'US'
option cell_density '0'
option htmode 'VHT80'
option channel '40'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11g'
option htmode 'HT20'
option country 'US'
option path 'platform/ahb/18100000.wmac'
option cell_density '0'
option channel '7'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'doma'
option encryption 'psk2'
option key '***'
option macfilter 'deny'
list maclist '3C:20:F6:58:04:B7'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option encryption 'psk2'
option network 'VLAN3'
option key '***'
option max_inactivity '180'
option ssid 'madobar'
config wifi-iface 'wifinet2'
option ssid 'gosti'
option encryption 'psk2'
option device 'radio1'
option mode 'ap'
option network 'VLAN4'
option key '***'
option isolate '1'
option max_inactivity '180'
config wifi-iface 'wifinet3'
option device 'radio1'
option mode 'ap'
option ssid 'mado'
option encryption 'psk2'
option key '***'
option network 'VLAN3'
root@tanjur:~# cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
option network 'wan wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config rule
option name 'GUEST'
option src '*'
list src_ip '192.168.6.0/24'
option dest_port '443 22'
option target 'REJECT'
This version is EOL and unsupported. You should upgrade to [23.05](https://TP-Link TL-WR1043N/ND v2). Along the way, I'd recommend resetting to defaults (as part of the upgrade process -- do not 'keep settings') and then starting fresh as there are several issues with your config -- it's easier just to build up from scratch.
Similarly, for your UAP-AC-Lite , I'd recommend upgrading that to 23.05 as well. This one can keep settings, although when you're done we'll want to fix a few things.
thanks for info. I will upgrade them when I get the time around.
Whoa, building it from scratch sounds like a lot of work with all the custom stuff like adblocker, policy based routing, vlans, dhcp reservations, wireguard, etc...
Also, if I don't know what is wrong with the current config, I will just recreate the same mistake again
did you try anything i wrote above ?
megacar1:
Whoa, building it from scratch sounds like a lot of work with all the custom stuff like adblocker, policy based routing, vlans, dhcp reservations, wireguard, etc...
Ok... if that's the case, we can edit the existing files.
Just an example of what is wrong...
The bridge must be defined outside the network interface -- that line is invalid inside an interface and may break things. It should look like this:
config device 'br-lan'
option type 'bridge'
list ports 'eth1'
config interface 'LAN'
option proto 'static'
option ipaddr '192.168.4.1'
option netmask '255.255.255.0'
option device 'br-lan'
You've got several of these throughout your config, so you need to clean those up. There are probably other thigns, too, but we'll get to them once you've upgraded.
i will try with firewall rule, thanks for suggestion.
I am mostly printing from android phone, so fiddling with windows is not worth it..
psherman:
You've got several of these throughout your config, so you need to clean those up. There are probably other thigns, too, but we'll get to them once you've upgraded.
thanks, will report back once upgraded and fixed these
it will not work
Android print is tied to mdns/avahi/bonjur
so, without reflector on your router, it is waste of time
and yes, using HP will not help either
psherman:
You've got several of these throughout your config, so you need to clean those up. There are probably other thigns, too, but we'll get to them once you've upgraded.
okay, I got the time around to upgrade my openwrt equipment (I'm doing it every summer, and there will be no upgrades until next august). both ubiquiti AP and tplink router on latest 23 version.
Meanwhile, I gave up on chasing this printer issue, I can live with it, and judging by the comments it will never work.
Out of curiosity, I went ahead and did your change (separated bridge) as you say my config could break things, but actually after I did the change I lost access to the router.
I tried to access it from 2 different VLANs, no dice. I guess my config is so broken that VLAN configuration depends on that bridge, so it has all fallen apart.
Luckily, router remained accessible to its wireguard peer (as only the local network was broken), so I just accessed it from a remote machine and reverted back to my "broken" config.
I guess it has something to do with the fact I have vlans configured like eth1.3, eth1.4 and they need the LAN interface to be eth1.
probably I could just remove bridge definition from that LAN eth1 interface and everything might work...
As I don't need wlan and lan bridged here, wlan is disabled on this router, as I am using other device as AP (ubiquiti unifi ap lite with openwrt). maybe I dont need any bridge here at all,
Share your latest config and we'll try to figure out what's wrong.
My latest config is the same as posted above, it remains unchanged as I opted to keep settings during upgrade
In that case, my advice should still be accurate. You said you lost connectivity -- I would make a guess that it was a typo or other mistake that was responsible for the issue.
root@blanja:~# cat /etc/config/network
config interface 'loopback'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
option device 'lo'
config globals 'globals'
config device 'br-lan'
option type 'bridge'
list ports 'eth1'
config interface 'LAN'
option proto 'static'
option ipaddr '192.168.4.1'
option netmask '255.255.255.0'
option device 'br-lan'
root@blanja:~# /etc/init.d/network restart
'radio0' is disabled
Failed to load config file: : Parse error (invalid character in name field) at line 9, byte 23
I give up.
found it should be this format:
openwrt /etc/config/network defaults examples
config device 'lan_br'
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
also found this guy has bridged lan
Hi all
I got a beginner question in which I hope you can help to clarify.
I've just flashed my wireless router WR841N. Below is the fresh unmodified
/etc/config/network configuration file. In the third verse config interface 'lan', can someone
explain why this interface is configured as a bridge by default, with only one slave interface eth0.1 as member?
Thank you in advance for your time and help sharing knowledge.
config interface 'loopback'
option ifname 'lo'
option pā¦
also this guy
megacar1:
config device 'br-lan'
it seems this is the correct syntax
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
edit: I did it, it survived...
but i could run a CUPS server in a docker, and then access the shared printer via cups (which is in the same network as the stupid hp wifi printer). Then I should be able to print from wherever I want?
hi @megacar1
in theory, yes
in practice ,,, you need docker/cups for non x86 arch, and thinkering with OWRT+Docker combo
good luck