WLAN clients cannot ping each other

This topic has been addressed already but I haven't been able to solve it.
I have the Openwrt router with 2 AP's running in the same network address family. The router has a static IP that ends in 1. The AP's end in 2 and 3, static addresses also.
The DHCP server is set to send addresses from x.x.x.100 to x.x.x.150. I have all my known clients with static IP's.
I became aware of this problem when I needed to print a document after my router replacement. I cannot ping my printer if both clients (Laptop and printer) are connected to the wireless network from the router. It happens only in this case.
I know know that it happens with every client that when connected to the WLAN of the router.

"From x.x.x.x icmp_seq=6 Destination Host Unreachable"

I have tried the "isolation" setting. The hairpin of the phy0-ap0 becomes "1" after reboot, but I have tried to put it to "0" with no success.

My expertise is not networking. I consider myself mostly self taught in the matter. This issue is making my head spin. Help will be very appreciated.

Best regards

Let's look at your configs... It sounds like there are 3 devices here, so let's review all three -- main router, AP1, and AP2:

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

ubus call system board:

{ 
        "kernel": "6.1.57", 
        "hostname": "FriendlyWrt", 
        "system": "ARMv8 Processor rev 0", 
        "model": "FriendlyElec NanoPi R5C", 
        "board_name": "friendlyelec,nanopi-r5c", 
        "release": { 
                "distribution": "OpenWrt", 
                "version": "23.05.5", 
                "revision": "r24106-10cc5fcd00", 
                "target": "rockchip/armv8", 
                "description": "OpenWrt 23.05.5 r24106-10cc5fcd00" 
        } 
}

cat /etc/config/network:

config interface 'loopback' 
        option device 'lo' 
        option proto 'static' 
        option ipaddr '127.0.0.1' 
        option netmask '255.0.0.0' 
 
config globals 'globals' 
        option ula_prefix 'xxxx:xx:xx::/48' 
 
config device 
        option name 'eth0' 
        option macaddr 'xx:xx:xx:xx:xx:xx' 
        option ipv6 '0' 
 
config interface 'wan' 
        option device 'eth0' 
        option proto 'dhcp' 
        option peerdns '0' 
        list dns '1.1.1.1' 
        list dns '8.8.8.8' 
 
config interface 'wan6' 
        option device 'eth0' 
        option proto 'dhcpv6' 
 
config device 
        option name 'br-lan' 
        option type 'bridge' 
        option promisc '1' 
        option bridge_empty '1' 
        list ports 'eth1' 
 
config device 
        option name 'eth1' 
        option macaddr 'xx:xx:xx:xx:xx:xx' 
 
config interface 'lan' 
        option device 'br-lan' 
        option proto 'static' 
        option ipaddr 'xxx.xxx.xxx.1' 
        option netmask '255.255.255.0' 
        option ip6assign '60' 
        option delegate '0' 
 
config interface 'Home_VPN' 
        option proto 'wireguard' 
        option private_key 'privatekey' 
        option listen_port '12345' 
        list addresses 'xxx.xxx.xxx.1/24' 
 
config wireguard_Home_VPN 
        option description 'SmartPhone' 
        option public_key 'public key' 
        option private_key 'private key' 
        option preshared_key 'preshared key' 
        list allowed_ips 'xxx.xxx.xxx.2/32' 
        option endpoint_host 'web.web.com' 
        option endpoint_port '12345' 
        option route_allowed_ips '1' 
 
config wireguard_Home_VPN 
        option description 'Lenovo_Laptop' 
        option public_key 'public key' 
        option private_key 'private key' 
        option preshared_key 'preshared key' 
        option route_allowed_ips '1' 
        option endpoint_host 'web.web.com' 
        option endpoint_port '12345' 
        list allowed_ips 'xxx.xxx.xxx.3/32' 
 
config interface 'docker' 
        option device 'docker0' 
        option proto 'none' 
        option auto '0' 
 
config device 
        option type 'bridge' 
        option name 'docker0'

cat /etc/config/wireless:

config wifi-device 'radio0' 
        option type 'mac80211' 
        option path '3c0000000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0' 
        option band '5g' 
        option rx_stbc '0' 
        option country 'PT' 
        option cell_density '0' 
        option channel '40' 
        option htmode 'VHT40' 
        option noscan '1' 
 
config wifi-iface 'wifinet1' 
        option device 'radio0' 
        option mode 'ap' 
        option ssid 'OpenWrt' 
        option encryption 'psk2' 
        option network 'lan' 
        option key 'wireless_key' 
        option short_preamble '0' 
        option disassoc_low_ack '0' 
        option isolate '0'

cat /etc/config/dhcp:

config dnsmasq 
        option domainneeded '1' 
        option localise_queries '1' 
        option rebind_protection '1' 
        option rebind_localhost '1' 
        option local '/lan/' 
        option domain 'lan' 
        option expandhosts '1' 
        option cachesize '1000' 
        option readethers '1' 
        option leasefile '/tmp/dhcp.leases' 
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto' 
        option localservice '1' 
        option ednspacket_max '1232' 
        option confdir '/tmp/dnsmasq.d' 
        option authoritative '1' 
        option port '5300' 
 
config dhcp 'lan' 
        option interface 'lan' 
        option start '100' 
        option limit '50' 
        option leasetime '12h' 
        option dhcpv4 'server' 
        option force '1' 
        list dhcp_option '6,xxx.xxx.xxx.1' 
 
config dhcp 'wan' 
        option interface 'wan' 
        option ignore '1' 
 
config odhcpd 'odhcpd' 
        option maindhcp '0' 
        option leasefile '/tmp/hosts/odhcpd' 
        option leasetrigger '/usr/sbin/odhcpd-update' 
        option loglevel '4' 
 
config host 
        option name 'A14' 
        list mac 'MAC' 
        option ip 'xxx.xxx.xxx.12' 
        option leasetime 'infinite' 
 
config host 
        option name 'nass' 
        list mac 'mac' 
        option ip 'xxx.xxx.xxx.58' 
        option leasetime 'infinite' 
 
config host 
        option name 'AP' 
        list mac 'mac' 
        option ip 'xxx.xxx.xxx.2' 
        option leasetime 'infinite' 
 
config host 
        option name 'RYZEN' 
        list mac 'mac' 
        option ip 'xxx.xxx.xxx.56' 
        option leasetime 'infinite' 
 
config host 
        option name 'Lenovo' 
        list mac 'mac' 
        option ip 'xxx.xxx.xxx.51' 
        option leasetime 'infinite' 
 
config host 
        option name 'Aspirador' 
        list mac 'mac' 
        option ip 'xxx.xxx.xxx.60' 
        option leasetime 'infinite' 
 
config host 
        option name 'Win10.VM' 
        list mac 'mac' 
        option ip 'xxx.xxx.xxx.252' 
        option leasetime 'infinite' 
 
config host 
        option name 'Chromecast.CZ' 
        list mac 'mac' 
        option ip 'xxx.xxx.xxx.42' 
        option leasetime 'infinite' 
 
config host 
        option ip 'xxx.xxx.xxx.3' 
        option mac 'mac' 
        option name 'AP2' 
 
config host 
        option name 'Chromecast.SL' 
        option ip 'xxx.xxx.xxx.43' 
        option mac 'mac' 
 
config host 
        option name 'EPSON74957B' 
        option ip 'xxx.xxx.xxx.70' 
        option mac 'mac' 
        option dns '1' 
 
config host 
        option ip 'xxx.xxx.xxx.52' 
        option mac 'mac' 
        option name 'Lenovo.DS' 
 
config host 
        option name 'delllaptop' 
        option ip 'xxx.xxx.xxx.53' 
        option mac 'mac' 
 
config host 
        option name 'TV-da-sala-de-estar' 
        option ip 'xxx.xxx.xxx.44' 
        option mac 'mac' 
 
config host 
        option name 'DS0271' 
        option ip 'xxx.xxx.xxx.54' 
        option mac 'mac'

cat /etc/config/firewall:

config defaults 
        option input 'ACCEPT' 
        option output 'ACCEPT' 
        option forward 'ACCEPT' 
        option flow_offloading '1' 
        option synflood_protect '1' 
 
config zone 
        option name 'lan' 
        option input 'ACCEPT' 
        option output 'ACCEPT' 
        option forward 'ACCEPT' 
        list network 'Home_VPN' 
        list network 'lan' 
 
config zone 
        option name 'wan' 
        option input 'REJECT' 
        option output 'ACCEPT' 
        option forward 'REJECT' 
        option fullcone4 '1' 
        option fullcone6 '1' 
        option masq '1' 
        option mtu_fix '1' 
        list network 'wan' 
        list network 'wan6' 
 
config forwarding 
        option src 'lan' 
        option dest 'wan' 
 
config rule 
        option name 'Allow-DHCP-Renew' 
        option src 'wan' 
        option proto 'udp' 
        option dest_port '68' 
        option target 'ACCEPT' 
        option family 'ipv4' 
 
config rule 
        option name 'Allow-Ping' 
        option src 'wan' 
        option proto 'icmp' 
        option icmp_type 'echo-request' 
        option family 'ipv4' 
        option target 'ACCEPT' 
 
config rule 
        option name 'Allow-IGMP' 
        option src 'wan' 
        option proto 'igmp' 
        option family 'ipv4' 
        option target 'ACCEPT' 
 
config rule 
        option name 'Allow-DHCPv6' 
        option src 'wan' 
        option proto 'udp' 
        option dest_port '546' 
        option family 'ipv6' 
        option target 'ACCEPT' 
 
config rule 
        option name 'Allow-MLD' 
        option src 'wan' 
        option proto 'icmp' 
        option src_ip 'xxxx::/10' 
        list icmp_type '130/0' 
        list icmp_type '131/0' 
        list icmp_type '132/0' 
        list icmp_type '143/0' 
        option family 'ipv6' 
        option target 'ACCEPT' 
 
config rule 
        option name 'Allow-ICMPv6-Input' 
        option src 'wan' 
        option proto 'icmp' 
        list icmp_type 'echo-request' 
        list icmp_type 'echo-reply' 
        list icmp_type 'destination-unreachable' 
        list icmp_type 'packet-too-big' 
        list icmp_type 'time-exceeded' 
        list icmp_type 'bad-header' 
        list icmp_type 'unknown-header-type' 
        list icmp_type 'router-solicitation' 
        list icmp_type 'neighbour-solicitation' 
        list icmp_type 'router-advertisement' 
        list icmp_type 'neighbour-advertisement' 
        option limit '1000/sec' 
        option family 'ipv6' 
        option target 'ACCEPT' 
 
config rule 
        option name 'Allow-ICMPv6-Forward' 
        option src 'wan' 
        option dest '*' 
        option proto 'icmp' 
        list icmp_type 'echo-request' 
        list icmp_type 'echo-reply' 
        list icmp_type 'destination-unreachable' 
        list icmp_type 'packet-too-big' 
        list icmp_type 'time-exceeded' 
        list icmp_type 'bad-header' 
        list icmp_type 'unknown-header-type' 
        option limit '1000/sec' 
        option family 'ipv6' 
        option target 'ACCEPT' 
 
config rule 
        option name 'Allow-IPSec-ESP' 
        option src 'wan' 
        option dest 'lan' 
        option proto 'esp' 
        option target 'ACCEPT' 
 
config rule 
        option name 'Allow-ISAKMP' 
        option src 'wan' 
        option dest 'lan' 
        option dest_port '500' 
        option proto 'udp' 
        option target 'ACCEPT' 
 
config rule 
        option name 'Reject-IPv6' 
        option family 'ipv6' 
        option src 'wan' 
        option dest '*' 
        option target 'REJECT' 
        option enabled '0' 
 
config redirect 
        option dest 'lan' 
        option target 'DNAT' 
        option name 'HTTP Server' 
        option src 'wan' 
        option dest_ip 'xxx.xxx.xxx.58' 
        option reflection_src 'external' 
        list reflection_zone 'lan' 
        list reflection_zone 'wan' 
        option family 'ipv4' 
        list proto 'tcp' 
        list proto 'udp' 
        option src_dport '80' 
        option dest_port '80' 
 
config redirect 
        option dest 'lan' 
        option target 'DNAT' 
        option name 'HTTPS Server' 
        option src 'wan' 
        option src_dport '443' 
        option dest_ip 'xxx.xxx.xxx.58' 
        option dest_port '443' 
        option reflection_src 'external' 
        list proto 'tcp' 
        list proto 'udp' 
        option family 'ipv4' 
        list reflection_zone 'lan' 
        list reflection_zone 'wan' 
 
config redirect 
        option dest 'lan' 
        option target 'DNAT' 
        option name 'Home_VPN' 
        list proto 'udp' 
        option src 'wan' 
        option src_dport '12345' 
        option dest_ip 'xxx.xxx.xxx.1' 
        option dest_port '12345' 
 
config zone 'docker' 
        option input 'ACCEPT' 
        option output 'ACCEPT' 
        option forward 'ACCEPT' 
        option name 'docker' 
        list network 'docker'

It appears you are using firmware that is not from the official OpenWrt project.

When using forks/offshoots/vendor-specific builds that are "based on OpenWrt", there may be many differences compared to the official versions (hosted by OpenWrt.org). Some of these customizations may fundamentally change the way that OpenWrt works. You might need help from people with specific/specialized knowledge about the firmware you are using, so it is possible that advice you get here may not be useful.

You may find that the best options are:

1. Install an official version of OpenWrt, if your device is supported (see https://firmware-selector.openwrt.org).
2. Ask for help from the maintainer(s) or user community of the specific firmware that you are using.
3. Provide the source code for the firmware so that users on this forum can understand how your firmware works (OpenWrt forum users are volunteers, so somebody might look at the code if they have time and are interested in your issue).

If you believe that this specific issue is common to generic/official OpenWrt and/or the maintainers of your build have indicated as such, please feel free to clarify.

I will try a OpenWrt official version. Hope that it will solve the issue, if not I'll come back to this post.

My appreciation in advance.

Official version of OpenWrt does not have the problem. I will set it up according to my necessities and check if the issue appears. I am not expecting any problems.

Thank you for the pointer. I was believing that FriendlyOpenWrt was only rebranding.

Best regards

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.