Wlan0 does not obtain IP address after boot

Installing and Using OpenWrt Network and Wireless Configuration
1

Hello,

My device (carambola2 with LEDE onboard) is connecting to my local wifi network as client.
However after boot/reboot it does not obtain ip address on wlan0 interface, until /etc/init.d/network restart executed manually.
How to fix that?

/etc/config/network

config interface 'loopback'
        option ifname           'lo'
        option proto            'static'
        option ipaddr           '127.0.0.1'
        option netmask          '255.0.0.0'

config globals 'globals'
        option ula_prefix       'fdd3:9a1a:c9d9::/48'

config interface 'lan'
        option  ifname          'eth0 eth1'
        option  type            'bridge'
        option proto            'dhcp'

config interface 'wlan'
        option  ifname          'wlan0'
        option proto            'dhcp'

/etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'platform/ar933x_wmac'
        option htmode 'HT20'
        option disabled '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'sta'
        option network 'wan'
        option encryption 'psk2'
        option ssid 'MyWiFi'
        option key 'password'

/etc/config/firewall

config defaults
        option syn_flood        1
        option input            ACCEPT
        option output           ACCEPT
        option forward          REJECT
# Uncomment this line to disable ipv6 rules
#       option disable_ipv6     1

config zone
        option name             lan
        list   network          'lan'
        list   network          'wlan'
        option input            ACCEPT
        option output           ACCEPT
        option forward          ACCEPT

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
        option name             Allow-DHCP-Renew
        option src              wan
        option proto            udp
        option dest_port        68
        option target           ACCEPT
        option family           ipv4

# Allow IPv4 ping
config rule
        option name             Allow-Ping
        option src              wan
        option proto            icmp
        option icmp_type        echo-request
        option family           ipv4
        option target           ACCEPT

config rule
        option name             Allow-IGMP
        option src              wan
        option proto            igmp
        option family           ipv4
        option target           ACCEPT

# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
        option name             Allow-DHCPv6
        option src              wan
        option proto            udp
        option src_ip           fc00::/6
        option dest_ip          fc00::/6
        option dest_port        546
        option family           ipv6
        option target           ACCEPT

config rule
        option name             Allow-MLD
        option src              wan
        option proto            icmp
        option src_ip           fe80::/10
        list icmp_type          '130/0'
        list icmp_type          '131/0'
        list icmp_type          '132/0'
        list icmp_type          '143/0'
        option family           ipv6
        option target           ACCEPT

# Allow essential incoming IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Input
        option src              wan
        option proto            icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        list icmp_type          router-solicitation
        list icmp_type          neighbour-solicitation
        list icmp_type          router-advertisement
        list icmp_type          neighbour-advertisement
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT

# Allow essential forwarded IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Forward
        option src              wan
        option dest             *
        option proto            icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT

config rule
        option name             Allow-IPSec-ESP
        option src              wan
        option dest             lan
        option proto            esp
        option target           ACCEPT

config rule
        option name             Allow-ISAKMP
        option src              wan
        option dest             lan
        option dest_port        500
        option proto            udp
        option target           ACCEPT

# include a file with users custom iptables rules
config include
        option path             /etc/firewall.user
2

Please use </> instead of quotes.

3

:ok_hand:
Quotes changed to </>

1 Like
4

Is it your intention to place wlan0 in it's own network, or did you intend to place it in LAN?

If it should be in LAN:

1.
FIX:

Change to:

option name lan
	list network 'lan wlan'

2.
Delete config interface 'wlan' section and edit:

config interface 'lan'
        option  ifname          'eth0 eth1 wlan0'
        option  type            'bridge'
        option proto            'dhcp'
1 Like
5

If you're connecting to an ordinary AP you cannot bridge the STA into a network. It has to have its own network and then use the firewall to route / NAT to it.

The /etc/config/network stanza should not name out any wifi networks. Attach wifi interfaces to a network by using option network in /etc/config/wireless. This will automatically use the correct name as the name is automatically generated.

In other words your /etc/config/wireless setting up the STA would have:

...
    option mode 'sta'
    option network 'wlan'
...

while the definition of the 'wlan' network in /etc/config/network would consist only of this:

config interface 'wlan'
    option proto 'dhcp'

That is your name 'wlan', which is not conventional. (A 'wlan' or Wireless LAN is conventionally an AP bridged into the LAN) Usually such an interface is named 'wwan' (Wireless WAN), or simply re-purpose the default 'wan' by removing any Ethernet ports from it. Of course any name will work as long as you are consistent in applying it in the firewall as well.

1 Like
6

@mk24 Thank you very much for clarification!
To sum up, I'm pasting below all my config with changes you suggested.
Do you see any more potential issues with it?

/etc/config/network

config interface 'loopback'
        option ifname           'lo'
        option proto            'static'
        option ipaddr           '127.0.0.1'
        option netmask          '255.0.0.0'

config globals 'globals'
        option ula_prefix       'fdd3:9a1a:c9d9::/48'

config interface 'lan'
        option  ifname          'eth0 eth1'
        option  type            'bridge'
        option proto            'dhcp'

config interface 'wwan'
        option proto            'dhcp'

/etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'platform/ar933x_wmac'
        option htmode 'HT20'
        option disabled '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option mode 'sta'
        option network 'wwan'
        option encryption 'psk2'
        option ssid 'MyWiFi'
        option key 'password'

/etc/config/firewall

config defaults
        option syn_flood        1
        option input            ACCEPT
        option output           ACCEPT
        option forward          REJECT
# Uncomment this line to disable ipv6 rules
#       option disable_ipv6     1

config zone
        option name             lan
        list   network          'lan wwan'
        option input            ACCEPT
        option output           ACCEPT
        option forward          ACCEPT

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
        option name             Allow-DHCP-Renew
        option src              wan
        option proto            udp
        option dest_port        68
        option target           ACCEPT
        option family           ipv4

# Allow IPv4 ping
config rule
        option name             Allow-Ping
        option src              wan
        option proto            icmp
        option icmp_type        echo-request
        option family           ipv4
        option target           ACCEPT

config rule
        option name             Allow-IGMP
        option src              wan
        option proto            igmp
        option family           ipv4
        option target           ACCEPT

# Allow DHCPv6 replies
# see https://dev.openwrt.org/ticket/10381
config rule
        option name             Allow-DHCPv6
        option src              wan
        option proto            udp
        option src_ip           fc00::/6
        option dest_ip          fc00::/6
        option dest_port        546
        option family           ipv6
        option target           ACCEPT

config rule
        option name             Allow-MLD
        option src              wan
        option proto            icmp
        option src_ip           fe80::/10
        list icmp_type          '130/0'
        list icmp_type          '131/0'
        list icmp_type          '132/0'
        list icmp_type          '143/0'
        option family           ipv6
        option target           ACCEPT

# Allow essential incoming IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Input
        option src              wan
        option proto            icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        list icmp_type          router-solicitation
        list icmp_type          neighbour-solicitation
        list icmp_type          router-advertisement
        list icmp_type          neighbour-advertisement
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT

# Allow essential forwarded IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Forward
        option src              wan
        option dest             *
        option proto            icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT

config rule
        option name             Allow-IPSec-ESP
        option src              wan
        option dest             lan
        option proto            esp
        option target           ACCEPT

config rule
        option name             Allow-ISAKMP
        option src              wan
        option dest             lan
        option dest_port        500
        option proto            udp
        option target           ACCEPT

# include a file with users custom iptables rules
config include
        option path             /etc/firewall.user
7

Actually, it was correct.
list allows multiple entries for the same option, while option requires a single entry, but allows space separated values.

1 Like