I have configurated proxmox server with wi-fi cart intel ax210.
auto wlp1s0
iface wlp1s0 inet static
wpa-ssid DevOpsNet5g
wpa-psk HidePassword
auto vmbr0
iface vmbr0 inet static
pre-up iw dev wlp1s0 set 4addr on
address 192.168.3.44/24
gateway 192.168.3.1
bridge-ports wlp1s0
bridge-stp off
bridge-fd 0
This server connected to wi-fi router Huawei XD20.
All work good, my virtual machines like 192.168.3.72 or 192.168.3.43 and another can connect to router 192.168.3.1. And my work PC 192.168.3.2 can connect to virtual machines.
But when i replace old router, to xiaomi ax3000t with
OPENWRT_RELEASE="OpenWrt SNAPSHOT r27266-2c48cda28b"
From router or from my PC i can connect to my server (192.168.3.44).
And cant connect to my VMs. And my VMs cant connect to router.
for testing, i change server connection to wired, and all work good, but i need use wifi.
brada4
September 1, 2024, 10:25am
4
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </>
" button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
From the scheme it seems you need relayd, not 4addr
{
"kernel": "6.6.47",
"hostname": "OpenWrt.p8o.ru",
"system": "ARMv8 Processor rev 4",
"model": "Xiaomi Mi Router AX3000T",
"board_name": "xiaomi,mi-router-ax3000t",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "SNAPSHOT",
"revision": "r27266-2c48cda28b",
"target": "mediatek/filogic",
"description": "OpenWrt SNAPSHOT r27266-2c48cda28b"
}
}
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdfd:33a9:b05::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
option acceptlocal '0'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.3.1'
option netmask '255.255.255.0'
option ip6assign '60'
list dns '192.168.3.44'
list dns_search 'p8o.ru'
option dns_metric '0'
config device
option name 'wan'
option macaddr '78:c5:f8:1e:01:34'
config interface 'wan'
option device 'wan'
option proto 'dhcp'
option dns_metric '100'
config interface 'wan6'
option device 'wan'
option proto 'dhcpv6'
config rule
option name 'mark0x1'
option mark '0x1'
option priority '100'
option lookup 'vpn'
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/18000000.wifi'
option band '2g'
option channel '1'
option htmode 'HE20'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'DevOpsNet'
option encryption 'psk2'
option isolate '0'
option key '***********'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc/18000000.wifi+1'
option band '5g'
option htmode 'HE160'
option cell_density '0'
option country 'RU'
option channel 'auto'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'DevOpsNet5g'
option encryption 'sae-mixed'
option key '*********'
option ocv '0'
config dnsmasq
option localise_queries '1'
option rebind_protection '0'
option local '/lan/'
option domain 'p8o.ru'
option server '192.168.3.44'
option expandhosts '1'
option cachesize '1000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option ignore '1'
config dhcp 'wan'
option interface 'wan'
option start '100'
option limit '150'
option leasetime '12h'
config ipset
list name 'vpn_domains'
list domain 'graylog.org'
list domain 'terraform.io'
list domain 'ea.com'
config defaults
option syn_flood '1'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config zone
option name 'singbox'
option device 'tun0'
option forward 'ACCEPT'
option output 'ACCEPT'
option input 'ACCEPT'
option masq '1'
option mtu_fix '1'
option family 'ipv4'
config forwarding
option name 'singbox-lan'
option dest 'singbox'
option src 'lan'
option family 'ipv4'
config ipset
option name 'vpn_domains'
option match 'dst_net'
config rule
option name 'mark_domains'
option src 'lan'
option dest '*'
option proto 'all'
option ipset 'vpn_domains'
option set_mark '0x1'
option target 'MARK'
option family 'ipv4'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'pve1'
list proto 'all'
option src 'wan'
option dest_ip '192.168.3.44'