The content of this topic has been archived on 27 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.
Hi,
i have a problem with my openwrt Router. I tried to connect to a wisp network but i didnt receive an IP. Does anybody know why? Is there a restriction possible by the network owner? I have only a problem with my router. I tried the original TP Link software and now openwrt. Other devices get an IP.
Perhaps somebody can hell
Chris
With so little information, there is not much anybody can do to help you...
Okay. How can I offer my config to you? I use LuCi.
If you are on windows try using WinSCP
You config files are etc\config
Also include your specific device info, firmware version and specific messages you see
On the Network:Wireless page, do you have signal bars showing for the wifi client interface that is connecting to your ISP?
Hi, i tried to fetch some information about my configuration via telnet:
Hostname OpenWrt
Model TP-Link TL-MR3020 v1
Firmware Version OpenWrt Chaos Calmer 15.05.1 / LuCI 15.05-149-g0d8bbd2 Release (git-15.363.78009-956be55)
Kernel Version 3.18.23
wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'platform/ar933x_wmac'
option htmode 'HT20'
option disabled '0'
option txpower '15'
option country 'DE'
config wifi-iface
option ssid 'IdF_NRW'
option encryption 'none'
option device 'radio0'
option mode 'sta'
option network 'wwan'
option bssid '6C:F3:7F:B2:CE:80'
config wifi-iface
option device 'radio0'
option mode 'ap'
option encryption 'none'
option ssid 'MR3020'
option network 'lan'network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fdbd:74f3:43ec::/48'
config interface 'lan'
option ifname 'eth0'
option force_link '1'
option type 'bridge'
option proto 'static'
option netmask '255.255.255.0'
option ip6assign '60'
option ipaddr '192.168.10.1'
config interface 'wwan'
option proto 'dhcp'
option defaultroute '0'dhcp
config dnsmasq
option boguspriv '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option localservice '1'
list server '172.16.101.250'
option domainneeded '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'
option ra_management '1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
config dhcp 'Netz2'
option start '100'
option leasetime '12h'
option limit '150'
option interface 'Netz2'It is an Institute Wlan where i want to connect via Wlan an share this to more than one device.Normally i connect to a "start" page where i have to login with my username and password. But with my router i get no ip fo the I***** Wlan and i dont know why.
I tried such a config at home with my fritz Box and it worked. So i suggest that there is a security rule by the Idf Wlan to reduce such tries with mobile routers? I dont know. So i hope the informations are enough to get an impression for my problem.
Chris
(Last edited by Chris1809 on 19 Sep 2017, 22:02)
Open a connection, type "logread -f", and then restart the WWAN interface; post the messages here, please.
Hey, folowing output after logread -f:
Sat Sep 16 05:26:00 2017 kern.info kernel: [ 1084.150000] wlan0: deauthenticating from 6c:f3:7f:b2:ce:80 by local choice (Reason: 3=DEAUTH_LEAVING)
Sat Sep 16 05:26:00 2017 daemon.notice netifd: Network device 'wlan0' link is down
Sat Sep 16 05:26:00 2017 daemon.notice netifd: Interface 'wwan' has link connectivity loss
Sat Sep 16 05:26:00 2017 daemon.notice netifd: Interface 'wwan' is disabled
Sat Sep 16 05:26:01 2017 daemon.notice netifd: wwan (4026): udhcpc: SIOCGIFINDEX: No such device
Sat Sep 16 05:26:01 2017 daemon.notice netifd: wwan (4026): Received SIGTERM
Sat Sep 16 05:26:06 2017 daemon.warn dnsmasq[3213]: no servers found in /tmp/resolv.conf.auto, will retry
Sat Sep 16 05:26:08 2017 kern.info kernel: [ 1091.520000] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
Sat Sep 16 05:26:08 2017 daemon.notice netifd: radio0 (4521): Successfully initialized wpa_supplicant
Sat Sep 16 05:26:08 2017 daemon.notice netifd: Interface 'wwan' is enabled
Sat Sep 16 05:26:11 2017 kern.info kernel: [ 1094.510000] wlan0: authenticate with 6c:f3:7f:b2:ce:80
Sat Sep 16 05:26:11 2017 kern.info kernel: [ 1094.530000] wlan0: send auth to 6c:f3:7f:b2:ce:80 (try 1/3)
Sat Sep 16 05:26:11 2017 kern.info kernel: [ 1094.540000] wlan0: authenticated
Sat Sep 16 05:26:11 2017 kern.info kernel: [ 1094.560000] wlan0: associate with 6c:f3:7f:b2:ce:80 (try 1/3)
Sat Sep 16 05:26:11 2017 kern.info kernel: [ 1094.560000] wlan0: RX AssocResp from 6c:f3:7f:b2:ce:80 (capab=0x1421 status=0 aid=2)
Sat Sep 16 05:26:11 2017 kern.info kernel: [ 1094.570000] wlan0: associated
Sat Sep 16 05:26:11 2017 kern.info kernel: [ 1094.570000] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
Sat Sep 16 05:26:11 2017 daemon.notice netifd: Network device 'wlan0' link is up
Sat Sep 16 05:26:11 2017 daemon.notice netifd: Interface 'wwan' has link connectivity
Sat Sep 16 05:26:11 2017 daemon.notice netifd: Interface 'wwan' is setting up now
Sat Sep 16 05:26:11 2017 kern.debug kernel: [ 1094.650000] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by 6c:f3:7f:b2:ce:80
Sat Sep 16 05:26:11 2017 daemon.notice netifd: wwan (4613): udhcpc (v1.23.2) started
Sat Sep 16 05:26:11 2017 daemon.notice netifd: wwan (4613): Sending discover...
Sat Sep 16 05:26:14 2017 daemon.notice netifd: wwan (4613): Sending discover...
Sat Sep 16 05:26:15 2017 daemon.notice netifd: wwan (4613): Sending select for 172.16.101.131...
Sat Sep 16 05:26:15 2017 daemon.notice netifd: wwan (4613): Lease of 172.16.101.131 obtained, lease time 14400
Sat Sep 16 05:26:15 2017 daemon.notice netifd: Interface 'wwan' is now up
Sat Sep 16 05:26:15 2017 daemon.info dnsmasq[3213]: reading /tmp/resolv.conf.auto
Sat Sep 16 05:26:15 2017 daemon.info dnsmasq[3213]: using local addresses only for domain lan
Sat Sep 16 05:26:15 2017 daemon.info dnsmasq[3213]: using nameserver 172.16.101.250#53
Sat Sep 16 05:26:15 2017 user.notice firewall: Reloading firewall due to ifup of wwan (wlan0)So when im connected to the acesspoint net, which should routed through the Wwan i get no access to the login page for the web which is named securelogin.i**.de
(Last edited by Chris1809 on 19 Sep 2017, 22:02)
Make sure that wwan is in your wan firewall zone.
Especially on single Ethernet port devices it makes more sense to just put the wifi client as the only device in the wan network since the firewall is already set up.
Make sure that wwan is in your wan firewall zone.
Especially on single Ethernet port devices it makes more sense to just put the wifi client as the only device in the wan network since the firewall is already set up.
So what can I so in the preferences that it works? Dont know exactly what you mean.
Looks like the OpenWrt device is connecting to the AP, I do not see anything wrong in those messages.
I would now go to the client and debug the connection: does it get and IP address and a DNS? are they correct? can it resolve a domain name? can it ping the web server? ...?
I tried some things in the network. My Laptop connected to the AP anf got an IP. I tried to get access to the login page with my browser an got the answer: "DNS-Adress from the Server securelogin.idf.nrw.de not found; DNS_PROBE_FINISHED_NXDOMAIN"
in System log of my router i got the following output:
Sat Sep 16 05:34:28 2017 daemon.warn dnsmasq[1114]: possible DNS-rebind attack detected: securelogin.de
Sat Sep 16 05:34:29 2017 daemon.warn dnsmasq[1114]: possible DNS-rebind attack detected: securelogin.de
Sat Sep 16 05:34:29 2017 daemon.warn dnsmasq[1114]: possible DNS-rebind attack detected: securelogin
Sat Sep 16 05:34:57 2017 daemon.warn dnsmasq[1114]: possible DNS-rebind attack detected: securelogin.de
Sat Sep 16 05:34:58 2017 daemon.warn dnsmasq[1114]: possible DNS-rebind attack detected: securelogin..de
Sat Sep 16 05:35:03 2017 daemon.warn dnsmasq[1114]: possible DNS-rebind attack detected: securelogin.de
Sat Sep 16 05:35:04 2017 daemon.warn dnsmasq[1114]: possible DNS-rebind attack detected: securelogin.de
Sat Sep 16 05:35:09 2017 daemon.warn dnsmasq[1114]: possible DNS-rebind attack detected: securelogin.de
Sat Sep 16 05:35:17 2017 daemon.warn dnsmasq[1114]: possible DNS-rebind attack detected: securelogin.de
Sat Sep 16 05:35:29 2017 daemon.warn dnsmasq[1114]: possible DNS-rebind attack detected: securelogin.de
Sat Sep 16 05:36:09 2017 daemon.warn dnsmasq[1114]: possible DNS-rebind attack detected: securelogin..de
Sat Sep 16 05:36:19 2017 daemon.warn dnsmasq[1114]: possible DNS-rebind attack detected: securelogin.deIt seems that i have problems with a DNS adress. But i dont know how to find the mistake and the right DNS IP.
(Last edited by Chris1809 on 22 Sep 2017, 14:18)
Either disable DNS-rebind attack protection in DNSMASQ, or add "securelogin.idf.nrw.de" to the list of domains allowed.
Either disable DNS-rebind attack protection in DNSMASQ, or add "securelogin.idf.nrw.de" to the list of domains allowed.
@eduperez, in the context of travel routers would this also work for hotels, cafes and other WISP locations with authentication portals?
Exactly what file do I need to edit these values into? Is this the DHCP & DNS => Gerenal Settings => White List?
I assume the domain whitelist is a safer method. (specific vs global)
eduperez wrote:Either disable DNS-rebind attack protection in DNSMASQ, or add "securelogin.idf.nrw.de" to the list of domains allowed.
@eduperez, in the context of travel routers would this also work for hotels, cafes and other WISP locations with authentication portals?
I guess it depends on the configuration on each hotel / cafe. If you want a general / portable solution, disabling the protection seems he only option.
Exactly what file do I need to edit these values into? Is this the DHCP & DNS => Gerenal Settings => White List?
Yes, that is the option.
Thanks! Will test
(Last edited by RangerZ on 22 Sep 2017, 14:43)
The discussion might have continued from here.