Modify

Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#21623 closed defect (not_a_bug)

TP-LINK 3020 no internet on wan

Reported by: pavel.masloff@… Owned by: developers
Priority: normal Milestone:
Component: packages Version: Trunk
Keywords: wan tplink-3020 Cc:

Description

Hi guys,

I have a problem. I have been attempting to follow this tutorial https://www.loganmarchione.com/2015/02/openwrt-with-openvpn-client-on-tp-link-tl-mr3020-3/ on how to separate home network from the ISP network. And gotten to the point "Unbridge LAN interfaces". So currently my router is acting as an access point - it's bridged with the wan interface. So I cannot have Internet and connect to the router via ssh at the same time. So the internet works ok, however I don't have my home network. At this point I have the following settings:

/etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fdd0:e55f:6b69::/48'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '10.80.1.1'

config interface 'WAN'
        option proto 'dhcp'
        option ifname 'eth0'

/etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'platform/ar933x_wmac'
        option htmode 'HT20'
        option txpower '18'
        option country 'SI'

config wifi-iface
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'maslick-sr'
        option encryption 'psk2+ccmp'
        option key 'password123'

/etc/config/firewall

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan wan6 WAN'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config rule
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

When I do

uci delete network.lan.ifname
uci delete network.lan.type
uci commit network
/etc/init.d/network restart

and plug the router's wan port into the ISP network, I don't have internet, but can ssh to the router:

root@OpenWrt:~# uname -a
Linux OpenWrt 4.1.13 #1 Wed Jan 6 18:45:30 UTC 2016 mips GNU/Linux

root@OpenWrt:~# ifconfig 
eth0      Link encap:Ethernet  HWaddr 30:B5:C2:09:E4:10  
          inet6 addr: fe80::32b5:c2ff:fe09:e410%4566360/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1340 errors:0 dropped:433 overruns:0 frame:0
          TX packets:845 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:102770 (100.3 KiB)  TX bytes:273282 (266.8 KiB)
          Interrupt:4 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1%2000514776/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:2392 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2392 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:162244 (158.4 KiB)  TX bytes:162244 (158.4 KiB)

wlan0     Link encap:Ethernet  HWaddr 30:B5:C2:09:E4:10  
          inet addr:10.80.1.1  Bcast:10.80.1.255  Mask:255.255.255.0
          inet6 addr: fe80::32b5:c2ff:fe09:e410%4566072/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9133 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1183 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:724527 (707.5 KiB)  TX bytes:291343 (284.5 KiB)
root@OpenWrt:~# logread 
Tue Jan  5 12:56:14 2016 daemon.notice netifd: Interface 'wan' is setting up now
Tue Jan  5 12:56:14 2016 daemon.notice netifd: Network device 'eth0' link is down
Tue Jan  5 12:56:14 2016 daemon.notice netifd: Interface 'wan' has link connectivity loss
Tue Jan  5 12:56:14 2016 daemon.notice netifd: wan (4058): Command failed: Permission denied
Tue Jan  5 12:56:14 2016 kern.info kernel: [ 2262.819313] eth0: link up (100Mbps/Full duplex)
Tue Jan  5 12:56:14 2016 kern.info kernel: [ 2262.822434] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
Tue Jan  5 12:56:14 2016 daemon.notice netifd: Network device 'eth0' link is up
Tue Jan  5 12:56:14 2016 daemon.notice netifd: Interface 'wan' has link connectivity 
Tue Jan  5 12:56:14 2016 daemon.notice netifd: Interface 'wan' is setting up now
Tue Jan  5 12:56:14 2016 daemon.notice netifd: wan (4073): udhcpc (v1.24.1) started
Tue Jan  5 12:56:14 2016 daemon.notice netifd: wan (4073): Sending discover...
Tue Jan  5 12:56:17 2016 daemon.notice netifd: wan (4073): Sending discover...
Tue Jan  5 12:56:20 2016 daemon.notice netifd: wan (4073): Sending discover...
Tue Jan  5 12:58:05 2016 daemon.info hostapd: wlan0: STA 7c:d1:c3:f8:14:11 WPA: group key handshake completed (RSN)
Tue Jan  5 12:59:58 2016 daemon.notice netifd: Interface 'loopback' is now down
Tue Jan  5 12:59:58 2016 daemon.notice netifd: Interface 'loopback' is disabled
Tue Jan  5 12:59:58 2016 daemon.notice netifd: Network device 'lo' link is down
Tue Jan  5 12:59:58 2016 daemon.notice netifd: Interface 'loopback' has link connectivity loss
Tue Jan  5 12:59:58 2016 daemon.notice netifd: Interface 'wifi' is now down
Tue Jan  5 12:59:58 2016 daemon.notice netifd: Interface 'wifi' is disabled
Tue Jan  5 12:59:59 2016 daemon.notice netifd: wan (4073): Received SIGTERM
Tue Jan  5 12:59:59 2016 daemon.notice netifd: Interface 'wan' is now down
Tue Jan  5 12:59:59 2016 kern.info kernel: [ 2487.385241] eth0: link down
Tue Jan  5 12:59:59 2016 daemon.notice netifd: Interface 'wan' is disabled
Tue Jan  5 12:59:59 2016 daemon.notice netifd: Network device 'eth0' link is down
Tue Jan  5 12:59:59 2016 daemon.notice netifd: Interface 'wan' has link connectivity loss
Tue Jan  5 13:00:02 2016 daemon.warn netifd: You have delegated IPv6-prefixes but haven't assigned them to any interface. Did you forget to set option ip6assign on your lan-interfaces?
Tue Jan  5 13:00:02 2016 daemon.notice netifd: Interface 'loopback' is enabled
Tue Jan  5 13:00:02 2016 daemon.notice netifd: Interface 'loopback' is setting up now
Tue Jan  5 13:00:02 2016 daemon.notice netifd: Interface 'loopback' is now up
Tue Jan  5 13:00:02 2016 daemon.notice netifd: Interface 'wan' is enabled
Tue Jan  5 13:00:02 2016 kern.info kernel: [ 2491.260431] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
Tue Jan  5 13:00:02 2016 daemon.notice netifd: Network device 'lo' link is up
Tue Jan  5 13:00:02 2016 daemon.notice netifd: Interface 'loopback' has link connectivity 
Tue Jan  5 13:00:04 2016 daemon.notice netifd: radio0 (4156): Configuration file: /var/run/hostapd-phy0.conf
Tue Jan  5 13:00:04 2016 kern.info kernel: [ 2492.441110] IPv6: ADDRCONF(NETDEV_UP): wlan0: link is not ready
Tue Jan  5 13:00:04 2016 daemon.notice netifd: radio0 (4156): wlan0: interface state UNINITIALIZED->COUNTRY_UPDATE
Tue Jan  5 13:00:04 2016 daemon.notice netifd: radio0 (4156): Using interface wlan0 with hwaddr 30:b5:c2:09:e4:10 and ssid "maslick-sr"
Tue Jan  5 13:00:04 2016 daemon.info dnsmasq[4018]: exiting on receipt of SIGTERM
Tue Jan  5 13:00:04 2016 daemon.info dnsmasq[4274]: started, version 2.75 cachesize 150
Tue Jan  5 13:00:04 2016 daemon.info dnsmasq[4274]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC loop-detect inotify
Tue Jan  5 13:00:04 2016 daemon.info dnsmasq[4274]: DNS service limited to local subnets
Tue Jan  5 13:00:04 2016 daemon.info dnsmasq[4274]: using local addresses only for domain lan
Tue Jan  5 13:00:04 2016 daemon.warn dnsmasq[4274]: no servers found in /tmp/resolv.conf.auto, will retry
Tue Jan  5 13:00:04 2016 daemon.info dnsmasq[4274]: read /etc/hosts - 4 addresses
Tue Jan  5 13:00:04 2016 daemon.info dnsmasq[4274]: read /tmp/hosts/dhcp - 0 addresses
Tue Jan  5 13:00:04 2016 daemon.info dnsmasq[4274]: read /tmp/hosts/odhcpd - 0 addresses
Tue Jan  5 13:00:05 2016 daemon.notice netifd: radio0 (4156): wlan0: interface state COUNTRY_UPDATE->ENABLED
Tue Jan  5 13:00:05 2016 daemon.notice netifd: radio0 (4156): wlan0: AP-ENABLED 
Tue Jan  5 13:00:05 2016 kern.info kernel: [ 2493.694210] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
Tue Jan  5 13:00:05 2016 daemon.notice netifd: Network device 'wlan0' link is up
Tue Jan  5 13:00:05 2016 daemon.notice netifd: Interface 'wifi' is enabled
Tue Jan  5 13:00:05 2016 daemon.notice netifd: Interface 'wifi' is setting up now
Tue Jan  5 13:00:05 2016 daemon.notice netifd: Interface 'wifi' is now up
Tue Jan  5 13:00:05 2016 daemon.notice netifd: Interface 'wifi' has link connectivity 
Tue Jan  5 13:00:05 2016 user.notice firewall: Reloading firewall due to ifup of wifi (wlan0)
Tue Jan  5 13:00:06 2016 kern.info kernel: [ 2494.819360] eth0: link up (100Mbps/Full duplex)
Tue Jan  5 13:00:06 2016 kern.info kernel: [ 2494.822512] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
Tue Jan  5 13:00:06 2016 daemon.notice netifd: Network device 'eth0' link is up
Tue Jan  5 13:00:06 2016 daemon.notice netifd: Interface 'wan' has link connectivity 
Tue Jan  5 13:00:06 2016 daemon.notice netifd: Interface 'wan' is setting up now
Tue Jan  5 13:00:06 2016 daemon.notice netifd: wan (4345): udhcpc (v1.24.1) started
Tue Jan  5 13:00:06 2016 daemon.notice netifd: wan (4345): Sending discover...
Tue Jan  5 13:00:06 2016 daemon.info dnsmasq[4274]: exiting on receipt of SIGTERM
Tue Jan  5 13:00:06 2016 daemon.info dnsmasq[4357]: started, version 2.75 cachesize 150
Tue Jan  5 13:00:06 2016 daemon.info dnsmasq[4357]: compile time options: IPv6 GNU-getopt no-DBus no-i18n no-IDN DHCP no-DHCPv6 no-Lua TFTP no-conntrack no-ipset no-auth no-DNSSEC loop-detect inotify
Tue Jan  5 13:00:06 2016 daemon.info dnsmasq[4357]: DNS service limited to local subnets
Tue Jan  5 13:00:06 2016 daemon.info dnsmasq-dhcp[4357]: DHCP, IP range 10.80.1.100 -- 10.80.1.249, lease time 12h
Tue Jan  5 13:00:06 2016 daemon.info dnsmasq[4357]: using local addresses only for domain lan
Tue Jan  5 13:00:06 2016 daemon.warn dnsmasq[4357]: no servers found in /tmp/resolv.conf.auto, will retry
Tue Jan  5 13:00:06 2016 daemon.info dnsmasq[4357]: read /etc/hosts - 4 addresses
Tue Jan  5 13:00:06 2016 daemon.info dnsmasq[4357]: read /tmp/hosts/dhcp - 0 addresses
Tue Jan  5 13:00:06 2016 daemon.info dnsmasq[4357]: read /tmp/hosts/odhcpd - 0 addresses
Tue Jan  5 13:00:06 2016 daemon.info dnsmasq-dhcp[4357]: read /etc/ethers - 0 addresses
Tue Jan  5 13:00:08 2016 daemon.info hostapd: wlan0: STA 7c:d1:c3:f8:14:11 IEEE 802.11: authenticated
Tue Jan  5 13:00:08 2016 daemon.info hostapd: wlan0: STA 7c:d1:c3:f8:14:11 IEEE 802.11: associated (aid 1)
Tue Jan  5 13:00:08 2016 daemon.info hostapd: wlan0: STA 7c:d1:c3:f8:14:11 WPA: pairwise key handshake completed (RSN)
Tue Jan  5 13:00:09 2016 daemon.notice netifd: wan (4345): Sending discover...
Tue Jan  5 13:00:12 2016 daemon.notice netifd: wan (4345): Sending discover...

I have to point out that I have an optical cable connected to a Milan MIL-SM801G Ethernet/optics switch (provided by the ISP).

Any ideas?

Thanks in advance!

Attachments (0)

Change History (3)

comment:1 Changed 2 years ago by nbd

  • Resolution set to not_a_bug
  • Status changed from new to closed

You need to remove eth0 from the lan bridge if you want to use it as a WAN interface.

comment:2 Changed 2 years ago by pavel.masloff@…

How can I do that?

comment:3 Changed 2 years ago by pavel.masloff@…

Wrire now I ve done the "Unbridge LAN interfaces" part and here is what I got:

/etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'lan'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option ipaddr '10.80.1.1'

config interface 'WAN'
        option proto 'dhcp'
        option ifname 'eth0'

/etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option channel '11'
        option hwmode '11g'
        option path 'platform/ar933x_wmac'
        option htmode 'HT20'
        option txpower '18'
        option country 'US'
        list ht_capab 'SHORT-GI-20'
        list ht_capab 'SHORT-GI-40'
        list ht_capab 'RX-STBC1'
        list ht_capab 'DSSS_CCK-40'

config wifi-iface
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'maslick-sr'
        option encryption 'psk2+ccmp'
        option key 'password123'

/etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option leasetime '12h'
        option dhcpv6 'server'
        option ra 'server'
        option start '10'
        option limit '20'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        

/etc/config/firewall

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan wan6 WAN'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.user'

config rule
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

Add Comment

Modify Ticket

Action
as closed .
The resolution will be deleted. Next status will be 'reopened'.
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.