Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

FS#3027 - netifd: when setting isolate clients for wireless interface, the interface is not given an address #7790

Closed
openwrt-bot opened this issue Apr 20, 2020 · 2 comments
Closed

FS#3027 - netifd: when setting isolate clients for wireless interface, the interface is not given an address #7790

openwrt-bot opened this issue Apr 20, 2020 · 2 comments
Labels
flyspray

Comments

@openwrt-bot
Copy link

jonathanunderwood:

Device problem occurs on

BT Homehub 5A

Software versions of OpenWrt/LEDE release, packages, etc.

netifd - 2019-08-05-5e02f944-1

Steps to reproduce

My device (BT Homehub 5A) has two radios: a 2.4GHz radio and a 5 GHz radio.

On each radio I have set up a guest wifi network, following the instructions here: https://openwrt.org/docs/guide-user/network/wifi/guestwifi/guest-wlan-webinterface.

On the 5 GHz radio I have the ESSIDs: Nirvana5G and Guest5G. On the 2.4 GHz radio I have the ESSIDs: Nirvana and Guest.

For Guest and Guest5G I have selected "Isolate clients".

This is where it gets weird. I can connect devices to Nirvana5G, Nirvana, and Guest, but NOT Guest5G. Connecting to Guest5G results in the device failing to get an IP address from DHCP, and in the router logs I see:

Mon Apr 20 20:04:43 2020 daemon.warn dnsmasq-dhcp[9186]: DHCP packet received on wlan0-1 which has no address Mon Apr 20 20:04:48 2020 daemon.warn dnsmasq-dhcp[9186]: DHCP packet received on wlan0-1 which has no address Mon Apr 20 20:04:53 2020 daemon.warn dnsmasq-dhcp[9186]: DHCP packet received on wlan0-1 which has no address Mon Apr 20 20:04:57 2020 daemon.warn dnsmasq-dhcp[9186]: DHCP packet received on wlan0-1 which has no address Mon Apr 20 20:05:05 2020 daemon.warn dnsmasq-dhcp[9186]: DHCP packet received on wlan0-1 which has no address

Sure enough:

root@router:/etc/config# ip a 1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc fq_codel state DOWN qlen 1000 link/ether ea:3d:84:7b:03:bf brd ff:ff:ff:ff:ff:ff 3: ifb0: mtu 1500 qdisc noop state DOWN qlen 32 link/ether 4a:d0:2f:58:ba:46 brd ff:ff:ff:ff:ff:ff 4: ifb1: mtu 1500 qdisc noop state DOWN qlen 32 link/ether 8a:f4:ae:5d:c1:c0 brd ff:ff:ff:ff:ff:ff 12: br-lan: mtu 1500 qdisc noqueue state UP qlen 1000 link/ether 8c:10:d4:01:eb:1a brd ff:ff:ff:ff:ff:ff inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan valid_lft forever preferred_lft forever inet6 fdce:bfe6:e2b7::1/60 scope global valid_lft forever preferred_lft forever inet6 fe80::8e10:d4ff:fe01:eb1a/64 scope link valid_lft forever preferred_lft forever 13: eth0.1@eth0: mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN qlen 1000 link/ether 8c:10:d4:01:eb:1a brd ff:ff:ff:ff:ff:ff 14: wlan1: mtu 1500 qdisc noqueue master br-lan state UP qlen 1000 link/ether 8c:10:d4:01:eb:1c brd ff:ff:ff:ff:ff:ff inet6 fe80::8e10:d4ff:fe01:eb1c/64 scope link valid_lft forever preferred_lft forever 15: wlan0: mtu 1500 qdisc noqueue master br-lan state UP qlen 1000 link/ether 8c:10:d4:01:eb:1d brd ff:ff:ff:ff:ff:ff inet6 fe80::8e10:d4ff:fe01:eb1d/64 scope link valid_lft forever preferred_lft forever 16: wlan1-1: mtu 1500 qdisc noqueue state UP qlen 1000 link/ether 8e:10:d4:01:eb:1c brd ff:ff:ff:ff:ff:ff inet 192.168.2.1/24 brd 192.168.2.255 scope global wlan1-1 valid_lft forever preferred_lft forever inet6 fe80::8c10:d4ff:fe01:eb1c/64 scope link valid_lft forever preferred_lft forever 17: wlan0-1: mtu 1500 qdisc noqueue state UP qlen 1000 link/ether 8e:10:d4:01:eb:1d brd ff:ff:ff:ff:ff:ff inet6 fe80::8c10:d4ff:fe01:eb1d/64 scope link valid_lft forever preferred_lft forever 18: wlan0.sta1: mtu 1500 qdisc noqueue master br-lan state UNKNOWN qlen 1000 link/ether 8c:10:d4:01:eb:1d brd ff:ff:ff:ff:ff:ff inet6 fe80::8e10:d4ff:fe01:eb1d/64 scope link valid_lft forever preferred_lft forever 19: pppoa-wan: mtu 1500 qdisc cake state UNKNOWN qlen 3 link/ppp inet 91.125.43.197 peer 172.16.12.24/32 scope global pppoa-wan valid_lft forever preferred_lft forever 22: ifb4pppoa-wan: mtu 1500 qdisc cake state UNKNOWN qlen 32 link/ether 5a:85:8a:05:94:11 brd ff:ff:ff:ff:ff:ff inet6 fe80::5885:8aff:fe05:9411/64 scope link valid_lft forever preferred_lft forever

And, even weirder, if I remove "Isolate clients" from Guest5G, wlan0-1 gets an address, but wlan1-1 (i.e. Guest) doesn't!:

# ip a 1: lo: mtu 65536 qdisc noqueue state UNKNOWN qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: mtu 1500 qdisc fq_codel state DOWN qlen 1000 link/ether ea:3d:84:7b:03:bf brd ff:ff:ff:ff:ff:ff 3: ifb0: mtu 1500 qdisc noop state DOWN qlen 32 link/ether 4a:d0:2f:58:ba:46 brd ff:ff:ff:ff:ff:ff 4: ifb1: mtu 1500 qdisc noop state DOWN qlen 32 link/ether 8a:f4:ae:5d:c1:c0 brd ff:ff:ff:ff:ff:ff 12: br-lan: mtu 1500 qdisc noqueue state UP qlen 1000 link/ether 8c:10:d4:01:eb:1a brd ff:ff:ff:ff:ff:ff inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan valid_lft forever preferred_lft forever inet6 fdce:bfe6:e2b7::1/60 scope global valid_lft forever preferred_lft forever inet6 fe80::8e10:d4ff:fe01:eb1a/64 scope link valid_lft forever preferred_lft forever 13: eth0.1@eth0: mtu 1500 qdisc noqueue master br-lan state LOWERLAYERDOWN qlen 1000 link/ether 8c:10:d4:01:eb:1a brd ff:ff:ff:ff:ff:ff 14: wlan1: mtu 1500 qdisc noqueue master br-lan state UP qlen 1000 link/ether 8c:10:d4:01:eb:1c brd ff:ff:ff:ff:ff:ff inet6 fe80::8e10:d4ff:fe01:eb1c/64 scope link valid_lft forever preferred_lft forever 16: wlan1-1: mtu 1500 qdisc noqueue state UP qlen 1000 link/ether 8e:10:d4:01:eb:1c brd ff:ff:ff:ff:ff:ff inet6 fe80::8c10:d4ff:fe01:eb1c/64 scope link valid_lft forever preferred_lft forever 19: pppoa-wan: mtu 1500 qdisc cake state UNKNOWN qlen 3 link/ppp inet 91.125.43.197 peer 172.16.12.24/32 scope global pppoa-wan valid_lft forever preferred_lft forever 22: ifb4pppoa-wan: mtu 1500 qdisc cake state UNKNOWN qlen 32 link/ether 5a:85:8a:05:94:11 brd ff:ff:ff:ff:ff:ff inet6 fe80::5885:8aff:fe05:9411/64 scope link valid_lft forever preferred_lft forever 24: wlan0: mtu 1500 qdisc noqueue master br-lan state UP qlen 1000 link/ether 8c:10:d4:01:eb:1d brd ff:ff:ff:ff:ff:ff inet6 fe80::8e10:d4ff:fe01:eb1d/64 scope link valid_lft forever preferred_lft forever 25: wlan0-1: mtu 1500 qdisc noqueue state UP qlen 1000 link/ether 8e:10:d4:01:eb:1d brd ff:ff:ff:ff:ff:ff inet 192.168.2.1/24 brd 192.168.2.255 scope global wlan0-1 valid_lft forever preferred_lft forever inet6 fe80::8c10:d4ff:fe01:eb1d/64 scope link valid_lft forever preferred_lft forever 26: wlan0.sta1: mtu 1500 qdisc noqueue master br-lan state UNKNOWN qlen 1000 link/ether 8c:10:d4:01:eb:1d brd ff:ff:ff:ff:ff:ff inet6 fe80::8e10:d4ff:fe01:eb1d/64 scope link valid_lft forever preferred_lft forever

The corresponding config files are:

/etc/config/wireless:

config wifi-device 'radio0'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'pci0000:01/0000:01:00.0/0000:02:00.0'
option htmode 'VHT80'

config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option key 'XXX'
option ssid 'Nirvana5G'
option encryption 'psk2'
option wds '1'

config wifi-device 'radio1'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'pci0000:00/0000:00:0e.0'
option htmode 'HT20'

config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'Nirvana'
option encryption 'psk2'
option key 'XXX'

config wifi-iface 'wifinet2'
option network 'isolated'
option ssid 'Guest5G'
option encryption 'psk2'
option device 'radio0'
option mode 'ap'
option isolate '1'
option key 'XXX'

config wifi-iface 'wifinet3'
option network 'isolated'
option ssid 'Guest'
option encryption 'psk2'
option device 'radio1'
option mode 'ap'
option key 'XXX'
option isolate '1'

/etc/config/network:

config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'

config globals 'globals'
option ula_prefix 'fdce:bfe6:e2b7::/48'

config dsl 'dsl'
option annex 'a'
option xfer_mode 'atm'
option ds_snr_offset '0'
option tone 'a'
option line_mode 'adsl'

config interface 'lan'
option type 'bridge'
option ifname 'eth0.1'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'

config device 'lan_eth0_1_dev'
option name 'eth0.1'
option macaddr '8c:10:d4:01:eb:1a'

config interface 'wan'
option ifname 'dsl0'
option pppd_options 'debug'
option delegate '0'
option proto 'pppoa'
option atmdev '0'
option encaps 'vc'
option vci '38'
option password 'jgu@gzwq337'
option username 'jgunderwood@plusdsl.net'
option vpi '0'
option ipv6 '0'
list dns '127.0.0.1'
option peerdns '0'

config device 'wan_dsl0_dev'
option name 'dsl0'
option macaddr '8c:10:d4:01:eb:1b'

config interface 'wan6'
option ifname '@wan'
option proto 'dhcpv6'
list dns '0::1'
option reqprefix 'auto'
option reqaddress 'try'
option peerdns '0'

config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'

config switch_vlan
option device 'switch0'
option vlan '1'
option ports '0 1 2 4 6t'

config switch_vlan
option device 'switch0'
option vlan '2'
option ports '5 6t'

config interface 'isolated'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'

/etc/config/firewall:

config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'

config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'

config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option output 'ACCEPT'
option masq '1'
option mtu_fix '1'
option input 'DROP'
option forward 'DROP'

config forwarding
option src 'lan'
option dest 'wan'

config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'

config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option family 'ipv4'
list icmp_type 'echo-request'
option target 'DROP'

config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'

config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'

config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'

config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'

config include
option path '/etc/firewall.user'

config zone
option network 'isolated'
option forward 'REJECT'
option name 'isolated'
option output 'ACCEPT'
option input 'REJECT'

config forwarding
option dest 'wan'
option src 'isolated'

config rule
option dest_port '53'
option name 'Isolated DNS'
option target 'ACCEPT'
option src 'isolated'

config rule
option name 'Isolated DHCP'
option target 'ACCEPT'
option dest_port '67-68'
list proto 'udp'
option src 'isolated'
@openwrt-bot
Copy link
Author

jonathanunderwood:

In case it's relevant:

/etc/config/dhcp

config dnsmasq option domainneeded '1' option localise_queries '1' option rebind_protection '1' option rebind_localhost '1' option local '/lan/' option domain 'lan' option expandhosts '1' option authoritative '1' option readethers '1' option leasefile '/tmp/dhcp.leases' option localservice '1' option confdir '/tmp/dnsmasq.d' list server '127.0.0.1#5453' option noresolv '1'

config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv6 'server'
option ra 'server'

config dhcp 'wan'
option interface 'wan'
option ignore '1'

config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'

config dhcp 'isolated'
option interface 'isolated'
option start '100'
option leasetime '12h'
option limit '150'

@openwrt-bot
Copy link
Author

jonathanunderwood:

Solved, not a bug.

The missing piece is that, since I am trying to connect two virtual interfaces to the isolated network, the isolated network needed to be set up as a bridge.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
flyspray
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@openwrt-bot