Posted: Mon Jul 25, 2022 22:49 Post subject: R7800 Guest Networks / VAPs of all flavors not getting IP
2x R7800 running r49492 (07-15-22); one gateway, one AP
pi-hole for DNS only
No VLANs
At some point in a much earlier build from 2020 or 2021 I had a functional VAP / guest wifi network. With anything recent including my current build, VAPs of any flavor cannot get an IP.
I have read all of the various official and non-official guides to see if I am missing something, and cannot find anything I am doing incorrectly.
The VAP is only for my gateway R7800. Unbridged, AP and network isolation, forced DNS redirection to pi-hole. Disabling any or all of those three doesn't solve it.
I have tried using the standard DHCPd method and also the (oudated?) DNSMasq method, both with 5 GHz and 2.4 GHz radios.
Rebooting after all setting changes.
In all cases, Clients can connect but cannot get an IP (aka "connected without internet").
Edit: I have added screenshots of the VAP setup in the linked thread.
Wow, that's an extremely comprehensive guide to using pi-hole with DD-WRT. I have had my pi-hole with DD-WRT for quite a long time and never had issues with guest / VAP until recent builds though. I use unbound on my pi-hole as well, and my settings are already as your Example 2 is, as well as the VAP screenshots you added.
Tested and working on my R7800 running build 49544
Much appreciated. Yours was one of the guides I had previously followed (and dare I say the clearest), though I just did it again. Still the same behavior on all clients.
I'll go through one more time just to be sure. Thanks again.
Make sure that no additional options like "force DNS redirection" are selected in the GUI.
I have this running myself with example 2 + VAP's + force DNS redirection via firewall - this works fine.
Sometimes it is necessary to restart the router after ALL settings have been applied 1:1.
AHA! It was the forced DNS redirect enabled on my VAP that was the culprit. I had missed that in the guides.
I will look into enabling DNS redirect via firewall rules as you have. I have a Nest thermostat that I'm pretty sure has hardcoded 8.8.8.8 which I'm trying to lock down.
Make sure that no additional options like "force DNS redirection" are selected in the GUI.
I have this running myself with example 2 + VAP's + force DNS redirection via firewall - this works fine.
Sometimes it is necessary to restart the router after ALL settings have been applied 1:1.
AHA! It was the forced DNS redirect enabled on my VAP that was the culprit. I had missed that in the guides.
I will look into enabling DNS redirect via firewall rules as you have. I have a Nest thermostat that I'm pretty sure has hardcoded 8.8.8.8 which I'm trying to lock down.
Much appreciated!
Two questions regarding this:
1. In my Commands, I already have the following, but cannot recall if it was related to a past OpenVPN setup which I'm no longer using or a pi-hole related rule. Is this necessary?
2. With the firewall rules you specify, is there a way to have forced DNS redirection ONLY for the VAP I'm using (wlan1.1) and not my main lan and wlan?
If you only want to filter DNS requests on the interface wlan1.1 then you only take the last section.
you can test it by configuring a static DNS server in the network settings (e.g. 8.8.8.8 ) on a client connected to wlan1.1 and then start a DNS leak test.