Posted: Tue Oct 01, 2019 5:07 Post subject: Guest Network not working in C9
I am running DD-wrt v3.0 r40559 as my main gateway router on C9 v1.
Works fine and now trying to setup guest network. I followed instructions in tutorials for both DNSMasq solution and non DNSMasq and neither work for me.
I can create the VAP and setup unbridged and enable NAT. DNSMasq not clear and not well documented in example.
What is dhcp-option value 3 in the example?
Do I use my local internal IP of 192.168.0.1 or should I use something else
I can see guest network but when I attempt to connect to it, it says connecting for a bit then just drops on my cell phone and goes into loop trying to connect and then drop. Never connects successfully.
Cell connects to 2.4 and 5g ssid from router fine so its not a phone a issue.
Any other suggestions or debug logs to help?
I see others have upgraded to newer builds on C9 v1, may try newer builds and see if issue gets resolved.
Joined: 18 Mar 2014 Posts: 12915 Location: Netherlands
Posted: Tue Oct 01, 2019 8:12 Post subject:
Sometimes it helps to read the build threads.
If you had done so you would have noticed things like:
5. VAPs not working at boot; workaround startup command:
sleep 10;stopservice nas;stopservice wlconf;startservice wlconf;startservice nas
Others report the following:
From approximately mid 2018 VAP's on Broadcom units are problematic, you cannot connect or do not get an IP address. There are workarounds :
1) When VAP is not working at boot; workaround startup command Administration/Commands, Save as Startup:
sleep 10; stopservice nas; stopservice wlconf; startservice wlconf; startservice nas;
2) Alternative way to get VAP working: https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=317181
3) An other user reports the following workaround (save as startup):
sleep 4; stopservice cron; stopservice wlconf; wlconf eth1 up; wlconf eth2 up; startservice cron;
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=319412
4)This one is from @Redhawk (guaranteed to work ):
sleep 20; stopservice nas; wlconf eth1 down; wlconf eth2 down; wlconf eth1 up; wlconf eth2 up; startservice nas; logger "VAP workaround executed";
Attached my notes how I do it but there are more ways to do it
Attached my notes how I do it but there are more ways to do it
Hi. I too am using "dd-wrt.v24-40559_NEWD 2_K3.x_mega.bin" but on my ASUS RT-N12 D1. I followed your .DOC instructions for "Separate (unbridged) VAP". I also entered those startup commands just to be sure.
It seems to be working okay, as the clients get a separate IP from the WAN IP. But I can still access all machines on the WAN side from the VAP.
I was experimenting with some firewall commands and I can block access to specific IPs or an IP range, but I'm hoping for a more elegant and proper solution. The firewall settings in your .DOC don't work for me since I have my WAN port connected to my outside LAN.
I'm trying to create an isolated access point that only has access to internet and nothing else. I'm plugging the WAN into my LAN and will set a static IP for the WAN going to one of my internet modems on my network.
EDIT:
Ok, after searching a lot I found something that seems to work okay. Even though I can ping the router's LAN IP and the WAN IP, I can't access anything in the router or behind it. No networking shows up either and I can't access any client machines on the WAN.
Posted: Fri Nov 08, 2019 6:22 Post subject: Re: Guest Network not working in C9
nmarmolejo wrote:
I am running DD-wrt v3.0 r40559 as my main gateway router on C9 v1.
Works fine and now trying to setup guest network. I followed instructions in tutorials for both DNSMasq solution and non DNSMasq and neither work for me.
I can create the VAP and setup unbridged and enable NAT. DNSMasq not clear and not well documented in example.
What is dhcp-option value 3 in the example?
Do I use my local internal IP of 192.168.0.1 or should I use something else
I can see guest network but when I attempt to connect to it, it says connecting for a bit then just drops on my cell phone and goes into loop trying to connect and then drop. Never connects successfully.
Cell connects to 2.4 and 5g ssid from router fine so its not a phone a issue.
Any other suggestions or debug logs to help?
I see others have upgraded to newer builds on C9 v1, may try newer builds and see if issue gets resolved.
I run r3.0-r41027 on my C9v1. VAP with dnsmasq works without any problem. As my main network is 192.168.2.x, I want my guest network as 192.168.4.x, so:
you also need to put this commands and save firewall.
iptables -I FORWARD -i wl0.1 -d `nvram get lan_ipaddr`/`nvram get lan_netmask` -m state --state NEW -j DROP
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to `nvram get lan_ipaddr`
Could you try this version and if still not works, let me know.
Joined: 18 Mar 2014 Posts: 12915 Location: Netherlands
Posted: Fri Nov 08, 2019 10:53 Post subject:
@bthoven and @skram0 appreciate you are posting and trying to help, please keep on doing that.
But some remarks
@skram0, you can connect to machines on the WAN side, of course you can, that is the internet site and normally you want internet access, but in your case you have probably daisy chained routers and do not want access from your secondary to yor primary router.
But we do not know because you are not telling that.
To block access you need just ONE of the rules you posted, can not tell you which one as I do not know your setup.
@bthoven, the DNSMasq method was necessary in the old days, now DDWRT can do it for you under Setup/Networking, on the bottom add DHCP server.
In special cases I still use the manual DHCP setup but it is easier to let DDWRT do that for you if you are not experienced, besides your setup is only for the first radio on broadcom devices, for other radio's and CPU's you need other settings.
The firewall rules are only necessary if you are setting up a VAP on a WAP, maybe you have but we do not know as you are not telling us that.
For a Normal VAP just ticking the Net Isolation is sufficient.
You see why it is important that you do not only tell us the router model, build number (and Kernel if there are multiple versions) but also Network setup.
Do not let my lamenting discourage you, keep on posting
Below I attach some pointers, and please do not use the router database.
Here is an excerpt of the forum rules, the rules are there so that we can help you better and we can all profit from it:
1. Research your router, start with the supported devices wiki:
https://wiki.dd-wrt.com/wiki/index.php/Supported_Devices .
2. In the supported devices wiki you can see if your router is supported and what architecture your router has and if you are lucky also an install guide/wiki.
3. Post in the right forum, from the former step you can see if your router is Broadcom, Qualcomm/Atheros, Marvell or other, use that forum to post router specific questions, for networking questions post in the Advanced Networking forum and for other things in the General Questions forum.
4. When posting always state router model, build number and when applicable the Kernel version.
Describe your problem and how you think it can be solved.
Give as much detail as you can also provide your network setup if applicable.
For your Network setup state what wiki you have used: https://wiki.dd-wrt.com/wiki/index.php/Linking_Routers
5. When posting pictures make sure the maximum width is not more than 600 pixels.
6. Do not hijack a thread, meaning do not post your own problem in someone else's thread. Just start your own thread.
7. If your post is answered and your problem solved, mark your thread with [SOLVED] (the header of your first post).
8. Do NOT use the router database, builds can be found at:
https://dd-wrt.com/support/other-downloads/?path=betas%2F2019%2F
All builds are beta including those from the router database.
9. Before uploading a new build to your router, research the build by looking in the build threads.
This is an example of a build thread for build 41328 for Broadcom routers:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=321699&highlight=41328
Search build threads with the search function and search on build number.
10. Use the build threads from the former step to report success or problems.
11. For older Broadcom routers (Linksys WRT54 and E series) read the peacock thread although some of it is outdated: https://forum.ddwrt.com/phpBB2/viewtopic.php?t=51486&sid=05c269e8bc745f300278d04f3b742a98
Builds can be found in the Broadcom directory for Linux kernel 2.4, in Broadcom_K26 for Linux K2.6 and in Broadcom_K3X for Linux K3.X.
12. If you are sure you have discovered a bug, after asking and querying the forum, you can report a real bug in the bug tracker: https://svn.dd-wrt.com/
This is also the place where the commits/changes to the source are administrated.
13. Recommended reading:
https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=54845 https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=54959
14. If you are happy with DDWRT and want it to live on then donate:
https://dd-wrt.com/donations/ _________________ Routers:Netgear R7000, R6400v1, R6400v2, EA6900 (XvortexCFE), E2000, E1200v1, WRT54GS v1.
Install guide R6400v2, R6700v3,XR300:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=316399 Install guide R7800/XR500:https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=320614 Forum Guide Lines (important read):https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=324087
