[Roach]

Hi all, so its been a bit of a journey but I recently switched to using Piholes DHCP. I have 3 additional access points on my network in addition to my Router. Everything connecting to my main TP Link router, no issues, but my wifi bulbs going to my APs (old ass WRT54G with DDWRT) stopped working the day I switched to pihole dhcp. When I was messing with pihole dhcp a week ago, the same thing happened. Keep in mind that no settings on my Access Points changed when I went from TPLink DHCP to pihole DHCP, yet it seems like something in their DDWRT config needs to change to accomodate the pihole dhcp. The wifi bulbs do not connect, I presume they are not getting an IP. Also when I try to connect via Wifi (DHCP) to the AP itself, it fails or says incorrect password (again, its not the password).

A little about the access points, so I had some spare routers laying around and wanted to use in my network to help with the far ends where I have outdoor wifi bulbs. I put them near the interior wall where the bulb is and they are good to give a 802.11b or g signal to the bulb to turn on. So they are super old but had been working fine. Also to note they all have DD-WRT on them, the latest versions available for that hardware. Also when I set these up 6 months ago, I followed the guides on the internet of how to turn DDWRT into an access point. As I mentioned, no issues until pihole dhcp came into the mix. Below are some shitty drawings I did of the topology of the network, also my settings in DDWRT.

Worth noting that the option for 'DNSMasq for DHCP' is enabled in the photo but was previously disabled. That was me trying different things. Since DHCP is turned off I dont think it made a difference but wanted to point it out. I drew arrows to the things I modified from the factory defaults, assuming one of those options may be the problem. Also its definitely a config issue because I have 2 WRT54s having the exact issue.

To note, I can connect to the Access Points just fine via IP in a browser, its just the devices that are trying to get an IP, cant seem to. My thinking is the AP should still call out to the DHCP server to get the IP and assign to the wifi bulb.

Last thing Ill note, I saw the 'Active IP Connections' in the system area. Thought it was odd that is was showing items that are not related to this Access Point on there (for example .10 is a PC on my main TP Link router). Again maybe thats normal I never took notice before, but I guess I was thinking it would only show the 3 bulbs connected to that access point, not devices upstream on the network. But again, maybe normal. Sorry for long one here but appreciate any help

Link to DDWRT Settings
https://imgur.com/a/TZUpO5t



Network overview
https://imgur.com/a/KqEPuN2

[Roach]

Quick update. I hardwired into the WRT54G and was able to pull an IP to my laptop. So I am now thinking this is more focused on the wifi side of things

[mwchang]

There should be one DHCP setup for a subnet. Do you want to use your PiHole as DHCP server? If not, disable DHCP function in PiHole and let your DD-WRT router do it. If you wanna use PiHole as DHCP server for the same subet, you should disable the DHCP function in DD-WRT, including DNSmasq! Note that DNSmasq also servers as DNS forwarder.

[Roach]

Hi. If you check out my settings and topology you'll see I've done that already. The modem and router dhcps have been disabled as is the ddwrt access point. Only dhcp is pihole

Prior to this I was using pihole for dns and tplink router for dhcp. Same exact settings on my ddwrt and had zero issues. Once I switched to pihole dhcp it would not connect

Pihole uses dnsmasq to my understanding. There aren't really any options other than making a static ip and range. So I'm guessing some setting in ddwrt needs to change to work with the pihole dhcp.

[mwchang]

[Roach]

Well versed with pihole would be an overstatement, lol. But I am learning

As for the DNSMasq, I had tried enabling that checkbox prior to the screenshot however I have since turned it back off, no change.

I did more testing and I am able to connect my laptop to it via Ethernet and can pull an IP. Additionally, I actually DO see the wifi bulbs on the dhcp lease table of the pihole and on the client table of my TP Link router, so I think getting the IP is actually not the issue so much.

What I did notice though is 2 things
1. The lease on the TP Link client table (not dhcp just a list of attached devices and up time) shows 1-4min for each of the bulbs on the AP. Its like they are struggling to KEEP the connection and reconnect every 4min (my guess anyway)

2. When I connect my cellphone to the wifi (dhcp) of the DDWRT AP, it connects but shows 'connected without internet'. I confirmed I can access internal things (like my pihole's admin webui for example) but cannot access external websites.

So now Im thinking this may be more focused on the internet side of things?
One question I had (and think I know the answer) but on the main settings for DDWRT, I have the IP and subnet defined, and had the Gateway linked to my TPLink Router and my Local DNS linked to my pihole for DNS. I thought, just now, maybe the Gateway needs to now be the pihole since its serving DHCP, so I may that also the pihole IP. Rebooted but no change. But in general I am unsure if the 'gateway' means "device giving IPs out" or something else and needs to still go to my actual router? Hope that all makes sense. Thanks again for the help

[Roach]

Dumb question. Could I set a static IP in pihole dhcp for the AP, and then change the AP's connection from 'Disabled' to 'Automatic' and have it pull the IP for the AP from pihole's dhcp?

On a similar note, should that NOT be set to 'disabled', maybe to Static IP instead?

[ho1Aetoo]

The problem is probably not the configuration of the WAPs but the configuration of your Pi-Hole...

Probably you have not configured the DHCP server of the Pi-Hole correctly and the DHCP server hands out a wrong gateway.

Otherwise I don't understand why you want to have such a shitty setup anyway.

Several services in DD-WRT rely heavily on dnsmasq and the Pi-Hole doesn't offer a better DHCP than the router itself.

Otherwise, I don't have enough information about the entire configuration, since your screenshot only shows the configuration of one device.
On the screenshot are also some strange errors, either the IP address of the WAP is not displayed correctly or it is configured incorrectly.

Oh, and this is definitely not the latest firmware running on the device.

[Roach]

Unfortunately there arent many options on the pihole side. Options are
-Range to hand out to
-Gateway (which is set to my TPLink routers IP)
-Lease time
-Option to Enable DHCPv4 rapid commit (OFF)
-Option to Enable IPv6 support (OFF)

Other than that I can set static IP reservations. My understanding is pihole dhcp using dnsmasq. I would consider doing DHCP on one of my DHCP routers (APs in question) but they are all 10years old

Also to note, no device connecting to my TPLink has an issue, only the ones going on the WAPs.

I personally think that DDWRT has an option enabled/disabled that shouldnt be and its preventing the connection from sticking. Maybe that option is less important for TPLink's DHCP but mandatory for Pihole/DNSMasq. That is just my opinion tho

[Roach]

[Alozaros]

there are 2 types of WAP that could be set accordingly...

-in router mode https://wiki.dd-wrt.com/wiki/index.php/Wireless_access_point

-in gateway mode

(egc way) WAP
setup a WAP like this:
A WAP is a secondary router connected wired LAN<>LAN on the same subnet as the primary router.
Setup:
• On Basic Setup page:
o WAN disabled
o DHCP server Disabled (=off and NOT set as Forwarder!)
o Local IP address in subnet of primary router but outside DHCP scope, make sure the used IP address is unique on your network you cannot have duplicates.
o Gateway and Local DNS pointing to primary router (Basic Setup>Network Setup)
• Keep DNSMasq enabled (both on Basic Setup page and Services page)
• On Setup > Advanced Routing, keep Operating mode in the default Gateway (the wiki says Router mode but do not do that, either it does not matter (this case) or break things)
• On Security > Firewall keep the SPI Firewall enabled, although you do not want a firewall it will be automatically disabled as there is no WAN, so no need to change this setting form default.
• Connect LAN <> LAN (do not use the WAN port unless you really need that extra port, for most routers traffic still must use the CPU so performance is lacklustre and there are some routers where the WAN port is not added to the br0 so the WAN port could be non-functional on some routers).

Note:Only For Broadcom routers for best throughput enable CTF on Basic Setup Page
You have to add the following rule to the firewall in order to get internet access from clients attached to the VAP/Bridge.
In the web-interface of the router (the WAP): Administration > Commands save Firewall:

#Always necessary (alternatively set static route on main router and NAT traffic from VAP/Bridge out via WAN):
Code:
iptables -t nat -I POSTROUTING -o br0 -j SNAT --to $(nvram get lan_ipaddr)

[Roach]

Thanks, based on that I left the firewall off, changed both gateway and local dns to point to my TPLink Router (had DNS going to my pihole for DNS before). The other settings you mentioned (like Gateway mode) were already in place

Will need to do some reboots but on initial check, doesnt seem to help the wifi bulbs 'come online' in their app.

[ho1Aetoo]

The "local DNS" entry of the WAP must point to the DNS server.

If you have disabled dnsmasq on all routers then it makes no sense if "local DNS" points to your TP-Link router.

The gateway is the router that has a WAN connection so definitely not the Pi-Hole.

To your other questions, maybe you can show us the configuration of the main router (TP-Link) and the DHCP server (Pi-Hole).

and I mean these display errors

by the way you can also click on the links in my signature there are several recommended configuration examples.

[Roach]

Thanks for the reply

The original configuration I had was set the way you are saying
Local DNS >> pihole IP
Gateway >> TP Link router
DNS Masq is UNCHECKED (sorry I know its checked in the screenshot but that was a test I did)

DNS and DHCP is fully disabled (to the best of my knowledge) in DDWRT routers

The 'error' you mentioned is LastPass trying to be helpful. That is it saying it can autofill. Behind it, it says "168" which is the correct part of the IP address.


For the TP Link router there isnt much
-Its set to Static IP to pull an IP from my Modem (working fine)
-Under DHCP Routing, DHCP is unchecked (disabled)

For the Pihole DHCP there isnt much either
-I set the IP handout to be from 170 to 250
-I set all of the static reservations between 10 and 169

The 3 DDWRT routers in question are IPs .6, .7, and .8
I did NOT include a static reservation for the 3 APs in Pihole since it doesnt hand out before 170 so should never have a conflict. If you think I need to add it as a reservation I can.
-To note, the 3 ddwrt APs I can connect to their web interface without issue using my PC on ethernet
-Issue seems more related to the WIFI based bulbs connecting to them
-When I connect my cell to one of the 3 APs, it says 'Connected WITHOUT internet'

[Roach]

Another interesting thing I found. So I temporarily went back to the TPLink DHCP last night (wife was getting upset lol). I never changed the 'Local DNS' of any of these 3 APs so they were still set to my Pihole IP. HOWEVER, my pi was turned off, so that IP went nowhere.

Yet, these 3 APs still continued to function as did the Wifi bulbs. So it seems like even pointing to the pihole which was off, it still managed the work. Is that normal? Maybe if it cant grab DNS from the IP set on 'Local DNS' it will try to use whatever is set on the Gateway itself?