Beryl AX: Setting DHCP to point to Pihole breaks Wifi

Punkrulz · May 25, 2025, 2:28am

My setup:

Living at my friend's house. Due to children, wife enabled parental controls. Sometimes when she's having issues with the children, she'll sometimes deactivate devices she doesn't know. I use my Beryl AX as my own private bedroom network, connecting to their network in repeater mode (and masking as my phone so it gets left alone).

I've now connected the LAN port to a switch where I also have my raspberry pi / pihole connected.

Whenever I configure the Beryl AX to hand out my PiHole as the DNS server to devices, the Beryl will re-establish its connection to the WiFi (and my direct connected device on the switch has internet), however I can no longer connect to the wireless. My phone will say it is connecting to the WiFi, Obtaining IP Address, then disconnects. Rinse and repeat. Looking in the log, I would see these messages:

2025/05/24 22:12:30 [crit] 4687#0: *756 SSL_read() failed (SSL: error:0A000126:SSL routines::unexpected eof while reading) while keepalive, client: 192.168.8.121, server: 0.0.0.0:443
2025/05/24 22:12:30 [crit] 4687#0: *759 SSL_read() failed (SSL: error:0A000126:SSL routines::unexpected eof while reading) while keepalive, client: 192.168.8.121, server: 0.0.0.0:443
2025/05/24 22:12:30 [crit] 4687#0: *761 SSL_read() failed (SSL: error:0A000126:SSL routines::unexpected eof while reading) while keepalive, client: 192.168.8.121, server: 0.0.0.0:443

As soon as I go back to fully automated DHCP everything works just fine. Thoughts?

LupusE · May 25, 2025, 5:22am

Phones (mobile OS) don't like connections without internet access. For me it helps to disable mobile data during debug

It seems the child protection is also blocking UDP port 53, which is needed to resolve DNS. I would try to configure the internal DNS server from the ISP router as upstream in your PiHole.
But I doubt you have a way around this filter, as it is a layer above your control.

xirixiz · May 25, 2025, 6:28am

I don't fully understand what you're trying to say, but my first question is why you chose to set up the Beryl as a repeater. This could be causing a conflict with the main router's DHCP server. I recommend setting the Beryl to WISP mode, like you would in a hotel, where it connects to the WiFi as your WAN. This ensures isolation, and the Beryl won't interfere with the main network.

However, make sure that the IP range of the Beryl network is different from the main network to avoid conflicts. For example, if the main network uses 192.168.8.x/24, you could set your internal network (with PiHole's DHCP) to something like 10.10.10.x/24.

In WISP mode, you can still create a private WLAN network, keeping your devices isolated. This setup should help resolve your issue.

Punkrulz · May 25, 2025, 4:25pm

Phones (mobile OS) don't like connections without internet access. For me it helps to disable mobile data during debug

This is true. Whenever my phone had DNS issues like that, it would at least notify me that my network doesn't have internet, and typically give me the opportunity to at least 'remain connected' despite not having internet. In this case, the Beryl AX isn't even providing my device an IP address. It backs out while obtaining.

It seems the child protection is also blocking UDP port 53, which is needed to resolve DNS. I would try to configure the internal DNS server from the ISP router as upstream in your PiHole.
But I doubt you have a way around this filter, as it is a layer above your control.

Possibly something here. My PC behaves fine while having the PiHole as the DNS server on my network, so I can have other DNS or outright use VPN. I feel like that would be more "internet doesn't work" and less "device not connecting to beryl ax wifi" as a symptom though, but not sure.

I don't fully understand what you're trying to say, but my first question is why you chose to set up the Beryl as a repeater. This could be causing a conflict with the main router's DHCP server. I recommend setting the Beryl to WISP mode, like you would in a hotel, where it connects to the WiFi as your WAN. This ensures isolation, and the Beryl won't interfere with the main network.
However, make sure that the IP range of the Beryl network is different from the main network to avoid conflicts. For example, if the main network uses 192.168.8.x/24, you could set your internal network (with PiHole's DHCP) to something like 10.10.10.x/24.
In WISP mode, you can still create a private WLAN network, keeping your devices isolated. This setup should help resolve your issue.

I might have explained something wrong, however this is how mine is operating. It is in repeater mode because this is how it obtains the wireless network from the host... but everything is operating as WISP from what I can tell. My own wifi, my own network, my own DHCP range separate from the host. I simply get wifi from the host and then pass everything off into my own network.

Edit: For giggles I updated the firmware to 4.8, and attempted to only configure the DNS server again. This time, the repeater did not have to reconnect after a period to the host wifi, and also my phone never lost connection because of that. I did disconnect and reconnect to be sure and that worked flawlessly. Maybe it was an issue with the previous firmware I had installed?