Second OpenWRT network isn't getting an IP address

# Goal # I'd like to have two LANs: lan0 and lan1. lan0 is unencrypted traffic; lan1 will be an always-active VPN. I haven't configured the VPN, so it's currently just a second unencrypted network. I'm hoping to configure it as such: # Symptoms # Unfortunately, lan1 (named LAN1_INTERFACE in the configuration files) isn't working. - can't join WiFi network: - lan1 interface (LAN1_INTERFACE) doesn't have an IP addres: I suspect that the firewall isn't properly configured. What am I missing? Do I have any other issues that need to be addressed? # Configuration files # /etc/config/network: config interface 'loopback' option ifname 'lo' option proto 'static' option ipaddr '127.0.0.1' option netmask '255.0.0.0' config globals 'globals' option ula_prefix 'fd22:91e8:0e0f::/48' config interface 'wan' option ifname 'eth1.201' option proto 'pppoe' option username 'user_name' option password 'password' option ipv6 '0' option _orig_ifname 'eth1' option _orig_bridge 'false' option mtu '1492' config interface 'lan' option ifname 'eth0' option force_link '1' option type 'bridge' option proto 'static' option ipaddr '192.168.1.1' option netmask '255.255.255.0' option ip6assign '60' option _orig_ifname 'eth0 wlan0' option _orig_bridge 'true' config interface 'lan1_interface' option ifname 'eth2' option force_link '1' option type 'bridge' option proto 'static' option ipaddr '192.168.2.1' option netmask '255.255.255.0' option _orig_ifname 'eth2 wlan1' option _orig_bridge 'true' config interface 'vpn_interface' option ifname 'tun0' option proto 'none' config switch option name 'switch0' option reset '1' option enable_vlan '1' config switch_vlan option device 'switch0' option vlan '1' option ports '0 1 2 3 5' option vid '1' config switch_vlan option device 'switch0' option vlan '2' option ports '4 6' option vid '2' /etc/config/wireless: config wifi-device 'radio0' option type 'mac80211' option channel '36' option hwmode '11a' option path 'platform/soc/soc:pcie-controller/pci0000:00/0000:00:02.0/0000:02:00.0' option htmode 'VHT80' option disabled '0' option txpower '23' option country 'US' config wifi-iface option device 'radio0' option mode 'ap' option disabled '0' option encryption 'psk2+tkip+aes' option key 'password' option network 'lan' option ssid 'Router' config wifi-device 'radio1' option type 'mac80211' option channel '11' option country 'US' option hwmode '11g' option path 'platform/soc/soc:pcie-controller/pci0000:00/0000:00:01.0/0000:01:00.0' option htmode 'HT20' option disabled '0' option txpower '19' config wifi-iface option device 'radio1' option mode 'ap' option disabled '0' option encryption 'psk2+tkip+aes' option key 'password' option network 'lan1_interface' option ssid 'Router [VPN]' /etc/config/dhcp: config dnsmasq option domainneeded '1' option boguspriv '1' option localise_queries '1' option rebind_protection '1' option rebind_localhost '1' option local '/lan/' option expandhosts '1' option authoritative '1' option readethers '1' option leasefile '/tmp/dhcp.leases' option resolvfile '/tmp/resolv.conf.auto' option localservice '1' option nonwildcard '0' option domain 'lan' option port '5353' option dhcpscript '/etc/resolver/dhcp_host_domain_ng.py' config dhcp 'lan' option interface 'lan' option start '100' option limit '150' option leasetime '12h' option dhcpv6 'server' option ra 'server' option ra_management '1' list dhcp_option '6,192.168.1.1' config dhcp 'wan' option interface 'wan' option ignore '1' config odhcpd 'odhcpd' option maindhcp '0' option leasefile '/tmp/hosts/odhcpd' option leasetrigger '/usr/sbin/odhcpd-update' config dhcp 'lan1_interface' option start '100' option leasetime '12h' option limit '150' option interface 'lan1_interface' list dhcp_option '6,192.168.2.1' /etc/config/firewall: config defaults option syn_flood '1' option input 'ACCEPT' option output 'ACCEPT' option forward 'REJECT' # # includes # config include option path '/etc/firewall.user' config include option path '/usr/share/firewall/turris' option reload '1' config include option path '/etc/firewall.d/with_reload/firewall.include.sh' option reload '1' config include option path '/etc/firewall.d/without_reload/firewall.include.sh' option reload '0' config include 'miniupnpd' option type 'script' option path '/usr/share/miniupnpd/firewall.include' option family 'any' option reload '1' # # zones # config zone option name 'wan' option network 'wan wan6' option input 'REJECT' option output 'ACCEPT' option forward 'REJECT' option masq '1' option mtu_fix '1' config zone option name 'vpn_zone' option network 'vpn_interface' option input 'REJECT' option forward 'REJECT' option output 'ACCEPT' option masq '1' option mtu_fix '1' config zone option name 'lan' option network 'lan' option input 'ACCEPT' option output 'ACCEPT' option forward 'ACCEPT' config zone option name 'lan1_zone' option network 'lan1_interface' option output 'ACCEPT' option input 'ACCEPT' option forward 'ACCEPT' # # fowarding # config forwarding option dest 'wan' option src 'lan' config forwarding option dest 'vpn_zone' option src 'lan1_zone' config forwarding option dest 'wan' option src 'lan1_zone' # # IPv4 rules # config rule option name 'Allow-DHCP-Renew' option src 'wan' option proto 'udp' option dest_port '68' option target 'ACCEPT' option family 'ipv4' config rule option name 'Allow-Ping' option src 'wan' option proto 'icmp' option icmp_type 'echo-request' option family 'ipv4' option target 'ACCEPT' config rule option name 'Allow-IGMP' option src 'wan' option proto 'igmp' option family 'ipv4' option target 'ACCEPT' # # IPv6 rules # config rule option name 'Allow-DHCPv6' option src 'wan' option proto 'udp' option src_ip 'fe80::/10' option src_port '547' option dest_ip 'fe80::/10' option dest_port '546' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-MLD' option src 'wan' option proto 'icmp' option src_ip 'fe80::/10' list icmp_type '130/0' list icmp_type '131/0' list icmp_type '132/0' list icmp_type '143/0' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Input' option src 'wan' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' list icmp_type 'router-solicitation' list icmp_type 'neighbour-solicitation' list icmp_type 'router-advertisement' list icmp_type 'neighbour-advertisement' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' config rule option name 'Allow-ICMPv6-Forward' option src 'wan' option dest '*' option proto 'icmp' list icmp_type 'echo-request' list icmp_type 'echo-reply' list icmp_type 'destination-unreachable' list icmp_type 'packet-too-big' list icmp_type 'time-exceeded' list icmp_type 'bad-header' list icmp_type 'unknown-header-type' option limit '1000/sec' option family 'ipv6' option target 'ACCEPT' # # rules # config rule option src 'wan' option dest 'lan' option proto 'esp' option target 'ACCEPT' config rule option src 'wan' option dest 'lan' option dest_port '500' option proto 'udp' option target 'ACCEPT' config rule option target 'ACCEPT' option proto 'tcp udp' option dest_port '5353' option name 'Allow Guest DNS Access' option src 'lan1_zone' config rule option target 'ACCEPT' option proto 'udp' option dest_port '67-68' option name 'Allow Guest DHCP Access' option src 'lan1_zone' ** edit ** Router: [Turris Omnia](https://omnia.turris.cz/en/) Should the second LAN's dhcp_option really be '6,192.168.2.1' or '6,192.168.1.1'? I don't understand what the 6 does, either.