21.02.0-rc3 upgrade yields repeated HomeKit hub troubles

I was previously running 19.07.7 on my Netgear R7800, with an Apple HomeKit hub running on the LAN side (separate IOT network).
After installing 21.02.0-rc3, I'm now getting repeated alerts on my iPhone:
All home hubs are not responding. followed later by A home hub is responding.

I tried moving the hub device to ethernet, no change in behavior, so I don't believe it's a wireless signal issue. (Also, the hub device is connecting to a different wireless AP on the IOT network, not related to the updated main router.)

Does anybody have suggestions on how to diagnose what's going on that the HomeKit hub keeps disconnecting/reconnecting on 21.02.0-rc3, but not when using 19.07.7?

Here's /etc/config/network from 21.02.0-rc3:


config interface 'loopback'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'
	option device 'lo'

config globals 'globals'
	option ula_prefix 'fd2b:fd7d:16a4::/48'

config interface 'lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.1.1'
	option stp '1'
	option device 'br-lan'

config interface 'wan'
	option proto 'dhcp'
	option device 'eth0.2'

config interface 'wan6'
	option proto 'dhcpv6'
	option device 'eth0.2'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option ports '1t 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0t 5'
	option vid '2'

config interface 'guest'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '172.31.66.1'
	option device 'br-guest'

config interface 'iot'
	option proto 'static'
	option ipaddr '172.29.34.1'
	option netmask '255.255.255.0'
	option device 'br-iot'

config interface 'vpnserver'
	option proto 'none'
	option auto '1'
	option device 'ovpns0'

config interface 'vpnserver_tcp'
	option proto 'none'
	option auto '1'
	option device 'ovpns1'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '3'
	option ports '1t 3 6t'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option vid '4'
	option ports '1t 2 4 6t'

config device
	list ports 'eth1.4'
	option type 'bridge'
	option name 'br-lan'

config device
	list ports 'guest'
	option type 'bridge'
	option name 'br-guest'

config device
	list ports 'eth1.3'
	option type 'bridge'
	option name 'br-iot'


and /etc/config/firewall for 21.02.0-rc3:


config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule 'guestzone_dhcp'
	option name 'guestzone_DHCP'
	option src 'guestzone'
	option target 'ACCEPT'
	option proto 'udp'
	option dest_port '67-68'

config rule 'guestzone_dns'
	option name 'guestzone_DNS'
	option src 'guestzone'
	option target 'ACCEPT'
	option proto 'tcp udp'
	option dest_port '53'

config rule 'guestzone_vpn'
	option name 'guestzone_VPN'
	option src 'guestzone'
	option target 'ACCEPT'
	option proto 'tcp udp'
	option dest_port '8443'
	option enabled '0'

config rule
	option target 'ACCEPT'
	option proto 'tcp udp'
	option dest_port '1194'
	option name 'guestzone_VPN-1194'
	option src 'guestzone'
	option enabled '0'

config rule 'iot_rule_dns'
	option name 'iot_DNS'
	option src 'iot'
	option dest_port '53'
	option proto 'udp tcp'
	option target 'ACCEPT'

config rule 'iot_rule_dhcp'
	option name 'iot_DHCP'
	option src 'iot'
	option proto 'udp'
	option target 'ACCEPT'
	option dest_port '67-68'

config rule
	option target 'ACCEPT'
	option src '*'
	option proto 'tcp udp'
	option dest_port '8443'
	option name 'Allow-OpenVPN-Inbound-8443'

config rule
	option target 'ACCEPT'
	option proto 'tcp udp'
	option dest_port '1194'
	option name 'Allow-OpenVPN-Inbound-1194'
	option src '*'

config rule 'vpnserver_rule_dns'
	option name 'vpnserver_DNS'
	option src 'vpnserver'
	option dest_port '53'
	option proto 'udp tcp'
	option target 'ACCEPT'

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option flow_offloading '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option network 'wan wan6'

config zone 'guestzone'
	option name 'guestzone'
	option output 'ACCEPT'
	option input 'REJECT'
	option forward 'ACCEPT'
	option network 'guest'

config zone 'iot_zone'
	option name 'iot'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'iot'

config zone 'vpnserver_zone'
	option name 'vpnserver'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option network 'vpnserver vpnserver_tcp'

config forwarding 'guestzone_fwd'
	option src 'guestzone'
	option dest 'wan'

config forwarding 'iot_forwarding'
	option src 'iot'
	option dest 'wan'

config include
	option path '/etc/firewall.user'

config forwarding
	option dest 'wan'
	option src 'vpnserver'

config redirect
	option target 'DNAT'
	option src 'wan'
	option name 'Forward1194'
	option proto 'tcp'
	option dest 'iot'
	option dest_ip '172.29.34.1'
	option src_dport '8443'
	option dest_port '1194'
	option src_dip '146.115.0.0/16'
	option enabled '0'

config redirect
	option target 'DNAT'
	option src 'wan'
	option src_dport '80'
	option name 'Forward80'
	option proto 'tcp'
	option dest_ip '172.29.34.1'
	option dest 'iot'
	option dest_port '1194'
	option src_dip '146.115.0.0/16'
	option enabled '0'

config redirect
	option target 'DNAT'
	option src 'wan'
	option src_dport '443'
	option name 'Forward443'
	option proto 'tcp'
	option dest 'iot'
	option dest_ip '172.29.34.1'
	option dest_port '1194'
	option src_dip '146.115.0.0/16'
	option enabled '0'

config redirect
	option target 'DNAT'
	option src 'wan'
	option src_dport '443'
	option dest_port '1194'
	option name 'ForwardUDP443'
	option proto 'udp'
	option dest 'wan'
	option dest_ip '146.115.69.179'
	option src_dip '146.115.0.0/16'
	option enabled '0'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option dest_port '443'
	option name 'Allow-OpenVPN-Inbound-443'
	option proto 'tcp udp'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option dest_port '80'
	option name 'Allow-OpenVPN-Inbound-80'
	option proto 'tcp udp'

config redirect
	option target 'DNAT'
	option src 'wan'
	option proto 'udp'
	option src_dport '8443'
	option dest_port '1194'
	option name 'ForwardUDP8443'
	option dest 'wan'
	option dest_ip '146.115.69.179'
	option src_dip '146.115.0.0/16'
	option enabled '0'

config redirect
	option target 'DNAT'
	option src 'wan'
	option src_dport '80'
	option dest_port '1194'
	option name 'ForwardUDP80'
	option dest 'wan'
	option dest_ip '146.115.69.179'
	option proto 'udp'
	option src_dip '146.115.0.0/16'
	option enabled '0'

config rule
	option src 'wan'
	option name 'IPSec ESP'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option src 'wan'
	option name 'IPSec IKE'
	option proto 'udp'
	option dest_port '500'
	option target 'ACCEPT'

config rule
	option src 'wan'
	option name 'IPSec NAT-T'
	option proto 'udp'
	option dest_port '4500'
	option target 'ACCEPT'

config rule
	option src 'wan'
	option name 'Auth Header'
	option proto 'ah'
	option target 'ACCEPT'

config forwarding
	option dest 'vpnserver'
	option src 'lan'

config forwarding
	option dest 'wan'
	option src 'lan'

config forwarding
	option dest 'lan'
	option src 'vpnserver'

config rule
	option target 'ACCEPT'
	option src 'wan'
	option name 'ipsec-forward-wan'
	option family 'ipv4'
	option src_ip '172.30.9.0/24'
	option dest 'lan'
	option enabled '0'

config rule
	option target 'ACCEPT'
	option src 'lan'
	option name 'ipsec-forward-lan'
	option family 'ipv4'
	option dest 'wan'
	option dest_ip '172.30.9.0/24'
	option enabled '0'

config rule
	option src 'iot'
	option name 'IPSec ESP IOT'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option src 'iot'
	option name 'IPSec IKE IOT'
	option proto 'udp'
	option dest_port '500'
	option target 'ACCEPT'

config rule
	option src 'iot'
	option name 'IPSec NAT-T IOT'
	option proto 'udp'
	option dest_port '4500'
	option target 'ACCEPT'

config rule
	option src 'iot'
	option name 'Auth Header-IOT'
	option proto 'ah'
	option target 'ACCEPT'

config rule
	option src 'guestzone'
	option name 'IPSec ESP guest'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option src 'guestzone'
	option name 'IPSec IKE guest'
	option proto 'udp'
	option dest_port '500'
	option target 'ACCEPT'

config rule
	option src 'guestzone'
	option name 'IPSec NAT-T guest'
	option proto 'udp'
	option dest_port '4500'
	option target 'ACCEPT'

config rule
	option src 'guestzone'
	option name 'Auth Header guest'
	option proto 'ah'
	option target 'ACCEPT'

config rule
	option src 'lan'
	option name 'block-cheryl'
	option src_mac 'A8:5B:78:00:89:4D'
	option dest 'wan'
	option target 'REJECT'
	option enabled '0'

config rule
	option src 'lan'
	option name 'block-cheryl-2'
	option src_mac 'CC:08:8D:3F:2D:2A'
	option dest 'wan'
	option target 'REJECT'
	option enabled '0'

config rule
	option src 'lan'
	option name 'block-cheryl-chromebook'
	option src_mac '90:2E:1C:90:04:BB'
	option dest 'wan'
	option target 'REJECT'
	option enabled '0'

config rule
	option src_port '5353'
	option src 'iot'
	option name 'allow mDNS IOT'
	option target 'ACCEPT'
	list dest_ip '224.0.0.251'
	option dest_port '5353'
	list proto 'udp'

config rule
	option dest_port '5353'
	option src 'lan'
	option name 'allow mDNS LAN'
	option target 'ACCEPT'
	list dest_ip '224.0.0.251'
	list proto 'udp'
	option src_port '5353'

config rule
	option dest_port '80'
	option src 'lan'
	option name 'allow lan to IOT 80'
	option dest 'iot'
	option target 'ACCEPT'

config rule
	option dest_port '443'
	option src 'lan'
	option name 'allow lan to IOT 443'
	option dest 'iot'
	option target 'ACCEPT'

config rule
	option dest_port '8080'
	option src 'lan'
	option name 'allow lan to IOT 8080'
	option dest 'iot'
	option target 'ACCEPT'

config rule
	option dest_port '8060'
	option src 'lan'
	option name 'allow lan to 8060'
	option dest 'iot'
	option target 'ACCEPT'
	list proto 'tcp'

config rule
	option dest_port '3000'
	option src 'lan'
	option name 'allow LAN to 3000'
	option dest 'iot'
	option target 'ACCEPT'
	list proto 'tcp'

config rule
	option dest_port '31339'
	option src 'lan'
	option name 'allow LAN to TiVo'
	option dest 'iot'
	option target 'ACCEPT'
	list proto 'tcp'

config rule
	option dest_port '7000'
	option src 'lan'
	option target 'ACCEPT'
	list proto 'tcp'
	option dest 'iot'
	list dest_ip '172.29.34.86'
	option name 'allow LAN to Roku7000'

config rule
	option dest_port '49835'
	option src 'lan'
	option name 'allow LAN to Roku49835'
	option dest 'iot'
	list dest_ip '172.29.34.86'
	option target 'ACCEPT'
	list proto 'tcp'

config rule
	option dest_port '51145'
	option src 'iot'
	option name 'iot to homebridge'
	option dest 'lan'
	list dest_ip '192.168.1.79'
	option target 'ACCEPT'
	list proto 'tcp'

config rule
	option dest_port '64841'
	option target 'ACCEPT'
	list proto 'tcp'
	option dest 'lan'
	option src 'iot'
	option name 'iot to backupmac 64841'
	list dest_ip '192.168.1.79'

config rule
	option src 'lan'
	option target 'ACCEPT'
	list proto 'tcp'
	option name 'lan to IOT TCP'
	option dest 'iot'

config rule
	option src 'iot'
	option dest 'lan'
	option target 'ACCEPT'
	list proto 'udp'
	option name 'IOT to LAN UDP 319-320'
	option dest_port '319-320'

config rule
	option dest_port '554'
	option src 'lan'
	option name 'lan to iot RTSP'
	option dest 'iot'
	option target 'ACCEPT'

config rule
	option dest_port '3689'
	option src 'lan'
	option name 'lan to iot DAAP'
	option dest 'iot'
	option target 'ACCEPT'

config rule
	option src 'iot'
	option dest 'lan'
	option target 'ACCEPT'
	option dest_port '49152-65535'
	list proto 'udp'
	option name 'IOT to LAN 49152-65535'

config rule
	option src 'iot'
	option name 'HomeAutoHub to backupmac'
	list src_ip '172.29.34.128'
	option dest 'lan'
	list dest_ip '192.168.1.79'
	option target 'ACCEPT'

config rule
	option src 'lan'
	option name 'backupmac to homeautohub'
	list src_ip '192.168.1.79'
	option dest 'iot'
	list dest_ip '172.29.34.128'
	option target 'ACCEPT'

config rule
	option src 'iot'
	option name 'HomeHubWiFi to backupmac'
	list src_ip '172.29.34.106'
	option dest 'lan'
	list dest_ip '192.168.1.79'
	option target 'ACCEPT'

config rule
	option src 'lan'
	option name 'backupmac to HomeHubWiFi'
	list src_ip '192.168.1.79'
	option dest 'iot'
	list dest_ip '172.29.34.106'
	option target 'ACCEPT'

and /etc/firewall.user for 21.02.0-rc3:

#!/bin/sh
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.

logger firewall.user script updating iptables for strongswan
iptables -D INPUT  -m policy --dir in --pol ipsec --proto esp -j ACCEPT
iptables -D FORWARD  -m policy --dir in --pol ipsec --proto esp -j ACCEPT
iptables -D FORWARD  -m policy --dir out --pol ipsec --proto esp -j ACCEPT
iptables -D OUTPUT   -m policy --dir out --pol ipsec --proto esp -j ACCEPT
iptables -I INPUT  -m policy --dir in --pol ipsec --proto esp -j ACCEPT
iptables -I FORWARD  -m policy --dir in --pol ipsec --proto esp -j ACCEPT
iptables -I FORWARD  -m policy --dir out --pol ipsec --proto esp -j ACCEPT
iptables -I OUTPUT   -m policy --dir out --pol ipsec --proto esp -j ACCEPT
iptables -A INPUT -p tcp -m tcpmss --mss 1:500 -j DROP

exit 0

# Note that OpenVPN rules on port TCP-80 are not effective, because RCN blocks the port upstream, it seems.

# openvpn configuration doesn't create ovpns0 until after firewall might start,
# and/or firewall configuration scripting doesn't know how to
# find the interface associated with the vpnserver zone
# these commands add the missing rules that it can't figure out
# (and reorders the forward-reject rule to be last again)
#
# However, sometimes it seems a reload of the firewall doesn't execute this script?
logger firewall.user script updating iptables for ovpns0/ovpns1-not

iptables -D INPUT -i ovpns0 -m comment --comment "!fw3" -j zone_vpnserver_input
iptables -A INPUT -i ovpns0 -m comment --comment "!fw3" -j zone_vpnserver_input
iptables -D INPUT -i ovpns1 -m comment --comment "!fw3" -j zone_vpnserver_input
iptables -A INPUT -i ovpns1 -m comment --comment "!fw3" -j zone_vpnserver_input
iptables -D FORWARD -m comment --comment "!fw3" -j reject
iptables -D FORWARD -i ovpns0 -m comment --comment "!fw3" -j zone_vpnserver_forward
iptables -A FORWARD -i ovpns0 -m comment --comment "!fw3" -j zone_vpnserver_forward
iptables -D FORWARD -i ovpns1 -m comment --comment "!fw3" -j zone_vpnserver_forward
iptables -A FORWARD -i ovpns1 -m comment --comment "!fw3" -j zone_vpnserver_forward
iptables -A FORWARD -m comment --comment "!fw3" -j reject
iptables -D OUTPUT -o ovpns0 -m comment --comment "!fw3" -j zone_vpnserver_output
iptables -A OUTPUT -o ovpns0 -m comment --comment "!fw3" -j zone_vpnserver_output
iptables -D OUTPUT -o ovpns1 -m comment --comment "!fw3" -j zone_vpnserver_output
iptables -A OUTPUT -o ovpns1 -m comment --comment "!fw3" -j zone_vpnserver_output
iptables -D zone_vpnserver_dest_ACCEPT -o ovpns1 -m comment --comment "!fw3" -j ACCEPT
iptables -D zone_vpnserver_src_ACCEPT -i ovpns1 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
iptables -A zone_vpnserver_dest_ACCEPT -o ovpns1 -m comment --comment "!fw3" -j ACCEPT
iptables -A zone_vpnserver_src_ACCEPT -i ovpns1 -m conntrack --ctstate NEW,UNTRACKED -m comment --comment "!fw3" -j ACCEPT
exit 0


and for 19.07.7, /etc/config/network:


config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd2b:fd7d:16a4::/48'

config interface 'lan'
	option type 'bridge'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.1.1'
	option stp '1'
	option ifname 'eth1.4'

config interface 'wan'
	option ifname 'eth0.2'
	option proto 'dhcp'

config interface 'wan6'
	option ifname 'eth0.2'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option vid '1'
	option ports '1t 6t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0t 5'
	option vid '2'

config interface 'guest'
	option ifname 'guest'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option type 'bridge'
	option ipaddr '172.31.66.1'

config interface 'iot'
	option proto 'static'
	option ipaddr '172.29.34.1'
	option netmask '255.255.255.0'
	option type 'bridge'
	option ifname 'eth1.3'

config interface 'vpnserver'
	option proto 'none'
	option ifname 'ovpns0'
	option auto '1'

config interface 'vpnserver_tcp'
	option proto 'none'
	option ifname 'ovpns1'
	option auto '1'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option vid '3'
	option ports '1t 3 6t'

config switch_vlan
	option device 'switch0'
	option vlan '4'
	option vid '4'
	option ports '1t 2 4 6t'


firewall is unchanged from 19.07.7 -> 21.02.0
as is /etc/firewall.user

2 Likes

Oh, forgot to mention, I reverted to 19.07.7 and the issue resolved, then a few days later went back to 21.02.0-rc3 and it immediately started happening again.

Hmm, nobody else hitting this trouble with HomeKit?
:frowning:

Yes, I have the same issue on RC4 it is driving me crazy.
Glad finally found someone else with the same issue...

Anybody have ideas on what trace data to gather to figure out what is different vs. 19.07, so we can help someone fix it?

After MANY hours of testing a single setting and waiting…. I found “my” root cause. Turning on Hardware Offloading on my EdgeRouter-X on 21.02 will cause the errors but not 19.07.

1 Like

Ok, so after 12 hours I confirm 100% this issue for me is HW Offload.
Network > Firewall > Routing/NAT Offloading
(When the Software is unticked, hardware is hidden)
image

I am going to turn only software on and test for a few hours and see if it is all offloading or just hardware.

image
Just a final update (for now). Confirming only the "Hardware flow offloading" option causes the Home Hub dropouts. "Software flow offloading"is fine.

Edit: https://bugs.openwrt.org/index.php?do=details&task_id=3973

1 Like

There’s a problem with ipv6 and software/hardware offloading in 21.02.0-*, that might be what you’re seeing (known issues section). Edit - although now that I think about it, the R7800 may not be capable of hardware flow offloading, so maybe just enabling it was the cause of the problem.

I'm still running 21.02.0-rc3 on my R7800, on which I did have software offloading enabled but not hardware offloading. I disabled that and things seemed better until overnight when I got a few more "A home hub is not responding" notices.

I don't have any IPv6 connectivity from my ISP. But I have seen plenty of IPv6 local addressing in use from the Apple products such as the AppleTV serving as my HomeKit hub.
Would an IPv4-only WAN link be subject to the IPv6 offloading bugs?

I can also go look at disabling IPv6 completely in my router, if that might help?

It's definitely better than it was when I had software flow offloading enabled...maybe one message every couple of days. So that might just be some other random problem not related to the router?

I am facing the same issue with my R7800 but I only have Software offloading activated and not HW offloading. If I disable both my speed is unusable slow but the hub is working. 19.07 was fine for a long time.

I have an IPv6 from my ISP and also v6 enabled locally. I’ll Test to disable v6 locally as I do not use it anyway

Any more ideas what’s up here?

BTW I am using 21.02 stable

I have had few or no HomeHub complaints since I disabled IPv6 in my network, with software flow offloading enabled (needed to get full bandwidth). I don't have IPv6 from my ISP and so no loss to me to disable it.

Made an account just to comment; THANKS for posting this solution, I’m running a Linksys ea8500 on 21.02 stable - same issue except I was getting alerted every 15min (all homehubs not responding followed by a home hub is responding maybe a minute or two later). Disabling hardware offload (but leaving software offload enabled) seems to have done it for me, 1 hour in and nothing yet, fingers crossed!

edit: worked for a few hours then overnight started having issues. Going to try the disabling ipv6 method.

Hi @atownlede can you tell me how you fully disabled ipv6? I tried the following but my be-lan interface still has ipv6 address, and my devices do too. Thanks in advance!


uci set 'network.lan.ipv6=0'
uci set 'network.wan.ipv6=0'
uci set 'dhcp.lan.dhcpv6=disabled'
/etc/init.d/odhcpd disable
uci commit

uci -q delete dhcp.lan.dhcpv6
uci -q delete dhcp.lan.ra
uci commit dhcp
/etc/init.d/odhcpd restart

uci set network.lan.delegate="0"
uci commit network

uci -q delete network.globals.ula_prefix
uci commit network
/etc/init.d/network restart

I did something similar to that, and then rebooted the router, and then when I check the router summary page, there are no DHCPv6 leases given out.
Hmm, looking at my config I might have missed something in dhcp.lan, but here's what I have. (My homekit equipment is mostly on the 'iot' network)

root@LEDE:/etc/config# uci show dhcp |grep -v @host
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].localservice='0'
dhcp.@dnsmasq[0].nonwildcard='0'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.d/resolv.conf.auto'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.dhcpv6='server'
dhcp.lan.ra='server'
dhcp.lan.ra_management='1'
dhcp.lan.leasetime='1h'
dhcp.lan.start='2'
dhcp.lan.limit='197'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'
dhcp.guest=dhcp
dhcp.guest.interface='guest'
dhcp.guest.start='2'
dhcp.guest.limit='254'
dhcp.guest.leasetime='1h'
dhcp.guest.ra_management='1'
dhcp.guest.ra_flags='none'
dhcp.iot=dhcp
dhcp.iot.interface='iot'
dhcp.iot.start='50'
dhcp.iot.limit='200'
dhcp.iot.leasetime='1h'
dhcp.iot.ra_flags='none'

and

root@LEDE:/etc/config# uci show network 
network.loopback=interface
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.loopback.device='lo'
network.globals=globals
network.lan=interface
network.lan.proto='static'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.ipaddr='192.168.1.1'
network.lan.stp='1'
network.lan.device='br-lan'
network.wan=interface
network.wan.proto='dhcp'
network.wan.device='eth0.2'
network.wan6=interface
network.wan6.proto='dhcpv6'
network.wan6.device='eth0.2'
network.wan6.auto='0'
network.wan6.reqaddress='none'
network.wan6.reqprefix='no'
network.wan6.delegate='0'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].vid='1'
network.@switch_vlan[0].ports='1t 6t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='0t 5'
network.@switch_vlan[1].vid='2'
network.guest=interface
network.guest.proto='static'
network.guest.netmask='255.255.255.0'
network.guest.ip6assign='60'
network.guest.ipaddr='172.31.66.1'
network.guest.device='br-guest'
network.guest.delegate='0'
network.iot=interface
network.iot.proto='static'
network.iot.ipaddr='172.29.34.1'
network.iot.netmask='255.255.255.0'
network.iot.device='br-iot'
network.iot.delegate='0'
network.vpnserver=interface
network.vpnserver.proto='none'
network.vpnserver.auto='1'
network.vpnserver.device='ovpns0'
network.vpnserver_tcp=interface
network.vpnserver_tcp.proto='none'
network.vpnserver_tcp.auto='1'
network.vpnserver_tcp.device='ovpns1'
network.@switch_vlan[2]=switch_vlan
network.@switch_vlan[2].device='switch0'
network.@switch_vlan[2].vlan='3'
network.@switch_vlan[2].vid='3'
network.@switch_vlan[2].ports='1t 6t'
network.@switch_vlan[3]=switch_vlan
network.@switch_vlan[3].device='switch0'
network.@switch_vlan[3].vlan='4'
network.@switch_vlan[3].vid='4'
network.@switch_vlan[3].ports='1t 2 3 4 6t'
network.@device[0]=device
network.@device[0].ports='eth1.4'
network.@device[0].type='bridge'
network.@device[0].name='br-lan'
network.@device[1]=device
network.@device[1].ports='guest'
network.@device[1].type='bridge'
network.@device[1].name='br-guest'
network.@device[2]=device
network.@device[2].ports='eth1.3'
network.@device[2].type='bridge'
network.@device[2].name='br-iot'

root@LEDE:/etc/config# service odhcpd status
running