Advanced setup : how to set a WAN disconnect timeout?

Hi all!

I'm trying to fix an issue I've with my TP-LINK Archer C7 ...

My HW specs :
TP-Link Archer C7 v5
OpenWrt 19.07.5 r11257-5090152ae3 / LuCI openwrt-19.07 branch git-20.341.57626-51f55b5

The router connects to an FWA link (Fixed Wireless Access, what other country calls WISP-> Wireless Internet Service Provider) then it shares this link on the LAN side using NAT+DHCP on my local lan
(It was a 'not so easy' config : WPA2 Enterprise with WPA2 802.1X + certificate + PEAP Username & Password Credential)

My request is simple :
I need to close the WAN WiFi connection after 5 (or a custom value) minutes no traffic goes outside (a features some older ADSL modem/router calls "disconnect on timeout"); of course, I need that the router reconnects asap to WAN/Internet as soon as some DHCP Client tries to talk to an external IP address.

Can anyone help me with this setup?

Regards,

Fleur

PS: my first post, so please, be gentle!

Even if you disconnect all clients, there's still traffic from the router itself which might be difficult to control, such as ARP, NDP, DHCP, DNS, NTP, etc.

1 Like

Hi Vgaetera, thanks for your quick reply...

I suppose that, from the router point of view, I can trigger
local service (DHCP lease time, DNS, NTP) to be sure that
the connection will not be kept up forever ...

Viceversa I can disable non-essential services (keeping only DHCP server on LAN side and DHCP client on WAN side) removing DNS and NTP ...

I don't know ARP and NDP but, again, I suppose that we can stop broadcast packets directed to the WAN interface

Am I wrong? If so, please correct me!

For PPPoE there is the "inactivity timeout" option, but I understand that this is not the case in your setup.

You could tweak how often the ntp will refresh, however the dhcp lease is controlled by the provider and your router will renew the lease every half lease time.

Not really, since there is a default gateway reachable over the wan interface, it will have to keep sending arp/ndp to keep it updated.

What is the reason behind this need though? I mean what will happen if you disconnect the wan after 5 minutes?

2 Likes

What is the reason behind this need though? I mean what will happen if you disconnect the wan after 5 minutes?

My WISP seems to disconnect/unauthenticate my link if unused, so I've to restart the router or the connection (disable/enable via /etc/init.d/network restart) to force link UP...
I can manage this without too much effort but my family not!

I can use this connection without any issue via Smartphone/Tablet/Notebook (double-boot Ubuntu 20.10 and Windows 10 20H2) but, of course, I can't share the link with my LAN (I don't want to use my notebook as a network bridge between the wifi and ethernet port)

WiFi seems to get disconnected and reconnected (or only re-authenticated) as soon as traffic doesn't pass through ...

Another option may be to monitor (with a continuous ping ?) the first hop and then when check /ping fails, restart the network interface.

Any idea on how to implement it?

Thkz
Fleur

1 Like

It seems exactly what I was looking for!

I was working on this script I've found on another topic (your suggestion is a better one and also manageable from the GUI):

Install packages

opkg update
opkg install hub-ctrl

Save connectivity checking script

cat << "EOF" > /root/wan-watchdog.sh
#!/bin/sh

#Fetch WAN gateway
. /lib/functions/network.sh
network_flush_cache
network_find_wan NET_IF
network_get_gateway NET_GW "${NET_IF}"

#Check WAN connectivity
TRIES="0"
while [ "${TRIES}" -lt 5 ]
do
if ping -c 1 -w 3 "${NET_GW}" &> /dev/null
then exit 0
else let TRIES++
fi
done

#Restart network
/etc/init.d/network stop
#hub-ctrl -h 0 -P 1 -p 0 # commented, originally used to disconnect the USB port used for tethering
sleep 1
#hub-ctrl -h 0 -P 1 -p 1 # commented, after 1 second reconnect the USB port ...
/etc/init.d/network start
EOF

Set the script as executable

chmod +x /root/wan-watchdog.sh

Add cron job

cat << "EOF" >> /etc/crontabs/root
* * * * * /root/wan-watchdog.sh
EOF

2 Likes

So finally I used it: watchdog :guide_dog: -> sorry watchcat :heart_eyes_cat:

opkg update
opkg install watchcat luci-app-watchcat
opkg list-installed | grep watchcat

GUI config web page @ http://[router-ip]/cgi-bin/luci/admin/services/watchcat
or
vi /etc/config/system

config watchcat
option mode 'ping'
option forcedelay '30' # after 30sec, if soft-reboot doesn't works then hard-reboot
option period '15' # if no ping for 15 seconds then reboot
option pinghosts '192.168.64.1' # host to ping to check wan connection, it's my first hoop, multiple hosts allowed!
option pingperiod '1m' # ping check remote $pinghosts every 1 min

@vgaetera How can I monitor/log how many times watchcat triggers a reboot?

I saw that the package install this stuff:
opkg files watchcat

Package watchcat (1-7) is installed on root and has the following files:
/etc/uci-defaults/50-watchcat
/lib/upgrade/keep.d/watchcat
/usr/bin/watchcat.sh
/etc/init.d/watchcat

and inside the check script /usr/bin/watchcat.sh, raw 62, there is some logging on ping lost:

logger -p daemon.info -t "watchcat[$$]" "no internet connectivity for $time_diff seconds. Reseting when reaching $period"

https://openwrt.org/docs/guide-user/base-system/log.essentials#local_file_logging

1 Like

HI @vgaetera
watchcat is installed and configured BUT it doesn't work.
No trace on log, no reboot on connection lost.

How can I check that's all ok?

uci show system.@watchcat[0]

1 Like

root@ArcherC7:/tmp/run# uci show system.@watchcat[0]

system.cfg08e014=watchcat
system.cfg08e014.mode='ping'
system.cfg08e014.forcedelay='30'
system.cfg08e014.period='15'
system.cfg08e014.pinghosts='192.168.64.1'
system.cfg08e014.pingperiod='1m'

To whom does it belong?

1 Like

It's my WAN first hop

root@ArcherC7:/tmp/run# route -n

> Kernel IP routing table
> Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
> 0.0.0.0         192.168.64.1    0.0.0.0         UG    0      0        0 wlan0
> 192.168.64.0    0.0.0.0         255.255.192.0   U     0      0        0 wlan0
> 192.168.143.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0.1

root@ArcherC7:/tmp/run# ping 192.168.64.1

> PING 192.168.64.1 (192.168.64.1): 56 data bytes
> 64 bytes from 192.168.64.1: seq=0 ttl=255 time=5.778 ms
> 64 bytes from 192.168.64.1: seq=1 ttl=255 time=12.342 ms
> 64 bytes from 192.168.64.1: seq=2 ttl=255 time=7.657 ms
> 64 bytes from 192.168.64.1: seq=3 ttl=255 time=6.202 ms
> ^C
> --- 192.168.64.1 ping statistics ---
> 4 packets transmitted, 4 packets received, 0% packet loss
> round-trip min/avg/max = 5.778/7.994/12.342 ms

Maybe the connection is not lost on your first hop.
Use some internet IP, like 8.8.8.8 or 1.1.1.1

1 Like

Change pinghost to 8.8.8.8 but nothing changed...
During connection loss, I can't ping the remote host (8.8.8.8) from both my notebook and an ssh terminal session on my ArcherC7 router

I think that watchcat isn't active, looking at crontab or at active process I can't find the monitoring process.

@trendy How can I verify that wd is ok ?

Hi @vgaetera, @trendy

I think that somethings goes wrong

root@ArcherC7:~# head /usr/bin/watchcat.sh

#!/bin/sh
#
# Copyright (C) 2010 segal.di.ubi.pt
#
# This is free software, licensed under the GNU General Public License v2.

My watchcat.sh script isn't the latest, it looks quite old indeed:

I'm using the latest official openwrt build:
Powered by LuCI openwrt-19.07 branch (git-20.341.57626-51f55b5) / OpenWrt 19.07.5 r11257-5090152ae3

How did you understand that? The copyright year doesn't mean anything. What is the output of opkg find watchcat ?
Also change pingperiod 60 and period 300

1 Like

I suppose this 'cause watchdog.sh files are quite different... (the master one has a reference to a 2020 copyright author)

Changed timeout to a longer one as suggested (check every 300seconds -> 5minutes, connection is lost if after 60 seconds there're no ping reply)

I've also executed some command:

root@ArcherC7:~# /etc/init.d/watchcat enable
root@ArcherC7:~# /etc/init.d/watchcat start
root@ArcherC7:~# /etc/init.d/watchcat status

Syntax: /etc/init.d/watchcat [command]

Available commands:
        start   Start the service
        stop    Stop the service
        restart Restart the service
        reload  Reload configuration files (or restart if service does not implement reload)
        enable  Enable service autostart
        disable Disable service autostart

Can I suggest a status option ? :grimacing:

It's vice versa, check every 60 seconds, reboot if there is no reply for 5 minutes.
Connect to the device and check the pings with tcpdump -i wlan0 icmp and host 8.8.8.8
Disconnect the access point and wait until you have five missed pings.
Let us know if the device doesn't reboot for further troubleshooting.

1 Like