After several hours the OpenWrt One wireless router stops responding, DNS no longer works

nate73 · March 6, 2025, 4:55pm

After several hours on the OpenWrt One wireless router the DNS stops working. Iphones and Windows 10 PCs can no longer access the internet and can no longer access the router. I can't access the router via SSH either. I have to kill the power and restart the router to get it to work again. It's running the current stable release. The DNS stops responding on WiFi and wired LAN. And you can't even access the router itself. 24.10.0 is the buggiest OpenWrt release I've ever used.

I use Cloudflare DNS IPv4 and IPv6 DNS servers and we have Charter Spectrum Internet. We are IPv4 and IPv6 compliant. I'm reporting a bug and to see if others have this problem. Not sure if there's anything to solve other than wait for new version of OpenWrt.

frollic · March 6, 2025, 4:59pm

Are you only running one DNS on your LAN, hosted by the One ?

Have you implemented DNS hijacking?

Are you using AdBlock, AGH, or similar packages ?

I assume ping by IP dies, when DNS dies ?

nate73 · March 6, 2025, 5:15pm

I'm running the DNS only on the router. It's a simple LAN. No DNS hijacking or adblocking. Only Lucy-App-Attendedsysupgrade was the only package added to the default install. Ping also dies.

frollic · March 6, 2025, 5:33pm

AFAIK iDevices don't use the DNS IP your router's DHCP provides, but Apple's own DNSes.

If this is correct, the issue isn't with the DNS, dying ping would point towards the network dying too.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless

nate73 · March 6, 2025, 6:04pm

root@*****:~# ubus call system board
{
        "kernel": "6.6.73",
        "hostname": "*****",
        "system": "ARMv8 Processor rev 4",
        "model": "OpenWrt One",
        "board_name": "openwrt,one",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "24.10.0",
                "revision": "r28427-6df0e3d02a",
                "target": "mediatek/filogic",
                "description": "OpenWrt 24.10.0 r28427-6df0e3d02a",
                "builddate": "1738624177"
        }
}
root@******:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd27:af9c:7550::/48'
        option packet_steering '1'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '10.81.15.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'eth0'
        option proto 'dhcp'
        option peerdns '0'
        list dns '1.1.1.1'
        list dns '1.0.0.1'

config interface 'wan6'
        option device 'eth0'
        option proto 'dhcpv6'
        option reqaddress 'try'
        option reqprefix 'auto'
        option norelease '1'
        option peerdns '0'
        list dns '2606:4700:4700::1111'
        list dns '2606:4700:4700::1001'
root@******:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/soc/18000000.wifi'
        option band '2g'
        option channel 'auto'
        option htmode 'HE20'
        option num_global_macaddr '7'
        option country 'US'
        option cell_density '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid '******'
        option encryption 'sae-mixed'
        option key '************'
        option ocv '0'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'platform/soc/18000000.wifi+1'
        option band '5g'
        option channel 'auto'
        option htmode 'HE80'
        option num_global_macaddr '7'
        option country 'US'
        option cell_density '0'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid '******'
        option encryption 'sae-mixed'
        option key '*********'

nate73 · March 6, 2025, 6:08pm

After several hours it should go down again. On my Windows 10 PC I have WSL Ubuntu running. Would you like me to run any commands to try at the time the network goes down?

frollic · March 6, 2025, 6:18pm

Only of you have console access, since the interesting parts are on the router.

Probably unrelated, but sae-mixed for wifi encryption is like asking for trouble, use WPA2 or 3.

nate73 · March 6, 2025, 6:51pm

I see that there is a USB-C jack on the front of the One router, is that for console access? I can use my Debian Linux laptop and a USB-C to USB-A cable to access the console, will that work? Can you explain how to access the console on the one. Do I need to install special terminal software? I am using the XFCE desktop on Debian laptop. Do you need a special cable or will any USB-C to USB-A cable work?

Why is mixed mode sae-mixed asking for trouble? I will put it on WPA2 only. Should I enable the KRACK option in the settings, I have a lot of IOT devices.

frollic · March 6, 2025, 6:57pm

it should, using minicom, screen etc ...

a lot of devices don't like it.

won't hurt, unless some devices dislike it too.

those should be on a separate LAN, unless they need LAN access.
https://openwrt.org/docs/guide-user/network/wifi/guestwifi/configuration_webinterface

LilRedDog · March 6, 2025, 7:07pm

It's supposed to be for no-touch-opt-out tracking.

Disable this setting in Safari:
Advanced Tracking Fingerprinting Protection.
Settings > Safari > Advanced.
It’s enabled for private browsing but then it overrides the DNS server address(es) that are set on the router.

But I am not saying it is the overall issue here.

nate73 · March 6, 2025, 7:19pm

Great. Console access looks easy enough. Next time router goes down I'll access the console. Any commands I should run on the console? Any logs that might be useful?

frollic · March 6, 2025, 7:20pm

You need to keep the console connection open until it locks up.

If it's a hard hang, the only info will be the one printed there.

nate73 · March 6, 2025, 7:20pm

That's how my Iphone is setup. But this tracking protection is turned off for the home network. And it happens with IOT devices and Windows 10 PCs too.

RuralRoots · March 6, 2025, 7:21pm

That indeed is the console port. I use a normal A to C cable to access via screen /dev/ttyACM 115200

As @frolic notes, Stay away from sae-mixed! It doesn’t play well.

I only use Snapshot, and never lose connectivity other than power outs, and see nothing in your posted configs other than the use of option ocv ‘0’ which is default value in any event.

nate73 · March 6, 2025, 7:22pm

Ok. I'll get the console hooked up then.

nate73 · March 6, 2025, 7:24pm

What is the option ocv ‘0’ in the LUCI GUI. Should I change this value or leave it alone?

RuralRoots · March 6, 2025, 7:52pm

Don’t know, seldom use. FWIW

It’s default anyway. Did you pick this option up somewhere else?

It’s used if the device can use it to ensure the wireless network operates on a channel that is optimal and free from interference.

I.e. interference from other networks and devices. I suspect this is covered by setting auto in wireless channel option.

sfx2000 · March 6, 2025, 10:53pm

Only if Private Relay is enabled, which is part of their icloud+ offering.

Otherwise they use the DNS offered up by DHCP