Android devices saying "connected, no internet" still getting internet, but disconects after a while cause "there is not internet"

thejoke123 · January 22, 2023, 6:18pm

the problem i have is : devices disconects because "there is not internet" however, they keep browsing and connected despite "connected, not internet" message, however!, after a while if i am afk it disconects from the network because android devices have connectivity check....

how can i solve this? tried a lot of stuff.. thank you

frollic · January 22, 2023, 6:20pm

What stuff specifically ?

What DNS do your clients get from your dhcp?

patrakov · January 22, 2023, 6:31pm

I think this is because you have somehow blocked the URL that they use for a connectivity check. The primary suspects are:

The use of some too-aggressive blocklists with luci-app-adblock
The use of a third-party DNS server that blocks important stuff

thejoke123 · January 22, 2023, 6:40pm

i cannot remember, but discarded being wifi itself, did a lot of stuff so i do not know what thing might have triggered that

thejoke123 · January 22, 2023, 6:45pm

is there a ssh command i can tell what dns do my clients get from my dhcp? was using dns proxy but it is not the cuplrit,

frollic · January 22, 2023, 6:46pm

Then start by resetting your router.

mk24 · January 22, 2023, 6:56pm

Connect a laptop to the same wifi network the Android phone was using and see if it can resolve and ping connectivitycheck.android.com.

thejoke123 · January 23, 2023, 11:25pm

i did it, also pinged using openwrt console in tools... got response... still disconecting... any guesses?

thejoke123 · January 23, 2023, 11:25pm

i dont use adblock and im using google dns

psherman · January 24, 2023, 12:32am

Let's see your complete configuration:

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Also, have you installed or upgraded any packages in your router running OpenWrt?

thejoke123 · January 24, 2023, 3:08am

root@wifirouter:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix '--:--:--::/--'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth0.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.90.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option name 'eth0.2'
        option macaddr '--:--:--:--:--:-'
        option delegate '0'
        list dns '1.1.1.1'

config interface 'wan'
        option device 'eth0.2'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 3 4 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0 6t'

config interface 'vpn'
        option proto 'none'
        option device 'tun0'

root@wifirouter:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'platform/10300000.wmac'
        option band '2g'
        option cell_density '0'
        option htmode 'HT20'
        option txpower '0'
        option channel '3'
        option legacy_rates '1'

config wifi-iface 'wifinet2'
        option device 'radio0'
        option mode 'ap'
        option isolate '1'
        option key '123456'
        option network 'lan'
        option disassoc_low_ack '0'
        option encryption 'sae'
        option macaddr '--:--:--:-:--:-'
        option ssid 'expher'
        option ieee80211w_retry_timeout '20'
        option ieee80211w_max_timeout '60'

root@wifirouter:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option localservice '1'
        option ednspacket_max '1232'
        option nonegcache '1'
        option quietdhcp '1'
        option sequential_ip '1'
        option cachesize '0'
        list server '127.0.0.1#5054'
        list server '127.0.0.1#5053'
        list server '/mask.icloud.com/'
        list server '/mask-h2.icloud.com/'
        list server '/use-application-dns.net/'
        option doh_backup_noresolv '-1'
        option noresolv '1'
        list doh_backup_server '127.0.0.1#5054'
        list doh_backup_server '127.0.0.1#5053'
        list doh_backup_server '/mask.icloud.com/'
        list doh_backup_server '/mask-h2.icloud.com/'
        list doh_backup_server '/use-application-dns.net/'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'
        option leasetime '20m'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

root@wifirouter:~# cat /etc/config/firewall

config defaults
        option output 'ACCEPT'
        option synflood_protect '1'
        option drop_invalid '1'
        option forward 'DROP'
        option input 'DROP'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option family 'ipv4'
        list network 'lan'

config zone
        option name 'wan'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option input 'DROP'
        option forward 'DROP'
        option family 'ipv4'
        list network 'wan'
        list network 'wan6'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'
        option enabled '0'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'
        option enabled '0'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
        option enabled '0'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'
        option enabled '0'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include 'bcp38'
        option type 'script'
        option path '/usr/lib/bcp38/run.sh'

config zone
        option name 'vip'
        option input 'DROP'
        option output 'ACCEPT'
        option forward 'DROP'
        option masq '1'
        option mtu_fix '1'
        option family 'ipv4'
        list network 'vpn'

config forwarding
        option src 'lan'
        option dest 'vip'


plugins

dropbear
dnsmasq
https-dns-proxy
luci-app-https-dns-proxy
luci-app-firewall
luci-app-openvpn
parted
bcp38


also for some reason it adds this to dns automatically

 list server '/mask.icloud.com/'
 list server '/mask-h2.icloud.com/'

why apple?

thanks

psherman · January 24, 2023, 3:21am

There's a lot of non-standard configurations going on, including 802.11w, the use of sae (WPA3) encryption, and some DNS stuff, among other things...

My personal suggestion would be to do the following:

make a backup of your current configuration
reset the router to defaults
perform the basic configuration (i.e. minimal changes from default, but getting you to where you were in terms of the subnet and base wifi configs).
Test the android device.

Then, install one package at a time (such as OpenVPN, etc.) and test each time. As you get through each step, you'll eventually hit the package that is killing your connectivity on the android device -- then you can focus on the exact settings that are causing that problem.

That's how I would approach it, personally... process of elimination. It's a fair bit of work, but you may arrive at the solution faster than if you try a whole bunch of small changes here and there (unless someone spots the error right away).

thejoke123 · January 24, 2023, 3:34am

802.11w is used for wpa3, i need wpa3 because wpa2 is not safer anymore

wpa3 is not safe too, but less unsafe than wpa2, so if it is possible for me to give a headache for the red team that is trying to get my back handed, i will do

can you please tell me what is non standard? i tried to modify the out of the box config cause i needed something more obscure, darker and discrete

psherman · January 24, 2023, 3:38am

Well, some devices just don't work well with WPA3 and protected management frames (802.11w). Your android device may or may not be in that category.

Your dnsmasq settings are very nonstandard, and that could be part of the problem, too.

thejoke123 · January 24, 2023, 10:42pm

factory resetted, and still getting the connected, not internet, still getting connection... but it will disconnect because "not internet" check... what can i do?

thejoke123 · January 24, 2023, 10:46pm

switched to wpa2 still getting "no internet" ...

psherman · January 24, 2023, 10:52pm

Does another device get online without issue using the same wifi network?
what does the Android device get in terms of its DHCP assigned network info (IP, subnet mask, DNS, gateway/router)?

Let's also see the latest configs.

thejoke123 · January 25, 2023, 3:05am

windows works neat, androids devices have same error, i can solve it if i send manually a ping from my galaxy to http://connectivitycheck.gstatic.com
http://connectivitycheck.android.com now i see it is happening in my android devices with factory resete openwrt router

have found if i open in my pc that link automatically android devices stops sending no internet fake message, also found this forum post

any workaround i could use to solve it and prevent disconection by false positve trigger?

psherman · January 25, 2023, 3:34am

Obviously it's been a bit of effort, and I'm sorry that you had to reset your router and are still experiencing the issue... but that does begin to suggest that the issue is related to the android devices specifically. If you have another router that is not running OpenWrt (or if you want to try the stock firmware on your current device), you can always try swapping it out to see if the problem persists (which would conclusively point to the Android device). If you run this test, be sure to make a note of the WAN IP address on your router -- in many cases, a change of the WAN IP is related to the MAC address of the router, and in some situations, the problem could actually be due to one of the IPs having been blocked (such as from abuse, possibly from a previous user of that IP).

thejoke123 · January 25, 2023, 3:42am

already tested with a non openwrt router, and it works flawesly , i do not think it is a common error, because someone out there would have been reporting it from long time ago and it is not normal such behaviour, so it is weird