Android/Iphone connectivity issues

To be clear: I suspect it is rather mobile issue but I have no possibility to chnange configuration at these devices, so I asking for maybe changes on openwrt side.
Ad rem.
There is mobile router with openwrt on it.

OpenWrt 22.03.0, r19685-512e76967f

system type : MediaTek MT7628AN ver:1 eco:2
machine : TP-Link TL-WR902AC v3

internet access is via usb modem.
on this device is configured wifi access (5 and 2.4 GHz)

I can connect with laptop to it, everything works.
But there are 2 phones which have problems:

Motorola g7 android
Phone connects to wifi, got dhcp address, but on the phone is "Connected, no Internet access" message. With some search I found that this is checked by trying to acces some url like connectivitycheck.gstatic.com, but it does not seem to be blocked on router.
I tried to play with connectivity checking configuration but with no success.

Iphone:
This phone connects to WiFi, but after a while it gots APIPA address, and no connectivity to internet.

Is it possible that I have wrongly configured DHCP (for example lack of some options?)

Please run the following commands (copy-paste the whole block) and paste the output here, using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; uci export wireless; \
uci export dhcp; uci export firewall

Ran commands separately. And, as I do not use built-in firewall (rather raw nftables + scripts to reconfigure) last comand is "nft list ruleset'

# ubus call system board; 
{
	"kernel": "5.10.138",
	"hostname": "gil",
	"system": "MediaTek MT7628AN ver:1 eco:2",
	"model": "TP-Link TL-WR902AC v3",
	"board_name": "tplink,tl-wr902ac-v3",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "22.03.0",
		"revision": "r19685-512e76967f",
		"target": "ramips/mt76x8",
		"description": "OpenWrt 22.03.0 r19685-512e76967f"
	}
}
# uci export network;
package network

config interface 'loopback'
	option ifname 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdb5:706e:85f4::/48'

config interface 'lan'
	option type 'bridge'
	option ifname 'eth0.1'
	option proto 'static'
	option ipaddr '192.168.199.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option defaultroute '0'

config interface 'wwan'
	option proto 'ncm'
	option auto '0'
	option ifname 'wwan0'
	option device '/dev/cdc-wdm0'
	option apn 'darmowy'
	option pincode 'redacted'
	option delay '10'
	option dhcp '1'
	option aux_device '/dev/ttyUSB0'

config device 'lan_eth0_1_dev'
	option name 'eth0.1'
	option macaddr '40:3f:8c:e9:74:2b'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '4 6t'

# uci export wireless; 
package wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option channel '11'
	option hwmode '11g'
	option path 'platform/10300000.wmac'
	option htmode 'HT20'
	option disabled '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'bSl88MDnQWfYywlVXzj04GGpA39MIz3t'
	option encryption 'psk2+aes'
	option key 'redacted'

config wifi-device 'radio1'
	option type 'mac80211'
	option channel '36'
	option hwmode '11a'
	option path 'pci0000:00/0000:00:00.0/0000:01:00.0'
	option htmode 'VHT80'
	option disabled '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'bSl88MDnQWfYywlVXzj04GGpA39MIz3t'
	option encryption 'psk2+aes'
	option key 'redacted'
# uci export dhcp;
package dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option nonwildcard '1'
	option localservice '1'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv6 'server'
	option dhcpv4 'server'
	option ra 'server'
	list dhcp_option '1,255.255.255.0'
	list dhcp_option '3,192.168.199.1'
	list dhcp_option '6,192.168.199.1'
	list dhcp_option '15,lan'

config dhcp 'wwan'
	option interface 'wwan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
# nft list ruleset 
table ip filter {
	chain INPUT {
		type filter hook input priority filter; policy drop;
		iif "lo" counter packets 53 bytes 5769 accept
		iif "br-lan" counter packets 5218 bytes 343473 accept
		ct state established,related counter packets 86 bytes 20277 accept
		counter packets 4 bytes 1272 log prefix "I/1"
	}

	chain FORWARD {
		type filter hook forward priority filter; policy drop;
		ct state established,related counter packets 2029 bytes 859126 accept
		iif "br-lan" counter packets 225 bytes 19375 accept
		tcp dport 53 counter packets 0 bytes 0 accept
		udp dport 53 counter packets 0 bytes 0 accept
		counter packets 0 bytes 0 log prefix "F/1"
	}

	chain OUTPUT {
		type filter hook output priority filter; policy drop;
		oif "br-lan" counter packets 5290 bytes 359832 accept
		oif "lo" counter packets 53 bytes 5769 accept
		tcp dport 53 counter packets 0 bytes 0 accept
		udp dport { 53, 123 } counter packets 87 bytes 6022 accept
		counter packets 11 bytes 4108 log prefix "O/1"
	}
}
table ip nat {
	map snat_table {
		type iface_index : ipv4_addr
		elements = { "wwan0" : 100.82.98.254 }
	}

	map dnat_table {
		type iface_index : verdict
	}

	chain POSTROUTING {
		type nat hook postrouting priority srcnat; policy accept;
		snat to oif map @snat_table
	}

	chain PREROUTING {
		type nat hook prerouting priority dstnat; policy accept;
		iif vmap @dnat_table
	}
}

I can't say for certain this is your problem but if your Internet feed does not support ipv6 this problem is very common because these days ipv6 dhcp and/or ra are running by default.
The devices see ipv6 and fail to fall back to ipv4.

Try setting, in /etc/config/dhcp:
option dhcp6 'disabled'
and
option ra 'disabled'

remembering to restart dnsmasq:
service dnsmasq restart

Remove this.

You can omit these, as they are the defaults and sent anyway.
Other than that, I don't see anything wrong in there.
Especially since the other devices are getting settings and work fine, it's only a matter to find what bothers these two devices.

1. Does the problem occur if you connect them in an open SSID with a shorter name?
2. Can you actually see any dhcp discovery packets from the iphone on tcpdump?

I played with this ( option ipv6 '0' on interfaces, option pointed by you on dhcp) but without (visible) success.
It is very weird. Other android tablet work without problem. ebook reader - also.
Only this iphone and this motorola, but they in turn works with other networks.

defaultroute is "my own" option used by some scripts I wrote.

Hm. After some try-and-error, I observed that both phones have no problem with 2.4GHz network. They have problem with 5GHz network. After blacklisting their macs from 5GHz network they "works"
But, I am almost sure that they have no problem with 5GHz on my home (TP-Link Archer A6 v2 (EU/RU/JP)) router (but I am not able to check this now - I am on vacation )

Stranger and stranger ...

Try using just simply psk2.

Well. I just upgraded to 22.03.3, and after upgrade it seems to start working.
I do not know what to think about it ...

1. bug in older wifi driver?
2. kind of bitrot in flash, repaired by firmware writing?

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.