Can't reach some website until several attempts, PING and DNS always working

GiuseppeP96 · October 2, 2022, 8:23am

Hi,
i have a Xiaomi Mi R3G router with OpenWrt 22.03.0 that i'm trying to use as "wireless router" connected to my school wifi (as a wireless wan). It was all working until recently.
The situation today is that PING and DNS (nslookup) are always working with any host but "internet" is not really working. I also tried traceroute but i think the cisco equipment of my school blocks it.
Some websites requires several attempts before start being displayed (error is connection_reset or connection timeout on the browser). But once they open the work for the next times.
Is there anything i can try?

Many thanks!

pavelgl · October 2, 2022, 9:27am

Check the connection (request and response headers) to these sites from the router itself using curl.

opkg update; opkg install curl
curl -v https://example.com

GiuseppeP96 · October 2, 2022, 9:34am

opkg update does not work
Downloading https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/telephony/Packages.gz *** Failed to download the package list from https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/telephony/Packages.gz

opkg_download: Failed to download https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/telephony/Packages.gz, wget returned 4. opkg_download: Check your network settings and connectivity.

Sometimes some downloads from opkg works, some others not

One additional bit, some times in system log this message appears:

daemon.warn dnsmasq[1]: possible DNS-rebind attack detected:

frollic · October 2, 2022, 12:25pm

GiuseppeP96 · October 2, 2022, 12:29pm

Yes i know there are network issues when i get error 4 from wget.
But i've opened this thread to find a solution... The fact is that after some attempts webpages get displayed and that PING and DNS are working with no problems at all.

frollic · October 2, 2022, 12:41pm

Then post your setup....

GiuseppeP96 · October 2, 2022, 12:48pm

Can you please tell me what might help? /etc/config/network and /etc/config/wireless?

GiuseppeP96 · October 2, 2022, 12:52pm


config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option packet_steering '1'
        option ula_prefix 'fd1c:94c5:c748::/48'

config device
        option ipv6 0
        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ipv6 0

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'

config interface 'wwan'
        option ipv6 0
        option proto 'dhcp'
        option broadcast '1'


config wifi-device 'radio0'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
        option channel '1'
        option band '2g'
        option htmode 'HT20'
        option cell_density '0'
        option frag '2346'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'myssid'
        option hidden '1'
        option encryption 'psk2'
        option key 'mykey'

config wifi-device 'radio1'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
        option channel '36'
        option band '5g'
        option htmode 'VHT80'
        option cell_density '0'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'myssid'
        option hidden '1'
        option encryption 'psk2'
        option key 'mykey'

config wifi-iface 'wifinet2'
        option device 'radio0'
        option mode 'sta'
        option network 'wwan'
        option ssid 'School open network'
        option encryption 'none'
        option bssid '48:8B:0A:8D:7B:02'
        option disassoc_low_ack '0'

root@openwrt:~# ip route
default via 172.16.216.1 dev wlan0  src 172.16.216.135
172.16.216.0/22 dev wlan0 scope link  src 172.16.216.135
192.168.1.0/24 dev br-lan scope link  src 192.168.1.1

where 172.16.216.1 is router IP and 172.16.216.0/22 is the wifi subnet in my school.
i have only used luci ui to set up everything.

pavelgl · October 2, 2022, 1:31pm

What is the output of:

head -n -0 -v /etc/resolv* /tmp/resolv* /tmp/resolv*/*; echo ""; \
nslookup downloads.openwrt.org localhost; nslookup downloads.openwrt.org; nslookup downloads.openwrt.org 8.8.8.8; echo ""; \
ping -c3 downloads.openwrt.org; echo ""; \
wget -P /tmp/ https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/packages/curl_7.85.0-2_mipsel_24kc.ipk

GiuseppeP96 · October 2, 2022, 1:35pm

root@openwrt:~# head -n -0 -v /etc/resolv* /tmp/resolv* /tmp/resolv*/*; echo""; \
> nslookup downloads.openwrt.org localhost; nslookup downloads.openwrt.org; nslookup downloads.openwrt.org 8.8.8.8; echo
 ""; \
nloads.o> ping -c3 downloads.openwrt.org; echo ""; \
p/ http> wget -P /tmp/ https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/packages/curl_7.85.0-2_mipsel_24kc.i
pk
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1

==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
nameserver ::1

==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error

==> /tmp/resolv.conf.d/resolv.conf.auto <==
# Interface wwan
nameserver 10.150.150.2
nameserver 10.150.150.33
search ****.***

Server:         localhost
Address:        [::1]:53

Non-authoritative answer:
downloads.openwrt.org   canonical name = mirror-02.infra.openwrt.org
Name:   mirror-02.infra.openwrt.org
Address: 2a01:4f8:251:321::2

Non-authoritative answer:
downloads.openwrt.org   canonical name = mirror-02.infra.openwrt.org
Name:   mirror-02.infra.openwrt.org
Address: 168.119.138.211

Server:         127.0.0.1
Address:        127.0.0.1:53

Non-authoritative answer:
downloads.openwrt.org   canonical name = mirror-02.infra.openwrt.org
Name:   mirror-02.infra.openwrt.org
Address: 168.119.138.211

Non-authoritative answer:
downloads.openwrt.org   canonical name = mirror-02.infra.openwrt.org
Name:   mirror-02.infra.openwrt.org
Address: 2a01:4f8:251:321::2

Server:         8.8.8.8
Address:        8.8.8.8:53

Non-authoritative answer:
downloads.openwrt.org   canonical name = mirror-02.infra.openwrt.org
Name:   mirror-02.infra.openwrt.org
Address: 168.119.138.211

Non-authoritative answer:
downloads.openwrt.org   canonical name = mirror-02.infra.openwrt.org
Name:   mirror-02.infra.openwrt.org
Address: 2a01:4f8:251:321::2


PING downloads.openwrt.org (168.119.138.211): 56 data bytes
64 bytes from 168.119.138.211: seq=0 ttl=53 time=41.111 ms
64 bytes from 168.119.138.211: seq=1 ttl=53 time=44.250 ms
64 bytes from 168.119.138.211: seq=2 ttl=53 time=36.280 ms

--- downloads.openwrt.org ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 36.280/40.547/44.250 ms

Downloading 'https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/packages/curl_7.85.0-2_mipsel_24kc.ipk'
Connecting to 168.119.138.211:443
Connection error: Connection timed out

seems ok until the download attempt. Still opkg update fails on some downloads:

Downloading https://downloads.openwrt.org/releases/22.03.0/targets/ramips/mt7621/packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/22.03.0/targets/ramips/mt7621/packages/Packages.gz

Downloading https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/base/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_base
Downloading https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/base/Packages.sig
Signature file download failed.
Remove wrong Signature file.
Downloading https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/luci/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_luci
Downloading https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/luci/Packages.sig
Signature file download failed.
Remove wrong Signature file.
Downloading https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/packages/Packages.gz

Downloading https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/routing/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_routing
Downloading https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/routing/Packages.sig
Signature file download failed.
Remove wrong Signature file.
Downloading https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/telephony/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/telephony/Packages.gz

Collected errors:
 * opkg_download: Failed to download https://downloads.openwrt.org/releases/22.03.0/targets/ramips/mt7621/packages/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/base/Packages.sig, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/luci/Packages.sig, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/packages/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/routing/Packages.sig, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

 * opkg_download: Failed to download https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/telephony/Packages.gz, wget returned 4.
 * opkg_download: Check your network settings and connectivity.

pavelgl · October 2, 2022, 2:11pm

This is a specific error. Search the forum for solutions.

~~In the meantime, download and install curl manually and check if the issues with other sites are caused by connection problems or problems with your computer/browser.~~

wget -P /tmp/ https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/packages/curl_7.85.0-2_mipsel_24kc.ipk
wget -P /tmp/ https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/base/libmbedtls12_2.28.1-1_mipsel_24kc.ipk
wget -P /tmp/ https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/packages/libnghttp2-14_1.44.0-1_mipsel_24kc.ipk
wget -P /tmp/ https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/packages/libcurl4_7.85.0-2_mipsel_24kc.ipk
opkg install /tmp/*.ipk

EDIT: Sorry, I didn't see that.

GiuseppeP96:

Downloading 'https://downloads.openwrt.org/releases/22.03.0/packages/mipsel_24kc/packages/curl_7.85.0-2_mipsel_24kc.ipk'
Connecting to 168.119.138.211:443
Connection error: Connection timed out

Start a continuous ping to downloads.openwrt.org

GiuseppeP96 · October 2, 2022, 2:42pm

I have managed to install curl after several attempt and several Connection error: Connection timed out i'm right now doing the continuous ping but as i said ping works good with no issue.
I'm at seq=100 right now and no packet loss:

100 packets transmitted, 100 packets received, 0% packet loss
round-trip min/avg/max = 35.384/46.964/126.763 ms

If anything else might help please ask

pavelgl · October 2, 2022, 3:19pm

Sorry, I'm out of ideas. Looks like a wireless problem to me.

You've probably already rebooted the router, but have you tried connecting your computer directly to the school wireless network to see if it will make a difference?

GiuseppeP96 · October 2, 2022, 3:21pm

Yes i've already rebooted the router several times; Direct connection is ok.
I don't think is a wireless issue since if I start on my PC a vpn connection it works perfectly fine.

Bill · October 2, 2022, 3:56pm

What's your system time on the device.

This will tell you the time the system has.
date

This command will query and then set the time against the ntp server.

date; date -u ; ntpd -n -q -p 0.openwrt.pool.ntp.org

GiuseppeP96 · October 2, 2022, 3:59pm

Hi,
thank you! I've already checkd system time and it was ok. Here's the output from your command:

root@openwrt:~# date; date -u ; ntpd -n -q -p 0.openwrt.pool.ntp.org
Sun Oct  2 17:58:36 CEST 2022
Sun Oct  2 15:58:36 UTC 2022
Alarm clock

pavelgl · October 2, 2022, 6:09pm

One last (desperate) attempt.

Try changing the MAC address of the wireless interface in order to get a different IP address.

uci set wireless.wifinet2.macaddr='ac:bd:ce:df:13:24'
uci commit wireless; wifi

GiuseppeP96 · October 2, 2022, 6:14pm

Another thing i've noticed:

Sun Oct  2 20:05:31 2022 daemon.notice netifd: Network device 'wlan0' link is down
Sun Oct  2 20:05:31 2022 daemon.notice netifd: Interface 'wwan' has link connectivity loss
Sun Oct  2 20:05:31 2022 kern.info kernel: [20029.800152] wlan0: disassociated from AP-MAC (Reason: 8=DISASSOC_STA_HAS_LEFT)
Sun Oct  2 20:05:31 2022 daemon.notice netifd: wwan (6354): udhcpc: received SIGTERM
Sun Oct  2 20:05:31 2022 daemon.notice netifd: wwan (6354): udhcpc: unicasting a release of 172.16.216.135 to 172.16.216.9
Sun Oct  2 20:05:31 2022 daemon.notice netifd: wwan (6354): udhcpc: sending release
Sun Oct  2 20:05:31 2022 daemon.notice netifd: wwan (6354): udhcpc: entering released state
Sun Oct  2 20:05:31 2022 daemon.notice wpa_supplicant[1490]: wlan0: CTRL-EVENT-DISCONNECTED bssid=AP-MAC reason=8
Sun Oct  2 20:05:31 2022 daemon.notice netifd: wwan (6354): Command failed: ubus call network.interface notify_proto { "action": 0, "link-up": false, "keep": false, "interface": "wwan" } (Permission denied)
Sun Oct  2 20:05:31 2022 daemon.notice netifd: Interface 'wwan' is now down
Sun Oct  2 20:05:31 2022 daemon.notice netifd: Interface 'wwan' is disabled
Sun Oct  2 20:05:31 2022 daemon.warn dnsmasq[1]: no servers found in /tmp/resolv.conf.d/resolv.conf.auto, will retry
Sun Oct  2 20:05:31 2022 daemon.notice netifd: Interface 'wwan' is enabled
Sun Oct  2 20:05:32 2022 daemon.notice netifd: Network device 'wlan0-1' link is down
Sun Oct  2 20:05:32 2022 kern.info kernel: [20030.886864] br-lan: port 4(wlan0-1) entered disabled state
Sun Oct  2 20:05:33 2022 daemon.notice wpa_supplicant[1490]: wlan0: SME: Trying to authenticate with AP-MAC (SSID='****' freq=2462 MHz)
Sun Oct  2 20:05:33 2022 kern.info kernel: [20031.284035] wlan0: authenticate with AP-MAC
Sun Oct  2 20:05:33 2022 kern.info kernel: [20031.294757] wlan0: send auth to AP-MAC (try 1/3)
Sun Oct  2 20:05:33 2022 kern.info kernel: [20031.303121] wlan0: authenticated
Sun Oct  2 20:05:33 2022 daemon.notice wpa_supplicant[1490]: wlan0: Trying to associate with AP-MAC (SSID='****' freq=2462 MHz)
Sun Oct  2 20:05:33 2022 kern.info kernel: [20031.316540] wlan0: associate with AP-MAC (try 1/3)
Sun Oct  2 20:05:33 2022 daemon.notice netifd: Network device 'wlan0' link is up
Sun Oct  2 20:05:33 2022 daemon.notice netifd: Interface 'wwan' has link connectivity
Sun Oct  2 20:05:33 2022 daemon.notice netifd: Interface 'wwan' is setting up now
Sun Oct  2 20:05:33 2022 daemon.notice wpa_supplicant[1490]: wlan0: Associated with AP-MAC
Sun Oct  2 20:05:33 2022 daemon.notice wpa_supplicant[1490]: wlan0: CTRL-EVENT-CONNECTED - Connection to AP-MAC completed [id=0 id_str=]
Sun Oct  2 20:05:33 2022 kern.info kernel: [20031.329885] wlan0: RX AssocResp from AP-MAC (capab=0x1001 status=0 aid=2)
Sun Oct  2 20:05:33 2022 kern.info kernel: [20031.338084] wlan0: associated
Sun Oct  2 20:05:33 2022 daemon.notice netifd: wwan (6555): udhcpc: started, v1.35.0
Sun Oct  2 20:05:33 2022 daemon.notice netifd: wwan (6555): udhcpc: broadcasting discover
Sun Oct  2 20:05:33 2022 daemon.notice wpa_supplicant[1490]: wlan0: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Sun Oct  2 20:05:33 2022 kern.debug kernel: [20031.566676] wlan0: Limiting TX power to 20 (20 - 0) dBm as advertised by AP-MAC
Sun Oct  2 20:05:33 2022 kern.info kernel: [20031.568207] br-lan: port 4(wlan0-1) entered blocking state
Sun Oct  2 20:05:33 2022 kern.info kernel: [20031.580469] br-lan: port 4(wlan0-1) entered forwarding state
Sun Oct  2 20:05:33 2022 daemon.notice netifd: Network device 'wlan0-1' link is up
Sun Oct  2 20:05:33 2022 daemon.notice netifd: wwan (6555): udhcpc: broadcasting select for 172.16.216.135, server 172.16.216.9
Sun Oct  2 20:05:33 2022 daemon.notice netifd: wwan (6555): udhcpc: lease of 172.16.216.135 obtained from 172.16.216.9, lease time 28800
Sun Oct  2 20:05:33 2022 daemon.notice netifd: Interface 'wwan' is now up

this happens from time to time

GiuseppeP96 · October 2, 2022, 6:16pm

I think i've already tried this as i've already tried setting a static IP, but i will try anyway from ssh.

GiuseppeP96 · October 3, 2022, 7:45am

I think i found the issue, it was with the DNS! Even if nslookup was working all the time there was an issue with rebind protection.
All i had to do is disable rebind protection from DHCP settings.