Cascaded router slow only on 2.4 GHz - it's not the channels nor lupus

Friedrich · October 19, 2024, 10:17am

Hi there!
My Network on a cascaded OpenWRT Router (FB 4040 behind FB 7490) is really slow on 2.4 Ghz (1-3 MBit) while the 5 GHz works at full speed (50 MBit by the ISP). The Fritzbox 7490 which is connected to the ISP works normally on both frequencies. Channels are basically the same (5 on 4040, 6 on 7490), Width is 20 MHz, while on 40 MHz nothing changes.

No clients have large downloads in cue according to the Realtime Graphs. Adblock is used as well as Stubby. What can be the problem? Or how can I identify the cause?
Thank you so much in advance! I'm really happy with OpenWRT but this is a bit of a killer problem.

Here is my configuration

ubus call system board
{
	"kernel": "5.15.162",
	"hostname": "OpenWrt",
	"system": "ARMv7 Processor rev 5 (v7l)",
	"model": "AVM FRITZ!Box 4040",
	"board_name": "avm,fritzbox-4040",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.4",
		"revision": "r24012-d8dd03c46f",
		"target": "ipq40xx/generic",
		"description": "OpenWrt 23.05.4 r24012-d8dd03c46f"

cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdd2:d89b:9fbc::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option dns_metric '20'
	list dns '94.140.14.14'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'
	option peerdns '0'
	list dns '94.140.14.140'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'
	option peerdns '0'
	option reqaddress 'try'
	option reqprefix '64'
	list dns '2a10:50c0::1:ff'

config interface 'WIFI'
	option proto 'dhcp'
	option peerdns '0'
	list dns '127.0.0.1'
	list dns '0::1'

config device
	option type 'bridge'
	option name 'br-guest'
	option bridge_empty '1'

config interface 'Gast'
	option proto 'static'
	option device 'br-guest'
	option ipaddr '192.168.5.1'
	option netmask '255.255.255.0'
	list dns '94.140.14.14'

config interface 'IoT'
	option proto 'static'
	option ipaddr '192.168.10.1'
	option netmask '255.255.255.0'
	option device 'br-iot'

config device
	option type 'bridge'
	option name 'br-iot'
	option bridge_empty '1'

cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/soc/a000000.wifi'
	option channel '5'
	option band '2g'
	option htmode 'HT40'
	option cell_density '0'
	option country 'DE'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'Wifi'
	option encryption 'psk2'
	option key 'xxxx'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/soc/a800000.wifi'
	option channel '36'
	option band '5g'
	option htmode 'VHT80'
	option cell_density '0'
	option country 'DE'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'Wifi
	option encryption 'psk2'
	option key 'xxxx'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid 'Gast'
	option encryption 'psk2'
	option key 'xxxx'
	option network 'Gast'

config wifi-iface 'wifinet3'
	option device 'radio1'
	option mode 'ap'
	option ssid 'Gast'
	option encryption 'psk2'
	option key 'xxxxxx'
	option network 'Gast'

config wifi-iface 'wifinet4'
	option device 'radio0'
	option mode 'ap'
	option ssid 'IoT'
	option encryption 'psk2'
	option key 'xxxxxx'
	option network 'IoT'

config wifi-iface 'wifinet5'
	option device 'radio1'
	option mode 'ap'
	option ssid 'IoT'
	option encryption 'psk2'
	option key 'xxxxxx'
	option network 'IoT'

cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option localservice '1'
	option ednspacket_max '1232'
	option confdir '/tmp/dnsmasq.d'
	option noresolv '1'
	option dnssec '1'
	list server '127.0.0.1#5453'
	list server '0::1#5453'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'Gast'
	option interface 'Gast'
	option start '100'
	option limit '150'
	option leasetime '12h'

config dhcp 'IoT'
	option interface 'IoT'
	option start '100'
	option limit '150'
	option leasetime '12h'

config host
	option ip '192.168.5.144'
	option mac .....

cat /etc/config/adblock

config adblock 'global'
	option adb_enabled '1'
	option adb_debug '0'
	option adb_forcedns '1'
	option adb_safesearch '0'
	option adb_dnsfilereset '0'
	option adb_mail '0'
	option adb_report '1'
	option adb_backup '1'
	option adb_dns 'dnsmasq'
	option adb_fetchutil 'uclient-fetch'
	list adb_stb_sources 'alternates/fakenews-gambling-social/hosts'
	list adb_stb_sources 'alternates/porn-only/hosts'
	option adb_repiface 'br-lan'
	list adb_portlist '53'
	list adb_sources 'adaway'
	list adb_sources 'adguard'
	list adb_sources 'disconnect'
	list adb_sources 'hagezi'
	list adb_sources 'reg_de'
	list adb_sources 'stevenblack'
	list adb_sources 'winspy'
	list adb_sources 'yoyo'
	option adb_trigger 'wan'
	list adb_zonelist 'Gast'
	list adb_zonelist 'lan'
	list adb_hag_sources 'tif-onlydomains.txt'
	list adb_hag_sources 'fake-onlydomains.txt'
	list adb_allowip '192.168.5.144'

brada4 · October 19, 2024, 11:32am

Are you doing double nat?

Friedrich · October 19, 2024, 1:48pm

Thanks for the good idea. Here is the firewall config. NAT/Masquerading is already deactivated in all zones.

cat /etc/config/firewall

config defaults
	option input 'DROP'
	option output 'ACCEPT'
	option forward 'DROP'
	option synflood_protect '1'
	option drop_invalid '1'
	option flow_offloading '1'
	option flow_offloading_hw '1'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'DROP'
	option output 'ACCEPT'
	option forward 'DROP'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config redirect
	option target 'DNAT'
	option name 'Intercept-DNS'
	option family 'any'
	option src 'lan'
	option src_dport '53'

config zone
	option name 'Gast'
	option input 'DROP'
	option output 'ACCEPT'
	option forward 'DROP'
	list network 'Gast'

config forwarding
	option src 'Gast'
	option dest 'wan'

config rule
	option name 'DNS Leaks'
	option src '*'
	option dest 'wan'
	option dest_port '53 853 5353'
	option target 'REJECT'

config rule
	option name 'Wifi Radio'
	option src 'Gast'
	list src_ip '192.168.5.144'
	option dest 'wan'
	option target 'ACCEPT'

config rule
	option name 'Guest DHCP DNS'
	option src 'Gast'
	option dest_port '53 67 68'
	option target 'ACCEPT'

config zone
	option name 'IoT'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'DROP'
	list network 'IoT'

config forwarding
	option src 'lan'
	option dest 'IoT'

config redirect 'adblock_lan53'
	option name 'Adblock DNS (lan, 53)'
	option src 'lan'
	option proto 'tcp udp'
	option src_dport '53'
	option dest_port '53'
	option target 'DNAT'
	option family 'any'

config redirect 'adblock_Gast53'
	option name 'Adblock DNS (Gast, 53)'
	option src 'Gast'
	option proto 'tcp udp'
	option src_dport '53'
	option dest_port '53'
	option target 'DNAT'
	option family 'any'

Friedrich · October 19, 2024, 10:53pm

Okay so here's some more enlightment. Slowlyness only happens in 2.4 Ghz network. 5 Ghz is fine. Width was tried both 20 and 40 Mhz, Channels are changed from more busy areas (Channel 1) to less busy (Channel 5), still no changes. Any other ideas?

brada4 · October 19, 2024, 10:55pm

Move out of city, squirrels in the forest do not emit competing transmissions.

Friedrich · October 20, 2024, 7:15am

Yeah, always the better idea. Healthier indeed.
BUT when I use the ISP-connected Fritzbox 7490 for only 2.4 GHZ Wifi on Channel 6, its 90% of Fullspeed. So it is only the 2.4 Ghz Wifi of the OpenWRT on Fritzbox 4040. The impression of intermitting speed comes by frequent automatic changes of the clients between 5 Ghz and 2.4 Ghz - again something that I don't understand.
Are there known issues with the drivers for 2.4 Ghz on OpenWRT? Maybe the box itself got technical issues with the 2.4 GHz antenna? Some ideas for further diagnostics?

/edited thread name and first post

brada4 · October 20, 2024, 8:12am

Upgrade to 23.05.5 , .4 sometimes cuts download speed in half for all wifi.

Friedrich · October 20, 2024, 3:52pm

Cheers! Even better, it's at about 25-30 Mbit now. Thats absolutely acceptable. Will watch if it stays like that.

brada4 · October 20, 2024, 4:05pm

Set both bamd APs with same names so clients choose best for them.
Since you are in EU preferably ch 1 5 9 13 are used. ie for 2.4 radio:

option acs_chan_bias '1:0.8 5:0.8 9:0.8 13:0.9'

system · October 30, 2024, 4:06pm

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.