Connecting delay issue

I have a problem thats getting mildly annoying and need help.
More often than not I cant immediately connect to my IP camera or local server and need to wait sometimes up to 10 seconds to establish a connection using cam software, or logging in to server with ssh.

Here are the details:
Huawei ONT ISP router at

  • IP camera at
  • server at

OpenWrt router at

  • PC at

It happens both via PC or via phone thats also connected to the openwrt router, I cant figure if the cause is at openwrt router or ISP router.
I made some captures and I can see that it sends the SYN with retrans but there is no SYN ACK for 9 seconds, in-between theres also some ARP which makes me think maybe something with routing

Here is the capture cant upload the pcap here.

root@gateway:~# ip route
default via dev eth0.2 dev br-lan scope link  src dev eth0.2 scope link  src

I don't see anything wrong here. The camera is not responding to the initial TCP SYN, hence the retransmissions. Then at some point the ARP for the mac of the camera expires and the router is starting a new one, to which the camera is responding with a lot of delay.

I would question why 2 IP addresses, & both appear to be running concurrently apparently from the same device. It may be that the camera sees the MAC address being the same for both of those addresses & is somehow getting confused as to where to return the data. Perhaps the camera is thinking it should go by another route.

It's not the same device, one is PC and the other is the router. Source IP of the packets from the PC is masqueraded when it leaves the wan interface of the OpenWrt to the IP of the wan interface.

The capture is on the openwrt router capturing eth0, I guess its normal to see the 2 IPs concurrently like that? Here is the switch

But why would the camera not respond immediately to the SYN, it looks to me as it never reaches the first SYN and responds then after 2 retrans, same is happening with a ubuntu server trying to login to ssh

NAT disabled?

A long shot:

Enable Drop Invalid Packets on Firewall > General Settings

@Ramon no
@egc was already enabled

any other ideas?

Why not put the camera behind the openwrt device, this way everything is on the same network and router.

That would be good but i cant, the stupid main ISP router with its big non detachable antennas is in a media wall panel so theres not much space left, thats why my 3 port openwrt router is in my room

So the issue is related to cabling and the like?

What is the purpose of the OpenWrt router? Have you considered using it as a dumb ap/switch?

I dont think theres a issue with cabling, everything works except for that initial connect delay only to the camera and server with SYN retransmitting.
The purpose of the openwrt router is SQM for bufferbloat and adblocking.

I asked why you couldn’t connect your camera directly to the openwrt router. You responded by describing your isp router sitting in a structured cabling box. Therefore, I said the problem (with that idea) was cable related — I should have said constraint. Is that the case?

Ah, well yes the camera cable goes to that box in the hallway, ideally if there was space in that box the openwrt router would be also inside with some small switch for more ports and nothing would be connected to the ISP router.

Would maybe adding a static ARP or some route on the openwrt router do anything?
I do also have telnet access to the ISP router so I could add some route there as well.

Can you temporarily connect your computer to the isp router or connect the camera to your openwrt device? The idea here is to test if there are still connection lags even when the two devices are on the same network.

will plug pc to isp router and check

Sorry for responding to this a bit later, but I want to share it if somebody else encounters the same.

So connected directly to ISP router I could access the cam and server normally the few times I tried with some time span in between, so that led me back to the openwrt router.

I tried adding a static arp entry for the cam on the openwrt router with its actual MAC, that worked for some short time but then I couldnt connect at all.

I then tried adding a static arp entry for the cam but with the MAC of the first ISP router and so far that seems to be working (have to confirm over longer period).

Last question would be shouldnt this work automatically without any intervention, I am pretty sure my routes and config are pretty default, can somebody take a glance?

ip route
default via dev eth0.2 proto static dev br-lan proto kernel scope link src dev eth0.2 proto kernel scope link src
config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr ''
        option netmask ''

config globals 'globals'

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option ipaddr ''
        option netmask ''
        option ipv6 'off'
        option delegate '0'
        option ifname 'eth0.1'

config device 'lan_eth0_1_dev'
        option name 'eth0.1'
        option macaddr '20:76:93:3c:d5:77'

config interface 'wan'
        option delegate '0'
        option proto 'static'
        option ipaddr ''
        option gateway ''
        option netmask ''
        option ipv6 'off'
        option ifname 'eth0.2'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '4 6t'

And this is what currently works

ip -stat neigh | grep 192.168.100.* dev eth0.2 lladdr 30:e9:8e:ae:33:18 used 7440/7290/7290 probes 4 PERMANENT dev eth0.2 lladdr 30:e9:8e:ae:33:18 used 56684/1106/56561 probes 1 PERMANENT dev eth0.2 lladdr 30:e9:8e:ae:33:18 used 117273/1916/1916 probes 6 PERMANENT

What version of OpenWrt is this from?

It looks either old or like it is from a fork. What is the output of

ubus call system board