Connecting delay issue

I have a problem thats getting mildly annoying and need help.
More often than not I cant immediately connect to my IP camera or local server and need to wait sometimes up to 10 seconds to establish a connection using cam software, or logging in to server with ssh.

Here are the details:
Huawei ONT ISP router at 192.168.100.1

• IP camera at 192.168.100.42
• server at 192.168.100.55

OpenWrt router at 192.168.1.1

• PC at 192.168.1.10

It happens both via PC or via phone thats also connected to the openwrt router, I cant figure if the cause is at openwrt router or ISP router.
I made some captures and I can see that it sends the SYN with retrans but there is no SYN ACK for 9 seconds, in-between theres also some ARP which makes me think maybe something with routing

Here is the capture cant upload the pcap here.

root@gateway:~# ip route
default via 192.168.100.1 dev eth0.2
192.168.1.0/24 dev br-lan scope link  src 192.168.1.1
192.168.100.0/24 dev eth0.2 scope link  src 192.168.100.100

I don't see anything wrong here. The camera is not responding to the initial TCP SYN, hence the retransmissions. Then at some point the ARP for the mac of the camera expires and the router is starting a new one, to which the camera is responding with a lot of delay.

I would question why 2 IP addresses, 192.168.1.10 & 192.168.100.100 both appear to be running concurrently apparently from the same device. It may be that the camera sees the MAC address being the same for both of those addresses & is somehow getting confused as to where to return the data. Perhaps the camera is thinking it should go by another route.

It's not the same device, one is PC and the other is the router. Source IP of the packets from the PC is masqueraded when it leaves the wan interface of the OpenWrt to the IP of the wan interface.

The capture is on the openwrt router capturing eth0, I guess its normal to see the 2 IPs concurrently like that? Here is the switch

But why would the camera not respond immediately to the SYN, it looks to me as it never reaches the first SYN and responds then after 2 retrans, same is happening with a ubuntu server trying to login to ssh

NAT disabled?

A long shot:

Enable Drop Invalid Packets on Firewall > General Settings

@Ramon no
@egc was already enabled

any other ideas?

Why not put the camera behind the openwrt device, this way everything is on the same network and router.

That would be good but i cant, the stupid main ISP router with its big non detachable antennas is in a media wall panel so theres not much space left, thats why my 3 port openwrt router is in my room

So the issue is related to cabling and the like?

What is the purpose of the OpenWrt router? Have you considered using it as a dumb ap/switch?

I dont think theres a issue with cabling, everything works except for that initial connect delay only to the camera and server with SYN retransmitting.
The purpose of the openwrt router is SQM for bufferbloat and adblocking.

I asked why you couldn’t connect your camera directly to the openwrt router. You responded by describing your isp router sitting in a structured cabling box. Therefore, I said the problem (with that idea) was cable related — I should have said constraint. Is that the case?

Ah, well yes the camera cable goes to that box in the hallway, ideally if there was space in that box the openwrt router would be also inside with some small switch for more ports and nothing would be connected to the ISP router.

Would maybe adding a static ARP or some route on the openwrt router do anything?
I do also have telnet access to the ISP router so I could add some route there as well.

Can you temporarily connect your computer to the isp router or connect the camera to your openwrt device? The idea here is to test if there are still connection lags even when the two devices are on the same network.

will plug pc to isp router and check