Connecting delay issue

atman · November 21, 2023, 4:38am

I have a problem thats getting mildly annoying and need help.
More often than not I cant immediately connect to my IP camera or local server and need to wait sometimes up to 10 seconds to establish a connection using cam software, or logging in to server with ssh.

Here are the details:
Huawei ONT ISP router at 192.168.100.1

IP camera at 192.168.100.42
server at 192.168.100.55

OpenWrt router at 192.168.1.1

PC at 192.168.1.10

It happens both via PC or via phone thats also connected to the openwrt router, I cant figure if the cause is at openwrt router or ISP router.
I made some captures and I can see that it sends the SYN with retrans but there is no SYN ACK for 9 seconds, in-between theres also some ARP which makes me think maybe something with routing

Here is the capture cant upload the pcap here.

root@gateway:~# ip route
default via 192.168.100.1 dev eth0.2
192.168.1.0/24 dev br-lan scope link  src 192.168.1.1
192.168.100.0/24 dev eth0.2 scope link  src 192.168.100.100

trendy · November 21, 2023, 8:50am

I don't see anything wrong here. The camera is not responding to the initial TCP SYN, hence the retransmissions. Then at some point the ARP for the mac of the camera expires and the router is starting a new one, to which the camera is responding with a lot of delay.

bib1963 · November 21, 2023, 9:44am

I would question why 2 IP addresses, 192.168.1.10 & 192.168.100.100 both appear to be running concurrently apparently from the same device. It may be that the camera sees the MAC address being the same for both of those addresses & is somehow getting confused as to where to return the data. Perhaps the camera is thinking it should go by another route.

trendy · November 21, 2023, 10:42am

It's not the same device, one is PC and the other is the router. Source IP of the packets from the PC is masqueraded when it leaves the wan interface of the OpenWrt to the IP of the wan interface.

atman · November 21, 2023, 1:00pm

The capture is on the openwrt router capturing eth0, I guess its normal to see the 2 IPs concurrently like that? Here is the switch

But why would the camera not respond immediately to the SYN, it looks to me as it never reaches the first SYN and responds then after 2 retrans, same is happening with a ubuntu server trying to login to ssh

Ramon · November 21, 2023, 1:28pm

NAT disabled?

egc · November 21, 2023, 1:45pm

A long shot:

Enable Drop Invalid Packets on Firewall > General Settings

atman · November 21, 2023, 1:58pm

@Ramon no
@egc was already enabled

atman · November 26, 2023, 2:33pm

any other ideas?

psherman · November 26, 2023, 3:02pm

Why not put the camera behind the openwrt device, this way everything is on the same network and router.

atman · November 26, 2023, 3:18pm

That would be good but i cant, the stupid main ISP router with its big non detachable antennas is in a media wall panel so theres not much space left, thats why my 3 port openwrt router is in my room

psherman · November 26, 2023, 3:48pm

So the issue is related to cabling and the like?

What is the purpose of the OpenWrt router? Have you considered using it as a dumb ap/switch?

atman · November 26, 2023, 4:04pm

I dont think theres a issue with cabling, everything works except for that initial connect delay only to the camera and server with SYN retransmitting.
The purpose of the openwrt router is SQM for bufferbloat and adblocking.

psherman · November 26, 2023, 4:05pm

I asked why you couldn’t connect your camera directly to the openwrt router. You responded by describing your isp router sitting in a structured cabling box. Therefore, I said the problem (with that idea) was cable related — I should have said constraint. Is that the case?

atman · November 26, 2023, 4:13pm

Ah, well yes the camera cable goes to that box in the hallway, ideally if there was space in that box the openwrt router would be also inside with some small switch for more ports and nothing would be connected to the ISP router.

atman · November 26, 2023, 4:15pm

Would maybe adding a static ARP or some route on the openwrt router do anything?
I do also have telnet access to the ISP router so I could add some route there as well.

psherman · November 26, 2023, 4:41pm

Can you temporarily connect your computer to the isp router or connect the camera to your openwrt device? The idea here is to test if there are still connection lags even when the two devices are on the same network.

atman · November 26, 2023, 4:57pm

will plug pc to isp router and check

atman · February 9, 2024, 7:52pm

Sorry for responding to this a bit later, but I want to share it if somebody else encounters the same.

So connected directly to ISP router I could access the cam and server normally the few times I tried with some time span in between, so that led me back to the openwrt router.

I tried adding a static arp entry for the cam on the openwrt router with its actual MAC, that worked for some short time but then I couldnt connect at all.

I then tried adding a static arp entry for the cam but with the MAC of the first ISP router and so far that seems to be working (have to confirm over longer period).

Last question would be shouldnt this work automatically without any intervention, I am pretty sure my routes and config are pretty default, can somebody take a glance?

ip route
default via 192.168.100.1 dev eth0.2 proto static
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1
192.168.100.0/24 dev eth0.2 proto kernel scope link src 192.168.100.100

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ipv6 'off'
        option delegate '0'
        option ifname 'eth0.1'

config device 'lan_eth0_1_dev'
        option name 'eth0.1'
        option macaddr '20:76:93:3c:d5:77'

config interface 'wan'
        option delegate '0'
        option proto 'static'
        option ipaddr '192.168.100.100'
        option gateway '192.168.100.1'
        option netmask '255.255.255.0'
        option ipv6 'off'
        option ifname 'eth0.2'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '1 2 6t'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '4 6t'

And this is what currently works

ip -stat neigh | grep 192.168.100.*
192.168.100.40 dev eth0.2 lladdr 30:e9:8e:ae:33:18 used 7440/7290/7290 probes 4 PERMANENT
192.168.100.1 dev eth0.2 lladdr 30:e9:8e:ae:33:18 used 56684/1106/56561 probes 1 PERMANENT
192.168.100.55 dev eth0.2 lladdr 30:e9:8e:ae:33:18 used 117273/1916/1916 probes 6 PERMANENT

psherman · February 9, 2024, 10:53pm

What version of OpenWrt is this from?

atman:

config interface 'lan'
        option type 'bridge'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ipv6 'off'
        option delegate '0'
        option ifname 'eth0.1'

It looks either old or like it is from a fork. What is the output of

ubus call system board