Connection is partial gets lost when using a WiFi bridge

Vilgelmster · November 28, 2021, 8:32am

Hi everyone,

I have a simple setup. The Linksys WRT1900ACv2 (OpenWrt 19.07.8 r11364-ef56c85848) is connected to the WiFi network of my ISP in a WiFi bridge mode.

ifconfig

wlan1 is a brigde

br-lan    Link encap:Ethernet  HWaddr C2:56:27:72:92:6B  
          inet addr:192.168.0.1  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::c056:27ff:fe72:926b/64 Scope:Link
          inet6 addr: fd71:95f:50cc::1/60 Scope:Global
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:6981174 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10389696 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1028939051 (981.2 MiB)  TX bytes:12076859746 (11.2 GiB)

eth0      Link encap:Ethernet  HWaddr C2:56:27:72:92:6B  
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:42151524 errors:0 dropped:0 overruns:0 frame:0
          TX packets:9489292 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:532 
          RX bytes:56251666286 (52.3 GiB)  TX bytes:3429426932 (3.1 GiB)
          Interrupt:37 

eth1      Link encap:Ethernet  HWaddr C0:56:27:72:92:6B  
          inet6 addr: fe80::c256:27ff:fe72:926b/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:41630 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:532 
          RX bytes:0 (0.0 B)  TX bytes:14235892 (13.5 MiB)
          Interrupt:36 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:376318 errors:0 dropped:0 overruns:0 frame:0
          TX packets:376318 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:33333232 (31.7 MiB)  TX bytes:33333232 (31.7 MiB)

tun0      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.9.0.2  P-t-P:10.9.0.2  Mask:255.255.255.0
          inet6 addr: fe80::4032:7691:8f8e:ae47/64 Scope:Link
          inet6 addr: fddd:1194:1194:1194::1000/64 Scope:Global
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:0 (0.0 B)  TX bytes:304 (304.0 B)

tun1      Link encap:UNSPEC  HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00  
          inet addr:10.8.0.2  P-t-P:10.8.0.2  Mask:255.255.255.0
          inet6 addr: fe80::a126:e7de:c5a5:75d2/64 Scope:Link
          UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
          RX packets:93255 errors:0 dropped:0 overruns:0 frame:0
          TX packets:120791 errors:0 dropped:14474 overruns:0 carrier:0
          collisions:0 txqueuelen:100 
          RX bytes:46723388 (44.5 MiB)  TX bytes:16020478 (15.2 MiB)

wlan0     Link encap:Ethernet  HWaddr C2:56:27:72:92:6D  
          inet6 addr: fe80::c056:27ff:fe72:926d/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10417554 errors:0 dropped:0 overruns:0 frame:0
          TX packets:47113764 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:1064218388 (1014.9 MiB)  TX bytes:65835033876 (61.3 GiB)

wlan1     Link encap:Ethernet  HWaddr 00:56:9C:13:8B:B0  
          inet addr:192.168.100.100  Bcast:192.168.100.255  Mask:255.255.255.0
          inet6 addr: fe80::225:9cff:fe13:8bd0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:53241 errors:0 dropped:0 overruns:0 frame:0
          TX packets:43084 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:45420128 (43.3 MiB)  TX bytes:11061455 (10.5 MiB)

wlan1-1   Link encap:Ethernet  HWaddr C2:56:27:72:92:6C  
          inet6 addr: fe80::c056:27ff:fe72:926c/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1119 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:0 (0.0 B)  TX bytes:167490 (163.5 KiB)

Generally, it works fine, but sometimes (it can happen two times in an hour or one time in a day without any consistent pattern) my connection gets lost partially before I manually restart the modem or the wlan1 interface from LuCi. What I mean by "partially": I can't ping anything (both from router and clients) except for LAN clients and wlan1 interface address (192.168.100.100), I can't use the internet, but if there were a persistent connection (like VPN or SSH tunnel) established from any device in the network before the problem appears it continues to work without any issue. So it looks like the connection is working, but something blocks me out of using it.

syslog from the moment of last interface restart to the moment of the problem appears

Sat Nov 27 17:13:00 2021 daemon.notice wpa_supplicant[7498]: wlan1: SME: Trying to authenticate with 7c:42:59:63:ed:12 (SSID='SILK' freq=2472 MHz)
Sat Nov 27 17:13:00 2021 kern.info kernel: [103034.052480] wlan1: authenticate with 7c:42:59:63:ed:12
Sat Nov 27 17:13:00 2021 kern.info kernel: [103034.057849] wlan1: send auth to 7c:42:59:63:ed:12 (try 1/3)
Sat Nov 27 17:13:00 2021 daemon.notice wpa_supplicant[7498]: wlan1: Trying to associate with 7c:42:59:63:ed:12 (SSID='SILK' freq=2472 MHz)
Sat Nov 27 17:13:00 2021 kern.info kernel: [103034.072585] wlan1: authenticated
Sat Nov 27 17:13:00 2021 daemon.notice netifd: Network device 'wlan1-1' link is down
Sat Nov 27 17:13:00 2021 kern.debug kernel: [103034.085118] ieee80211 phy1: change: 0x2
Sat Nov 27 17:13:00 2021 kern.info kernel: [103034.085611] br-lan: port 3(wlan1-1) entered disabled state
Sat Nov 27 17:13:00 2021 kern.info kernel: [103034.091352] wlan1: associating with AP with corrupt probe response
Sat Nov 27 17:13:00 2021 kern.info kernel: [103034.097676] wlan1: associate with 7c:42:59:63:ed:12 (try 1/3)
Sat Nov 27 17:13:00 2021 kern.info kernel: [103034.114929] wlan1: RX AssocResp from 7c:42:59:63:ed:12 (capab=0x411 status=0 aid=5)
Sat Nov 27 17:13:00 2021 daemon.notice netifd: Network device 'wlan1' link is up
Sat Nov 27 17:13:00 2021 daemon.notice netifd: Interface 'wwan' has link connectivity
Sat Nov 27 17:13:00 2021 daemon.notice wpa_supplicant[7498]: wlan1: Associated with 7c:42:59:63:ed:12
Sat Nov 27 17:13:00 2021 daemon.notice wpa_supplicant[7498]: wlan1: CTRL-EVENT-SUBNET-STATUS-UPDATE status=0
Sat Nov 27 17:13:00 2021 kern.debug kernel: [103034.207727] ieee80211 phy1: change: 0x2
Sat Nov 27 17:13:00 2021 kern.info kernel: [103034.207736] wlan1: associated
Sat Nov 27 17:13:00 2021 daemon.notice wpa_supplicant[7498]: wlan1: WPA: Key negotiation completed with 7c:42:59:63:ed:12 [PTK=CCMP GTK=CCMP]
Sat Nov 27 17:13:00 2021 daemon.notice wpa_supplicant[7498]: wlan1: CTRL-EVENT-CONNECTED - Connection to 7c:52:59:63:ed:92 completed [id=0 id_str=]
Sat Nov 27 17:13:00 2021 kern.info kernel: [103034.369902] br-lan: port 3(wlan1-1) entered blocking state
Sat Nov 27 17:13:00 2021 kern.info kernel: [103034.375506] br-lan: port 3(wlan1-1) entered forwarding state
Sat Nov 27 17:13:00 2021 daemon.notice netifd: Network device 'wlan1-1' link is up
Sat Nov 27 17:14:54 2021 kern.debug kernel: [103148.587357] ieee80211 phy1: Mac80211 start BA 7c:42:59:63:ed:12
Sat Nov 27 17:21:09 2021 daemon.notice openvpn(custom_config)[1955]: TLS: soft reset sec=0 bytes=1313289/-1 pkts=4539/0
Sat Nov 27 17:21:09 2021 daemon.notice openvpn(custom_config)[1955]: VERIFY OK: depth=1, CN=ChangeMe
Sat Nov 27 17:21:09 2021 daemon.notice openvpn(custom_config)[1955]: VERIFY KU OK
Sat Nov 27 17:21:09 2021 daemon.notice openvpn(custom_config)[1955]: Validating certificate extended key usage
Sat Nov 27 17:21:09 2021 daemon.notice openvpn(custom_config)[1955]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Nov 27 17:21:09 2021 daemon.notice openvpn(custom_config)[1955]: VERIFY EKU OK
Sat Nov 27 17:21:09 2021 daemon.notice openvpn(custom_config)[1955]: VERIFY OK: depth=0, CN=server
Sat Nov 27 17:21:09 2021 daemon.notice openvpn(custom_config)[1955]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Nov 27 17:21:09 2021 daemon.notice openvpn(custom_config)[1955]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Nov 27 17:21:09 2021 daemon.notice openvpn(custom_config)[1955]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Sat Nov 27 17:21:13 2021 daemon.notice openvpn(bg)[1956]: TLS: tls_process: killed expiring key
Sat Nov 27 17:21:14 2021 daemon.notice openvpn(bg)[1956]: TLS: soft reset sec=0 bytes=26792/-1 pkts=705/0
Sat Nov 27 17:21:15 2021 daemon.notice openvpn(bg)[1956]: VERIFY OK: depth=1, CN=ChangeMe
Sat Nov 27 17:21:15 2021 daemon.notice openvpn(bg)[1956]: VERIFY KU OK
Sat Nov 27 17:21:15 2021 daemon.notice openvpn(bg)[1956]: Validating certificate extended key usage
Sat Nov 27 17:21:15 2021 daemon.notice openvpn(bg)[1956]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Sat Nov 27 17:21:15 2021 daemon.notice openvpn(bg)[1956]: VERIFY EKU OK
Sat Nov 27 17:21:15 2021 daemon.notice openvpn(bg)[1956]: VERIFY OK: depth=0, CN=server
Sat Nov 27 17:21:15 2021 daemon.notice openvpn(bg)[1956]: Outgoing Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Nov 27 17:21:15 2021 daemon.notice openvpn(bg)[1956]: Incoming Data Channel: Cipher 'AES-256-GCM' initialized with 256 bit key
Sat Nov 27 17:21:15 2021 daemon.notice openvpn(bg)[1956]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, 2048 bit RSA
Sat Nov 27 17:33:15 2021 daemon.warn dnsmasq[3294]: possible DNS-rebind attack detected: 172-16-234-1.abcdefghijklmnopqrstuvwxyz012345.plex.direct
Sat Nov 27 17:33:15 2021 daemon.warn dnsmasq[3294]: possible DNS-rebind attack detected: 172-16-234-1.abcdefghijklmnopqrstuvwxyz012345.plex.direct
Sat Nov 27 17:50:45 2021 kern.debug kernel: [105298.965246] ieee80211 phy1: Mac80211 start BA 7c:42:59:63:ed:12
Sat Nov 27 17:53:37 2021 kern.debug kernel: [105470.915816] ieee80211 phy0: Mac80211 start BA 70:9d:d1:4f:d8:5b
Sat Nov 27 17:53:38 2021 kern.debug kernel: [105471.996613] ieee80211 phy0: Stop BA 20:db:b9:67:07:83
Sat Nov 27 18:10:20 2021 daemon.info dnsmasq-dhcp[3294]: DHCPREQUEST(br-lan) 192.168.0.104 d8:b3:85:94:d9:95
Sat Nov 27 18:10:20 2021 daemon.info dnsmasq-dhcp[3294]: DHCPACK(br-lan) 192.168.0.104 d8:b3:85:94:d9:95 hpz800
Sat Nov 27 18:12:54 2021 daemon.notice wpa_supplicant[7498]: wlan1: WPA: Group rekeying completed with 7c:42:59:63:ed:12 [GTK=CCMP]

kernel log from the moment of last interface restart to the moment of the problem appears

[108963.259636] wlan1: send auth to 7c:42:59:63:ed:12 (try 1/3)
[108963.274377] wlan1: authenticated
[108963.278001] wlan1: associating with AP with corrupt probe response
[108963.284330] wlan1: associate with 7c:42:59:63:ed:12 (try 1/3)
[108963.301632] wlan1: RX AssocResp from 7c:42:59:63:ed:12 (capab=0x411 status=0 aid=5)
[108963.394606] ieee80211 phy1: change: 0x2
[108963.394628] wlan1: associated
[108963.467605] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[108963.629584] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1-1: link becomes ready
[108963.636330] br-lan: port 3(wlan1-1) entered blocking state
[108963.641939] br-lan: port 3(wlan1-1) entered forwarding state
[108964.956405] ieee80211 phy1: Mac80211 start BA 7c:42:59:63:ed:12
[108966.367558] ieee80211 phy0: Mac80211 start BA 20:db:b9:67:07:83
[108967.381346] ieee80211 phy0: Stop BA 70:9d:d1:4f:d8:5b
[108967.440392] ieee80211 phy0: Mac80211 start BA 20:db:b9:67:07:83
[108967.480368] ieee80211 phy0: Mac80211 start BA 20:db:b9:67:07:83
[108967.520366] ieee80211 phy0: Mac80211 start BA 20:db:b9:67:07:83
[108967.560370] ieee80211 phy0: Mac80211 start BA 20:db:b9:67:07:83
[108967.600365] ieee80211 phy0: Mac80211 start BA 20:db:b9:67:07:83
[108967.640367] ieee80211 phy0: Mac80211 start BA 20:db:b9:67:07:83
[108967.680372] ieee80211 phy0: Mac80211 start BA 20:db:b9:67:07:83
[108967.720358] ieee80211 phy0: Mac80211 start BA 20:db:b9:67:07:83
[108967.760362] ieee80211 phy0: Mac80211 start BA 20:db:b9:67:07:83
[108967.800356] ieee80211 phy0: Mac80211 start BA 20:db:b9:67:07:83

tcpdump -i wlan1 -ev when the problem appears

23:56:48.835215 00:56:9c:13:8b:b0 (oui Unknown) > 7c:42:59:63:ed:12 (oui Unknown), ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 63, id 45229, offset 0, flags [DF], proto TCP (6), length 60)
  192.168.100.100.37749 > 116.202.225.117.6568: Flags [S], cksum 0x6bba (correct), seq 1569051520, win 64240, options [mss 1460,sackOK,TS val 1179992463 ecr 0,nop,wscale 7], length 0
23:56:48.836042 00:56:9c:13:8b:b0 (oui Unknown) > 7c:42:59:63:ed:12 (oui Unknown), ethertype IPv4 (0x0800), length 88: (tos 0x0, ttl 64, id 53525, offset 0, flags [DF], proto UDP (17), length 74)
  192.168.100.100.29526 > 8.8.8.8.53: 47676+ PTR? 117.225.202.116.in-addr.arpa. (46)
23:56:48.836075 00:56:9c:13:8b:b0 (oui Unknown) > 7c:42:59:63:ed:12 (oui Unknown), ethertype IPv4 (0x0800), length 88: (tos 0x0, ttl 64, id 21759, offset 0, flags [DF], proto UDP (17), length 74)
  192.168.100.100.29526 > 1.1.1.1.53: 47676+ PTR? 117.225.202.116.in-addr.arpa. (46)
23:56:48.889380 00:56:9c:13:8b:b0 (oui Unknown) > 7c:42:59:63:ed:12 (oui Unknown), ethertype IPv4 (0x0800), length 89: (tos 0x0, ttl 63, id 9924, offset 0, flags [DF], proto UDP (17), length 75)
  192.168.100.100.45159 > 1.1.1.1.53: 6710+ [1au] A? www.google.com.lan. (47)
23:56:48.889408 00:56:9c:13:8b:b0 (oui Unknown) > 7c:42:59:63:ed:12 (oui Unknown), ethertype IPv4 (0x0800), length 85: (tos 0x0, ttl 63, id 34533, offset 0, flags [DF], proto UDP (17), length 71)
  192.168.100.100.40209 > 8.8.8.8.53: 8574+ [1au] A? www.google.com. (43)
23:56:48.910443 00:56:9c:13:8b:b0 (oui Unknown) > 7c:42:59:63:ed:12 (oui Unknown), ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 63, id 30213, offset 0, flags [DF], proto TCP (6), length 60)
  192.168.100.100.38438 > 149.154.175.53.80: Flags [S], cksum 0x0ccb (correct), seq 1332187371, win 64240, options [mss 1460,sackOK,TS val 3995693428 ecr 0,nop,wscale 7], length 0
23:56:48.910683 00:56:9c:13:8b:b0 (oui Unknown) > 7c:42:59:63:ed:12 (oui Unknown), ethertype IPv4 (0x0800), length 74: (tos 0x0, ttl 63, id 32330, offset 0, flags [DF], proto TCP (6), length 60)
  192.168.100.100.60182 > 149.154.175.53.443: Flags [S], cksum 0x095e (correct), seq 3388064626, win 64240, options [mss 1460,sackOK,TS val 3995693428 ecr 0,nop,wscale 7], length 0
23:56:48.934282 00:56:9c:13:8b:b0 (oui Unknown) > 7c:42:59:63:ed:12 (oui Unknown), ethertype IPv4 (0x0800), length 107: (tos 0x0, ttl 63, id 52857, offset 0, flags [DF], proto UDP (17), length 93)

9 packets captured
9198 packets received by filter
9087 packets dropped by kernel

What I already tried: restart iptables when the problem occurs (didn't help), completely disable vpn-policy-routing when the problem occurs and before it (didn't help), upgrade router software (didn't help), use both static and DHCP modes for the bridge (didn't help).

Do you have any ideas about what can be the root of the problem and how to fix it? It was working fine when I have used a cable WAN connection.

Will appreciate any help.

Vilgelmster · November 28, 2021, 10:38am

Some other information that possibly could be helpful:

opkg list-installed

base-files - 204.4-r11364-ef56c85848
busybox - 1.30.1-6
ca-bundle - 20200601-1
cgi-io - 2021-09-08-98cef9dd-20
chat - 2.4.7.git-2019-05-25-3
comgt - 0.32-33
curl - 7.66.0-3
dnsmasq - 2.80-16.3
dropbear - 2019.78-2
firewall - 2019-11-22-8174814a-3
fstools - 2020-05-12-84269037-1
fwtool - 2
getrandom - 2019-06-16-4df34a4d-4
glib2 - 2.58.3-5
hostapd-common - 2019-08-08-ca8c2bd2-7
htop - 3.0.5-1
ip-full - 5.0.0-2.1
ip-tiny - 5.0.0-2.1
ip6tables - 1.8.3-1
ipset - 7.3-1
iptables - 1.8.3-1
iptables-mod-conntrack-extra - 1.8.3-1
iptables-mod-ipopt - 1.8.3-1
iw - 5.0.1-1
iwinfo - 2019-10-16-07315b6f-1
jshn - 2020-05-25-66195aee-1
jsonfilter - 2018-02-04-c7e938d6-1
kernel - 4.14.241-1-a92a3f5c5bed2671533484c7ace9d5b5
kmod-ath - 4.14.241+4.19.193-1-1
kmod-ath9k - 4.14.241+4.19.193-1-1
kmod-ath9k-common - 4.14.241+4.19.193-1-1
kmod-cfg80211 - 4.14.241+4.19.193-1-1
kmod-gpio-button-hotplug - 4.14.241-3
kmod-ip6tables - 4.14.241-1
kmod-ipt-conntrack - 4.14.241-1
kmod-ipt-conntrack-extra - 4.14.241-1
kmod-ipt-core - 4.14.241-1
kmod-ipt-ipopt - 4.14.241-1
kmod-ipt-ipset - 4.14.241-1
kmod-ipt-nat - 4.14.241-1
kmod-ipt-offload - 4.14.241-1
kmod-ipt-raw - 4.14.241-1
kmod-lib-crc-ccitt - 4.14.241-1
kmod-lib-textsearch - 4.14.241-1
kmod-libphy - 4.14.241-1
kmod-mac80211 - 4.14.241+4.19.193-1-1
kmod-mii - 4.14.241-1
kmod-mwlwifi - 4.14.241+2019-03-02-31d93860-1
kmod-nf-conntrack - 4.14.241-1
kmod-nf-conntrack6 - 4.14.241-1
kmod-nf-flow - 4.14.241-1
kmod-nf-ipt - 4.14.241-1
kmod-nf-ipt6 - 4.14.241-1
kmod-nf-nat - 4.14.241-1
kmod-nf-nathelper-extra - 4.14.241-1
kmod-nf-reject - 4.14.241-1
kmod-nf-reject6 - 4.14.241-1
kmod-nfnetlink - 4.14.241-1
kmod-nls-base - 4.14.241-1
kmod-ppp - 4.14.241-1
kmod-pppoe - 4.14.241-1
kmod-pppox - 4.14.241-1
kmod-slhc - 4.14.241-1
kmod-tun - 4.14.241-1
kmod-usb-core - 4.14.241-1
kmod-usb-ehci - 4.14.241-1
kmod-usb-net - 4.14.241-1
kmod-usb-net-asix - 4.14.241-1
kmod-usb-net-cdc-ether - 4.14.241-1
kmod-usb-net-rndis - 4.14.241-1
kmod-usb-ohci - 4.14.241-1
kmod-usb2 - 4.14.241-1
libattr - 2.4.48-1
libblkid1 - 2.34-1
libblobmsg-json - 2020-05-25-66195aee-1
libc - 1.1.24-2
libcap - 2.27-1
libcurl4 - 7.66.0-3
libelf1 - 0.177-1
libffi - 3.3-2
libgcc1 - 7.5.0-2
libip4tc2 - 1.8.3-1
libip6tc2 - 1.8.3-1
libipset13 - 7.3-1
libiwinfo-lua - 2019-10-16-07315b6f-1
libiwinfo20181126 - 2019-10-16-07315b6f-1
libjson-c2 - 0.12.1-3.1
libjson-script - 2020-05-25-66195aee-1
liblua5.1.5 - 5.1.5-3
liblucihttp-lua - 2019-07-05-a34a17d5-1
liblucihttp0 - 2019-07-05-a34a17d5-1
liblzo2 - 2.10-2
libmbedtls12 - 2.16.10-1
libmnl0 - 1.0.4-2
libmount1 - 2.34-1
libncurses6 - 6.1-5
libnl-tiny - 0.1-5
libopenssl1.1 - 1.1.1l-1
libpcap1 - 1.9.1-2.1
libpcre - 8.43-1
libpthread - 1.1.24-2
librt - 1.1.24-2
libssh2-1 - 1.9.0-2
libubox20191228 - 2020-05-25-66195aee-1
libubus-lua - 2021-07-01-38c7fdd8-1
libubus20210603 - 2021-07-01-38c7fdd8-1
libuci-lua - 2019-09-01-415f9e48-4
libuci20130104 - 2019-09-01-415f9e48-4
libuclient20160123 - 2020-06-17-51e16ebf-1
libustream-mbedtls20150806 - 2020-03-13-40b563b1-1
libuuid1 - 2.34-1
libxtables12 - 1.8.3-1
logd - 2019-06-16-4df34a4d-4
lua - 5.1.5-3
luci - git-21.314.39495-8bd4e78-1
luci-app-firewall - git-21.314.39495-8bd4e78-1
luci-app-openvpn - git-21.314.39495-8bd4e78-1
luci-app-opkg - git-21.314.39495-8bd4e78-1
luci-app-vpn-policy-routing - 0.3.2-20-1
luci-base - git-21.314.39495-8bd4e78-1
luci-compat - git-21.314.39495-8bd4e78-1
luci-lib-ip - git-21.314.39495-8bd4e78-1
luci-lib-jsonc - git-21.314.39495-8bd4e78-1
luci-lib-nixio - git-21.314.39495-8bd4e78-1
luci-mod-admin-full - git-21.314.39495-8bd4e78-1
luci-mod-network - git-21.314.39495-8bd4e78-1
luci-mod-status - git-21.314.39495-8bd4e78-1
luci-mod-system - git-21.314.39495-8bd4e78-1
luci-proto-3g - git-21.314.39495-8bd4e78-1
luci-proto-ipv6 - git-21.314.39495-8bd4e78-1
luci-proto-ppp - git-21.314.39495-8bd4e78-1
luci-ssl - git-21.314.39495-8bd4e78-1
luci-theme-bootstrap - git-21.314.39495-8bd4e78-1
mc - 4.8.27-2
mtd - 24
mwlwifi-firmware-88w8864 - 2019-03-02-31d93860-1
nano - 5.9-1
netifd - 2021-01-09-753c351b-1
odhcp6c - 2021-01-09-64e1b4e7-16
odhcpd-ipv6only - 2020-05-03-49e4949c-3
openssh-client - 8.0p1-1
openvpn-openssl - 2.4.11-1
openwrt-keyring - 2021-02-20-49283916-2
opkg - 2021-01-31-c5dccea9-1
ppp - 2.4.7.git-2019-05-25-3
ppp-mod-pppoe - 2.4.7.git-2019-05-25-3
privoxy - 3.0.28-1
procd - 2020-03-07-09b9bd82-1
px5g-mbedtls - 9
resolveip - 2
rpcd - 2020-05-26-67c8a3fd-1
rpcd-mod-file - 2020-05-26-67c8a3fd-1
rpcd-mod-iwinfo - 2020-05-26-67c8a3fd-1
rpcd-mod-luci - 20201107
rpcd-mod-rrdns - 20170710
sshpass - 1.06-1
sshtunnel - 4-3
swconfig - 12
tcpdump - 4.9.3-2
terminfo - 6.1-5
ubi-utils - 2.1.1-1
uboot-envtools - 2018.03-3.1
ubox - 2019-06-16-4df34a4d-4
ubus - 2021-07-01-38c7fdd8-1
ubusd - 2021-07-01-38c7fdd8-1
uci - 2019-09-01-415f9e48-4
uclient-fetch - 2020-06-17-51e16ebf-1
uhttpd - 2020-10-01-3abcc891-1
urandom-seed - 1.0-1
urngd - 2020-01-21-c7f7b6b6-1
usign - 2020-05-23-f1f65026-1
vpn-policy-routing - 0.2.1-13
wget - 1.20.3-4
wireless-regdb - 2021.08.28-1
wpad-basic - 2019-08-08-ca8c2bd2-7
zlib - 1.2.11-3

iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     gre  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere             /* !fw3 */
input_rule  all  --  anywhere             anywhere             /* !fw3: Custom input rule chain */
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED /* !fw3 */
syn_flood  tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN /* !fw3 */
zone_lan_input  all  --  anywhere             anywhere             /* !fw3 */
zone_wan_input  all  --  anywhere             anywhere             /* !fw3 */
zone_wan_input  all  --  anywhere             anywhere             /* !fw3 */
zone_vpn_novosib_input  all  --  anywhere             anywhere             /* !fw3 */
zone_vpn_bg_input  all  --  anywhere             anywhere             /* !fw3 */

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
forwarding_rule  all  --  anywhere             anywhere             /* !fw3: Custom forwarding rule chain */
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED /* !fw3 */
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:47 /* !fw3: Open47 */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:47 /* !fw3: Open47 */
zone_lan_forward  all  --  anywhere             anywhere             /* !fw3 */
zone_wan_forward  all  --  anywhere             anywhere             /* !fw3 */
zone_wan_forward  all  --  anywhere             anywhere             /* !fw3 */
zone_vpn_novosib_forward  all  --  anywhere             anywhere             /* !fw3 */
zone_vpn_bg_forward  all  --  anywhere             anywhere             /* !fw3 */

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             /* !fw3 */
output_rule  all  --  anywhere             anywhere             /* !fw3: Custom output rule chain */
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED /* !fw3 */
zone_lan_output  all  --  anywhere             anywhere             /* !fw3 */
zone_wan_output  all  --  anywhere             anywhere             /* !fw3 */
zone_wan_output  all  --  anywhere             anywhere             /* !fw3 */
zone_vpn_novosib_output  all  --  anywhere             anywhere             /* !fw3 */
zone_vpn_bg_output  all  --  anywhere             anywhere             /* !fw3 */

Chain forwarding_lan_rule (1 references)
target     prot opt source               destination         

Chain forwarding_rule (1 references)
target     prot opt source               destination         

Chain forwarding_vpn_bg_rule (1 references)
target     prot opt source               destination         

Chain forwarding_vpn_novosib_rule (1 references)
target     prot opt source               destination         

Chain forwarding_wan_rule (1 references)
target     prot opt source               destination         

Chain input_lan_rule (1 references)
target     prot opt source               destination         

Chain input_rule (1 references)
target     prot opt source               destination         
ACCEPT     gre  --  anywhere             anywhere            

Chain input_vpn_bg_rule (1 references)
target     prot opt source               destination         

Chain input_vpn_novosib_rule (1 references)
target     prot opt source               destination         

Chain input_wan_rule (1 references)
target     prot opt source               destination         

Chain output_lan_rule (1 references)
target     prot opt source               destination         

Chain output_rule (1 references)
target     prot opt source               destination         
ACCEPT     gre  --  anywhere             anywhere            

Chain output_vpn_bg_rule (1 references)
target     prot opt source               destination         

Chain output_vpn_novosib_rule (1 references)
target     prot opt source               destination         

Chain output_wan_rule (1 references)
target     prot opt source               destination         

Chain reject (0 references)
target     prot opt source               destination         
REJECT     tcp  --  anywhere             anywhere             /* !fw3 */ reject-with tcp-reset
REJECT     all  --  anywhere             anywhere             /* !fw3 */ reject-with icmp-port-unreachable

Chain syn_flood (1 references)
target     prot opt source               destination         
RETURN     tcp  --  anywhere             anywhere             tcp flags:FIN,SYN,RST,ACK/SYN limit: avg 25/sec burst 50 /* !fw3 */
DROP       all  --  anywhere             anywhere             /* !fw3 */

Chain zone_lan_dest_ACCEPT (4 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             /* !fw3 */

Chain zone_lan_forward (1 references)
target     prot opt source               destination         
forwarding_lan_rule  all  --  anywhere             anywhere             /* !fw3: Custom lan forwarding rule chain */
zone_wan_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3: Zone lan to wan forwarding policy */
zone_vpn_novosib_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3: Zone lan to vpn_novosib forwarding policy */
zone_vpn_bg_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3: Zone lan to vpn_bg forwarding policy */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* !fw3: Accept port forwards */
zone_lan_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */

Chain zone_lan_input (1 references)
target     prot opt source               destination         
input_lan_rule  all  --  anywhere             anywhere             /* !fw3: Custom lan input rule chain */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* !fw3: Accept port redirections */
zone_lan_src_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */

Chain zone_lan_output (1 references)
target     prot opt source               destination         
output_lan_rule  all  --  anywhere             anywhere             /* !fw3: Custom lan output rule chain */
zone_lan_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */

Chain zone_lan_src_ACCEPT (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             ctstate NEW,UNTRACKED /* !fw3 */

Chain zone_vpn_bg_dest_ACCEPT (3 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere             ctstate INVALID /* !fw3: Prevent NAT leakage */
ACCEPT     all  --  anywhere             anywhere             /* !fw3 */

Chain zone_vpn_bg_forward (1 references)
target     prot opt source               destination         
forwarding_vpn_bg_rule  all  --  anywhere             anywhere             /* !fw3: Custom vpn_bg forwarding rule chain */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* !fw3: Accept port forwards */
zone_vpn_bg_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */

Chain zone_vpn_bg_input (1 references)
target     prot opt source               destination         
input_vpn_bg_rule  all  --  anywhere             anywhere             /* !fw3: Custom vpn_bg input rule chain */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* !fw3: Accept port redirections */
zone_vpn_bg_src_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */

Chain zone_vpn_bg_output (1 references)
target     prot opt source               destination         
output_vpn_bg_rule  all  --  anywhere             anywhere             /* !fw3: Custom vpn_bg output rule chain */
zone_vpn_bg_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */

Chain zone_vpn_bg_src_ACCEPT (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             ctstate NEW,UNTRACKED /* !fw3 */

Chain zone_vpn_novosib_dest_ACCEPT (3 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere             ctstate INVALID /* !fw3: Prevent NAT leakage */
ACCEPT     all  --  anywhere             anywhere             /* !fw3 */

Chain zone_vpn_novosib_forward (1 references)
target     prot opt source               destination         
forwarding_vpn_novosib_rule  all  --  anywhere             anywhere             /* !fw3: Custom vpn_novosib forwarding rule chain */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* !fw3: Accept port forwards */
zone_vpn_novosib_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */

Chain zone_vpn_novosib_input (1 references)
target     prot opt source               destination         
input_vpn_novosib_rule  all  --  anywhere             anywhere             /* !fw3: Custom vpn_novosib input rule chain */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* !fw3: Accept port redirections */
zone_vpn_novosib_src_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */

Chain zone_vpn_novosib_output (1 references)
target     prot opt source               destination         
output_vpn_novosib_rule  all  --  anywhere             anywhere             /* !fw3: Custom vpn_novosib output rule chain */
zone_vpn_novosib_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */

Chain zone_vpn_novosib_src_ACCEPT (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             ctstate NEW,UNTRACKED /* !fw3 */

Chain zone_wan_dest_ACCEPT (3 references)
target     prot opt source               destination         
DROP       all  --  anywhere             anywhere             ctstate INVALID /* !fw3: Prevent NAT leakage */
ACCEPT     all  --  anywhere             anywhere             /* !fw3 */
DROP       all  --  anywhere             anywhere             ctstate INVALID /* !fw3: Prevent NAT leakage */
ACCEPT     all  --  anywhere             anywhere             /* !fw3 */

Chain zone_wan_forward (2 references)
target     prot opt source               destination         
forwarding_wan_rule  all  --  anywhere             anywhere             /* !fw3: Custom wan forwarding rule chain */
zone_lan_dest_ACCEPT  esp  --  anywhere             anywhere             /* !fw3: Allow-IPSec-ESP */
zone_lan_dest_ACCEPT  udp  --  anywhere             anywhere             udp dpt:isakmp /* !fw3: Allow-ISAKMP */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* !fw3: Accept port forwards */
zone_wan_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */

Chain zone_wan_input (2 references)
target     prot opt source               destination         
input_wan_rule  all  --  anywhere             anywhere             /* !fw3: Custom wan input rule chain */
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootpc /* !fw3: Allow-DHCP-Renew */
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request /* !fw3: Allow-Ping */
ACCEPT     igmp --  anywhere             anywhere             /* !fw3: Allow-IGMP */
ACCEPT     all  --  anywhere             anywhere             ctstate DNAT /* !fw3: Accept port redirections */
zone_wan_src_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */

Chain zone_wan_output (2 references)
target     prot opt source               destination         
output_wan_rule  all  --  anywhere             anywhere             /* !fw3: Custom wan output rule chain */
zone_wan_dest_ACCEPT  all  --  anywhere             anywhere             /* !fw3 */

Chain zone_wan_src_ACCEPT (1 references)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             anywhere             ctstate NEW,UNTRACKED /* !fw3 */
ACCEPT     all  --  anywhere             anywhere             ctstate NEW,UNTRACKED /* !fw3 */