Dynalink WRX36 - sporadic wireless clients ping issue

OK, I'm at my wits end here! trying to get the WRX36 to behave correctly.

If this is a widespread issue, everyone would be reporting it, so I feel my config might be incorrect?
note: I did have the same config on my Archer c2600 which worked faultlessly.

I've noted my experiences here:

Generally - cannot ping devices that I should be able to ping, eg: devices within the same br-lan.
All devices are wireless.

Current running 23.05.0-rc2, r23228-cd17d8df2a
At the moment, wireless 2.4G devices are replying to pings from a 5GHz client, whereas all 5GHz clients are not replying to pings from the same 5GHz client.

I say at the moment, because it's sporadic, e.g. upon a reboot / flashing new image / changing wireless setup / etc, will change which devices that are replying to pings/not.

Can someone give me some guidance before I lose all my sanity?

Can you manually try the following (when pinging doesn't work):

echo 1 >/sys/class/net/phy0-ap0/brport/hairpin_mode
echo 1 >/sys/class/net/phy1-ap0/brport/hairpin_mode

And then test again?

Thanks @zekica for the help...

I think they're already set to 1

root@OpenWrt:~# cat /sys/class/net/phy0-ap0/brport/hairpin_mode
1
root@OpenWrt:~# cat /sys/class/net/phy1-ap0/brport/hairpin_mode
1
root@OpenWrt:~# echo 1 >/sys/class/net/phy0-ap0/brport/hairpin_mode
root@OpenWrt:~# echo 1 >/sys/class/net/phy1-ap0/brport/hairpin_mode

however, I did run them then disconnected 2x 5G wireless clients, reconnected with no change.
BTW, I'm running a total of 4x SSID's, 2x are guests and they are set to 0

root@OpenWrt:~# cat /sys/class/net/phy0-ap1/brport/hairpin_mode
0
root@OpenWrt:~# cat /sys/class/net/phy1-ap1/brport/hairpin_mode
0

Just to add I can ping the wireless clients using cli, yet from a Windows wireless client...

ping using hostname

Pinging eeepc.lan [192.168.2.205] with 32 bytes of data:
Reply from 192.168.2.222: Destination host unreachable.

pinging directly

Pinging 192.168.2.205 with 32 bytes of data:
Reply from 192.168.2.222: Destination host unreachable.

Who is 192.168.2.222?

Please check this too.
Maybe related somehow. The setup is simple.

Turn off windows firewall?

Windows PC (ACER-Aspire.lan) where I conduct the pings from.

It could be but I'm not 100% sure.

When I get no ping replies it's not for a few seconds. e.g. this morning I cannot ping any device on the 5GHz band. I also couldn't ping 1x device on the 2.4Ghz band however rebooting such device brought it back.

I don't think it's a windows firewall issue, e.g. if connecting via 2.4GHz this morning I can ping and access the shares on that windows PC, with 5GHz no ping replies, no shared access.

OK here's another issue which hasn't occurred before...

ACER-Aspire.lan on 192.168.2.222, shows up as a guest network IP 192.168.3.222

image872×215 26.6 KB

Wed Aug  2 08:29:57 2023 daemon.info dnsmasq-dhcp[1]: DHCPNAK(br-lan) 192.168.2.222 d0:xx:xx:xx:xx:75 wrong address
Wed Aug  2 08:29:57 2023 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 192.168.2.222 d0:xx:xx:xx:xx:75
Wed Aug  2 08:29:56 2023 daemon.info dnsmasq-dhcp[1]: DHCPNAK(br-lan) 192.168.2.222 d0:xx:xx:xx:xx:75 wrong address
Wed Aug  2 08:29:56 2023 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 192.168.2.222 d0:xx:xx:xx:xx:75
Wed Aug  2 08:29:51 2023 daemon.info dnsmasq-dhcp[1]: DHCPNAK(br-lan) 192.168.2.222 d0:xx:xx:xx:xx:75 wrong address
Wed Aug  2 08:29:51 2023 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 192.168.2.222 d0:xx:xx:xx:xx:75
Wed Aug  2 08:29:48 2023 daemon.info dnsmasq-dhcp[1]: DHCPNAK(br-lan) 192.168.2.222 d0:xx:xx:xx:xx:75 wrong address
Wed Aug  2 08:29:48 2023 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 192.168.2.222 d0:xx:xx:xx:xx:75
Wed Aug  2 08:29:45 2023 daemon.info dnsmasq-dhcp[1]: DHCPNAK(br-lan) 192.168.2.222 d0:xx:xx:xx:xx:75 wrong address
Wed Aug  2 08:29:45 2023 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 192.168.2.222 d0:xx:xx:xx:xx:75
Wed Aug  2 08:29:43 2023 daemon.info dnsmasq-dhcp[1]: DHCPNAK(br-lan) 192.168.2.222 d0:xx:xx:xx:xx:75 wrong address
Wed Aug  2 08:29:43 2023 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 192.168.2.222 d0:xx:xx:xx:xx:75
Wed Aug  2 08:29:43 2023 daemon.info dnsmasq-dhcp[1]: DHCPNAK(br-lan) 192.168.2.222 d0:xx:xx:xx:xx:75 wrong address
Wed Aug  2 08:29:43 2023 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 192.168.2.222 d0:xx:xx:xx:xx:75
Wed Aug  2 08:29:41 2023 daemon.notice hostapd: phy0-ap0: EAPOL-4WAY-HS-COMPLETED d0:xx:xx:xx:xx:75
Wed Aug  2 08:29:41 2023 daemon.info hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 WPA: pairwise key handshake completed (RSN)
Wed Aug  2 08:29:41 2023 daemon.notice hostapd: phy0-ap0: AP-STA-CONNECTED d0:xx:xx:xx:xx:75 auth_alg=open
Wed Aug  2 08:29:41 2023 daemon.info hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 IEEE 802.11: associated (aid 5)
Wed Aug  2 08:29:41 2023 daemon.notice hostapd: phy0-ap0: STA-OPMODE-N_SS-CHANGED d0:xx:xx:xx:xx:75 3
Wed Aug  2 08:29:41 2023 daemon.info hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 IEEE 802.11: authenticated
Wed Aug  2 08:29:41 2023 daemon.notice hostapd: phy0-ap0: STA-OPMODE-N_SS-CHANGED d0:xx:xx:xx:xx:75 1
Wed Aug  2 08:29:40 2023 daemon.info hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 IEEE 802.11: disassociated
Wed Aug  2 08:29:40 2023 daemon.notice hostapd: phy0-ap0: AP-STA-DISCONNECTED d0:xx:xx:xx:xx:75
Wed Aug  2 08:29:40 2023 daemon.notice hostapd: phy0-ap0: EAPOL-4WAY-HS-COMPLETED d0:xx:xx:xx:xx:75
Wed Aug  2 08:29:40 2023 daemon.info hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 WPA: pairwise key handshake completed (RSN)
Wed Aug  2 08:29:40 2023 daemon.notice hostapd: phy0-ap0: AP-STA-CONNECTED d0:xx:xx:xx:xx:75 auth_alg=open
Wed Aug  2 08:29:40 2023 daemon.info hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 IEEE 802.11: associated (aid 5)
Wed Aug  2 08:29:40 2023 daemon.notice hostapd: phy0-ap0: STA-OPMODE-N_SS-CHANGED d0:xx:xx:xx:xx:75 3
Wed Aug  2 08:29:40 2023 daemon.info hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 IEEE 802.11: authenticated
Wed Aug  2 08:29:38 2023 daemon.notice hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 IEEE 802.11: did not acknowledge authentication response
Wed Aug  2 08:29:38 2023 daemon.notice hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 IEEE 802.11: did not acknowledge authentication response
Wed Aug  2 08:29:38 2023 daemon.notice hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 IEEE 802.11: did not acknowledge authentication response
Wed Aug  2 08:29:38 2023 daemon.notice hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 IEEE 802.11: did not acknowledge authentication response
Wed Aug  2 08:29:38 2023 daemon.notice hostapd: phy0-ap0: STA-OPMODE-N_SS-CHANGED d0:xx:xx:xx:xx:75 1
Wed Aug  2 08:29:38 2023 kern.warn kernel: [62411.771882] ath11k c000000.wifi: failed to flush transmit queue, data pkts pending 1
Wed Aug  2 08:29:33 2023 daemon.notice hostapd: phy0-ap0: AP-STA-DISCONNECTED d0:xx:xx:xx:xx:75
Wed Aug  2 08:29:30 2023 daemon.notice hostapd: phy0-ap0: EAPOL-4WAY-HS-COMPLETED d0:xx:xx:xx:xx:75
Wed Aug  2 08:29:30 2023 daemon.info hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 WPA: pairwise key handshake completed (RSN)
Wed Aug  2 08:29:30 2023 daemon.notice hostapd: phy0-ap0: AP-STA-CONNECTED d0:xx:xx:xx:xx:75 auth_alg=open
Wed Aug  2 08:29:30 2023 daemon.info hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 IEEE 802.11: associated (aid 5)
Wed Aug  2 08:29:30 2023 daemon.notice hostapd: phy0-ap0: STA-OPMODE-N_SS-CHANGED d0:xx:xx:xx:xx:75 3
Wed Aug  2 08:29:30 2023 daemon.info hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 IEEE 802.11: authenticated
Wed Aug  2 08:29:27 2023 daemon.info hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
Wed Aug  2 08:29:26 2023 daemon.info hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 IEEE 802.11: authenticated
Wed Aug  2 08:29:26 2023 daemon.info hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 IEEE 802.11: authenticated
Wed Aug  2 08:29:26 2023 daemon.info hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 IEEE 802.11: authenticated
Wed Aug  2 08:29:26 2023 daemon.info hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 IEEE 802.11: authenticated
Wed Aug  2 08:29:26 2023 daemon.notice hostapd: phy0-ap0: STA-OPMODE-N_SS-CHANGED d0:xx:xx:xx:xx:75 1
Wed Aug  2 08:29:21 2023 daemon.info hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 IEEE 802.11: disassociated
Wed Aug  2 08:29:21 2023 daemon.notice hostapd: phy0-ap0: AP-STA-DISCONNECTED d0:xx:xx:xx:xx:75
Wed Aug  2 08:29:21 2023 daemon.notice hostapd: phy0-ap0: EAPOL-4WAY-HS-COMPLETED d0:xx:xx:xx:xx:75
Wed Aug  2 08:29:21 2023 daemon.info hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 WPA: pairwise key handshake completed (RSN)
Wed Aug  2 08:29:21 2023 daemon.notice hostapd: phy0-ap0: AP-STA-CONNECTED d0:xx:xx:xx:xx:75 auth_alg=open
Wed Aug  2 08:29:21 2023 daemon.info hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 IEEE 802.11: associated (aid 5)
Wed Aug  2 08:29:21 2023 daemon.notice hostapd: phy0-ap0: STA-OPMODE-N_SS-CHANGED d0:xx:xx:xx:xx:75 3
Wed Aug  2 08:29:21 2023 daemon.info hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 IEEE 802.11: authenticated
Wed Aug  2 08:29:19 2023 daemon.notice hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 IEEE 802.11: did not acknowledge authentication response
Wed Aug  2 08:29:19 2023 daemon.notice hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 IEEE 802.11: did not acknowledge authentication response
Wed Aug  2 08:29:19 2023 daemon.notice hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 IEEE 802.11: did not acknowledge authentication response
Wed Aug  2 08:29:19 2023 daemon.notice hostapd: phy0-ap0: STA d0:xx:xx:xx:xx:75 IEEE 802.11: did not acknowledge authentication response

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have

ubus call system board; \
uci export network; uci export dhcp; uci export firewall; opkg list-installed; \

I see some other posts are indicating issues with the ath11k driver on other routers. I would be tempted to load dnsmasq-full and wpad-openssl instead of the defaults. I would be tempted to disable all ipv6 if your ISP doesn't use it.

root@OpenWrt:~# ubus call system board
{
        "kernel": "5.15.118",
        "hostname": "OpenWrt",
        "system": "ARMv8 Processor rev 4",
        "model": "Dynalink DL-WRX36",
        "board_name": "dynalink,dl-wrx36",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.0-rc2",
                "revision": "r23228-cd17d8df2a",
                "target": "ipq807x/generic",
                "description": "OpenWrt 23.05.0-rc2 r23228-cd17d8df2a"
        }
}

root@OpenWrt:~# uci export network
package network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdb8:6cc6:7a25::/48'     <--- not actual

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config device
	option name 'wan'
	option ipv6 '0'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'
	option peerdns '0'
	list dns '10.0.0.243'
	list dns '10.0.0.242'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'
	option auto '0'

config device
	option name 'br-guest'
	option type 'bridge'
	list ports 'guest'

config interface 'guest'
	option device 'br-guest'
	option proto 'static'
	option ipaddr '192.168.3.1'
	option netmask '255.255.255.0'

config route
	option interface 'wan'
	option target '0.0.0.0'
	option netmask '0.0.0.0'
	option gateway '192.168.10.1'
	option table 'exvpn'

config rule
	option in 'lan'
	option src '192.168.2.250/32'
	option lookup 'exvpn'

config rule
	option in 'lan'
	option src '192.168.2.251/32'
	option lookup 'exvpn'

config rule
	option in 'lan'
	option src '192.168.2.252/32'
	option lookup 'exvpn'

config rule
	option in 'lan'
	option src '192.168.2.253/32'
	option lookup 'exvpn'

config rule
	option in 'lan'
	option src '192.168.2.254/32'
	option lookup 'exvpn'

config interface 'VPN'
	option proto 'none'
	option auto '0'
	option device 'tun0'

config interface 'wg0'
	option proto 'wireguard'
	option auto '0'
	option private_key 'xxxxxxxxxxxxxxxxxxxxxxxxx='
	list addresses '10.xx.xx.xx/32'

config wireguard_wg0
	option route_allowed_ips '1'
	option endpoint_port '1337'
	option persistent_keepalive '25'
	list allowed_ips '0.0.0.0/1'
	list allowed_ips '128.0.0.0/1'
	option endpoint_host '1xx.xx.xxx.xx'
	option public_key 'xxxxxxxxxxxxxxxxxxxxxxxxxxx='

config route 'ntp1'
	option interface 'wan'
	option target '162.159.200.123'
	option netmask '255.255.255.255'
	option gateway '192.168.10.1'

config route 'ntp2'
	option interface 'wan'
	option target '139.180.160.82'
	option netmask '255.255.255.255'
	option gateway '192.168.10.1'

config route 'ntp3'
	option interface 'wan'
	option target '203.135.184.123'
	option netmask '255.255.255.255'
	option gateway '192.168.10.1'

config route 'ntp4'
	option interface 'wan'
	option target '103.126.53.123'
	option netmask '255.255.255.255'
	option gateway '192.168.10.1'

root@OpenWrt:~# uci export dhcp
package dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'
	list rebind_domain '/netflix.com/'
	list rebind_domain '/nflxext.com/'
	list rebind_domain '/nflximg.net/'
	list rebind_domain '/nflxso.net/'
	list rebind_domain '/nflxvideo.net/'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
	list ra_flags 'none'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'guest'
	option start '100'
	option leasetime '12h'
	option limit '150'
	option interface 'guest'
	list dhcp_option '6,185.228.168.168,185.228.169.168'
	list ra_flags 'none'

config host
	option dns '1'
	option ip '192.168.2.254'
	option mac '7C:xx:xx:xx:xx:29'
	option name 'Smappee'

config host
	option dns '1'
	option ip '192.168.2.253'
	option mac '48:xx:xx:xx:xx:d7'
	option name 'TCL'

config host
	option dns '1'
	option ip '192.168.2.252'
	option name 'EeePCwireless'
	option mac '48:xx:xx:xx:xx:CC'

config host
	option dns '1'
	option ip '192.168.2.251'
	option mac 'E0:xx:xx:xx:xx:80'
	option name 'VodafoneTV'

config host
	option dns '1'
	option ip '192.168.2.250'
	option mac '74:xx:xx:xx:xx:92'
	option name 'AcerEdimax'

config domain
	option name 'GalaxyTabS'
	option ip '192.168.2.101'

config domain
	option ip '192.168.3.101'
	option name 'GalaxyTabS'

root@OpenWrt:~# uci export firewall
package firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option drop_invalid '1'
	option synflood_protect '1'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'guest'
	option forward 'REJECT'
	option output 'ACCEPT'
	option input 'REJECT'
	list network 'guest'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'
	option enabled '0'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config forwarding
	option src 'lan'
	option dest 'wireguard'

config rule
	option target 'ACCEPT'
	option proto 'tcp udp'
	option name 'Guest DNS'
	option src 'guest'
	option dest_port '53'

config rule
	option target 'ACCEPT'
	option dest_port '67-68'
	option name 'Guest DHCP'
	option src 'guest'
	option proto 'udp'

config rule
	option target 'ACCEPT'
	option src 'lan'
	option proto 'all'
	option dest 'wan'
	option name 'WAN Archer_T4U'
	list src_mac '30:xx:xx:xx:xx:7E'
	option enabled '0'

config rule
	option target 'ACCEPT'
	option src 'lan'
	option name 'WAN Edimax'
	option dest 'wan'
	list src_mac '74:xx:xx:xx:xx:92'

config rule
	option target 'ACCEPT'
	option src 'lan'
	option src_mac '48:xx:xx:xx:xx:CC'
	option name 'WAN EeePC_wireless'
	option dest 'wan'

config rule
	option target 'ACCEPT'
	option src 'lan'
	list src_mac 'C0:xx:xx:xx:xx:5D'
	option name 'WAN GT Galaxy J5 Pro'
	option dest 'wan'
	option enabled '0'

config rule
	option target 'ACCEPT'
	option src 'lan'
	option dest 'wan'
	option name 'WAN TCL'
	list src_mac '48:xx:xx:xx:xx:d7'

config rule
	option target 'ACCEPT'
	option src 'lan'
	option src_mac '7C:xx:xx:xx:xx:29'
	option name 'WAN Smappee'
	option dest 'wan'

config rule
	option target 'ACCEPT'
	option src 'lan'
	option name 'WAN Vodafone TV'
	option src_mac 'E0:xx:xx:xx:xx:80'
	option proto 'all'
	option dest 'wan'

config rule
	option src 'lan'
	list src_mac '38:xx:xx:xx:xx:D8'
	option dest 'wan'
	option target 'ACCEPT'
	option name 'WAN RT Windows Phone'
	option enabled '0'

config rule
	option target 'ACCEPT'
	option src 'lan'
	option dest_ip '192.168.10.1'
	option name 'HG659 Port 445'
	option dest 'wan'
	option dest_port '445'

config rule
	option target 'ACCEPT'
	option src 'lan'
	option name 'HG659 TCP Port 80'
	list proto 'tcp'
	option dest_port '80'
	list dest_ip '192.168.10.1'
	option dest 'wan'

config rule
	option target 'ACCEPT'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option name 'HG659 Allow-ping-out'
	option src 'lan'
	option dest 'wan'

config zone
	option name 'wireguard'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wg0'

config forwarding
	option src 'guest'
	option dest 'wireguard'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option src 'lan'
	option src_dport '53'
	option name 'Intercept-DNS-Cloudfare'
	option dest_ip '1.1.1.1'
	list src_mac '74:xx:xx:xx:xx:92'
	list src_mac '48:xx:xx:xx:xx:CC'
	list src_mac '7C:xx:xx:xx:xx:29'
	list src_mac 'E0:xx:xx:xx:xx:80'
	list src_mac '48:xx:xx:xx:xx:d7'

config zone
	option name 'ovpn'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'VPN'

config forwarding
	option src 'lan'
	option dest 'ovpn'

config forwarding
	option src 'guest'
	option dest 'ovpn'

config redirect
	option reflection '0'
	option target 'DNAT'
	option src 'wireguard'
	option src_dport '55170'
	option dest_port '55170'
	option dest 'lan'
	option dest_ip '192.168.2.205'
	list proto 'tcp'
	list proto 'udp'
	option name 'portforward_EeePC'

root@OpenWrt:~# opkg list-installed
ath11k-firmware-ipq8074 - 2023-07-06-69f6b734-1
attendedsysupgrade-common - 8
attr - 2.5.1-1
avahi-dbus-daemon - 0.8-8
base-files - 1537-r23228-cd17d8df2a
block-mount - 2023-02-28-bfe882d5-1
busybox - 1.36.1-1
ca-bundle - 20230311-1
cgi-io - 2022-08-10-901b0f04-21
coreutils - 9.3-1
coreutils-base64 - 9.3-1
curl - 8.1.2-1
dbus - 1.13.18-12
dnsmasq - 2.89-4
dropbear - 2022.82-5
f2fs-tools - 1.16.0-1
f2fsck - 1.16.0-1
firewall4 - 2023-03-23-04a06bd7-1
fstools - 2023-02-28-bfe882d5-1
fwtool - 2019-11-12-8f7fe925-1
gdisk - 1.0.9-1
getrandom - 2022-08-13-4c7b720b-2
hostapd-common - 2023-06-22-599d00be-1.2
htop - 3.2.2-1
ip-full - 6.3.0-1
ipq-wifi-dynalink_dl-wrx36 - 2023-06-03-cd9c30ca-1
iw - 5.19-1
iwinfo - 2023-05-17-c9f5c3f7-1
jansson4 - 2.14-3
jq - 1.6-2
jshn - 2023-05-23-75a3b870-1
jsonfilter - 2018-02-04-c7e938d6-1
kernel - 5.15.118-1-1dcfa3a505bce2d100655fb06322f372
kmod-asn1-decoder - 5.15.118-1
kmod-ath - 5.15.118+6.1.24-3
kmod-ath11k - 5.15.118+6.1.24-3
kmod-ath11k-ahb - 5.15.118+6.1.24-3
kmod-cfg80211 - 5.15.118+6.1.24-3
kmod-crypto-acompress - 5.15.118-1
kmod-crypto-aead - 5.15.118-1
kmod-crypto-ccm - 5.15.118-1
kmod-crypto-cmac - 5.15.118-1
kmod-crypto-crc32 - 5.15.118-1
kmod-crypto-crc32c - 5.15.118-1
kmod-crypto-ctr - 5.15.118-1
kmod-crypto-gcm - 5.15.118-1
kmod-crypto-gf128 - 5.15.118-1
kmod-crypto-ghash - 5.15.118-1
kmod-crypto-hash - 5.15.118-1
kmod-crypto-hmac - 5.15.118-1
kmod-crypto-kpp - 5.15.118-1
kmod-crypto-lib-chacha20 - 5.15.118-1
kmod-crypto-lib-chacha20poly1305 - 5.15.118-1
kmod-crypto-lib-curve25519 - 5.15.118-1
kmod-crypto-lib-poly1305 - 5.15.118-1
kmod-crypto-manager - 5.15.118-1
kmod-crypto-michael-mic - 5.15.118-1
kmod-crypto-null - 5.15.118-1
kmod-crypto-rng - 5.15.118-1
kmod-crypto-seqiv - 5.15.118-1
kmod-crypto-sha256 - 5.15.118-1
kmod-crypto-sha512 - 5.15.118-1
kmod-fs-f2fs - 5.15.118-1
kmod-gpio-button-hotplug - 5.15.118-3
kmod-hwmon-core - 5.15.118-1
kmod-ipt-core - 5.15.118-1
kmod-ipt-raw - 5.15.118-1
kmod-leds-gpio - 5.15.118-1
kmod-lib-crc-ccitt - 5.15.118-1
kmod-lib-crc32c - 5.15.118-1
kmod-lib-lzo - 5.15.118-1
kmod-lib-textsearch - 5.15.118-1
kmod-libphy - 5.15.118-1
kmod-mac80211 - 5.15.118+6.1.24-3
kmod-nf-conntrack - 5.15.118-1
kmod-nf-conntrack6 - 5.15.118-1
kmod-nf-flow - 5.15.118-1
kmod-nf-ipt - 5.15.118-1
kmod-nf-log - 5.15.118-1
kmod-nf-log6 - 5.15.118-1
kmod-nf-nat - 5.15.118-1
kmod-nf-nathelper-extra - 5.15.118-1
kmod-nf-reject - 5.15.118-1
kmod-nf-reject6 - 5.15.118-1
kmod-nfnetlink - 5.15.118-1
kmod-nft-core - 5.15.118-1
kmod-nft-fib - 5.15.118-1
kmod-nft-nat - 5.15.118-1
kmod-nft-offload - 5.15.118-1
kmod-nls-base - 5.15.118-1
kmod-phy-aquantia - 5.15.118-1
kmod-ppp - 5.15.118-1
kmod-pppoe - 5.15.118-1
kmod-pppox - 5.15.118-1
kmod-qca-nss-dp - 5.15.118+2022-04-30-72e9ec41-1
kmod-qca-ssdk - 5.15.118+2022-09-12-628b22bc-2
kmod-qrtr - 5.15.118-1
kmod-qrtr-smd - 5.15.118-1
kmod-scsi-core - 5.15.118-1
kmod-slhc - 5.15.118-1
kmod-thermal - 5.15.118-1
kmod-tun - 5.15.118-1
kmod-udptunnel4 - 5.15.118-1
kmod-udptunnel6 - 5.15.118-1
kmod-usb-core - 5.15.118-1
kmod-usb-dwc3 - 5.15.118-1
kmod-usb-dwc3-qcom - 5.15.118-1
kmod-usb-ehci - 5.15.118-1
kmod-usb-ohci - 5.15.118-1
kmod-usb-printer - 5.15.118-1
kmod-usb-storage - 5.15.118-1
kmod-usb-storage-uas - 5.15.118-1
kmod-usb-uhci - 5.15.118-1
kmod-usb-xhci-hcd - 5.15.118-1
kmod-usb2 - 5.15.118-1
kmod-usb3 - 5.15.118-1
kmod-wireguard - 5.15.118-1
libatomic1 - 12.3.0-4
libattr - 2.5.1-1
libavahi-client - 0.8-8
libavahi-dbus-support - 0.8-8
libblobmsg-json20230523 - 2023-05-23-75a3b870-1
libbpf1 - 1.2.2-1
libbz2-1.0 - 1.0.8-1
libc - 1.2.4-4
libcap - 2.69-1
libcurl4 - 8.1.2-1
libdaemon - 0.14-5
libdbus - 1.13.18-12
libelf1 - 0.189-1
libevdev - 1.13.0-1
libexif - 0.6.24-1
libexpat - 2.5.0-1
libf2fs6 - 1.16.0-1
libffmpeg-mini - 5.1.2-1
libflac - 1.3.4-1
libgcc1 - 12.3.0-4
libgmp10 - 6.2.1-1
libgnutls - 3.8.0-3
libid3tag - 0.15.1b-4
libiwinfo-data - 2023-05-17-c9f5c3f7-1
libiwinfo20230121 - 2023-05-17-c9f5c3f7-1
libjpeg-turbo - 2.1.4-2
libjson-c5 - 0.16-3
libjson-script20230523 - 2023-05-23-75a3b870-1
liblua5.1.5 - 5.1.5-10
liblucihttp-lua - 2023-03-15-9b5b683f-1
liblucihttp-ucode - 2023-03-15-9b5b683f-1
liblucihttp0 - 2023-03-15-9b5b683f-1
liblzo2 - 2.10-4
libmbedtls12 - 2.28.3-1
libmnl0 - 1.0.5-1
libncurses6 - 6.4-2
libnettle8 - 3.9-1
libnftnl11 - 1.2.6-1
libnghttp2-14 - 1.51.0-1
libnl-tiny1 - 2023-07-27-bc92a280-1
libogg0 - 1.3.5-1
libopenssl3 - 3.0.9-2
libpam - 1.5.2-1
libpcap1 - 1.10.4-1
libpopt0 - 1.19-1
libpthread - 1.2.4-4
libreadline8 - 8.2-1
librt - 1.2.4-4
libsqlite3-0 - 3410200-1
libstdcpp6 - 12.3.0-4
libtasn1 - 4.19.0-2
libtirpc - 1.3.3-1
libubox20230523 - 2023-05-23-75a3b870-1
libubus-lua - 2022-06-15-9913aa61-1
libubus20220615 - 2022-06-15-9913aa61-1
libuci20130104 - 2023-03-05-04d0c46c-1
libuclient20201210 - 2023-04-13-007d9454-1
libucode20220812 - 2023-04-03-51638672-1
libudev-zero - 1.0.1-1
liburing - 2.3-1
libusb-1.0-0 - 1.0.26-3
libustream-mbedtls20201210 - 2023-02-25-498f6e26-1
libuuid1 - 2.39-2
libvorbis - 1.3.7-2
logd - 2022-08-13-4c7b720b-2
lua - 5.1.5-10
luci - git-23.051.66410-a505bb1
luci-app-attendedsysupgrade - git-23.132.65998-fa9fb2f
luci-app-firewall - git-23.208.40260-9504081
luci-app-minidlna - git-22.069.45071-315a592
luci-app-openvpn - git-23.013.73089-25983b9
luci-app-opkg - git-23.009.82915-ec3aac4
luci-app-p910nd - git-20.108.38431-8f34e10
luci-app-samba4 - git-23.142.65904-c0478f0
luci-base - git-23.118.79121-6fb185f
luci-compat - git-22.297.83017-673f382
luci-lib-base - git-22.308.54612-9118452
luci-lib-ip - git-20.250.76529-62505bd
luci-lib-jsonc - git-22.079.54693-45f411b
luci-lib-nixio - git-22.222.71555-88b9088
luci-light - git-23.024.33244-34dee82
luci-lua-runtime - git-23.119.80867-2a9c3a3
luci-mod-admin-full - git-19.253.48496-3f93650
luci-mod-network - git-23.207.47173-895a508
luci-mod-status - git-23.208.40189-cba58fc
luci-mod-system - git-23.118.78765-58f7b27
luci-proto-ipv6 - git-21.148.48881-79947af
luci-proto-ppp - git-21.158.38888-88b9d84
luci-proto-wireguard - git-23.073.81399-59a6f06
luci-theme-bootstrap - git-23.085.34270-d94a728
minidlna - 1.3.2-1
mkf2fs - 1.16.0-1
mtd - 26
netifd - 2023-06-04-ec9dba72-1
nftables-json - 1.0.8-1
odhcp6c - 2023-05-12-bcd28363-20
odhcpd-ipv6only - 2023-06-24-52112643-1
openssh-sftp-server - 9.3p1-3
openvpn-openssl - 2.5.8-3
openwrt-keyring - 2022-03-25-62471e69-2
opkg - 2022-02-24-d038e5b6-2
p910nd - 0.97-9
ppp - 2.4.9.git-2021-01-04-4
ppp-mod-pppoe - 2.4.9.git-2021-01-04-4
procd - 2023-01-16-190f13a7-1
procd-seccomp - 2023-01-16-190f13a7-1
procd-ujail - 2023-01-16-190f13a7-1
rpcd - 2023-03-14-d9788300-1
rpcd-mod-file - 2023-03-14-d9788300-1
rpcd-mod-iwinfo - 2023-03-14-d9788300-1
rpcd-mod-luci - 20230123-1
rpcd-mod-rpcsys - 2023-03-14-d9788300-1
rpcd-mod-rrdns - 20170710
rpcd-mod-ucode - 2023-03-14-d9788300-1
samba4-libs - 4.18.0-1
samba4-server - 4.18.0-1
tcpdump - 4.99.4-1
terminfo - 6.4-2
ubi-utils - 2.1.5-1
uboot-envtools - 2023.04-1
ubox - 2022-08-13-4c7b720b-2
ubus - 2022-06-15-9913aa61-1
ubusd - 2022-06-15-9913aa61-1
uci - 2023-03-05-04d0c46c-1
uclient-fetch - 2023-04-13-007d9454-1
ucode - 2023-04-03-51638672-1
ucode-mod-fs - 2023-04-03-51638672-1
ucode-mod-html - 1
ucode-mod-lua - 1
ucode-mod-math - 2023-04-03-51638672-1
ucode-mod-ubus - 2023-04-03-51638672-1
ucode-mod-uci - 2023-04-03-51638672-1
uhttpd - 2023-06-25-34a8a74d-1
uhttpd-mod-ubus - 2023-06-25-34a8a74d-1
urandom-seed - 3
urngd - 2020-01-21-c7f7b6b6-1
usbutils - 014-1
usign - 2020-05-23-f1f65026-1
wireguard-tools - 1.0.20210914-2
wireless-regdb - 2023.05.03-1
wpad-basic-mbedtls - 2023-06-22-599d00be-1.2
zlib - 1.2.13-1

Thankyou @frank92735 for looking into this for me, I appreciate it.

If there is anything incorrect in the output above, please let me know, I'd want to test one step at the time to home in on the issue.

Pls advise on the correct method to install these packages

already in network config, would this suffice?

config device
	option name 'wan'
	option ipv6 '0'

First make a back up of your configuration (save archive). Next you can either try these steps or just skip to the end and try a factory reset instead - that's up to you.

system>software>update lists

• type dnsmasq in the filter input field
• click on installed
• it shows dnsmasq (as per the opkg list-installed previously done)
• click remove and then confirm by clicking dismiss
• select available and install dnsmasq-full
• dnsmasq-full is a larger more comprehensive package.

Reboot and test router. Can 2.4 clients ping 5ghz clients?

If not then do the same thing for wpad and replace with wpad-openssl. wpad-openssl is a larger more comprehensive package.

Reboot and test router. Can 2.4 clients ping 5ghz clients?

If not do the same thing for libstream-mbedtls20201210 and replace with libstream-openssl20201210.

Reboot and test router. Can 2.4 clients ping 5ghz clients?

If this didn't fix it you can do a factory reset and verify the package list is back to initial conditions (or add remove as necessary) and then upload the archive and then you are back to square one. Hopefully someone else has some ideas.

Good. Now also do the same for LAN interface via LuCI: interfaces>LAN>advanced settings tab and disable "delegate IPv6 prefixes".

Do the same for the wireguard interface via LuCI: interfaces>wireguard>advanced settings tab and disable "delegate IPv6 prefixes".

Optional: This may interfere with other VPN services. I like to disable peer DNS and force WAN DNS: interfaces>WAN>advanced settings>use DNS servers advertised by peer= disable. Then enter custom DNS. I enter my wireguard provider DNS server IP here or whatever you like.

It seems odd to have 2 entries for list allowed IPs. I just use 0.0.0.0/0.

Also there is no wireguard DNS listed - use DNS from the VPN service provider from the config file they give you.

option auto = '0' The wg iface is disabled?

What is this? Unused? Old syntax from previous router?

If you transplanted those config files from your old router into the wrx36 that may be the source of all your woes.

Barring any suggestions from other users I would factory reset the device and reconfigure from scratch via LuCI using the default packages. Sorry, it sounds like you have been to hell and back. Once you get this one up and running I recommend you buy a second wrx36 for testing purposes so you don't affect your main network.

HTH

Reagrdiong:

I do it too to preserve the default route it is actually what OpenVPN does by default and also a lot of other third party firmwares.

regarding

That is to signal to e.g. PBR you have this openvpn interface

I do agree maybe reset to default and start fresh could help, but there are also some wifi driver problems reported and under investigation.

There is an option in the wifi to isolate wifi clients from each other so isolation can be something which is/can be done on the wireless driver

OK so I followed your instruction
1/ removed dnsmasq

install dnsmasq-full...
Configuring libnfnetlink0.
Configuring kmod-nf-conntrack-netlink.
Configuring libnetfilter-conntrack3.
Configuring dnsmasq-full

reboot
2G<=>5G OK
5G<=>5G Destination host unreachable

2/ removed wpad-basic-mbedtls

install wpad-openssl...
Configuring wpad-openssl

reboot
2G<=>5G OK
5G<=>5G Destination host unreachable

3/ removed libustream-mbedtls20201210

install libustream-openssl20201210...
Configuring libustream-openssl20201210

reboot
2G<=>5G OK
5G<=>5G Destination host unreachable

4/ disabled 'delegate IPv6 prefixes' on both lan & wg0 interfaces
reboot
2G<=>5G OK
5G<=>5G OK! OK for approximately ~1hour then Destination host unreachable

I have the VPN wireguard/openvpn DNS listed in wan section...

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'
	option peerdns '0'
	list dns '10.0.0.243'
	list dns '10.0.0.242'

That's how my VPN provider rolls, Yes I'm aware of 0.0.0.0/0 though.

Not disabled, only Not started on boot, as I have a script which brings up wg0 / tun0 via a cron job.

That just it...
I started from scratch barebone install, left the dhcp / network / firewall / wireless and config files intact, then added packages and only adding snippets of what I thought was safe to add to each config.

The majority/backbone of each config file is intact, i.e. I haven't just transplanted everything over from the TP-Link c2600.

I'll keep the config how it is for the time being, let's see how this pans out.
Thanks for the help @frank92735

My hunch it's a WiFi issue, and it seems the latest WiFi drivers (WLAN.HK.2.9.0.1-01837) addition has caused more issues. Looking back I think 4 days on the old driver, was about the most time without error, with the new driver I had immediate issues.

Nice catch. I also forgot to advise @otnert to uci export wireless. Ooops sorry!

Roll back and watchcat/cron every 3 days?

I went back to 1835 see: Ath11k possible firmware bug - traffic interruptions when a client disconnects from WLAN - #18 by egc

With that build I had no trouble pinging from my phone to my laptop (both on 5 GHz, 80 MHz see above) but the other way around from laptop to phone I got some strange results it starts with host unreachable but after some 4 pings it started to work with ping times alternating between 4 and 400 ms.

Turns out the phone is on very aggressive power saving, if I run a ping test from the phone itself to the internet to get it up and active I have consistent ping times from laptop to phone of 4ms.

Have not investigated how to disable the powersavings on the phone, there might be a setting on the router to do something in that department, I think

Haha I was going to show it to you anyway!

root@OpenWrt:~# uci export wireless
package wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/soc/c000000.wifi'
	option country 'US'
	option channel '149'
	option band '5g'
	option htmode 'HE80'
	option cell_density '0'
	option txpower '30'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrX_5GHz'
	option encryption 'psk2+ccmp'
	option key 'xxxxxxxxxx'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/soc/c000000.wifi+1'
	option channel '6'
	option band '2g'
	option htmode 'HE20'
	option cell_density '0'
	option txpower '30'
	option country 'US'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrX'
	option encryption 'psk2+ccmp'
	option key 'xxxxxxxxxx'
	option disassoc_low_ack '0'

config wifi-iface 'wifinet0'
	option device 'radio0'
	option mode 'ap'
	option ssid 'OpenWrX_5GHz_G'
	option encryption 'psk2+ccmp'
	option key 'xxxxxxxxxx'
	option network 'guest'
	option isolate '1'

config wifi-iface 'wifinet1'
	option device 'radio1'
	option mode 'ap'
	option ssid 'OpenWrX_G'
	option encryption 'psk2+ccmp'
	option key 'xxxxxxxxxx'
	option network 'guest'
	option isolate '1'

Since the c2600 has a switch config, and the WRX36 DSA, could you just take a look at the guest components in network, dhcp, firewall & wireless. Just want to make sure I did that correctly, and it isn't contributing to this ping issue.

As an end-user it all seems to work.

Yes I have this set for both guest SSID's

Yes! so did I (just between posts)... as the same ping issue started to occur using the 01837 rc2 version.

It's strange that if you where to change from 5G to 2G and pinging the remote 5G host, the ping issue disappears. From here if you then move back to 5G, to ping the same remote 5G host it somehow resets the 5G ping issue.

The problem is not knowing how long before the 5G connection will remain in a working condition.

Just before moving over to 01835, my remote PC went to sleep, upon waking it from sleep, the issue appeared again.

Yes I also have 2x androids, and as soon as the screen goes blank, it gives you the impression the ping issue has started. I run a speedtest on the phone to wake it up long enough to ping it.

It is even possible that a wifi client disconnects after a period of inactivity so you cannot ping it at all unless you wake it up. So that makes it hard to see what is going on and where the problem lies, my quick test did not show a problem but that is what it is just a quick test.

To be honest I seldom have wifi<>wifi traffic as my house is cabled, of course phones and tablets are on wifi but PC's and laptops are using ethernet