Hello,
i have a Flint2 with a WR3000H and a RE650 in a mesh setup.
Recently the Flint2 crashed/rebooted twice in a week (let’s leave this aside for now) and the two nodes couldn’t lease an IP until i reboot them although the connected devices were in the mesh with a valid lease.
Can anyone help me figure out why they are inaccessible?
I'd start by looking at the flint2 to understand why it is crashing.... solving that is a critical first step.
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):
Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
root@Flint:~# ubus call system board
{
"kernel": "6.6.110",
"hostname": "Flint",
"system": "ARMv8 Processor rev 4",
"model": "GL.iNet GL-MT6000",
"board_name": "glinet,gl-mt6000",
"rootfs_type": "squashfs",
"release": {
"distribution": "OpenWrt",
"version": "24.10.4",
"revision": "r28959-29397011cc",
"target": "mediatek/filogic",
"description": "OpenWrt 24.10.4 r28959-29397011cc",
"builddate": "1760891865"
}
}
root@Flint:~# cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd54:94da:cdef::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
list ports 'lan5'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'wan'
option device 'eth1.835'
option proto 'pppoe'
option username '***'
option password '****'
option ipv6 'auto'
option peerdns '0'
list dns '1.1.1.1'
list dns '1.0.0.1'
config interface 'wan6'
option device 'eth1'
option proto 'dhcpv6'
option reqaddress 'try'
option reqprefix 'auto'
option norelease '1'
option peerdns '0'
list dns '2606:4700:4700::1111'
list dns '2606:4700:4700::1001'
config interface 'wg0'
option proto 'wireguard'
option private_key '***'
option listen_port '51820'
list addresses '192.168.2.1/24'
config wireguard_wg0
option description '***'
option public_key '***'
option private_key '***'
option endpoint_port '51820'
option persistent_keepalive '25'
list allowed_ips '192.168.2.10/32'
config wireguard_wg0
option description '***'
option public_key '****'
option private_key '***'
option endpoint_port '51820'
option persistent_keepalive '25'
list allowed_ips '192.168.2.11/32'
config wireguard_wg0
option description '***'
option public_key '****'
option private_key '***'
option endpoint_port '51820'
option persistent_keepalive '25'
option route_allowed_ips '1'
list allowed_ips '192.168.188.1/24'
root@Flint:~# cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option path 'platform/soc/18000000.wifi'
option band '2g'
option channel 'auto'
option htmode 'HE20'
option cell_density '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid '****'
option encryption 'sae-mixed'
option key '***'
option ocv '0'
option time_zone 'CET-1CEST,M3.5.0,M10.5.0/3'
option dtim_period '3'
option macfilter 'deny'
list maclist '02:76:F5:B7:66:1D'
list maclist 'E4:1F:D5:CB:B7:AE'
config wifi-device 'radio1'
option type 'mac80211'
option path 'platform/soc/18000000.wifi+1'
option band '5g'
option channel '36'
option htmode 'HE80'
option cell_density '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid '***'
option encryption 'sae-mixed'
option key '***'
option ocv '0'
option time_zone 'CET-1CEST,M3.5.0,M10.5.0/3'
option dtim_period '3'
config wifi-iface 'wifinet2'
option device 'radio1'
option mode 'mesh'
option encryption 'sae'
option mesh_id '***'
option mesh_fwding '1'
option mesh_rssi_threshold '0'
option key '***'
option network 'lan'
root@Flint:~# cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option cachesize '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option localservice '1'
option ednspacket_max '1232'
option port '54'
option noresolv '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'server'
option ra 'server'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
list dhcp_option '3,192.168.1.1'
list dhcp_option '6,192.168.1.1'
list dhcp_option '15,lan'
list dns 'fd54:94da:cdef::1'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
option piofolder '/tmp/odhcpd-piofolder'
config host
option name 'server'
option ip '192.168.1.52'
list mac 'B4:45:06:61:FA:66'
config host
option ip '192.168.1.186'
list mac '52:54:00:F4:B3:35'
root@Flint:~# cat /etc/config/firewall
config defaults
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
option flow_offloading '1'
option flow_offloading_hw '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
list network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'http'
option family 'ipv4'
list proto 'tcp'
option src 'wan'
option src_dport '80'
option dest_ip '192.168.1.52'
option dest_port '80'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'https'
list proto 'tcp'
option src 'wan'
option src_dport '443'
option dest_ip '192.168.1.52'
option dest_port '443'
option family 'ipv4'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'mqtts'
list proto 'tcp'
option src 'wan'
option src_dport '8883'
option dest_ip '192.168.1.52'
option dest_port '8883'
option family 'ipv4'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'torrent'
option family 'ipv4'
option src 'wan'
option src_dport '6881'
option dest_ip '192.168.1.52'
option dest_port '6881'
config redirect
option dest 'lan'
option target 'DNAT'
option name 'SIP'
list proto 'udp'
option src 'wan'
option src_dport '5060'
option dest_ip '192.168.1.178'
option dest_port '5060'
config zone
option name 'WireguardVPN'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option mtu_fix '1'
list network 'wg0'
config forwarding
option src 'WireguardVPN'
option dest 'lan'
config forwarding
option src 'WireguardVPN'
option dest 'wan'
config forwarding
option src 'lan'
option dest 'WireguardVPN'
config rule
option src 'wan'
option name 'WireGuard-incoming'
list proto 'udp'
option dest_port '51820'
option target 'ACCEPT'
I can simplify the problem statement, if I reboot the Flint2 the other routers are anyway not leasing an IP in the mesh (doesnt matter crash or not) even if they are connected.
Also chances are that the devices i see are directly connected to the Flint2 instead of the actual mesh router they were used to
You can run 2 dhcp servers that use same or non-colliding address allocation algorithm or do some clustery syncing of files.
But you need to set that up that 2nd smartest node is DHCP server and not client.
Otherwise you describe "normal operation"
Hi,
My “normal operation” would be if Flint2 crashes or reboots, after a reasonable amount of time the mesh is restored and the dump APs are reachable through their hostname. I would expect that since the 2 dumb APs are connected to the mesh (that picture above is from the Flint when the two devices do not have an IP for whatever reason but they are in the mesh) they will eventually get an IP (but it doesn’t occur).
I’m not talking about leasing an IP while Flint2 is down but once it is back again
OK, dhcp has no signal to force refresh. Lets first focus on it crashing....
I mentioned to skip that because i wanted to open another thread, it’s fine to discuss it here though. The issue is that dmesg and logread aren’t showing anything too interesting (but im quite new here)
What i’ve noticed though is that logread always have entries from 14/11 and then from the moment it reboots https://pastebin.com/dW5gWGeM not sure if it is ntp kicking in late for example
Is there a way to save a crashdump when it happens? what would be a reasonable why to catch that? I’m wondering whether reflashing might be my best option.
I have Wireguard, DynamicDNS and Bandinx app which for the latter i can try to remove if needed
AGH uses lots of memory, try to record its"RES" and temporary files use.
root@Flint:~# cat /proc/$(pidof AdGuardHome)/status | grep -E 'VmRSS|VmData|VmStk'
VmRSS: 97624 kB
VmData: 148736 kB
VmStk: 132 kB
root@Flint:~# top
PID PPID USER STAT VSZ %VSZ %CPU COMMAND
4382 1 root S 1303m 132% 0% /usr/bin/AdGuardHome -c /etc/adguardhome.yaml -w /var/lib/adguardhome --pidfile /run/adguardhome.pid --no-check-update
root@Flint:~# free -h
total used free shared buff/cache available
Mem: 1010816 186504 695612 27244 128700 746776
Swap: 0 0 0
Anything else that you suggest to monitor?
I might just as well create a script for cron
vmrss and df /tmp/
vmrss is in the first line. tmp/ is showing 6%.
I have created a cron script every 5min.
Can you suggest something i can do for the dhcp part? As i’ve said i simply need to reboot and although the routers will be part of the mesh they are not showing up in the lease section nor i can use their hostname to browse their luci. When you say dhcp has no signal to force refresh, do you mean from the client side of the two routers? Because on the Flint2 all my devices are reconnecting just fine
Forward log to a syslog server - kiwi on windows or native on linux, or run logread -f in ssh sesssion (last likely to miss crucial final events)
For testing consider removing/disabling AGH and just use plain DNSMasq
Wouldn’t saving it in root folder every 5 mins as a file sufficient?
If i configure this
config system
option hostname 'openwrt'
option log_ip '192.168.xxx.xxx'
option log_port '514'
option log_proto 'udp'
should i use logger command and send the entire string to parse it later?
I can spawn a graylog if needed but im wondering if i will see many more valuable information or only mine
Use checkbox in luci.
I didn’t understand sorry, you mean in the System Log? Can you elaborate some more since i’m new on how to analyze these issues. You mean to configure it?
Anyway regarding the pastebin log above, as you can see there is no DHCP discover/request/ack from WR3000H or RE650
Luci/system/system/Logging
ok so now it is running every 5 min, shall i reduce it? How can i enable other loggers to log to syslog as well?
Your router is fast enough, you can run it every second. We are after trend in 2-3 days, hourly snapshots are reasonable to draw a trend line in a random spreadsheet software.
Ok switched to a while loop with a 1s sleep. From this morning the tmp passed from 7% to 11%