Instability of OpenWRT—must restart every 20-ish hours

I installed OpenWRT about a month ago on a Linksys E8450. This is the first time I've flashed my router and there are many things about it that I like.

Unfortunately, my router has not been stable. It seems I have to restart my router about every 20 hours as I'm unable to access the internet or it is very slow. This feels an awful lot like a memory leak and my memory gets filled up in 20 hours.

On top of the main installation, I've installed AdGuardHome (which works fairly well) and nlbwmon. I've configured nlbwmon to store the database on attached USB drive.

What can I do to make this installation more stable? While I'm new to OpenWRT, I'm not new to Linux.

Let’s start by looking at your config.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Thanks for the quick response. Here are the results of those commands.

root@Luci:~# ubus call system board
{
	"kernel": "5.15.134",
	"hostname": "Luci",
	"system": "ARMv8 Processor rev 4",
	"model": "Linksys E8450 (UBI)",
	"board_name": "linksys,e8450-ubi",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "23.05.0",
		"revision": "r23497-6637af95aa",
		"target": "mediatek/mt7622",
		"description": "OpenWrt 23.05.0 r23497-6637af95aa"
	}
}
root@Luci:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdae:bd07:4e2b::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

root@Luci:~# cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/18000000.wmac'
	option channel 'auto'
	option band '2g'
	option htmode 'HT20'
	option cell_density '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'AnnArbor'
	option encryption 'sae-mixed'
	option key ‘Redacted’

config wifi-device 'radio1'
	option type 'mac80211'
	option path '1a143000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
	option channel '36'
	option band '5g'
	option htmode 'HE80'
	option cell_density '0'

config wifi-iface 'wifinet5'
	option device 'radio1'
	option mode 'ap'
	option ssid 'AnnArbor'
	option encryption 'sae-mixed'
	option key ‘Redacted’
	option network 'lan'

root@Luci:~# cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '0'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	option port '54'
	list server '192.168.1.1'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	option ra_slaac '1'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	list dhcp_option '6,192.168.1.1'
	list dhcp_option '3,192.168.1.1'
	list dns '2601:8c1:c100:e86::1'
	list dns 'fdae:bd07:4e2b::1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config host
	option name 'jmini6'
	option dns '1'
	option mac 'Redacted'
	option ip '192.168.1.123'

config host
	option name 'j15Pro'
	option dns '1'
	option mac 'Redacted'
	option ip '192.168.1.249'

config host
	option name 'EmmaPhone'
	option dns '1'
	option mac ''
	option ip '192.168.1.148'

config host
	option name 'LilyPhone'
	option dns '1'
	option mac ''
	option ip '192.168.1.248'

config host
	option name 'EmmaSchoolComputer'
	option dns '1'
	option mac ''
	option ip '192.168.1.240'

config host
	option name 'LilySchoolComputer'
	option dns '1'
	option mac ''
	option ip '192.168.1.136'

config host
	option name 'Luci'
	option dns '1'
	option mac ''
	option ip '192.168.1.1'

config host
	option name 'TrishaiPad'
	option dns '1'
	option mac ''
	option ip '192.168.1.218'

config host
	option name 'j12'
	option dns '1'
	option mac ''
	option ip '192.168.1.135'

config host
	option name 'RainMachine'
	option dns '1'
	option mac ''
	option ip '192.168.1.198'

config host
	option name 'Thranduil'
	option dns '1'
	option mac ''
	option ip '192.168.1.150'

config host
	option name 'NintendoSwitch'
	option dns '1'
	option mac ''
	option ip '192.168.1.239'

config host
	option name 'Doorbell'
	option dns '1'
	option mac ''
	option ip '192.168.1.122'

root@Luci:~# cat /etc/config/firewall


config defaults
	option syn_flood '1'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'ssh'
	option src 'wan'
	option src_dport '22'
	option dest_ip '192.168.1.1'
	option dest_port '2'

First things first, you may want to consider disabling these features and monitoring the stability. With both disabled, does the system remain stable? Then if you enable one but not the other, does anything change? And then the opposite situation? Finally both together?

Moving on...

It would probably be wise to upgrade to 23.05.2 which is the latest and includes some bug fixes and security patches.

These two lines are not necessary and would make sense to delete. Without specifying options 3 and 6, the router's address will automatically be sent.

Delete the two dns entries here, too.

Remove this, too. There are three things here:

1. If your intention is to open a port to the internet where the target it the router itself, a standard traffic rule should be used instead of a redirect.
2. It's odd that you are redirecting port 22 to port 2. Did you change the ssh port on your router? What is the intent here?
3. It is not advisable to open your router to the internet like this. You'll be better off setting up a VPN (Wireguard is recommended) as a means to connect to your router/network -- that is more secure than opening ssh to the internet.

Adblocking lists can be very large and the e8450 does not have that much RAM (512 MB), those can easily kill it (running out of memory), so disabling that (and/ or keeping a close eye on memory consumption while it happens) should be among the first things to test.

So I did what @psherman and @slh suggested. (Sorry it's taken a few days.) Things are much more stable. I think the reason it was unstable was I was running AdGuardHome. Once that got removed, I didn't have problems. I'll just have to run it from a different machine.

Glad your device is now stable (and that you gave it time to prove it)!

If your problem is solved, please consider marking this topic as [Solved]. See How to mark a topic as [Solved] for a short how-to.
Thanks!

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.