I've set up a Belkin RT3200 with OpenWRT using this installer tool. It runs r17443-90e167abaa as a snapshot now.
I also installed Tailscale using this tool. It runs fine and I can connect to the router via Tailscale.
The issue is that I cannot download anything. When I try opkg update
, it just waits and prints nothing. I have wget
installed, but it gets stuck at:
root@OpenWrt:~# wget https://google.com
--2021-09-13 08:37:36-- https://google.com/
Resolving google.com... 142.250.187.238, 2a00:1450:4009:820::200e
Connecting to google.com|142.250.187.238|:443...
Here it does nothing for 30 seconds or more. Then it shows:
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://www.google.com/ [following]
--2021-09-13 08:38:08-- https://www.google.com/
Resolving www.google.com... 216.58.213.4, 2a00:1450:4009:816::2004
Connecting to www.google.com|216.58.213.4|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://consent.google.com/ml?continue=https://www.google.com/&gl=GB&m=0&pc=shp&hl=en&src=1 [following]
--2021-09-13 08:38:08-- https://consent.google.com/ml?continue=https://www.google.com/&gl=GB&m=0&pc=shp&hl=en&src=1
Resolving consent.google.com... 172.217.16.238, 2a00:1450:4009:821::200e
Connecting to consent.google.com|172.217.16.238|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: 'index.html'
index.html [ <=> ] 9.96K --.-KB/s in 0.004s
2021-09-13 08:38:08 (2.69 MB/s) - 'index.html' saved [10196]
I managed to SCP a static build of curl onto the router, and this shows:
root@OpenWrt:~# ./curl-aarch64 -v https://google.com
* Trying 142.250.187.238:443...
* Trying 2a00:1450:4009:820::200e:443...
* Immediate connect fail for 2a00:1450:4009:820::200e: Permission denied
After around 30 seconds, it shows the remainder of the connection log:
Connected to google.com (142.250.187.238) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
* CAfile: /etc/ssl/certs/ca-certificates.crt
* CApath: none
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
* subject: CN=*.google.com
* start date: Aug 23 01:38:08 2021 GMT
* expire date: Nov 15 01:38:07 2021 GMT
* subjectAltName: host "google.com" matched cert's "google.com"
* issuer: C=US; O=Google Trust Services LLC; CN=GTS CA 1C3
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Connection state changed (HTTP/2 confirmed)
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* Using Stream ID: 1 (easy handle 0x7f909fbab0)
> GET / HTTP/2
> Host: google.com
> user-agent: curl/7.78.0
> accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/2 301
< location: https://www.google.com/
< content-type: text/html; charset=UTF-8
< date: Mon, 13 Sep 2021 08:40:04 GMT
< expires: Mon, 13 Sep 2021 08:40:04 GMT
< cache-control: private, max-age=2592000
< server: gws
< content-length: 220
< x-xss-protection: 0
< x-frame-options: SAMEORIGIN
< set-cookie: CONSENT=PENDING+198; expires=Fri, 01-Jan-2038 00:00:00 GMT; path=/; domain=.google.com; Secure
< p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
< alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
So, sometimes it works, but mostly it doesn't. Or there is a huge timeout between a request and its response.
What could be the problem?
Updated with routing table
root@OpenWrt:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default OpenWrt.lan 0.0.0.0 UG 0 0 0 wan
192.168.1.0 * 255.255.255.0 U 0 0 0 br-lan
192.168.1.0 * 255.255.255.0 U 0 0 0 wan
root@OpenWrt:~# route -A inet6
Kernel IPv6 routing table
Destination Next Hop Flags Metric Ref Use Iface
fd7a:115c:a1e0::/48 :: U 1024 1 0 tailscale0
::/0 :: !n -1 1 0 lo
::/0 :: !n -1 1 0 lo
fd7a:115c:a1e0:ab12:4843:cd96:625c:1554/128 :: U 256 1 0 tailscale0
fdbd:c098:3bec::/64 :: U 1024 3 0 br-lan
fdbd:c098:3bec::/48 :: !n 2147483647 3 0 lo
fe80::/64 :: U 256 1 0 eth0
fe80::/64 :: U 256 3 0 br-lan
fe80::/64 :: U 256 3 0 wan
fe80::/64 :: U 256 1 0 tailscale0
::/0 :: !n -1 1 0 lo
::1/128 :: Un 0 4 0 lo
fd7a:115c:a1e0:ab12:4843:cd96:625c:1554/128 :: Un 0 2 0 tailscale0
fdbd:c098:3bec::/128 :: Un 0 3 0 br-lan
fdbd:c098:3bec::1/128 :: Un 0 6 0 br-lan
fe80::/128 :: Un 0 3 0 eth0
fe80::/128 :: Un 0 3 0 br-lan
fe80::/128 :: Un 0 3 0 wan
fe80::/128 :: Un 0 3 0 tailscale0
fe80::a9d2:357b:1ca0:8bd0/128 :: Un 0 2 0 tailscale0
fe80::ea9f:80ff:fed5:d8b6/128 :: Un 0 3 0 wan
fe80::ea9f:80ff:fed5:d8b7/128 :: Un 0 6 0 eth0
fe80::ea9f:80ff:fed5:d8b7/128 :: Un 0 3 0 br-lan
ff00::/8 :: U 256 3 0 eth0
ff00::/8 :: U 256 3 0 br-lan
ff00::/8 :: U 256 3 0 wan
ff00::/8 :: U 256 1 0 tailscale0
::/0 :: !n -1 1 0 lo