Intermittent connectivity issues after temporary second router with identical subnet

Hello OpenWrt community,

I'm experiencing connectivity issues on my OpenWrt router after a network configuration mistake, and I need your help.

Network Setup:

• ISP Router (Fritz!Box): 192.168.178.0/24 (192.168.178.1)
• OpenWrt Router (behind Fritz!Box): 192.168.1.0/24 (192.168.1.1)

The Problem:

About a week ago, I temporarily connected a second router to the Fritz!Box with the same subnet (192.168.1.0/24). This second router has been disconnected and powered off since then, but clients are still experiencing connectivity issues through the OpenWrt router.

• Windows clients are most severely affected - often cannot connect at all
• Android/Linux devices also experience intermittent connectivity problems and occasional phases without connectivity
• Importantly: Even devices that were NOT in the network at the time of the second router are affected
• Clients receive IP addresses (e.g., 192.168.1.172), but connectivity is unstable or non-existent

DHCP Logs

Sun Nov 23 12:40:05 2025 daemon.info dnsmasq-dhcp[1]: DHCPDISCOVER(br-lan) XX:XX:XX:XX:XX:XX
Sun Nov 23 12:40:05 2025 daemon.info dnsmasq-dhcp[1]: DHCPOFFER(br-lan) 192.168.1.142 XX:XX:XX:XX:XX:XX
Sun Nov 23 12:40:05 2025 daemon.info dnsmasq-dhcp[1]: DHCPREQUEST(br-lan) 192.168.1.142 XX:XX:XX:XX:XX:XX
Sun Nov 23 12:40:05 2025 daemon.info dnsmasq-dhcp[1]: DHCPACK(br-lan) 192.168.1.142 XX:XX:XX:XX:XX:XX XX
Sun Nov 23 12:40:05 2025 user.notice nft-qos-monitor: ACTION=add, MACADDR=XX:XX:XX:XX:XX:XX, IPADDR=192.168.1.142, HOSTNAME=XX
Sun Nov 23 12:40:05 2025 daemon.info dnsmasq-dhcp[1]: DHCPDECLINE(br-lan) 192.168.1.142 XX:XX:XX:XX:XX:XX
Sun Nov 23 12:40:05 2025 user.notice nft-qos-dynamic: ACTION=add, MACADDR=XX:XX:XX:XX:XX:XX, IPADDR=192.168.1.142, HOSTNAME=XX
Sun Nov 23 12:40:05 2025 user.notice nft-qos-monitor: ACTION=remove, MACADDR=XX:XX:XX:XX:XX:XX, IPADDR=192.168.1.142, HOSTNAME=XX
Sun Nov 23 12:40:05 2025 user.notice nft-qos-dynamic: ACTION=remove, MACADDR=XX:XX:XX:XX:XX:XX, IPADDR=192.168.1.142, HOSTNAME=XX

What I've Already Tried on OpenWrt:

• Restarted dnsmasq (/etc/init.d/dnsmasq restart)
• Restarted network (/etc/init.d/network restart)
• Sent gratuitous ARP (arping -c 3 -I br-lan 192.168.1.1)
• Flushed ARP cache (ip neigh flush dev br-lan)
• Temporarily stopped nft-qos services
• Verified firewall rules (lan → wan is accept/forward)
• No MAC filtering active
• Checked /proc/net/arp - clients appear correctly
• Rebooted Fritz!Box
• Multiple router reboots over the past week

OpenWrt Version: 24.10.4

Device: Bananapi BPi-R3

Any help would be greatly appreciated!

In theory, this isn't an OpenWrt issue at all, but let's do the following:

• First, please show us a basic topology diagram of how the routers were interconnected to each other. Be sure to label them carefully with the IP addresses and ports (wan vs lan), and clearly indicate which one was later removed from the network.
• Explain how the affected client computers are physically connected (wifi, ethernet) and to which router they are nominally connecting.
• Provide your OpenWrt configuration:

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):

Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

The problem exists for both, ethernet and wifi. The clients connect only to the first openwrt router. The second router was connected for a short time (less than a day) to to a reset and updates.

Topology now and before second router:

Internet
   |
Fritz!Box (192.168.178.1/24)
   |port1
OpenWrt Router (WAN: 192.168.178.x, LAN: 192.168.1.1/24)
   |port1
Netgear GS208 (1+n switches)
   |
Clients (192.168.1.x)

Topology with second router:

Internet
   |
Fritz!Box (192.168.178.1/24)
   |port1
   +--- OpenWrt Router (WAN: 192.168.178.x, LAN: 192.168.1.1/24)
   |         |port1
   |    Netgear GS208 (1+n switches)
   |         |
   |    Clients (192.168.1.x)
   |port2
   +--- Second Router (WAN: 192.168.178.y, LAN: 192.168.1.1/24) <-- SAME SUBNET!
            |port1
        1 Client (192.168.1.x)

ubus call system board

{
	"kernel": "6.6.110",
	"hostname": "bpi-r3",
	"system": "ARMv8 Processor rev 4",
	"model": "Bananapi BPI-R3",
	"board_name": "bananapi,bpi-r3",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "24.10.4",
		"revision": "r28959-29397011cc",
		"target": "mediatek/filogic",
		"description": "OpenWrt 24.10.4 r28959-29397011cc",
		"builddate": "1760891865"
	}
}

cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'XX/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'
	list ports 'sfp2'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option delegate '0'
	option ip6hint '10'

config device
	option name 'br-wan'
	option type 'bridge'
	list ports 'eth1'
	list ports 'wan'

config device
	option name 'eth1'
	option macaddr 'XX'

config device
	option name 'wan'
	option macaddr 'XX'

config interface 'wan'
	option device 'br-wan'
	option proto 'dhcp'

config interface 'wan6'
	option device 'br-wan'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'
	option ip6assign '64'

config device
	option type 'bridge'
	option name 'br-guest'

config interface 'guest'
	option proto 'static'
	option device 'br-guest'
	option ipaddr '192.168.3.1'
	option netmask '255.255.255.0'

config interface 'wg1'
	option proto 'wireguard'
	option private_key 'XX'
	option listen_port '51820'
	list addresses '192.168.9.1/24'
	list addresses 'XX/64'
	option peerdns '0'
	list dns '192.168.1.1'

config wireguard_wg1 'wgclient'
	option preshared_key 'XX'
	option description 'XX'

cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/soc/18000000.wifi'
	option channel 'auto'
	option band '2g'
	option htmode 'HT20'
	option cell_density '0'
	option country 'DE'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ssid 'XX'
	option encryption 'sae-mixed'
	option key 'XX'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/soc/18000000.wifi+1'
	option channel 'auto'
	option band '5g'
	option htmode 'HE20'
	option country 'DE'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'XX'
	option encryption 'sae-mixed'
	option key 'XX'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid 'XX'
	option encryption 'sae-mixed'
	option isolate '1'
	option key 'XX'
	option network 'guest'

cat /etc/config/dhcp (multiple host and cname entries removed)

cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option cachesize '1000'
	option authoritative '1'
	option readethers '1'
	option leasefile '/mnt/mmc/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option localservice '1'
	option ednspacket_max '1232'
	option confdir '/tmp/dnsmasq.d'
	option rebind_localhost '1'

config dhcp 'lan'
	option interface 'lan'
	option start '50'
	option limit '200'
	option leasetime '12h'
	option dhcpv4 'server'
	option ndp 'relay'
	option force '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'
	option piofolder '/tmp/odhcpd-piofolder'

config dhcp 'wan6'
	option interface 'wan6'
	option ignore '1'

config dhcp 'guest'
	option interface 'guest'
	option start '100'
	option limit '150'
	option leasetime '1h'
	option netmask '255.255.255.0'

config host
	option name 'XX'
	option ip '192.168.1.207'
	option mac 'XX'

config domain
	option name 'XX.lan'
	option ip '192.168.1.240'

config cname
	option cname 'XX.de'
	option target 'XX.lan'

cat /etc/config/firewall (multiple redirect rules removed)

cat /etc/config/firewall

config defaults
	option syn_flood '1'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'

config zone 'lan'
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'
	list network 'wg1'

config zone 'wan'
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'Support-UDP-Traceroute'
	option src 'wan'
	option dest_port '33434:33689'
	option proto 'udp'
	option family 'ipv4'
	option target 'REJECT'
	option enabled '0'

config redirect
	option dest 'lan'
	option target 'DNAT'
	list proto 'tcp'
	option src 'wan'
	option src_dport '80'
	option dest_ip '192.168.1.240'
	option dest_port '80'
	option name 'XX HTTP'

config redirect
	option dest 'lan'
	option target 'DNAT'
	list proto 'tcp'
	option src 'wan'
	option src_dport '443'
	option dest_ip '192.168.1.240'
	option dest_port '443'
	option name 'XX HTTPS'

config rule 'wg'
	option name 'Allow-WireGuard'
	option src 'wan'
	option dest_port '51820'
	option proto 'udp'
	option target 'ACCEPT'

config zone 'guest'
	option name 'guest'
	option network 'guest'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'

config forwarding 'guest_wan'
	option src 'guest'
	option dest 'wan'

config rule 'guest_dns'
	option name 'Allow-DNS-Guest'
	option src 'guest'
	option dest_port '53'
	option proto 'tcp udp'
	option target 'ACCEPT'

config rule 'guest_dhcp'
	option name 'Allow-DHCP-Guest'
	option src 'guest'
	option src_port '68'
	option dest_port '67'
	option proto 'udp'
	option family 'ipv4'
	option target 'ACCEPT'

config zone
	option name 'restricted'
	option input 'REJECT'
	option output 'REJECT'
	option forward 'REJECT'
	list network 'wg2'

config rule
	option name 'Allow-WireGuard2'
	list proto 'udp'
	option src 'wan'
	option target 'ACCEPT'
	option dest_port '51821'

config forwarding
	option src 'lan'
	option dest 'restricted'

config rule
	option name 'Allow-To-Restricted'
	option src 'lan'
	option dest 'restricted'
	option target 'ACCEPT'
	list dest_ip '192.168.10.2'
	list dest_ip '192.168.10.4'
	list proto 'all'
	option enabled '0'

config rule
	option name 'Reject-Device-From-Internet'
	option src '*'
	option dest 'wan'
	option target 'REJECT'
	list proto 'all'
	list src_ip '192.168.1.195'
	list src_ip '192.168.1.242'

The topology you have shown would not have caused any conflict with OpenWrt. You basically had 2 parallel networks with the same subnet, but they wouldn't have interacted and thus couldn't have conflicted.

That is why I need help. I dont get what creates the problem. The arp cache of the FritzBox should not have influence to the OpenWrt network. The problem did not show up instantly, it appeared 1-2 days after the second router. I did not change anything else.

You've got a bunch of potentially unusual configuration items in your OpenWrt config...

• create a backup
• reset to defaults
• configure from scratch, just the bare minimums.

You didn't answer this, though:

To update this, the problem has been solved. A third fritzbox at the basement caused the problem. The router was connected through powerline to the main openwrt router and was used as hotspot for 2 clients. After removing it, everything is fine. But first I configured the openwrt router from scratch, two times. The basement fritzbox was working there for over 2 years, but somehow the second openwrt router taught the fritzbox something, that could not be forgotten…