Intermittent DNS resolution issue

You can remove these from the lan.
And from the dns/dhcp.
Tell us more about the tun0 interface. Is it connected to nordvpn?

Delete these.

Not an issue, you don't have any ipv6 uplink.

Not an issue, it just is a folder, not file.

Your configuration looks a bit weird to me. Did you upgrade from 21.02 or older and kept settings?

1 Like

Done.

Nope, this is a leftover of a previous configuration that I end up not using since CPU was too weak to provide full speed connectivity inside a VPN tunnel. What's weird though is that the interface doesn't show in LuCI even though it is still present in the firewall settings:
Captura de Pantalla 2023-04-26 a la(s) 12.43.40

Done. The relevant part now is:

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list device 'tun0'
	list network 'wan'
	list network 'wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

Maybe, as I got this router shortly before 22.03 release. For sure I kept the settings as I find it a waste of time to reconfigure everything by hand.

Resulting output after modifications:

{
	"kernel": "5.10.161",
	"hostname": "ArcherA6",
	"system": "Qualcomm Atheros QCA956X ver 1 rev 0",
	"model": "TP-Link Archer C6 v2 (US) / A6 v2 (US/TW)",
	"board_name": "tplink,archer-c6-v2-us",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "22.03.3",
		"revision": "r20028-43d71ad93e",
		"target": "ath79/generic",
		"description": "OpenWrt 22.03.3 r20028-43d71ad93e"
	}
}
package network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdeb:10f9:9e35::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'
	option ipv6 '0'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.1.1'

config interface 'wan'
	option device 'eth0.2'
	option proto 'dhcp'
	option peerdns '0'
	list dns '9.9.9.9'
	list dns '149.112.112.112'
	option hostname '*'

config interface 'wan6'
	option device 'eth0.2'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '2 3 4 5 0t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '1 0t'

config device
	option name 'wlan0'
	option ipv6 '0'

config device
	option name 'wlan1'
	option ipv6 '0'

config device
	option name 'eth0'
	option ipv6 '0'

package dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option localservice '1'
	option ednspacket_max '1232'
	option local '/local/'
	option domain 'local'
	option logqueries '1'

config dhcp 'lan'
	option interface 'lan'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option start '2'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config host
	option name 'MiWiFi'
	option dns '1'
	option mac '50:D2:F5:XX:YY:ZZ’
	option ip '192.168.1.4'

config host
	option name 'fvdw'
	option dns '1'
	option mac '00:D0:4B:XX:YY:ZZ'
	option ip '192.168.1.10'

config host
	option name 'Lancelot-Mo'
	option dns '1'
	option mac 'A8:20:66:XX:YY:ZZ'
	option ip '192.168.1.20'

config host
	option name 'Whitebook'
	option dns '1'
	option mac '00:26:B0:XX:YY:ZZ'
	option ip '192.168.1.21'

config host
	option name 'Canon-MFP'
	option dns '1'
	option mac 'F4:81:39:XX:YY:ZZ'
	option ip '192.168.1.24'

config host
	option name 'Think-PC'
	option dns '1'
	option mac '50:7B:9D:XX:YY:ZZ'
	option ip '192.168.1.25'

config host
	option name 'LibreELEC'
	option dns '1'
	option mac 'B8:27:EB:XX:YY:ZZ'
	option ip '192.168.1.26'

config host
	option name 'Lancelot-wifi'
	option dns '1'
	option mac '5C:96:9D:XX:YY:ZZ'
	option ip '192.168.1.50'

config host
	option name 'Whitebook-wifi'
	option dns '1'
	option mac '00:26:08:XX:YY:ZZ'
	option ip '192.168.1.51'

config host
	option name 'Oboo-clock-7176'
	option dns '1'
	option mac '40:A3:6B:XX:YY:ZZ'
	option ip '192.168.1.59'

config host
	option name 'MiniPad'
	option dns '1'
	option mac '68:9C:70:XX:YY:ZZ'
	option ip '192.168.1.60'

config host
	option name 'CubyPad'
	option dns '1'
	option mac '84:29:99:XX:YY:ZZ'
	option ip '192.168.1.61'

config host
	option name 'Z6252CA'
	option mac '92:15:C8:XX:YY:ZZ'
	option ip '192.168.1.66'

config host
	option name ‘Joe-PC'
	option dns '1'
	option mac '68:CA:00:01:47:DF'
	option ip '192.168.1.68'

config host
	option mac 'F4:B1:9C:XX:YY:ZZ'
	option name 'Geeni-cam'
	option dns '1'
	option ip '192.168.1.70'

config host
	option name 'Omega-F079'
	option ip '192.168.1.150'
	option mac '40:A3:6B:XX:YY:ZZ'

config host
	option name 'wdnas'
	option dns '1'
	option mac '00:00:C0:XX:YY:ZZ'
	option ip '192.168.1.213'

config domain
	option name 'fvdwsl-base.local'
	option ip '192.168.1.10'

config host
	option name 'Think-Air'
	option ip '192.168.1.53'
	option mac 'A4:D1:8C:XX:YY:ZZ'

config host
	option name 'Joe2'
	option dns '1'
	option mac '90:DE:80:XX:YY:ZZ'
	option ip '192.168.1.67'

package firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list device 'tun0'
	list network 'wan'
	list network 'wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'Support-UDP-Traceroute'
	option src 'wan'
	option dest_port '33434:33689'
	option proto 'udp'
	option family 'ipv4'
	option target 'REJECT'
	option enabled 'false'

config include
	option path '/etc/firewall.user'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option src 'wan'
	option src_dport '4222-4228'
	option name 'fvdwsl-base1'
	option dest_ip '192.168.1.10'
	option dest_port '4222-4228'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option src 'wan'
	option src_dport '4215-4221'
	option name 'Syno1'
	option dest_ip '192.168.1.15'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Syno2'
	list proto 'tcp'
	option src 'wan'
	option src_dport '51418-51419'
	option dest_ip '192.168.1.15'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option src 'wan'
	option src_dport '9091-9093'
	option name 'fvdwsl-base2'
	option dest_ip '192.168.1.10'
	option dest_port '9091-9093'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Syno3'
	option src 'wan'
	option src_dport '5006'
	option dest_ip '192.168.1.15'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Syno4'
	option src 'wan'
	option src_dport '3001'
	option dest_ip '192.168.1.15'
	option enabled '0'

config forwarding
	option dest 'lan'

config forwarding
	option dest 'lan'

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
8: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 38.xxx.yyy.180/28 brd 38.xxx.yyy.191 scope global eth0.2
       valid_lft forever preferred_lft forever
default via 38.xxx.yyy.177 dev eth0.2 proto static src 38.xxx.yyy.180 
38.xxx.yyy.176/28 dev eth0.2 proto kernel scope link src 38.xxx.yyy.180 
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1 
broadcast 38.xxx.yyy.176 dev eth0.2 table local proto kernel scope link src 38.xxx.yyy.180 
local 38.xxx.yyy.180 dev eth0.2 table local proto kernel scope host src 38.xxx.yyy.180 
broadcast 38.xxx.yyy.191 dev eth0.2 table local proto kernel scope link src 38.xxx.yyy.180 
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1 
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 
broadcast 192.168.1.0 dev br-lan table local proto kernel scope link src 192.168.1.1 
local 192.168.1.1 dev br-lan table local proto kernel scope host src 192.168.1.1 
broadcast 192.168.1.255 dev br-lan table local proto kernel scope link src 192.168.1.1 
0:	from all lookup local
32766:	from all lookup main
32767:	from all lookup default
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
8: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::6aff:7bff:fe03:8555/64 scope link 
       valid_lft forever preferred_lft forever
unreachable fdeb:10f9:9e35::/48 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev eth0.2 proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
anycast fe80:: dev eth0.2 table local proto kernel metric 0 pref medium
local fe80::6aff:7bff:fe03:8555 dev eth0.2 table local proto kernel metric 0 pref medium
multicast ff00::/8 dev eth0.2 table local proto kernel metric 256 pref medium
0:	from all lookup local
32766:	from all lookup main
lrwxrwxrwx    1 root     root            16 Jan  2 19:24 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r--    1 root     root            49 Apr 26 12:42 /tmp/resolv.conf
-rw-r--r--    1 root     root            62 Apr 26 12:42 /tmp/resolv.conf.d/resolv.conf.auto

/tmp/resolv.conf.d:
-rw-r--r--    1 root     root            62 Apr 26 12:42 resolv.conf.auto
==> /etc/resolv.conf <==
search local
nameserver 127.0.0.1
nameserver ::1

==> /tmp/resolv.conf <==
search local
nameserver 127.0.0.1
nameserver ::1

==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error

==> /tmp/resolv.conf.d/resolv.conf.auto <==
# Interface wan
nameserver 9.9.9.9
nameserver 149.112.112.112

I feel you. However when upgrading to another major version it is advised to start clean. Because configuration is not always compatible from old to new. Network is for sure one which must be configured from scratch, as there are a lot of changes.

1 Like

Bummer. That would make another evening project, though.

I'd get the configuration from the commands posted above, and re-configure the router since it's human-readable.

About installed packages, should I just pull the list and copy-paste their name inside the imagebuilder so as to save on flash space? And just use generated sysupgrade image without saving settings?

Take a backup from the router.

That could also work.

1 Like

Hmm, I thought the DNS issue disappeared as it doesn't show as often as before, but is still present :frowning:

It is not evident that the DNS is to blame. From the first post it is visible that the reply is coming back immediately. Maybe you are searching for the problem in the wrong direction?

1 Like

Just happened again. I made a ping test directly from the router so as to exclude any computer failure.

PING quora.com (54.197.7.90): 56 data bytes

--- quora.com ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss

At the same time, that's what the syslog is showing. Pay special attention to the time of the very first request and when it started loading: 17 seconds. It took much more than that to actually display, though.

Thu Apr 27 17:29:36 2023 daemon.info dnsmasq[1]: 44577 192.168.1.20/58596 query[A] quora.com from 192.168.1.20
Thu Apr 27 17:29:36 2023 daemon.info dnsmasq[1]: 44577 192.168.1.20/58596 cached quora.com is 54.209.16.14
Thu Apr 27 17:29:36 2023 daemon.info dnsmasq[1]: 44577 192.168.1.20/58596 cached quora.com is 54.204.35.77
Thu Apr 27 17:29:36 2023 daemon.info dnsmasq[1]: 44577 192.168.1.20/58596 cached quora.com is 34.202.240.101
Thu Apr 27 17:29:36 2023 daemon.info dnsmasq[1]: 44577 192.168.1.20/58596 cached quora.com is 54.209.224.86
Thu Apr 27 17:29:36 2023 daemon.info dnsmasq[1]: 44577 192.168.1.20/58596 cached quora.com is 54.209.30.131
Thu Apr 27 17:29:36 2023 daemon.info dnsmasq[1]: 44577 192.168.1.20/58596 cached quora.com is 54.196.104.48
Thu Apr 27 17:29:36 2023 daemon.info dnsmasq[1]: 44577 192.168.1.20/58596 cached quora.com is 54.209.141.192
Thu Apr 27 17:29:36 2023 daemon.info dnsmasq[1]: 44577 192.168.1.20/58596 cached quora.com is 54.197.7.90
[…]
Thu Apr 27 17:29:37 2023 daemon.info dnsmasq[1]: 44589 192.168.1.20/54325 query[A] qsc.cf2.quoracdn.net from 192.168.1.20
Thu Apr 27 17:29:37 2023 daemon.info dnsmasq[1]: 44589 192.168.1.20/54325 forwarded qsc.cf2.quoracdn.net to 9.9.9.9
Thu Apr 27 17:29:37 2023 daemon.info dnsmasq[1]: 44589 192.168.1.20/54325 reply qsc.cf2.quoracdn.net is <CNAME>
Thu Apr 27 17:29:37 2023 daemon.info dnsmasq[1]: 44589 192.168.1.20/54325 reply qsc.cf2.quoracdn.net.cdn.cloudflare.net is 162.159.152.17
Thu Apr 27 17:29:37 2023 daemon.info dnsmasq[1]: 44589 192.168.1.20/54325 reply qsc.cf2.quoracdn.net.cdn.cloudflare.net is 162.159.153.247
[…]
Thu Apr 27 17:29:42 2023 daemon.info dnsmasq[1]: 44590 192.168.1.20/55550 query[A] qsf.cf2.quoracdn.net from 192.168.1.20
Thu Apr 27 17:29:42 2023 daemon.info dnsmasq[1]: 44590 192.168.1.20/55550 forwarded qsf.cf2.quoracdn.net to 9.9.9.9
Thu Apr 27 17:29:42 2023 daemon.info dnsmasq[1]: 44590 192.168.1.20/55550 reply qsf.cf2.quoracdn.net is <CNAME>
Thu Apr 27 17:29:42 2023 daemon.info dnsmasq[1]: 44590 192.168.1.20/55550 reply qsf.cf2.quoracdn.net.cdn.cloudflare.net is 162.159.153.247
Thu Apr 27 17:29:42 2023 daemon.info dnsmasq[1]: 44590 192.168.1.20/55550 reply qsf.cf2.quoracdn.net.cdn.cloudflare.net is 162.159.152.17
[…]
Thu Apr 27 17:29:53 2023 daemon.info dnsmasq[1]: 44593 192.168.1.20/58796 query[A] qph.cf2.quoracdn.net from 192.168.1.20
Thu Apr 27 17:29:53 2023 daemon.info dnsmasq[1]: 44593 192.168.1.20/58796 forwarded qph.cf2.quoracdn.net to 9.9.9.9
[…]
Thu Apr 27 17:29:53 2023 daemon.info dnsmasq[1]: 44593 192.168.1.20/58796 reply qph.cf2.quoracdn.net is <CNAME>
Thu Apr 27 17:29:53 2023 daemon.info dnsmasq[1]: 44593 192.168.1.20/58796 reply qph.cf2.quoracdn.net.cdn.cloudflare.net is 162.159.152.17
Thu Apr 27 17:29:53 2023 daemon.info dnsmasq[1]: 44593 192.168.1.20/58796 reply qph.cf2.quoracdn.net.cdn.cloudflare.net is 162.159.153.247

What kind of issue is this?

None, it worked. I'll try to break it down:

The ping app resolved, I further see it already had this answer saved:

Now, I don't wanna discuss the CNAME, etc. - as I'm not sure why you put them there in relationship to the ping.

I assume you mean:

  • How are the other lookups related to your ping? :person_shrugging:
  • What else did you do?
1 Like

The site eventually loaded, but the whole process took an abnormally long time.

Just made a quick search in the logs of everything that pertained to that domain, nothing more. Of course some info may be irrelevant. Still, two interesting points from syslog:

  • The DNS resolves the URL into an IP (from cache), but the site itself couldn't be reached in a timely manner, as the dropped ping packets show.
  • As most large websites, Quora probably has content spread among different "caches" (That's my understanding of what a "Content Delivery Network" is), hence the existence of more than one query

Done a traceroute on bing.com, again from LuCI:

traceroute to bing.com (204.79.197.200), 20 hops max, 46 byte packets
 1  38.xxx.yyy.177  12.956 ms
 2  10.170.192.53  15.687 ms
 3  161.199.164.21  24.397 ms
 4  198.179.18.16  11.416 ms
 5  *
[…]

Although IP is known (so DNS or at least its cache is indeed working), the website couldn't be reached in 20 hops. The last IP seems to be a server on Microsoft CDN.

You said you did a ping test.

So this confused me, you said you pinged. Are you saying you were looking up some website at the same time?

I'm completely lost. Can you explain what issue this is?

I see none.

How is this related to your quora ping?

Are you saying your ISP has some issue connecting to websites?

Oh, I get it. Since @trendy said I may be pointing at the wrong culprit, I tried a ping to see if the website was reachable in the first place, and if it followed any time-based pattern :slight_smile:

Tabs were open on the browser, but the only one actively loading was Quora.

Well, isn't it abnormal for such a website to be unreachable?

It isn't. It is related to an intermittent issue I'm having with no clear pattern. Could be the ISP, but how would I check that?

Not abnormal at all. That might not even be the last hop. A lot of CDN systems do not allow tracing thru their networks.

I'll be honest. Unless you haven't posted or described it clearly yet (i.e. before "troubleshooting") - I don't see an issue. That's why I asked:

But then you described traceroute about some other site - which confused me. Websites use HTTP or HTTPS. You can see that in a browser. Totally unrelated to tracerouting.

EDIT:

you could use this trace command if your test client has it - :warning: but they actually may think you're attacking them (I'm still not sure why you're doing this):

HTTPS:

mtr -T -P 443 example.foo

HTTP

mtr -T -P 80 example.foo

1 Like

What would be the proper way to debug this annoying intermittent issue, then? I've seen it appear on different computers, so probably not linked to the computer.

I assume this:

What is this?

Are you trying to disable IPv6 or something?

1 Like

DNS is providing responses immediately.
Ping is blocked for quora . com
Traceroute or mtr will also never reach the end.
Also quora is not using IPv6 from what I can see, so it should not be an issue to have an incomplete IPv6 configuration.
So far these are not the droids you are looking for and the culprit is somewhere else.
I would capture the https packets from pc to quora server, see where the delay is.

1 Like

I already answered these points in post nº 5. There's no IPv6 anywhere in sight on my WAN or LAN.

The current output to

ubus call system board; \
uci export network; \
uci export dhcp; uci export firewall; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ip -6 addr ; ip -6 ro li tab all ; ip -6 ru; \
ls -l  /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/*

is :

{
	"kernel": "5.10.161",
	"hostname": "ArcherA6",
	"system": "Qualcomm Atheros QCA956X ver 1 rev 0",
	"model": "TP-Link Archer C6 v2 (US) / A6 v2 (US/TW)",
	"board_name": "tplink,archer-c6-v2-us",
	"rootfs_type": "squashfs",
	"release": {
		"distribution": "OpenWrt",
		"version": "22.03.3",
		"revision": "r20028-43d71ad93e",
		"target": "ath79/generic",
		"description": "OpenWrt 22.03.3 r20028-43d71ad93e"
	}
}
package network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fdeb:10f9:9e35::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'
	option ipv6 '0'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ip6assign '60'
	option ipaddr '192.168.1.1'

config interface 'wan'
	option device 'eth0.2'
	option proto 'dhcp'
	option peerdns '0'
	list dns '9.9.9.9'
	list dns '149.112.112.112'
	option hostname '*'

config interface 'wan6'
	option device 'eth0.2'
	option proto 'dhcpv6'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '2 3 4 5 0t'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '1 0t'

config device
	option name 'wlan0'
	option ipv6 '0'

config device
	option name 'wlan1'
	option ipv6 '0'

config device
	option name 'eth0'
	option ipv6 '0'

package dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option localservice '1'
	option ednspacket_max '1232'
	option local '/local/'
	option domain 'local'
	option logqueries '1'

config dhcp 'lan'
	option interface 'lan'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option start '2'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config host
	option name 'MiWiFi'
	option dns '1'
	option mac '50:D2:F5:XX:YY:ZZ’
	option ip '192.168.1.4'

config host
	option name 'fvdw'
	option dns '1'
	option mac '00:D0:4B:XX:YY:ZZ'
	option ip '192.168.1.10'

config host
	option name 'Lancelot-Mo'
	option dns '1'
	option mac 'A8:20:66:XX:YY:ZZ'
	option ip '192.168.1.20'

config host
	option name 'Whitebook'
	option dns '1'
	option mac '00:26:B0:XX:YY:ZZ'
	option ip '192.168.1.21'

config host
	option name 'Canon-MFP'
	option dns '1'
	option mac 'F4:81:39:XX:YY:ZZ'
	option ip '192.168.1.24'

config host
	option name 'Think-PC'
	option dns '1'
	option mac '50:7B:9D:XX:YY:ZZ'
	option ip '192.168.1.25'

config host
	option name 'LibreELEC'
	option dns '1'
	option mac 'B8:27:EB:XX:YY:ZZ'
	option ip '192.168.1.26'

config host
	option name 'Lancelot-wifi'
	option dns '1'
	option mac '5C:96:9D:XX:YY:ZZ'
	option ip '192.168.1.50'

config host
	option name 'Whitebook-wifi'
	option dns '1'
	option mac '00:26:08:XX:YY:ZZ'
	option ip '192.168.1.51'

config host
	option name 'Oboo-clock-7176'
	option dns '1'
	option mac '40:A3:6B:XX:YY:ZZ'
	option ip '192.168.1.59'

config host
	option name 'MiniPad'
	option dns '1'
	option mac '68:9C:70:XX:YY:ZZ'
	option ip '192.168.1.60'

config host
	option name 'CubyPad'
	option dns '1'
	option mac '84:29:99:XX:YY:ZZ'
	option ip '192.168.1.61'

config host
	option name 'Z6252CA'
	option mac '92:15:C8:XX:YY:ZZ'
	option ip '192.168.1.66'

config host
	option name ‘Joe-PC'
	option dns '1'
	option mac '68:CA:00:01:47:DF'
	option ip '192.168.1.68'

config host
	option mac 'F4:B1:9C:XX:YY:ZZ'
	option name 'Geeni-cam'
	option dns '1'
	option ip '192.168.1.70'

config host
	option name 'Omega-F079'
	option ip '192.168.1.150'
	option mac '40:A3:6B:XX:YY:ZZ'

config host
	option name 'wdnas'
	option dns '1'
	option mac '00:00:C0:XX:YY:ZZ'
	option ip '192.168.1.213'

config domain
	option name 'fvdwsl-base.local'
	option ip '192.168.1.10'

config host
	option name 'Think-Air'
	option ip '192.168.1.53'
	option mac 'A4:D1:8C:XX:YY:ZZ'

config host
	option name 'Joe2'
	option dns '1'
	option mac '90:DE:80:XX:YY:ZZ'
	option ip '192.168.1.67'

package firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list device 'tun0'
	list network 'wan'
	list network 'wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'Support-UDP-Traceroute'
	option src 'wan'
	option dest_port '33434:33689'
	option proto 'udp'
	option family 'ipv4'
	option target 'REJECT'
	option enabled 'false'

config include
	option path '/etc/firewall.user'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option src 'wan'
	option src_dport '4222-4228'
	option name 'fvdwsl-base1'
	option dest_ip '192.168.1.10'
	option dest_port '4222-4228'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option src 'wan'
	option src_dport '4215-4221'
	option name 'Syno1'
	option dest_ip '192.168.1.15'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Syno2'
	list proto 'tcp'
	option src 'wan'
	option src_dport '51418-51419'
	option dest_ip '192.168.1.15'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option src 'wan'
	option src_dport '9091-9093'
	option name 'fvdwsl-base2'
	option dest_ip '192.168.1.10'
	option dest_port '9091-9093'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Syno3'
	option src 'wan'
	option src_dport '5006'
	option dest_ip '192.168.1.15'

config redirect
	option dest 'lan'
	option target 'DNAT'
	option name 'Syno4'
	option src 'wan'
	option src_dport '3001'
	option dest_ip '192.168.1.15'
	option enabled '0'

config forwarding
	option dest 'lan'

config forwarding
	option dest 'lan'

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
6: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 192.168.1.1/24 brd 192.168.1.255 scope global br-lan
       valid_lft forever preferred_lft forever
8: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 38.xxx.yyy.180/28 brd 38.xxx.yyy.191 scope global eth0.2
       valid_lft forever preferred_lft forever
default via 38.xxx.yyy.177 dev eth0.2 proto static src 38.xxx.yyy.180 
38.xxx.yyy.176/28 dev eth0.2 proto kernel scope link src 38.xxx.yyy.180 
192.168.1.0/24 dev br-lan proto kernel scope link src 192.168.1.1 
broadcast 38.xxx.yyy.176 dev eth0.2 table local proto kernel scope link src 38.xxx.yyy.180 
local 38.xxx.yyy.180 dev eth0.2 table local proto kernel scope host src 38.xxx.yyy.180 
broadcast 38.xxx.yyy.191 dev eth0.2 table local proto kernel scope link src 38.xxx.yyy.180 
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1 
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1 
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1 
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1 
broadcast 192.168.1.0 dev br-lan table local proto kernel scope link src 192.168.1.1 
local 192.168.1.1 dev br-lan table local proto kernel scope host src 192.168.1.1 
broadcast 192.168.1.255 dev br-lan table local proto kernel scope link src 192.168.1.1 
0:	from all lookup local
32766:	from all lookup main
32767:	from all lookup default
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 state UNKNOWN qlen 1000
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
8: eth0.2@eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 state UP qlen 1000
    inet6 fe80::6aff:7bff:fe03:8555/64 scope link 
       valid_lft forever preferred_lft forever
unreachable fdeb:10f9:9e35::/48 dev lo proto static metric 2147483647 pref medium
fe80::/64 dev eth0.2 proto kernel metric 256 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
anycast fe80:: dev eth0.2 table local proto kernel metric 0 pref medium
local fe80::6aff:7bff:fe03:8555 dev eth0.2 table local proto kernel metric 0 pref medium
multicast ff00::/8 dev eth0.2 table local proto kernel metric 256 pref medium
0:	from all lookup local
32766:	from all lookup main
lrwxrwxrwx    1 root     root            16 Jan  2 19:24 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r--    1 root     root            49 Apr 26 12:42 /tmp/resolv.conf
-rw-r--r--    1 root     root            62 Apr 26 12:42 /tmp/resolv.conf.d/resolv.conf.auto

/tmp/resolv.conf.d:
-rw-r--r--    1 root     root            62 Apr 26 12:42 resolv.conf.auto
==> /etc/resolv.conf <==
search local
nameserver 127.0.0.1
nameserver ::1

==> /tmp/resolv.conf <==
search local
nameserver 127.0.0.1
nameserver ::1

==> /tmp/resolv.conf.d <==
head: /tmp/resolv.conf.d: I/O error

==> /tmp/resolv.conf.d/resolv.conf.auto <==
# Interface wan
nameserver 9.9.9.9
nameserver 149.112.112.112

These aren't the droids I'm looking for.

As of now I'm trying to find out a suitable display filter for Wireshark before the problem reoccurs.

tcp.port==443 and ip.addr == 54.197.7.90 and ip.addr == 192.168.1.20
but it is better to add it in tcpdump instead so you can capture also the wan packets.

1 Like

I didn't forget, just waiting for the issue to re-appear…

Since I won't leave this topic open, the issue hasn't reappeared since I upgraded OpenWRT and reconfigured from scratch.

However, a new issue has appeared on the AP roughly at the same time as I upgraded OpenWRT on the A6.