Internet access issues with wired laptop on Netgear R7800

I've running ACwifidude's NSS build on my R7800 and I've got the WAN port wired directly to my 1Gbps fibre modem, and my laptop and a RPi4 are connected to ports 1 and 4.

The laptop is running Linux Minut and is having trouble opening websites in Firefox. If I click on a link from a Google search, or even if I paste the direct address to the website, it fails after trying for a while but if I try it a couple more times it works. I also tried pinging the domain that fails in OpenWRT under Network-Diagnostics, and it fails initially there too so I don't think it's an issue with the laptop. However, this issue doesn't seem to affect my phone which is connected to the router by WiFi, so it seems like it might be a misconfiguration on the router specific to the LAN ports.

I'll add some screenshots in a minute. I just need to go to my PC to edit them to hide my MAC addresses.

EDIT: OK, I've plugged my desktop PC into the router now and it doesn't seem to be having any problems accessing webpages, so maybe it is a problem with Linux Mint on the laptop. I'll try booting it to Windows and see if it still has any problems.

These are the screenshots, and I'd be grateful if someone could take a look to see if there's anything obvious wrong.

What I've done is create multiple SSIDs, so for 5G I've got a main one and an IoT-5G one (I may not need this, but I've got one 4K camera that might need it), and for 2.4Ghz I've got a main one (with -24G suffix), a guest one, an IoT one, and an IoT-WAN one (for devices like Echo Dot that need Internet access). Then I've created Firewall Zones for each of them, and added Traffic Rules to allow them to access ports 53, 67 and 68. Then I've created guest, IoT and IoT-WAN interfaces, each on separate 10.x.10.10 subnets, and assigned them to the respective Firewall Zones and enabled their DHCP servers. Then I've gone back to the Wireless settings and assigned each SSID to the relevant network, so the main ones are assigned to lan, the guest one to guest, the IoT ones to IoT, and the IoT-WAN one to IoT-WAN.

I added a couple of VLANs for Guest and IoT, as all the guides I found said to do this but I think they were aimed at people connecting the router to other APs, so I'm not actually using these, and the WiFi networks seem to be working as expected when I connect my phone to them, with the main, guest and IoT-WAN ones being able to access the Internet, whilst the other IoT ones can't

Wireless1368×859 178 KB

Firewall Zones1372×956 81.5 KB

Traffic Rules1143×290 30 KB

Devices1374×834 138 KB

Interfaces1370×889 148 KB

Routing1368×870 83.8 KB

Switch1369×744 101 KB

We've seen issues with Linux Mint in the past where the issue was the host itself, not OpenWrt.

We can review your config for any errors, but I would also highly recommend that you try another OS on that computer... for example, a fresh install of Ubuntu could work (you can use a live USB stick -- no need to actually install).

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:

Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

Thanks, it does seem that it may be Linux Mint that's the issue, as I'm not having any problems with my Windows desktop PC wired to the router.

I'll add the config files in a minute.

This is the output of those commands.

root@OpenWrt:~# ubus call system board
{
        "kernel": "5.15.120",
        "hostname": "OpenWrt",
        "system": "ARMv7 Processor rev 0 (v7l)",
        "model": "Netgear Nighthawk X4S R7800",
        "board_name": "netgear,r7800",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "SNAPSHOT",
                "revision": "r23580+21-b993a00b82",
                "target": "ipq806x/generic",
                "description": "OpenWrt SNAPSHOT r23580+21-b993a00b82"
        }
}

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd88:ca3e:c279::/48'

config device
        option name 'br-lan'
        option type 'bridge'
        list ports 'eth1.1'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'eth0.2'
        option proto 'dhcp'

config interface 'wan6'
        option device 'eth0.2'
        option proto 'dhcpv6'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '6t 4 3 2 1'
        option vid '1'
        option description 'LAN'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '0t 5'
        option vid '2'
        option description 'WAN'

config switch_vlan
        option device 'switch0'
        option vlan '3'
        option vid '3'
        option ports '6t'
        option description 'Guest'

config switch_vlan
        option device 'switch0'
        option vlan '4'
        option ports '6t'
        option vid '4'
        option description 'IoT'

config interface 'Guest'
        option proto 'static'
        option ipaddr '10.10.10.10'
        option netmask '255.255.255.0'

config interface 'IoT'
        option proto 'static'
        option ipaddr '10.20.10.10'
        option netmask '255.255.255.0'
        option device 'phy1-ap0'
        option type 'bridge'

config interface 'IoT_WAN'
        option proto 'static'
        option ipaddr '10.30.10.10'
        option netmask '255.255.255.0'

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
        option channel '161'
        option band '5g'
        option htmode 'VHT80'
        option cell_density '0'
        option txpower '27'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'main'
        option encryption 'sae-mixed'
        option key 'redacted'

config wifi-device 'radio1'
        option type 'mac80211'
        option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
        option channel '11'
        option band '2g'
        option htmode 'HT20'
        option cell_density '0'
        option txpower '26'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'IoT'
        option mode 'ap'
        option ssid 'my-IoT'
        option encryption 'sae-mixed'
        option isolate '1'
        option key 'redacted'

config wifi-iface 'wifinet2'
        option device 'radio1'
        option mode 'ap'
        option ssid 'my-Guest'
        option encryption 'sae-mixed'
        option isolate '1'
        option key 'redacted'
        option network 'Guest'

config wifi-iface 'wifinet3'
        option device 'radio1'
        option mode 'ap'
        option ssid 'main-24G'
        option encryption 'sae-mixed'
        option key 'redacted'
        option network 'lan'

config wifi-iface 'wifinet4'
        option device 'radio1'
        option mode 'ap'
        option ssid 'my-IoT-WAN'
        option encryption 'sae-mixed'
        option key 'redacted'
        option network 'IoT_WAN'

config wifi-iface 'wifinet5'
        option device 'radio0'
        option mode 'ap'
        option ssid 'my-IoT-5G'
        option encryption 'sae-mixed'
        option key 'redacted'
        option network 'IoT'

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'
        option confdir '/tmp/dnsmasq.d'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config dhcp 'Guest'
        option interface 'Guest'
        option start '100'
        option limit '150'
        option leasetime '12h'

config dhcp 'IoT'
        option interface 'IoT'
        option start '100'
        option limit '150'
        option leasetime '12h'

config dhcp 'IoT_WAN'
        option interface 'IoT_WAN'
        option start '100'
        option limit '150'
        option leasetime '12h'

root@OpenWrt:~# cat /etc/config/firewall

config defaults
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option synflood_protect '1'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option masq '1'
        option mtu_fix '1'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include 'nss_ecm'
        option type 'script'
        option path '/etc/firewall.d/qca-nss-ecm'
        option family 'any'
        option reload '1'

config zone
        option name 'Guest'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'Guest'

config zone
        option name 'IoT_WAN'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'IoT_WAN'

config forwarding
        option src 'Guest'
        option dest 'wan'

config forwarding
        option src 'IoT_WAN'
        option dest 'wan'

config forwarding
        option src 'lan'
        option dest 'IoT_WAN'

config zone
        option name 'IoT'
        option input 'REJECT'
        option output 'ACCEPT'
        option forward 'REJECT'
        list network 'IoT'

config rule
        option name 'Guest DHCP and DNS'
        option src 'Guest'
        option dest_port '53 67 68'
        option target 'ACCEPT'

config forwarding
        option src 'lan'
        option dest 'IoT'

config rule
        option name 'IoT DHCP and DNS'
        option src 'IoT'
        option target 'ACCEPT'
        option dest_port '53 67 68'

config rule
        option name 'IoT-WAN DHCP and DNS'
        option src 'IoT_WAN'
        option dest_port '53 67 68'
        option target 'ACCEPT'

I do see some errors which we can address -- not sure if it will solve the problem you're experiencing, but they should be fixed anyway.

These two VLANs appear to be unnecessary since they do not include any ethernet ports aside from the CPU. You only need these if you plan to offer these network via ethernet. If you'll only be using wifi for the guest and iot networks, delete these:

Because you've got your IoT network assigned to 2 radios, you must use a bridge, but it needs to be defined separately. Add an iot bridge like this:

config device
        option name 'br-iot'
        option type 'bridge'
        option bridge_empty '1'

In the iot network, remove bridge line -- it is invalid here. And we'll also change the device to the bridge we just defined (radios don't belong here, anyway). It will look like this:

config interface 'IoT'
        option proto 'static'
        option ipaddr '10.20.10.10'
        option netmask '255.255.255.0'
        option device 'br-iot'

Finally, this line should be added to your DHCP config in the Guest, IoT, and IoT_WAN server stanzas:

        option dhcpv4 'server'

Everything else looks fine. Reboot your router after you make those changes.

I expect that your linux mint machine is still going to have issues -- and that is likely attributed to the config of that specific host, not your OpenWrt config.

That's great. Thanks for your help. I tested the laptop running Windows and that didn't have any problems. I also tested it running Linux Mint but connected to my ISP's router and that worked fine too, so it does seem to be an incompatibility between Linux Mint and OpenWRT, but I'll test again after correcting the errors you've identified.

Looking at the screenshot of the Interfaces screen in my post above, it shows the radio device associated with the Guest and IoT_WAN interfaces, so one would expect to see that reflected in the network config file, but in fact there is no option device line for those interfaces, so I'm not sure why it created one for the IoT interface and added the option type 'bridge' line. Anyway, now I know what should and shouldn't be there, and that I need to use a bridge if I want to assign multiple radios to a network interface.

After rebooting I checked whether the 'option dhcpv4' setting is reflected in the GUI under DHCP Server-Advanced Settings-DHCP_Options for each of the interfaces, but it isn't which surprised me. If I'd entered 'server' in that box, would that have added that line to the config file and kept that option visible in the GUI?

I tested the laptop running Linux Mint using WiFi and then Ethernet and I'm not having this problem anymore, so it seems that your corrections have fixed it, thanks.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.