My network consists of a Turris Omnia router flashed with OpenWrt 21.02.1, an unmanaged switch, and a TP Link router running as a dumb access point on OpenWrt 21.02.1. About once a day (typically evenings), all wired devices drop both internet and lan connection but all wireless devices continue to have connection to the internet. The only way to restore connection to the wired devices is to power cycle the switch.
I have attempted a new switch and a fresh install of OpenWrt on my router (actually flashed from TurrisOS where this originally started). I am completely at a loss on what could be happening. Any ideas or help would be appreciated.
I'd start by looking at your wired devices to see if any of them might be misbehaving.
For example, USB-C docking hubs with ethernet can sometimes be problematic -- certain ones have a major bug that will bring down a network when the host goes to sleep, is powered off, or is disconnected.
Or you could have a switching loop somewhere -- caused by an actual loop or a device that doesn't handle interfaces properly (there was a bug where Peloton bikes connected to both wifi and wired would create a switching loop).
There are all sorts of things that can happen and devices that can misbehave, so it is worth unplugging everything from the wired network (except for one single computer) to see if that resolves the issue. If it does, start connecting things again and testing to see when it breaks again. This can take a while, but do it methodically.
Normally, I'd think that your wifi devices would also have issues, but this approach is still a worthwhile test.
If that doesn't lead to a resolution, we can look at other possible culprits.
Posting configs in case they can help solve this issue.
cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd51:6363:e35d::/48'
config device
option name 'br-lan'
option type 'bridge'
list ports 'lan0'
list ports 'lan1'
list ports 'lan2'
list ports 'lan3'
list ports 'lan4'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
list dns '1.1.1.1'
list dns '1.0.0.1'
config interface 'wan'
option device 'eth2'
option proto 'dhcp'
option peerdns '0'
list dns '1.1.1.1'
list dns '1.0.0.1'
config interface 'wan6'
option device 'eth2'
option proto 'dhcpv6'
option auto '0'
option reqaddress 'try'
option reqprefix 'auto'
config interface 'WGINTERFACE'
option proto 'wireguard'
option delegate '0'
option listen_port '51820'
option private_key 'PRIVATEKEYWASHERE'
list addresses 'VPNPROVIDERIPADDRESS'
config wireguard_WGINTERFACE
option description 'VPNPROVIDER'
option public_key 'PUBLICKEYWASHERE'
list allowed_ips '0.0.0.0/0'
option endpoint_port '51820'
option endpoint_host 'VPNPROVIDER.net'
cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option hwmode '11a'
option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
option htmode 'VHT80'
option cell_density '0'
option channel 'auto'
option country 'US'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'SSID'
option key 'PASSWORD'
option ieee80211r '1'
option nasid 'router5'
option mobility_domain 'abcd'
option ft_over_ds '1'
option ft_psk_generate_local '1'
option encryption 'psk2+ccmp'
config wifi-device 'radio1'
option type 'mac80211'
option hwmode '11g'
option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
option htmode 'HT20'
option channel 'auto'
option country 'US'
option cell_density '0'
config wifi-iface 'default_radio1'
option device 'radio1'
option network 'lan'
option mode 'ap'
option ssid 'SSID'
option key 'PASSWORD'
option ieee80211r '1'
option nasid 'router2.4'
option mobility_domain 'abcd'
option ft_over_ds '1'
option ft_psk_generate_local '1'
option encryption 'psk2+ccmp'
cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option localservice '1'
option ednspacket_max '1232'
list rebind_domain 'plex.direct'
config dhcp 'lan'
option interface 'lan'
option start '100'
option leasetime '12h'
option dhcpv4 'server'
option limit '50'
list dhcp_option '6,192.168.1.1'
list ra_flags 'none'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
list ra_flags 'none'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config host
option name 'ap'
option dns '1'
option mac 'MA:CA:DD:RE:SS:00'
option ip '192.168.1.2'
config host
option name 'CiPhone'
option dns '1'
option mac 'MA:CA:DD:RE:SS:00'
option ip '192.168.1.151'
option leasetime '1d'
config host
option name 'CiPad'
option dns '1'
option mac 'MA:CA:DD:RE:SS:00'
option ip '192.168.1.152'
option leasetime '1d'
config host
option name 'C-MBP'
option dns '1'
option mac 'MA:CA:DD:RE:SS:00'
option leasetime '1d'
option ip '192.168.1.153'
config host
option name 'CKindle'
option dns '1'
option mac 'MA:CA:DD:RE:SS:00'
option ip '192.168.1.154'
option leasetime '1d'
config host
option name 'CAppleWatch'
option dns '1'
option mac 'MA:CA:DD:RE:SS:00'
option ip '192.168.1.155'
option leasetime '1d'
config host
option name 'CWorkLTWired'
option dns '1'
option mac 'MA:CA:DD:RE:SS:00'
option ip '192.168.1.156'
option leasetime '1d'
config host
option name 'COfficeEcho'
option dns '1'
option mac 'MA:CA:DD:RE:SS:00'
option ip '192.168.1.157'
option leasetime '1d'
config host
option name 'CWorkLTWireless'
option dns '1'
option mac 'MA:CA:DD:RE:SS:00'
option ip '192.168.1.158'
option leasetime '1d'
config host
option name 'EiPad'
option dns '1'
option mac 'MA:CA:DD:RE:SS:00'
option ip '192.168.1.159'
option leasetime '1d'
config host
option dns '1'
option mac 'MA:CA:DD:RE:SS:00'
option ip '192.168.1.160'
option leasetime '1d'
option name 'JiPad'
config host
option name 'RokuMBWired'
option dns '1'
option mac 'MA:CA:DD:RE:SS:00'
option ip '192.168.1.163'
option leasetime '1d'
config host
option name 'Server-Wired'
option dns '1'
option mac 'MA:CA:DD:RE:SS:00'
option ip '192.168.1.164'
option leasetime '1d'
config host
option name 'Docker-Plex'
option dns '1'
option mac 'MA:CA:DD:RE:SS:00'
option ip '192.168.1.165'
option leasetime '1d'
config host
option mac 'MA:CA:DD:RE:SS:00'
option dns '1'
option name 'Doorbell-Frontdoor'
option ip '192.168.1.166'
option leasetime '10d'
config host
option mac 'MA:CA:DD:RE:SS:00'
option name 'Arlo-BabyCam'
option ip '192.168.1.167'
option leasetime '1d'
option dns '1'
config host
option mac 'MA:CA:DD:RE:SS:00'
option name 'Garage-Door'
option ip '192.168.1.168'
option leasetime '1d'
option dns '1'
config host
option mac 'MA:CA:DD:RE:SS:00'
option name 'Nest-Kitchen'
option ip '192.168.1.169'
option leasetime '1d'
option dns '1'
config host
option mac 'MA:CA:DD:RE:SS:00'
option name 'Nest-Upstairs'
option ip '192.168.1.170'
option leasetime '1d'
option dns '1'
config host
option mac 'MA:CA:DD:RE:SS:00'
option name 'MiPhone'
option ip '192.168.1.171'
option leasetime '1d'
config host
option mac 'MA:CA:DD:RE:SS:00'
option name 'MsMBP'
option ip '192.168.1.172'
option leasetime '1d'
option dns '1'
config host
option mac 'MA:CA:DD:RE:SS:00'
option name 'M-Apple-Watch'
option ip '192.168.1.173'
option leasetime '1d'
option dns '1'
config host
option mac 'MA:CA:DD:RE:SS:00'
option name 'M-Art-Printer'
option ip '192.168.1.174'
option leasetime '1d'
option dns '1'
config host
option mac 'MA:CA:DD:RE:SS:00'
option name 'M-iPad'
option ip '192.168.1.175'
option leasetime '1d'
option dns '1'
config host
option mac 'MA:CA:DD:RE:SS:00'
option leasetime '1d'
option dns '1'
option name 'M-Work-Dock'
option ip '192.168.1.176'
config host
option mac 'MA:CA:DD:RE:SS:00'
option leasetime '1d'
option dns '1'
option name 'LivingRoom-TV'
option ip '192.168.1.177'
config host
option mac 'MA:CA:DD:RE:SS:00'
option leasetime '1d'
option dns '1'
option name 'Living-Room-TV-Wireless'
option ip '192.168.1.178'
config host
option mac 'MA:CA:DD:RE:SS:00'
option name 'Office-Printer'
option ip '192.168.1.179'
option leasetime '1d'
option dns '1'
config host
option mac 'MA:CA:DD:RE:SS:00'
option name 'HDHomeRun'
option ip '192.168.1.180'
option leasetime '1d'
option dns '1'
config host
option mac 'MA:CA:DD:RE:SS:00'
option name 'Living-Room-Echo'
option ip '192.168.1.181'
option leasetime '1d'
option dns '1'
config host
option mac 'MA:CA:DD:RE:SS:00'
option ip '192.168.1.182'
option leasetime '1d'
option name 'Upstairs-Dot'
option dns '1'
config host
option mac 'MA:CA:DD:RE:SS:00'
option leasetime '1d'
option dns '1'
option name 'Kitchen-dot'
option ip '192.168.1.183'
config host
option mac 'MA:CA:DD:RE:SS:00'
option name 'Switch'
option ip '192.168.1.184'
option leasetime '1d'
option dns '1'
config host
option mac 'MA:CA:DD:RE:SS:00'
option dns '1'
option name 'Smart-Plug-1'
option ip '192.168.1.185'
option leasetime '1d'
config host
option mac 'MA:CA:DD:RE:SS:00'
option leasetime '1d'
option dns '1'
option name 'Smart-Plug-2'
option ip '192.168.1.186'
config host
option mac 'MA:CA:DD:RE:SS:00'
option leasetime '1d'
option dns '1'
option name 'Smart-Plug-3'
option ip '192.168.1.187'
config domain
option name 'router'
option ip '192.168.1.1'
config domain
option name 'ap'
option ip '192.168.1.2'
config host
option mac 'MA:CA:DD:RE:SS:00'
option name 'AppleTVLiving-Room'
option dns '1'
option ip '192.168.1.161'
option leasetime '1d'
cat /etc/config/firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled '0'
config include
option path '/etc/firewall.user'
config zone
option name 'WGZONE'
option output 'ACCEPT'
option forward 'REJECT'
list network 'WGINTERFACE'
option input 'REJECT'
option masq '1'
config forwarding
option src 'lan'
option dest 'WGZONE'
config rule
option name 'VPN Killswitch'
option src 'lan'
list src_ip '192.168.1.164'
option dest 'wan'
option target 'REJECT'
config redirect
option target 'DNAT'
option name 'Plex'
list proto 'tcp'
option src 'wan'
option src_dport '32400'
option dest 'lan'
option dest_ip '192.168.1.165'
option dest_port '32400'
Okay, I can try to unplug everything. The frustrating thing is this only happens most evenings so even one evening of no issues doesn't prove anything. In fact, I thought I had the issue solved when it stopped for a week after removing some cheap smart plugs.
Yeah, but if you can take a network that is down and suddenly make it work by unplugging stuff, that might indicate that there is a specific device causing trouble.
I like to run concurrent pings to multiple destinations to see what is happening and identify patterns:
- another device on the LAN
- a network infrastructure device such as an AP or managed switch or anything else (if present)
- the router
- maybe a cable/dsl modem (192.168.100.1 in the case of most cable modems)
- 8.8.8.8 (or any public domain or IP of your choosing)
okay, thank you for your help. do I just issue the pings from my cpu? also, is there anything I can look for in the router logs that may indicate what device could be causing my issues?
I test the pings from a computer that is wired to the network. You could look at logs on the router, but if the issue is related to some L2 issue, you won't see anything relevant show up.
Segmenting the network could help pinpointing the culprit. While that's usually easier with a managed switch, you do have 4 ports on the turris omnia at your disposal.
That's assuming that not all of your devices need LAN-to-LAN communication or could at least get along with routed inter-VLAN/ inter-zone communication during the test and don't deoend on a single broadcast domain. The suggestions are meant to make the testing less painful over longer periods of time, they should not be considered as a long term solution.
Took awhile, but the issue was caused by a roku streaming box plugged directly into my ap. Not sure why, since it evidently worked that way for months. I now have it wired to the network switch and into the router, and have not experienced any issues in a 5 days.
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.