I have an TP-Link Archer A6 running 22.03.3 version of OpenWRT. All packages are up to date and the router has WiFi activated, mostly as a backup, but no clients connected. My line is a common 60Mbps with no fancy setup, DNS is 18.104.22.168, and there's no IPv6. Some clients have static DHCP enabled in case avahi fails and to allow for NFS networking.
Since a while, I noticed that the general performance has been pretty low:
loading time for sites would be 10-20 seconds, sometimes can't be found at all, or timeout, only to display a page once refreshed. The download speed also appears very inconsistent, from about half the nominal throughput to mere 100s of kBps, then back up again. SharePoint-based documents would sometimes take minutes to close, but almost all changes are instantly saved. Linux updates download speeds are also very inconsistent, sometimes maxing out the line, sometimes slowing down to a crawl.
Scanning my own LAN sometimes give multi-second pings, then back down to millisecond values.
During these times, the CPU load is still very low, 0.08 max. There's enough free space in the router, and it doesn't run any VPN (too weak CPU).
It seems these issues started when I updated some packages, but that coould just be my perception.
Where should I start to solve this very annoying issue?
Missed that. I probably made the mistake described.
TL;DR: So the correct way to perform maintenance is to either load an updated OpenWRT distribution from the "Backup/ Flash firmware" option in LuCI or use the
syspugrade command from the command line.
Background: I discovered one of my OpenWRT-running routers had set some DNS forwardings to unknown addresses that looked suspicious. Not sure if it came from an OpenWRT vulnerability or a client on my LAN. The filesystem was locked in read-only, which I found weird since there was about 1MiB free space. Since I didn't have the time to troubleshoot where these rogue DNS came from, I thought updating would be the best course of action.
On the other hand, the "Updates" tab really is misleading as it gives off the impression of a routine maintenance, especially coming from other types of Linux-es distros. A permlink to this warning page you linked should be available on the "Updates" tab.
Question: can I use a custom-built OpenWRT version (from OpenWRT firmware selector) to update a stock OpenWRT? Since my routers are older, my intention is to remove IPv6 support altogether and leave a bit more space for logs (No ISP here has announced any plan for native IPv6 support in the foreseeable future). Just did that on a test router, seemed to work although I had to re-install LuCI through SSH as it mysteriously disappeared.
IPv6 support can not be removed with the imagebuilder, only at the source level (and even then it's not a supported setup), attempts of that will only be partial and dangerous (you lose the means of control and firewalling, but it will still be partially present and poses an unguarded attack surface). In terms of firmware size, the gains will be negligible as well (a few dozens to maybe a hundred KB).
Regarding your question: you can build your own image and flash the sysupgrade over the 22.03.3 image you are currently using.
if I understand properly, the imagebuilder isn't a true "build-from-source" design but can help in integrating otherwise optional packages like e.g. dynamic DNS updaters or specific filesystems? And this can save some disk space since the package isn't held in the "overlay" partition?
If yes, that would open a sub-question: if the rogue DNS issue came from a vulnerability in OpenWRT or if I misconfigured something, one way to make sure everything is as up-to-date and occupies as little disk space as possible would be to use the imagebuilder to:
- Integrate optional packages in an up-to-date OpenWRT image
- Backup firewall and static DHCP assignments config files (the most important ones for my usage)
- Flash the custom image obtained in 1. without a general backup
- Restore only those config files
Still faster than reconfiguring from scratch…
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.