MR6400v5: UDP issue with quic-enabled websites after some time

kapouer · March 13, 2024, 9:27am

Using openwrt 23.05.2 with uqmi_2022-11-29-0.11_mipsel_24kc.ipk from https://github.com/mrhaav/openwrt, with two interfaces setup.

Everything works fine for about a day, then all QUIC-enabled websites stop responding, while others are still okay.
Openwrt shows no accumulation of connections (stays below 100).

My guess is that something wrong is happening with UDP and ISP resetting LTE IP.

Most of the time restarting the LTE interface doesn't fix it, and even sometimes a soft reboot still doesn't fix it - I have to cut power to the router, but maybe it's actually more about waiting several minutes before retrying.

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd35:95c7:8572::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '6t 0 1 2 3'

config interface '4G'
	option proto 'qmi'
	option device '/dev/cdc-wdm0'
	option auth 'none'
	option pdptype 'ipv4v6'
	option default_profile '1'
	option peerdns '0'
	list dns '1.1.1.1'
	option abort_search 'false'
	option delay '20'
	option mtu '1420'

config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	option auto_helper '0'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	option auto_helper '0'
	list network '4G'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

humaita · April 18, 2024, 7:56pm

Hi, it seems that I am facing the same issue: the Google Maps and Gmail Apps don't work on my iPhone, yet the respective websites (and everything else using the internet) works flawlessly. The problem only occurs at home using my Wifi, not when using LTE other peoples Wifi.

My main router is an Asus RT-AX53U, and I have a D-Link DAP-X1860 connected via Ethernet as a repeater. Both are running OpenWrt SNAPSHOT r25899.

I tried disabling IPv6, Offloading, Packet Steering, and IRQ balance... but it didn't solve the problem. I don't remember having this problem in the past -- so I assume it was brought by a recent patch?!

@kapouer: Can you check if this also happens with older OpenWRT versions, e.g. 23.05.1 or the 22.03. branch?

brada4 · April 18, 2024, 8:19pm

Try this (a checkbox is in luci exists too)

config defaults
...
        option drop_invalid '1'

kapouer · April 18, 2024, 8:35pm

In my current settings it is checked, and the problem did not happen for at least two weeks.
I unchecked it to see what happens.

brada4 · April 18, 2024, 8:51pm

I am trying for this week following (i.e firefox default +1)

sysctl net.netfilter.nf_conntrack_udp_timeout=301 net.netfilter.nf_conntrack_udp_timeout_stream=301

brada4 · April 19, 2024, 10:09am

Note this is not proper resolve as it will accumulate DNS queries with 5min trail state....
UDP timeout is for bidirectional states
The stream is for unidirectional.
Problem is h3 falls in 1st short timeout category.