Need help connecting two routers, one is guest

I have a problem with Android messages for web. I cannot connect to my phone if I am connected to guest router.

Main Router
10.11.11.1 / fd11::1

Guest Router
10.22.22.1 / fd22::1

Guest router is connected from WAN port to the LAN port of the main router. Internet is working fine on both the routers its just I cannot use Android messages for web, I keep getting 'waiting for phone to connect'. If I connect back to main router the connection is instant. If I wake the phone on guest router 'messages for web' starts working and when the phone screen turns off the connection also stops, no such problem if connected to the main router even when the phone is sleeping, it connects right away. Does anyone knows what the problem is.

Why not create the guest network on the main router (using VLANs)?

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
cat /etc/config/network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd11::/64'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth0.1'
        option proto 'static'
        option netmask '255.255.255.0'
        option ip6assign '56'
        option ipaddr '10.11.11.1'

config interface 'wan'
        option ifname 'eth1.2'
        option proto 'dhcp'
        option broadcast '1'
        list dns '8.8.8.8'
        list dns '8.8.4.4'
        option peerdns '0'

config interface 'wan6'
        option ifname 'eth1.2'
        option proto 'dhcpv6'
        option reqaddress 'force'
        option reqprefix '56'
        list dns '2001:4860:4860:0000:0000:0000:0000:8888'
        list dns '2001:4860:4860:0000:0000:0000:0000:8844'
        option peerdns '0'

config switch
        option name 'switch0'
        option reset '1'
        option enable_vlan '1'

config switch_vlan
        option device 'switch0'
        option vlan '1'
        option ports '5t 3 2 1 0'
        option vid '1'

config switch_vlan
        option device 'switch0'
        option vlan '2'
        option ports '6t 4'
        option vid '2'
at /etc/config/wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option hwmode '11a'
        option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
        option legacy_rates '0'
        option beacon_int '100'
        option htmode 'VHT80'
        option channel '149'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'xxx'
        option disassoc_low_ack '0'
        option encryption 'psk2+ccmp'
        option skip_inactivity_poll '1'
        option key 'xxx'

config wifi-device 'radio1'
        option type 'mac80211'
        option hwmode '11g'
        option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
        option legacy_rates '0'
        option beacon_int '100'
        option channel '6'
        option htmode 'HT20'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'xxx'
        option disassoc_low_ack '0'
        option encryption 'psk2+ccmp'
        option skip_inactivity_poll '1'
        option short_preamble '0'
        option key 'xxx'

config wifi-device 'radio2'
        option type 'mac80211'
        option path 'platform/soc/soc:internal-regs/f10d8000.sdhci/mmc_host/mmc0/mmc0:0001/mmc0:0001:1'
        option legacy_rates '0'
        option hwmode '11g'
        option channel 'auto'
        option txpower '0'
        option htmode 'HT20'
        option disabled '1'

config wifi-iface 'default_radio2'
        option device 'radio2'
        option network 'lan'
        option mode 'ap'
        option ssid 'xxx'
        option encryption 'psk2'
        option key 'xxx'
        option disassoc_low_ack '0'
        option disabled '1'
cat /etc/config/dhcp

config dnsmasq
        option domainneeded '1'
        option localise_queries '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option localservice '1'
        option quietdhcp '1'
        option boguspriv '0'
        option rebind_protection '1'
        list rebind_domain 'xxx'

config dhcp 'lan'
        option interface 'lan'
        option dhcpv6 'server'
        option ra 'server'
        option start '26'
        option ra_management '1'
        option limit '229'
        option ra_default '1'
        option ra_useleasetime '1'
        option ndp 'relay'
        option leasetime '7d'
        list dhcp_option '4,10.11.11.1'
        list dhcp_option '42,10.11.11.1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

config host
        option mac 'zzz'
        option name 'zzz'
        option dns '1'
        option ip '10.11.11.4'
        option leasetime '1d'


cat /etc/config/firewall

config defaults
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'REJECT'
        option flow_offloading '1'
        option flow_offloading_hw '1'

config zone
        option name 'lan'
        list network 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'wan'
        list network 'wan'
        list network 'wan6'
        option output 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option input 'REJECT'
        option forward 'REJECT'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        option family 'ipv6'
        option target 'ACCEPT'
        list icmp_type 'destination-unreachable'
        list icmp_type 'echo-reply'
        list icmp_type 'echo-request'
        list icmp_type 'neighbour-advertisement'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'router-solicitation'
        list icmp_type 'time-exceeded'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        option family 'ipv6'
        option target 'ACCEPT'
        list icmp_type 'destination-unreachable'
        list icmp_type 'echo-reply'
        list icmp_type 'echo-request'
        list icmp_type 'time-exceeded'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

config rule
        option src 'wan'
        option target 'ACCEPT'
        option family 'ipv6'
        option dest 'lan'
        option dest_port '53'
        list proto 'udp'
        option name 'WireGuard'
        list dest_ip 'xxx'
        option enabled '0'

The reason I have a second guest router is for throttling speed using luci-app-qos for all guest devices and keeping them separate from the main network.

Maybe just reset the guest router to defaults and see if that solves the problem.

I tried to create a route from the main router to 10.22.22.1/fd22::1 and it is still not working.

If you're creating routes to networks (not hosts), then you want to make it 10.22.22.0/24 via 10.11.11.x (where x is the IP address on the WAN of the guest router). But since you're masquerading the WAN on the guest router, it won't make any difference.

Looks like the problem was the guest router itself. I did a complete reset of guest router (EA4500) and the problem is still there. My main router is WRT3200ACM and the guest router is EA4500. I had an extra router WRT1900 laying around with a default install and I did the same test and the the problem is not there. There is an instant connection from outside on WRT1900, it was just EA4500 that has the problem. I installed tcpdump to see what is going on and when I click any contacts to load the messages I immediately see this message

01:25:04.183719 IP 142.250.123.188.5228 > 10.33.33.62.48430: Flags [P.], seq 30326:30719, ack 2526, win 265, options [nop,nop,TS val 1028819927 ecr 1674105109], length 393
01:25:04.324653 IP 142.250.123.188.5228 > 10.33.33.62.48430: Flags [P.], seq 30719:31110, ack 2526, win 265, options [nop,nop,TS val 1028820068 ecr 1674105109], length 391
01:25:04.339219 IP 142.250.123.188.5228 > 10.33.33.62.48430: Flags [P.], seq 31110:31501, ack 2526, win 265, options [nop,nop,TS val 1028820083 ecr 1674105109], length 391
01:25:09.245328 ARP, Request who-has 10.33.33.62 tell 10.33.33.1, length 28
01:25:10.285337 ARP, Request who-has 10.33.33.62 tell 10.33.33.1, length 28
01:25:11.325330 ARP, Request who-has 10.33.33.62 tell 10.33.33.1, length 28
01:25:15.966981 ARP, Request who-has 10.33.33.62 tell 10.33.33.1, length 28
01:25:17.005332 ARP, Request who-has 10.33.33.62 tell 10.33.33.1, length 28