Netgear WAC104/WAC124 random crash then loop boot

AlainCo · January 29, 2023, 5:35pm

Hi,
I'm using OpenWRT on Wac104 and WAC124, since Jan 2022, following every update.
The routers works well, but randomly (one per week...), at any time, each can crash, and reboot, failing to boot, and rebooting ever and ever. The only solution is an electric reboot.

No apparent reason, not a high load, few clients, little traffic.
Another symptom is that sometime one or two of the radio fails to be up. No logic, and again, only solution is electric reboot.

Worst of that, two times, for two WAC104, they could not even reboot properly after electric reboot, and I had to restore Netgear firmware, and reinstall OpenWRT.

I don't see anything in the log, since it is after reboot.
-> Is there any way to have Post-mortem logs ?

The configuration have nothing strange, it is configured as AP delegating DHCP to the provider's box. 2 WiFi on each frequency band, 3 routers broadcasting the same 2 Wifi names on each of the 3 floors,
NB: I use ebtables to make some filtering, at level 2, unlike iptables, so I have one of the Wifi (GUEST) which only sees the providers box, and ignore the rest of the network.
The WAC124 have an USB disk connected and does some Samba and rsync backup. No relation with the time of the backup.
I reboot every night, and timing of failures is not related...

I was using 802.11r roaming, but now it is disabled. No improvement.
I've disabled packet steering. No improvement.
I'm using STP (Spanning Tree Protocol).

My only hypothesis is that the hardware fails randomly.
How to investigate this kind of problem ?

Sorry, I don't have precise data...too bad.

psherman · January 29, 2023, 6:11pm

Send your logs to an external syslog server.

Also, try connecting by wired ethernet to see if that is working before power cycling the device.

This could cause the problem. Try disabling htis.

I would say that a failing/faulty/marginal power supply could do this, but I'd expect it to be correlated with a period of high bandwidth activity. Given that you're seeing similar symptoms from 2 different devices seems to suggest that it is not related to a hardware fault.

Start by posting config files... we can help identify unusual config options that could potentially be a t fault.

AlainCo · January 29, 2023, 9:13pm

I'll test without STP. thanjs for the int.

about syslog, I'll see how to do it. I only have Linux on OpenWRT and Alt-F (DNS320)...

I've realized checking my config that all my ebtables config was gone.
It was stored in firewall.user, the custom part of firewall in Luci... It's probably gone during an update, as LuCi no more propose it... The good point is that it cannot be the problem. entables is just standard.

Here are the config

System:

config system
	option ttylogin '0'
	option log_size '64'
	option urandom_seed '0'
	option compat_version '1.1'
	option hostname 'R1WAC104'
	option zonename 'Europe/Paris'
	option timezone 'CET-1CEST,M3.5.0,M10.5.0/3'
	option log_proto 'udp'
	option conloglevel '8'
	option cronloglevel '5'

config timeserver 'ntp'
	list server '192.168.0.254'

config led
	option name 'WPS is heartbeat'
	option sysfs 'green:wps'
	option trigger 'heartbeat'

Opkg (to reinstall packages when updating firmware):

config opkg 'defaults'
	option import '/etc/backup/installed_packages.txt'
	option save 'auto'
	option restore 'auto'
	option rollback 'auto'
	option upgr 'ai'
	option export 'ai'
	option proc '--force-depends'
	option reinstall '--force-reinstall'
	option newconf '/etc'

config opkg 'auto'
	list rpkg 'wpad-basic-wolfssl'
	list ipkg 'ebtables-legacy'
	list ipkg 'ebtables-legacy-utils'
	list ipkg 'hostapd-utils'
	list ipkg 'iptables-mod-physdev'
	list ipkg 'kmod-br-netfilter'
	list ipkg 'kmod-ebtables'
	list ipkg 'kmod-ebtables-ipv4'
	list ipkg 'kmod-ebtables-ipv6'
	list ipkg 'kmod-ebtables-watchers'
	list ipkg 'kmod-ipt-core'
	list ipkg 'kmod-ipt-physdev'
	list ipkg 'kmod-nf-ipt'
	list ipkg 'libatomic1'
	list ipkg 'libgmp10'
	list ipkg 'libgnutls'
	list ipkg 'libnettle8'
	list ipkg 'libpopt0'
	list ipkg 'libxtables12'
	list ipkg 'msmtp'
	list ipkg 'rsync'
	list ipkg 'wpad-wolfssl'
	list ipkg 'zlib'

Network


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd21:xxxx:xxxx::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	option stp '1'
	option igmp_snooping '1'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config interface 'lan'
	option device 'br-lan'
	option proto 'dhcp'
	option delegate '0'

config interface 'lan6'
	option device 'br-lan'
	option proto 'dhcpv6'
	option reqprefix 'auto'
	option delegate '0'
	option defaultroute '0'
	option reqaddress 'try'

config route6
	option interface 'lan6'
	option target '::/0'
	option gateway 'fe80::f6xx:xxxx:xxxx:xxx'

Firewall:

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option synflood_protect '1'
	option forward 'DROP'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option log '1'
	option log_limit '10/second'
	option forward 'ACCEPT'
	list network 'lan'
	list network 'lan6'

config include
	option path '/etc/firewall.user'

config rule
	list proto 'tcp'
	option dest_port '80 22'
	option target 'ACCEPT'
	option extra '-m physdev --physdev-in lan1'
	option src 'lan'
	option name 'allow admin from lan1'

config rule
	list proto 'tcp'
	option src 'lan'
	option dest_port '80 22 443'
	option target 'ACCEPT'
	option extra '-m physdev --physdev-in lan2'
	option name 'allow admin form lan2'

Dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option ignore '1'
	list ra_flags 'none'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'lan6'
	option interface 'lan6'
	option ignore '1'
	option start '100'
	option limit '150'
	option leasetime '12h'
	list ra_flags 'none'

Wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11g'
	option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
	option htmode 'HT20'
	option cell_density '0'
	option country 'FR'
	option channel '1'

config wifi-device 'radio1'
	option type 'mac80211'
	option hwmode '11a'
	option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
	option htmode 'VHT80'
	option channel '36'
	option cell_density '0'
	option country 'FR'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option mode 'ap'
	option ssid 'CARNOT7DMZ'
	option encryption 'psk2+ccmp'
	option key 'xxx'
	option ifname 'wlan0'
	option network 'lan'
	option wps_pushbutton '1'
	option max_inactivity '15'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option mode 'ap'
	option ssid 'CARNOT7DMZ'
	option key 'xxx'
	option ifname 'wlan1'
	option network 'lan'
	option wps_pushbutton '1'
	option max_inactivity '15'
	option encryption 'psk2'

config wifi-iface 'guest_radio0'
	option device 'radio0'
	option mode 'ap'
	option ssid 'CARNOT7GUEST'
	option isolate '1'
	option key 'xxx'
	option encryption 'psk2'
	option ifname 'wguest0'
	option network 'lan'
	option max_inactivity '15'

config wifi-iface 'guest_radio1'
	option device 'radio1'
	option mode 'ap'
	option isolate '1'
	option key 'xxx'
	option ssid 'CARNOT7GUEST'
	option ifname 'wguest1'
	option network 'lan'
	option max_inactivity '15'
	option encryption 'psk2'

config wifi-iface 'tst_radio0'
	option device 'radio0'
	option mode 'ap'
	option key 'xxx'
	option ssid 'C7R1WAC104G2'
	option encryption 'sae-mixed'
	option ifname 'wlan0-1'
	option network 'lan'
	option disabled '1'

config wifi-iface 'tst_radio1'
	option device 'radio1'
	option mode 'ap'
	option key 'xxx'
	option ssid 'C7R1WAC104G5'
	option encryption 'sae-mixed'
	option ifname 'wlan1-1'
	option network 'lan'
	option disabled '1'

config wifi-iface 'tstguest_radio0'
	option device 'radio0'
	option mode 'ap'
	option ssid 'C7GUESTR1WAC104G2'
	option key 'xxx'
	option encryption 'sae-mixed'
	option ifname 'wguest0-1'
	option isolate '1'
	option network 'lan'
	option disabled '1'

config wifi-iface 'tstguest_radio1'
	option device 'radio1'
	option mode 'ap'
	option ssid 'C7GUESTR1WAC104G5'
	option key 'xxx'
	option encryption 'sae-mixed'
	option ifname 'wguest1-1'
	option isolate '1'
	option network 'lan'
	option disabled '1'

/etc/sysctl.conf

# Defaults are configured in /etc/sysctl.d/* and can be customized in this file
net.bridge.bridge-nf-call-arptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-filter-vlan-tagged=0
net.bridge.bridge-nf-filter-pppoe-tagged=0
net.bridge.bridge-nf-pass-vlan-input-dev=0

AlainCo · February 13, 2023, 5:07pm

I realized that since I upgraded OpenWRT, I moved to FW4, and all by ebtables config was removed (custom rules).
Moreover I used both legacy and nft variant of ebtables... no idea what it did, but it cannot work anyway.

my package added were:

||list ipkg 'iptables-mod-physdev'|
||list ipkg 'kmod-br-netfilter'|
||list ipkg 'kmod-ebtables'|
||list ipkg 'kmod-ebtables-ipv4'|
||list ipkg 'kmod-ebtables-ipv6'|
||list ipkg 'kmod-ebtables-watchers'|
||list ipkg 'kmod-ipt-core'|
||list ipkg 'kmod-ipt-physdev'|
||list ipkg 'kmod-nf-ipt'|
||list ipkg 'ebtables-legacy'|
||list ipkg 'ebtables-legacy-utils'|

I will test for a week, now I have removed all above.
removing STP have improved the stability, but it crash-looped anyway this week (two router same hour).

AlainCo · April 25, 2023, 7:34pm

It continued to crash regularly for few weeks, then 2 weeks ago, I upgraded some package, including "wpad-wolfssl", but also some luci modules...
At the same time some guest left the house (maybe some nasty mobile phone Wifi protocols?).
I have activated everything I want, STP, 802.11r, samba on USB HDD... it works for 2 weeks, no crash...
I've updated to latest firmware...
If it continues that way, I'm happy with my Netgear WAC104/124.

Beside upgrading packages, I wonder if some mobile phone or computer could crash the router via Wifi ?
Just maybe a cheap phone, or an iPhone...