OpenWrt loses WAN lease every time cable modem hiccups, requiring reboot

I'm having a vexing problem with a router running OpenWrt when combined with a Hitron 4680 cable modem in bridge mode.

Basically, every several days, the cable modem momentarily loses its connection for one reason or another, and for a few minutes is unreachable via its standard address of 192.168.100.1. That part obviously isn't OpenWrt's fault.

However, when the modem does come back up a few minutes later, devices behind the router can no longer access the wider Internet. OpenWrt still shows the same external WAN address, and curiously, the Hitron modem can be accessed via 192.168.100.1 and the lights on the modem indicate that it has a WAN connection, but devices behind the router are still SOL. I've tried some "fixes" like enabling the broadcast flag, but nothing seems to work. The only solution I've found so far is to reboot the router while leaving the modem up.

This is OpenWrt 21.02.3 r16554-1d4dea6d4f, running on an old Netgear WNDR4300. I know this is an old version running on an even older router, but I don't have any control over that (unfortunately). I'd be grateful for any suggestions.

Spectrum?

Happens to me about once every 14 days.
the modem will 'try' to reconnect but it is always when most people sleep; leading me to belive they are 'servicing' (a delima of a word for me as both definitions may be true).

But again: Spectrum?

TekSavvy in Ontario, Canada. The cable infrastructure is actually owned by Rogers, TekSavvy is effectively a reseller.

(added later:)
To be clear, the modem does reconnect after a few minutes. The problem is that OpenWrt doesn't seem to recognize that the connection has returned.

It's possible there's some necessary communication between the modem and router that isn't happening.

I can assure you this is not an OpenWrt issue.

The situation does not support OpenWrt as the cause but I can understand how a hard reboot, that solves it, would lead one to believe it is the problem.
We an look at:

Just to be sure if you want us to.

Use watchcat or another watchdog to reboot the router if internet connection is lost.
https://openwrt.org/docs/guide-user/advanced/watchcat

But I would first complain at your cable company, service outages are not normal and not what you pay for

1 Like

Have you tried to restart the wan interface instead of a reboot?
This can also be done automatically with watchcat.

2 Likes

Sure, here it is (with MAC addresses omitted).

My setup is a little unusual in that I'm running two 5G hotspots in addition to the single 2G hotspot. The 2G and one of the 5G hotspots are set up to be IPv4-only, whereas the second (hidden) 5G hotspot has both IPv4 and IPv6. I set it up this way so I could experiment with IPv6 without causing problems for other people in the household. (I briefly had it set up to provide IPv6 to everyone, but one person had major problems with a specific app when I did that.)

--------------------------------------------------------------------------------

root@OpenWrt:~# ubus call system board
{
	"kernel": "5.4.188",
	"hostname": "OpenWrt",
	"system": "Atheros AR9344 rev 2",
	"model": "Netgear WNDR4300",
	"board_name": "netgear,wndr4300",
	"release": {
		"distribution": "OpenWrt",
		"version": "21.02.3",
		"revision": "r16554-1d4dea6d4f",
		"target": "ath79/nand",
		"description": "OpenWrt 21.02.3 r16554-1d4dea6d4f"
	}
}

--------------------------------------------------------------------------------

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'fd01:2:3::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'eth0.1'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option netmask '255.255.255.0'
	option ipaddr '192.168.4.1'
	option delegate '0'

config device
	option name 'eth0.2'
	option macaddr '[MAC address omitted]'

config interface 'wan'
	option device 'eth0.2'
	option proto 'dhcp'
	option broadcast '1'

config interface 'wan6'
	option device 'eth0.2'
	option proto 'dhcpv6'
	option reqaddress 'try'
	option reqprefix 'auto'

config switch
	option name 'switch0'
	option reset '1'
	option enable_vlan '1'

config switch_vlan
	option device 'switch0'
	option vlan '1'
	option ports '0t 4 3 2 1'
	option vid '1'

config switch_vlan
	option device 'switch0'
	option vlan '2'
	option ports '0t 5'
	option vid '2'

config switch_vlan
	option device 'switch0'
	option vlan '3'
	option ports '0t'
	option vid '6'

config device
	option type 'bridge'
	option name 'br-lan6'
	list ports 'eth0.6'

config interface 'lan6'
	option proto 'static'
	option device 'br-lan6'
	option ipaddr '192.168.6.1'
	option netmask '255.255.255.0'
	option ip6assign '64'

config device
	option name 'eth0.1'
	option type '8021q'
	option ifname 'eth0'
	option vid '1'

config interface 'tun8'
	option proto 'none'
	option device 'tun8'

--------------------------------------------------------------------------------

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/ahb/18100000.wmac'
	option band '2g'
	option htmode 'HT20'
	option cell_density '0'
	option channel '11'
	option country 'US'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option encryption 'psk2'
	option key '[password omitted]'
	option ssid 'MyIPv4SSID'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'pci0000:00/0000:00:00.0'
	option band '5g'
	option cell_density '0'
	option htmode 'HT40'
	option country 'US'
	option channel '149'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option encryption 'psk2'
	option key '[password omitted]'
	option ssid 'MyIPv4SSID-5G'

config wifi-iface 'wifinet2'
	option device 'radio1'
	option mode 'ap'
	option encryption 'psk2'
	option hidden '1'
	option key '[password omitted]'
	option network 'lan6'
	option ssid 'MyIPv6SSID-5G'

--------------------------------------------------------------------------------

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option ednspacket_max '1232'
	option localservice '0'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	list ra_flags 'none'

config dhcp 'lan6'
	option interface 'lan6'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option ra 'server'
	list ra_flags 'none'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'
	option start '100'
	option limit '150'
	option leasetime '12h'
	list ra_flags 'none'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

...
[hosts with static leases omitted]
...

--------------------------------------------------------------------------------

root@OpenWrt:~# cat /etc/config/firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'
	list network 'lan6'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config rule
	option name 'Support-UDP-Traceroute'
	option src 'wan'
	option dest_port '33434:33689'
	option proto 'udp'
	option family 'ipv4'
	option target 'REJECT'
	option enabled '0'

config include
	option path '/etc/firewall.user'

...
[port forwardings to specific devices omitted]
...

config zone
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list device 'tun0'
	option name 'dev_tun0'

config zone
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list device 'tun1'
	option name 'dev_tun1'

config forwarding
	option dest 'lan'
	option src 'dev_tun0'

config forwarding
	option dest 'wan'
	option src 'dev_tun0'

config forwarding
	option dest 'lan'
	option src 'dev_tun1'

config forwarding
	option dest 'wan'
	option src 'dev_tun1'

config zone
	option name 'dev_tun6'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list device 'tun6'

config forwarding
	option src 'dev_tun6'
	option dest 'lan'

config forwarding
	option src 'dev_tun6'
	option dest 'wan'

config zone
	option name 'tun8'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'tun8'

config forwarding
	option src 'lan'
	option dest 'tun8'

--------------------------------------------------------------------------------

root@OpenWrt:~# 

I hadn't though of using a watchdog, I'll try that and see if it works. I'm not confident that complaining to the cable company will do any good - TekSavvy (my ISP) is basically at the mercy of Rogers, who actually owns and operates the cable Internet infrastructure, and Rogers isn't exactly known for good customer service.

1 Like

I just tried simulating a cable dropout by rebooting the modem while keeping the router running, and can confirm that once the modem is back up, manually restarting the WAN and WAN6 interfaces restores the connection without requiring a full reboot. Thank you for the insight!

I'll try installing and setting up watchcat and see if that works.

You could also use a script, pinging 8.8.8.8 every X mins.
When the ping start to fail, you can restart the wan interface.

There are multiple scripts doing this, posted on the forum.

2 Likes

you could try to set the WAN side of OpenWRT to a fixed IP (maybe the Hitron has a configurable DHCP range for its LAN that allows to have a few static IPs in the same subnet).
No guarantee of effect, but simple to test and rollback.

A damn...bridge mode...probably wont work then

What are all the tunnels? Do you have a von connection to an external von server (like a commercial vpn provider?)

That's correct, the router doesn't seem to notice, which puzzles me too. There's no switch, the modem and router are directly connected.

Edit:
Actually, that may not be strictly true: the Hitron 4680 modem is actually a combination modem and router device, with 4 Ethernet ports in the back. When it's set to bridge mode (like this one is), the documentation says to use only port 1 (the topmost port) to connect it to the router. It's likely that the 4 ports are set up like a built-in switch.

There are three tunnel (tunX) devices. Two of them, tun0 and tun1, are used by the OpenVPN package to allow VPN-ing into our network from outside the house, with one instance listening at UDP 5994 and one listening at TCP 443 (the second one is there in case the first port is blocked for some reason). The third tunnel, tun8, maintains a continuous connection to a relative's house in the US (with their permission). I use the Policy Routing package to direct traffic from one specific device through that tunnel so it can pretend it's in the US.

Update: I ended up following @trendy's suggestion and installing watchcat and configuring it to restart the eth0.2 interface (which covers both wan and wan6) whenever it detects the connection is down for more than 2 minutes. I'm still curious why the router doesn't recognize this on its own, but at least this solution works for now. Thank you everyone for your help.

It does, now.
Now that it has a package that 'showes it how'.
If OpenWrt included every packagge that may be helpful it would bloat into something, practically, unsuable.

Well, quite. :slight_smile: I only meant it was curious that this worked for the previous (DSL) modem, but not for the Hitron 4680. For the record, I suspect this is the modem's fault, not OpenWrt's.

Regarding marking the topic as "[Solved]", I couldn't add "[Solved]" to the topic title - the pencil edit icon doesn't show up for me - but I was able to mark one response as the solution.

Most likely the DSL modem required from OpenWrt to operate in PPPoA/E mode, which has built in mechanism to detect failures.
DHCP on the other hand doesn't detect failures to restart negotiations, only after a specific amount of time. Watchcat detects failures and restarts the interface.

2 Likes

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.