While doing the test that @trendy is suggesting, make a note of your public IP with both a computer directly connected to the ISP router in bridge mode, as well as that on the OpenWrt router. If different, it is possible that there is a block on the public IP due to abuses (maybe by a previous holder of that IP).
There is no difference in the IP, and I checked if my IP was blacklisted, it is not.
I also checked if my IP was shared (the ISP in France does this sometimes), and it is not the case, I am in full stack that means I am the only owner of my IP.
I bought a new hard drive on which I installed a new version of W11 with nothing but Chrome and Firefox, but the problem remains exactly the same.
My next step will be to call my ISP to see if anything has changed on their end.
- is the above actually needed?
Try running tcpdump on the router while whatever is broken is happening, maybe you'll see something timing out or not getting responses.
Also try enabling 'private dns' with 'dns.google' on your Android phone:
(you can try cloudflare and/or quad9 too)
Does that fix the phone's update issues?
If it does, then presumably you'd know the problem is DNS.
If it doesn't, and private DNS works, then it's not DNS.
If private DNS outright doesn't work... maybe there's some weird firewall or something...
For no apparent reason, a problem that lasted 2 months or maybe 3, disappeared.
The only thing I did was to install TCPDUMP and start looking at, and understanding, the packets.
Did my ISP change anything on my line?
I don't know.
Did the TCPDUMP installation modify, install or overwrite any packages that made the problem go away?
I don't know (but my intuition tells me to explore this possibility)
The problem has gone away, however I would like to know why so that I can fix it if it happens again in the future.
I'm still puzzled, but I'm doubly grateful to the Openwrt community for their help, and because in the process of solving the problem I learned new things.
Tcpdump enables promiscuous mode on the interface. But this is not something that can affect your case. You can enable it on the interface as well.
Ok... So the problem is back, but I think I finally found the origin.
While analyzing the Pcap generated by TCPDUMP I found this line several times:
g-pni-mrs-2.routers.proxad.net > SAL9000.lan: ICMP time exceeded in-transit, length 76
I did an internet search with the name of this particular server node g-pni-mrs-2.routers.proxad.net and came across many people having exactly the same problem as me.
I will explore further and come back here, as it may require a special IPV6 configuration on Openwrt in conjunction with the ISP (Freebox) router.
What is its IP? This domain doesn't exist.