OpenWrt Relayd Disconnects

mglowinski93 · May 28, 2019, 5:12pm

Hi,
I'm trying to do a WiFi - Lan bridge, based on tutorial: https://openwrt.org/docs/guide-user/network/wifi/relay_configuration. My problem is that i'm losing connection once per 5 minutes with devices connected to LAN (it is especially annoying while using SSH connection). Generally bridge is working, but as i mentioned disconnects happen.

I'm working on OpenWRT(18.06.1, r7258-5eb055306f) and relayd package (relayd - 2016-02-07-ad0b25ad-2). Device which i'm using is NanoPi R1 (http://wiki.friendlyarm.com/wiki/index.php/NanoPi_R1).

IP address of main WiFi router is :192.168.178.1

/etc/config/network:

root@OpenWrt:/etc/config# cat network

config interface 'loopback'
        option ifname 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config interface 'lan'
        option type 'bridge'
        option ifname 'eth1'
        option proto 'static'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '192.168.178.1'
        option dns '192.168.178.1'

config interface 'wan'
        option proto 'dhcp'
        option ifname 'eth0'
        option dns '8.8.8.8'

config interface 'wwan'
        option proto 'static'
        option ipaddr '192.168.178.53'
        option netmask '255.255.255.0'
        option gateway '192.168.178.1'
        option dns '192.168.178.1'

config interface 'repeater_bridge'
        option proto 'relay'
        list network 'lan'
        list network 'wwan'
        option ipaddr '192.168.178.53'

Interface

/etc/config/wireless:

root@OpenWrt:/etc/config# cat wireless

config wifi-device 'radio0'
        option type 'mac80211'
        option hwmode '11g'
        option path 'platform/soc/1c10000.mmc/mmc_host/mmc2/mmc2:0001/mmc2:0001:1'
        option country '00'
        option legacy_rates '1'
        option disabled '0'
        option channel 'auto'
        option htmode 'HT20'

config wifi-iface
        option network 'wwan'
        option ssid 'FRITZ!Box'
        option encryption 'psk2'
        option device 'radio0'
        option mode 'sta'

/etc/config/firewall:

root@OpenWrt:/etc/config# cat firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan wwan repeater_bridge'

config zone
        option name 'wan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan wan6 FritzWifi'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

root@OpenWrt:/etc/config# clear
root@OpenWrt:/etc/config# cat firewall

config defaults
        option syn_flood '1'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'

config zone
        option name 'lan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option network 'lan wwan repeater_bridge'

config zone
        option name 'wan'
        option input 'ACCEPT'
        option output 'ACCEPT'
        option forward 'ACCEPT'
        option masq '1'
        option mtu_fix '1'
        option network 'wan wan6 FritzWifi'

config forwarding
        option src 'lan'
        option dest 'wan'

config rule
        option name 'Allow-DHCP-Renew'
        option src 'wan'
        option proto 'udp'
        option dest_port '68'
        option target 'ACCEPT'
        option family 'ipv4'

config rule
        option name 'Allow-Ping'
        option src 'wan'
        option proto 'icmp'
        option icmp_type 'echo-request'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-IGMP'
        option src 'wan'
        option proto 'igmp'
        option family 'ipv4'
        option target 'ACCEPT'

config rule
        option name 'Allow-DHCPv6'
        option src 'wan'
        option proto 'udp'
        option src_ip 'fc00::/6'
        option dest_ip 'fc00::/6'
        option dest_port '546'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-MLD'
        option src 'wan'
        option proto 'icmp'
        option src_ip 'fe80::/10'
        list icmp_type '130/0'
        list icmp_type '131/0'
        list icmp_type '132/0'
        list icmp_type '143/0'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Input'
        option src 'wan'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        list icmp_type 'router-solicitation'
        list icmp_type 'neighbour-solicitation'
        list icmp_type 'router-advertisement'
        list icmp_type 'neighbour-advertisement'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-ICMPv6-Forward'
        option src 'wan'
        option dest '*'
        option proto 'icmp'
        list icmp_type 'echo-request'
        list icmp_type 'echo-reply'
        list icmp_type 'destination-unreachable'
        list icmp_type 'packet-too-big'
        list icmp_type 'time-exceeded'
        list icmp_type 'bad-header'
        list icmp_type 'unknown-header-type'
        option limit '1000/sec'
        option family 'ipv6'
        option target 'ACCEPT'

config rule
        option name 'Allow-IPSec-ESP'
        option src 'wan'
        option dest 'lan'
        option proto 'esp'
        option target 'ACCEPT'

config rule
        option name 'Allow-ISAKMP'
        option src 'wan'
        option dest 'lan'
        option dest_port '500'
        option proto 'udp'
        option target 'ACCEPT'

config include
        option path '/etc/firewall.user'

/etc/config/dhcp:

root@OpenWrt:/etc/config# cat dhcp

config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'

config dhcp 'lan'
        option interface 'lan'
        option dhcpv6 'server'
        option ra 'server'
        option ignore '1'
        option ra_management '1'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'

Any tips what can be wrong?
Thanks for tip in advance:)

Hegabo · May 28, 2019, 5:31pm

What connection do you lose? LAN clients to Pi, or LAN clients to internet?

mglowinski93 · May 28, 2019, 5:56pm

I suppose that connection is lost from LAN clients to NanoPi. My PC is connected to WiFi (main router). SSH session gets broken, so i'm 99% sure that i'm losing connection from LAN Clients to NanoPi R1.

Hegabo · May 28, 2019, 8:24pm

Well you need to check. If your Pi client PC doesn't show if or when the LAN is disconnected, you can open two windows on the PC to simultaneously ping both the Pi and the upstream router

ping 192.168.2.1 -t

ping 192.168.178.1 -t

See if connection to the Pi will fail when the connection to the upstream router fails.

Hegabo · May 28, 2019, 8:25pm

By the way, it's good security practice to mask out MAC and public IP addresses when sharing your config online..

mglowinski93 · May 28, 2019, 9:15pm

Reply from 192.168.178.53: bytes=32 time=6ms TTL=64
Request timed out.
Reply from 192.168.178.53: bytes=32 time=3ms TTL=64

I confirm, there are disconnects on LAN clients -> NanoPi side

mglowinski93 · May 28, 2019, 9:20pm

Right, thx for a tip:) i've erased MAC address

Hegabo · May 28, 2019, 9:55pm

Then I think you will need to look at the logs in OpenWrt for errors related to the Ethernet port.

May I also suggest that you try pinging the Pi WWAN IP of the Pi from the upstream router to confirm that the problem is only in the LAN.

mglowinski93 · May 29, 2019, 2:39am

I've checked system log and kernel log, but nothing suspicious according to me there.

kernel logs:
https://pastebin.com/sA7Pc9yc

system log:
https://pastebin.com/d50ny6ku

Are there others logs?

I've checked connection from NanoPi WWAN connection from upstream router. No disconnects there

LTE_Max · May 29, 2019, 11:36am

kmod-trelay is the better alternative to relayd. Install the package, remove the relayd bridge from /etc/config/network, open /etc/config/trelay and change it as following:config trelay option enabled 1 option dev1 lan option dev2 wwan
After that just reboot, I hope this fixes your issue.

Hegabo · May 29, 2019, 7:43pm

Well, the issue seems to be with the LAN.

castillofrancodamian · May 29, 2019, 7:51pm

Should we disable some service like dnsmasq?

mglowinski93 · May 30, 2019, 5:28am

I tried execute those below commands, but problem still exists
/etc/init.d/dnsmasq disable
/etc/init.d/dnsmasq stop

mglowinski93 · May 30, 2019, 8:34am

I did a factory reset on NanoPi R1, installed kmod-trelay package and connected with WiFi.
I modified /etc/config/trelay file like below, but now it is not working at all. LAN devices are not visible.

config trelay
        option enabled  1
        option dev1     lan
        option dev2     wwan

/etc/config/network file looks like this now:

config interface 'lan'
        option type 'bridge'
        option ifname 'eth1'
        option proto 'static'
        option ipaddr '192.168.2.1'
        option netmask '255.255.255.0'
        option ip6assign '60'
        option gateway '192.168.178.1'
        option dns '192.168.178.1'

config interface 'wan'
        option proto 'dhcp'
        option ifname 'eth0'
        option dns '8.8.8.8'

config interface 'wwan'
        option proto 'dhcp'

castillofrancodamian · May 30, 2019, 3:33pm

It can also be disabled with

service dnsmasq stop && service dnsmasq disable

stangri · May 31, 2019, 4:22am

I realize how this may sound -- but have you tried disabling encryption on WiFi, at least for troubleshooting?

mglowinski93 · May 31, 2019, 4:52am

i tried also commands which you posted, but still the same problem

mglowinski93 · May 31, 2019, 4:53am

No, i did not. Does it really can influence on disconnects?

stangri · May 31, 2019, 6:14am

I've had a router where when encryption was enabled on both STA and AP, it would behave erratically.

Hegabo · May 31, 2019, 9:26am

I think we are going in circles here. Your subject like says Relayd disconnects, while your description suggests is the LAN clients that get disconnected.

You can remove relayd all together and see if LAN clients will keep getting disconnected or not.