Packet loss on user equipement, but no loss on owrt

Hello all.
Could I kindly ask you guys to help me to identify where the issue is or at least where I should start my troubleshooting. I have openwrt 25.12 installed on mercusys mr90x router

root@OpenWrt:~# cat /etc/openwrt_release
DISTRIB_ID='OpenWrt'
DISTRIB_RELEASE='25.12.0'
DISTRIB_REVISION='r32713-f919e7899d'
DISTRIB_TARGET='mediatek/filogic'
DISTRIB_ARCH='aarch64_cortex-a53'
DISTRIB_DESCRIPTION='OpenWrt 25.12.0 r32713-f919e7899d'
DISTRIB_TAINTS=''

I have a 5GHz radio network and my macbook connected to it.
The issue is when I ping 8.8.8.8 from my mac I have packet loss and latency spikes (right part on the attached screenshot), but at the same time I have no issues pinging 8.8.8.8 from openwrt router (left side of the screenshot). I suppose the issue should be in radio network config or radio environment, or on my macbook? Btw I didn’t change any default owrt radio settings.

It would be a good idea to update to 25.12.2.

That is not necessarily uncommon for wireless, depending of course on the RF environment around you, distance from the AP, and other factors.

Does it happen when connected via Ethernet?

Beyond that, we need to see your configs to see if there are any issues there.

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button (red circle; this works best in the 'Markdown' composer view in the blue oval):

Remember to redact passwords, VPN keys, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

First of all, I should make an apology for such long delayed reply, but I have got an eth cable only today, so

It would be a good idea to update to 25.12.2.

when i try use attended sysupgrade and request for image i got an error

Server response: Error: Impossible package selection: missing (amneziawg-tools, kmod-amneziawg, luci-app-podkop, luci-proto-amneziawg, podkop)

Request Data:

{
    "system_board": {
        "kernel": "6.12.71",
        "hostname": "OpenWrt",
        "system": "ARMv8 Processor rev 4",
        "model": "MERCUSYS MR90X v1",
        "board_name": "mercusys,mr90x-v1",
        "rootfs_type": "squashfs",
        "release": {
            "distribution": "OpenWrt",
            "version": "25.12.0",
            "firmware_url": "https://downloads.openwrt.org/",
            "revision": "r32713-f919e7899d",
            "target": "mediatek/filogic",
            "description": "OpenWrt 25.12.0 r32713-f919e7899d",
            "builddate": "1772496855"
        }
    },
    "advanced_mode": "0",
    "url": "https://sysupgrade.openwrt.org",
    "branch": "25.12",
    "revision": "r32713-f919e7899d",
    "efi": false,
    "request_hash": "5edc49adcbc3388e657fc9594dbeb13beac7895f2bbe864c8119d32a1049bc56",
    "sha256_unsigned": "",
    "client": "luci/26.114.56073~e91321e",
    "packages": {
        "amneziawg-tools": "1.0.20260223-r1",
        "apk-mbedtls": "3.0.2-r5",
        "base-files": "1693~f919e7899d",
        "bird2": "2.18-r1",
        "bird2c": "2.18-r1",
        "ca-bundle": "20250419-r2",
        "dnsmasq": "2.91-r2",
        "dropbear": "2025.89-r1",
        "firewall4": "2025.03.17~b6e51575-r1",
        "fitblk": "2",
        "fstools": "2026.02.15~8d377aa6-r1",
        "htop": "3.4.1-r1",
        "ip-full": "6.18.0-r2",
        "ip6tables-nft": "1.8.10-r2",
        "iptables-nft": "1.8.10-r2",
        "kernel": "6.12.71~60d938adcb727697d3015e4285d4c290-r1",
        "kmod-amneziawg": "6.12.71.1.0.20260210-r1",
        "kmod-crypto-hw-safexcel": "6.12.71-r1",
        "kmod-gpio-button-hotplug": "6.12.71-r5",
        "kmod-leds-gpio": "6.12.71-r1",
        "kmod-mt7915e": "6.12.71.2025.11.06~eb567bc7-r2",
        "kmod-mt7986-firmware": "6.12.71.2025.11.06~eb567bc7-r2",
        "kmod-nft-offload": "6.12.71-r1",
        "libc": "1.2.5-r5",
        "libgcc": "14.3.0-r5",
        "libustream-mbedtls": "2025.10.03~5a81c108-r1",
        "logd": "2025.10.30~6f78fa49-r1",
        "luci": "26.068.02899~3a0dd44",
        "luci-app-attendedsysupgrade": "26.114.56073~e91321e",
        "luci-app-openvpn": "26.068.02899~3a0dd44",
        "luci-app-pbr": "1.2.2-r12",
        "luci-app-podkop": "0.7.14-r1",
        "luci-proto-amneziawg": "2.0.4-r1",
        "mt7986-wo-firmware": "20251125-r1",
        "mtd": "27",
        "nano": "9.0-r1",
        "netifd": "2026.02.26~cbb83a18-r1",
        "odhcp6c": "2026.01.25~ee2949e3-r1",
        "odhcpd-ipv6only": "2026.01.19~2e5068b9-r1",
        "openvpn-openssl": "2.6.14-r3",
        "podkop": "0.7.14-r1",
        "ppp": "2.5.2-r2",
        "ppp-mod-pppoe": "2.5.2-r2",
        "procd-ujail": "2026.02.20~2881a59f-r1",
        "sing-box-tiny": "1.12.17-r1",
        "uboot-envtools": "2025.10-r1",
        "uci": "2025.12.02~66127cd7-r1",
        "uclient-fetch": "2026.02.20~7a0aa2e4-r1",
        "urandom-seed": "3",
        "urngd": "2025.10.03~f17e33d9-r1",
        "wpad-basic-mbedtls": "2025.08.26~ca266cc2-r1"
    },
    "profile": "mercusys,mr90x-v1",
    "target": "mediatek/filogic",
    "version": "25.12.0",
    "diff_packages": true,
    "filesystem": "squashfs",
    "rootfs_size_mb": null
}
STDERR:
Generate local signing keys...
WARNING: can't open config file: /builder/shared-workdir/build/staging_dir/host/etc/ssl/openssl.cnf
WARNING: can't open config file: /builder/shared-workdir/build/staging_dir/host/etc/ssl/openssl.cnf
read EC key
writing EC key
WARNING: opening /builder/packages/packages.adb: No such file or directory
Package list missing or not up-to-date, generating it.

Building package index...
ERROR: unable to select packages:
  amneziawg-tools (no such package):
    required by: world[amneziawg-tools]
  kmod-amneziawg (no such package):
    required by: world[kmod-amneziawg]
  luci-app-podkop (no such package):
    required by: world[luci-app-podkop]
  luci-proto-amneziawg (no such package):
    required by: world[luci-proto-amneziawg]
  podkop (no such package):
    required by: world[podkop]
make[2]: *** [Makefile:254: package_install] Error 5
make[1]: *** [Makefile:193: _call_manifest] Error 2
make: *** [Makefile:369: manifest] Error 2

Traceback (most recent call last):
  File "/app/.venv/lib/python3.14/site-packages/rq/worker/base.py", line 1522, in perform_job
    return_value = job.perform()
  File "/app/.venv/lib/python3.14/site-packages/rq/job.py", line 1342, in perform
    self._result = self._execute()
                   ~~~~~~~~~~~~~^^
  File "/app/.venv/lib/python3.14/site-packages/rq/job.py", line 1402, in _execute
    result = self.func(*self.args, **self.kwargs)
  File "/app/asu/build.py", line 494, in build
    result = _build(build_request, job)
  File "/app/asu/build.py", line 302, in _build
    report_error(job, check_package_errors(job.meta["stderr"]))
    ~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/app/asu/util.py", line 338, in report_error
    raise RuntimeError(msg)
RuntimeError: Impossible package selection: missing (amneziawg-tools, kmod-amneziawg, luci-app-podkop, luci-proto-amneziawg, podkop)

i suppose its all because of the podkop and amnezia packages which i installed through their relative scripts and not through apk add. and now i dont understand what should i do to be able to upgrade to 25.12.2

i should mention the following, if i recall it correctly i disabled sing-box which was installed by podkop module because of its high cpu utilization. when sing-box is running my top shows like 50% cpu utilization in average, when i stopped sing-box i got like 0-1% CPU utilization. so it might be the reason i had packet loss. now i am in a situation when i dont have packet loss but i still can see some latency spikes when my mac connected to wifi.

Does it happen when connected via Ethernet?

no, when i connect my mac to owrt through eth cable i can see the same values for pings on both devices and there are no spikes on mac. but when i connect mac to wifi nertwork sometimes, like once in 2 or 3 minutes i can observe a spike.

my configs:

root@OpenWrt:~# cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	list ipaddr '127.0.0.1/8'

config globals 'globals'
	option dhcp_default_duid '000418a1cf1c0c45436db683b7e3ece69d15'
	option ula_prefix 'fde5:30af:89c1::/48'
	option packet_steering '1'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'

config device
	option name 'lan0'
	option macaddr '30:16:9d:3f:e5:52'

config device
	option name 'lan1'
	option macaddr '30:16:9d:3f:e5:52'

config device
	option name 'lan2'
	option macaddr '30:16:9d:3f:e5:52'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	list ipaddr '192.168.1.1/24'
	option ip6assign '60'
	option multipath 'off'

config interface 'wan'
	option device 'eth1'
	option proto 'dhcp'
	option metric '100'
	option multipath 'off'
	option peerdns '0'
	list dns '8.8.8.8'
	list dns '8.8.4.4'

config interface 'wan6'
	option device 'eth1'
	option proto 'dhcpv6'

config device 'guest_dev'
	option type 'bridge'
	option name 'br-guest'
	list ports 'lan0'
	list ports 'lan1'

config interface 'guest'
	option proto 'static'
	option device 'br-guest'
	list ipaddr '192.168.3.1/24'
	list dns '8.8.8.8'
	option multipath 'off'

config interface 'awg'
	option proto 'amneziawg'
	option private_key ''
	list addresses '10.8.1.15/32'
	option awg_jc '3'
	option awg_jmin '10'
	option awg_jmax '50'
	option awg_s1 '114'
	option awg_s2 '29'
	option awg_h1 '800841693'
	option awg_h2 '1614520314'
	option awg_h3 '129966473'
	option awg_h4 '955128125'
	option multipath 'off'
	list dns '8.8.8.8'
	list dns '1.1.1.1'
	list dns '1.0.0.1'
	option defaultroute '0'
	option mtu '1280'

config amneziawg_awg
	option description 'Imported peer configuration'
	option public_key ''
	option preshared_key ''
	list allowed_ips '0.0.0.0/0'
	list allowed_ips '::/0'
	option persistent_keepalive '25'
	option endpoint_host ''
	option endpoint_port '43413'
	option route_allowed_ips '0'

config route
	option interface 'wan'
	option target '194.190.168.1/32'
	option metric '1'

root@OpenWrt:~# cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path 'platform/soc/18000000.wifi'
	option band '2g'
	option channel '3'
	option htmode 'HE20'
	option cell_density '0'

config wifi-device 'radio1'
	option type 'mac80211'
	option path 'platform/soc/18000000.wifi+1'
	option band '5g'
	option channel '36'
	option htmode 'HE80'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid 'OpenWrt5'
	option encryption 'psk2'
	option key ''

config wifi-iface 'guest'
	option device '“radio0”'
	option mode 'ap'
	option network 'guest'
	option ssid 'guest'
	option encryption 'none'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option ssid 'OpenWrt2'
	option encryption 'psk2'
	option network 'guest'
	option key ''

root@OpenWrt:~# cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'
	option noresolv '0'
	option cachesize '150'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option ra_preference 'medium'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/odhcpd.leases'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'
	option piodir '/tmp/odhcpd-piodir'
	option hostsdir '/tmp/hosts'

config dhcp 'guest'
	option interface 'guest'
	option start '100'
	option limit '150'
	option leasetime '1h'
	list dhcp_option '6,8.8.8.8,1.1.1.1'

root@OpenWrt:~# cat /etc/config/firewall

config defaults
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'lan'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'DROP'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config forwarding
	option src 'lan'
	option dest 'wan'

config zone
	option name 'guest'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'guest'

config rule
	option src 'guest'
	option name 'Allow-ALL-guest'
	list proto 'all'
	option target 'ACCEPT'

config zone
	option name 'awg'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	list network 'awg'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'awg'

config forwarding
	option src 'guest'
	option dest 'awg'

For apple their AirDrop/AWDL is known to cause latency issues over WiFi, see e.g. here:
https://medium.com/@xpl/the-apple-awdl-bug-that-ruins-cloud-gaming-on-mac-c5195bf18784

Remove those packages, upgrade and reinstall again

i disabled awdl0, but can still see spikes

sudo ifconfig awdl0 down
ifconfig awdl0
awdl0: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> mtu 1484
	options=400<CHANNEL_IO>
	ether 7e:4c:0e:dc:e3:78
	nd6 options=201<PERFORMNUD,DAD>
	media: autoselect
	status: inactive

it's such a pain in the ass to reconfigure all this tunnels again... any other options i have or this one is the only one?

If the packages are compiled for apk you can add the url for the repository with those apk packages as custom feed, you also need to download the key file.
For an example see how that is done for the PBR app (but that is also available from the official OpenWRT repo ) :

So awdl is prone to e-enable it self, so most instructions recommend to monitor this and automatically squash, in addition, I think using a fw bespoke channels can help (the time is mostly required to switch the radio to the awdl channel and then back again, if the radio uses that channel anyway awdl seems much less intrusive).

Yah, I know, so I checked its status before testing, it was disabled