I have a Netgear Nighthawk X4S R7800, OpenWRT 19.07.4. Every few days it stops responding, can not sign in via web interface OR via ssh using IP on local network, and can not connect via wireless endpoints. The issue seems to be that it is failing to assign IP addresses because it can no longer assign one in range.
My configuration overview.
I have a primary wireless network (Little Prince) - LAN network
a guest wireless network (Fox), LAN network
and another wireless network (Le Petite Prince), LAN-FR network.
One of the ethernet ports is tied to the same network as (Le Petite Prince).
What I want: I would like a fast network (Little Prince), a lower priority (slower speed) network (Fox), and another network (Le Petite Prince) that I use VPN over SSH (sshuttle). I have this all working. However after about 2-4 days the router crashes. I have to unplug and restart the router. Seems like historical logs are not kept.
Why I think it is not working. I have a number of connected wireless devices to Fox. The guest network also happens to have a number of smart home devices connected. Is it possible my DHCP pool does not have enough range? I doubt it. I have maybe 15 devices total. Are the dynamic addresses being released properly... so when the device refresh comes, this larger pool eventually runs out of available addresses?
Future planning: I'd like to create a time machine server (disk to back up my connected mac devices) on Little Prince. I started working on that.
I start seeing these log messages:
daemon.warn dnsmasq-dhcp[2237]: no address range available for DHCP request via br-lan
My Configurations:
ubus call system board; \
uci export network; uci export wireless; \
uci export dhcp; uci export firewall; \
head -n -0 /etc/firewall.user; \
ip -4 addr ; ip -4 ro li tab all ; ip -4 ru; \
ls -l /etc/resolv.* /tmp/resolv.* /tmp/resolv.*/* ; head -n -0 /etc/resolv.*
/tmp/resolv.* /tmp/resolv.*/*
{
"kernel": "4.14.195",
"hostname": "OpenWrt",
"system": "ARMv7 Processor rev 0 (v7l)",
"model": "Netgear Nighthawk X4S R7800",
"board_name": "netgear,r7800",
"release": {
"distribution": "OpenWrt",
"version": "19.07.4",
"revision": "r11208-ce6496d796",
"target": "ipq806x/generic",
"description": "OpenWrt 19.07.4 r11208-ce6496d796"
}
}
package network
config interface 'loopback'
option ifname 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd21:6fed:e6a8::/48'
config interface 'lan'
option type 'bridge'
option ifname 'eth1.1'
option proto 'static'
option ipaddr '10.0.1.2'
option gateway '10.0.1.1'
option netmask '255.255.255.0'
option ip6assign '60'
option delegate '0'
config interface 'wan'
option ifname 'eth0.2'
option proto 'dhcp'
option hostname 'OpenWrtWireless'
option force_link '1'
config interface 'wan6'
option ifname 'eth0.2'
option proto 'dhcpv6'
option reqprefix 'auto'
option reqaddress 'try'
option force_link '1'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option vid '1'
option ports '2 3 4 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '0t 5'
option vid '2'
config switch_vlan
option device 'switch0'
option vlan '3'
option ports '1 6t'
option vid '3'
config interface 'guest'
option proto 'static'
option ipaddr '192.168.3.1'
option netmask '255.255.255.0'
list dns '71.252.0.14'
option delegate '0'
option ifname 'eth1.1'
config interface 'lanfr'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option delegate '0'
list dns '71.252.0.14'
option ifname 'eth1.3'
option type 'bridge'
package wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '36'
option hwmode '11a'
option path 'soc/1b500000.pci/pci0000:00/0000:00:00.0/0000:01:00.0'
option htmode 'VHT80'
config wifi-iface 'default_radio0'
option device 'radio0'
option mode 'ap'
option key 'checkmate'
option ssid 'Little Prince'
option encryption 'psk2'
option network 'lan'
config wifi-device 'radio1'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'soc/1b700000.pci/pci0001:00/0001:00:00.0/0001:01:00.0'
option htmode 'HT20'
config wifi-iface 'default_radio1'
option device 'radio1'
option mode 'ap'
option ssid 'Le Petite Prince'
option key 'checkmate'
option encryption 'psk2'
option network 'lan2 lanfr'
config wifi-iface 'wifinet2'
option device 'radio1'
option mode 'ap'
option key 'checkmate'
option encryption 'psk2'
option network 'lan'
option ssid 'Fox'
package dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '1'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.auto'
option nonwildcard '1'
option localservice '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
config dhcp 'guest'
option start '100'
option leasetime '12h'
option limit '150'
option interface 'guest'
config dhcp 'lanfr'
option start '100'
option leasetime '12h'
option limit '150'
option interface 'lanfr'
package firewall
config defaults
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
option synflood_protect '1'
config zone
option name 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
option masq '1'
option network 'lan'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option mtu_fix '1'
option network 'wan wan6'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config include
option path '/etc/firewall.user'
config zone
option network 'guest'
option forward 'REJECT'
option name 'guest'
option output 'ACCEPT'
option input 'REJECT'
config forwarding
option src 'guest'
option dest 'wan'
config rule
option dest_port '53'
option name 'guestDNS'
list proto 'tcpudp'
option target 'ACCEPT'
option src 'guest'
config rule
option name 'guestDHCP'
option target 'ACCEPT'
list proto 'udp'
option family 'ipv4'
option src 'guest'
option dest_port '67'
config zone
option network 'lanfr'
option forward 'REJECT'
option name 'lanfr'
option output 'ACCEPT'
option input 'REJECT'
config rule
option dest_port '53'
option name 'lanfr'
option target 'ACCEPT'
option src 'lanfr'
config rule
option dest_port '67'
option src 'lanfr'
option target 'ACCEPT'
option family 'ipv4'
list proto 'udp'
config forwarding
option dest 'wan'
option src 'lanfr'
config forwarding
option dest 'lan'
option src 'guest'
config forwarding
option dest 'lan'
option src 'lanfr'
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.
# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
7: br-lan: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 10.0.1.2/24 brd 10.0.1.255 scope global br-lan
valid_lft forever preferred_lft forever
8: eth1.1@eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-lan state UP qlen 1000
inet 192.168.3.1/24 brd 192.168.3.255 scope global eth1.1
valid_lft forever preferred_lft forever
9: br-lanfr: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP qlen 1000
inet 192.168.2.1/24 brd 192.168.2.255 scope global br-lanfr
valid_lft forever preferred_lft forever
default via 10.0.1.1 dev br-lan
10.0.1.0/24 dev br-lan scope link src 10.0.1.2
192.168.2.0/24 dev br-lanfr scope link src 192.168.2.1
192.168.3.0/24 dev eth1.1 scope link src 192.168.3.1
broadcast 10.0.1.0 dev br-lan table local scope link src 10.0.1.2
local 10.0.1.2 dev br-lan table local scope host src 10.0.1.2
broadcast 10.0.1.255 dev br-lan table local scope link src 10.0.1.2
broadcast 127.0.0.0 dev lo table local scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local scope host src 127.0.0.1
local 127.0.0.1 dev lo table local scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local scope link src 127.0.0.1
broadcast 192.168.2.0 dev br-lanfr table local scope link src 192.168.2.1
local 192.168.2.1 dev br-lanfr table local scope host src 192.168.2.1
broadcast 192.168.2.255 dev br-lanfr table local scope link src 192.168.2.1
broadcast 192.168.3.0 dev eth1.1 table local scope link src 192.168.3.1
local 192.168.3.1 dev eth1.1 table local scope host src 192.168.3.1
broadcast 192.168.3.255 dev eth1.1 table local scope link src 192.168.3.1
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
ls: /tmp/resolv.*/*: No such file or directory
lrwxrwxrwx 1 root root 16 Sep 6 16:19 /etc/resolv.conf -> /tmp/resolv.conf
-rw-r--r-- 1 root root 32 Jan 17 21:49 /tmp/resolv.conf
-rw-r--r-- 1 root root 82 Jan 9 23:32 /tmp/resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1
==> /tmp/resolv.conf.auto <==
# Interface guest
nameserver 71.252.0.14
# Interface lanfr
nameserver 71.252.0.14
head: /tmp/resolv.*/*: No such file or directory
I really appreciate any insight into this. I found a number of posts where you set the force flag, and that does not seem to work.