R7800 WAN connection drops

AL15 · June 22, 2019, 5:19pm

Hi,

i see this more frequent if i have bigger traffic on my wan connection but it seems not to be caused by my provider - here the details:

Netgear Nighthawk X4S R7800
ARMv7 Processor rev 0 (v7l)
OpenWrt 18.06.2 r7676-cddd7b4c77 / LuCI openwrt-18.06 branch (git-19.020.41695-6f6641d)
4.14.95

here what i see in the logs:
Sat Jun 22 18:02:02 2019 daemon.notice netifd: wan (4479): udhcpc: sending renew to 0.0.0.0
Sat Jun 22 18:02:05 2019 daemon.notice netifd: wan (4479): udhcpc: sending renew to 0.0.0.0
Sat Jun 22 18:02:06 2019 daemon.notice netifd: wan (4479): udhcpc: sending renew to 0.0.0.0
Sat Jun 22 18:02:06 2019 daemon.notice netifd: wan (4479): udhcpc: lease lost, entering init state
Sat Jun 22 18:02:06 2019 daemon.notice netifd: Interface 'wan' has lost the connection
Sat Jun 22 18:02:06 2019 daemon.notice netifd: Interface 'WGINTERFACE' has lost the connection
Sat Jun 22 18:02:06 2019 daemon.warn dnsmasq[1375]: no servers found in /tmp/resolv.conf.auto, will retry
Sat Jun 22 18:02:06 2019 daemon.notice netifd: Network device 'WGINTERFACE' link is down
Sat Jun 22 18:02:06 2019 daemon.notice netifd: wan (4479): udhcpc: sending discover

If this happens i can simply click reconnect on the WAN connection:

Sat Jun 22 18:48:03 2019 daemon.notice netifd: wan (4479): udhcpc: received SIGTERM
Sat Jun 22 18:48:03 2019 daemon.notice netifd: Interface 'wan' is now down
Sat Jun 22 18:48:03 2019 daemon.notice netifd: Interface 'wan' is disabled
Sat Jun 22 18:48:03 2019 kern.info kernel: [623402.230728] Generic PHY fixed-0:00: attached PHY driver [Generic PHY] (mii_bus:phy_addr=fixed-0:00, irq=POLL)
Sat Jun 22 18:48:03 2019 kern.info kernel: [623402.232391] dwmac1000: Master AXI performs any burst length
Sat Jun 22 18:48:03 2019 kern.info kernel: [623402.239771] ipq806x-gmac-dwmac 37200000.ethernet eth0: IEEE 1588-2008 Advanced Timestamp supported
Sat Jun 22 18:48:03 2019 kern.info kernel: [623402.245657] ipq806x-gmac-dwmac 37200000.ethernet eth0: registered PTP clock
Sat Jun 22 18:48:03 2019 kern.info kernel: [623402.254521] IPv6: ADDRCONF(NETDEV_UP): eth0: link is not ready
Sat Jun 22 18:48:03 2019 daemon.notice netifd: Interface 'wan' is enabled
Sat Jun 22 18:48:03 2019 kern.info kernel: [623402.262870] IPv6: ADDRCONF(NETDEV_UP): eth0.2: link is not ready
Sat Jun 22 18:48:03 2019 daemon.notice netifd: Interface 'wan' is setting up now
Sat Jun 22 18:48:03 2019 daemon.notice netifd: VLAN 'eth0.2' link is down
Sat Jun 22 18:48:03 2019 daemon.notice netifd: Interface 'wan' has link connectivity loss
Sat Jun 22 18:48:03 2019 daemon.notice netifd: Network device 'eth0' link is down
Sat Jun 22 18:48:03 2019 daemon.notice netifd: wan (19278): Command failed: Permission denied
Sat Jun 22 18:48:04 2019 kern.info kernel: [623403.268626] ipq806x-gmac-dwmac 37200000.ethernet eth0: Link is Up - 1Gbps/Full - flow control off
Sat Jun 22 18:48:04 2019 kern.info kernel: [623403.268747] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready
Sat Jun 22 18:48:04 2019 daemon.notice netifd: Network device 'eth0' link is up
Sat Jun 22 18:48:04 2019 daemon.notice netifd: VLAN 'eth0.2' link is up
Sat Jun 22 18:48:04 2019 daemon.notice netifd: Interface 'wan' has link connectivity
Sat Jun 22 18:48:04 2019 daemon.notice netifd: Interface 'wan' is setting up now
Sat Jun 22 18:48:04 2019 kern.info kernel: [623403.278879] IPv6: ADDRCONF(NETDEV_CHANGE): eth0.2: link becomes ready
Sat Jun 22 18:48:04 2019 daemon.notice netifd: wan (19396): udhcpc: started, v1.28.4
Sat Jun 22 18:48:04 2019 daemon.notice netifd: wan (19396): udhcpc: sending discover
Sat Jun 22 18:48:04 2019 daemon.notice netifd: wan (19396): udhcpc: sending select for 178.112.x.x
Sat Jun 22 18:48:04 2019 daemon.notice netifd: wan (19396): udhcpc: lease of 178.112.x.x obtained, lease time 7200
Sat Jun 22 18:48:04 2019 daemon.notice netifd: Interface 'wan' is now up
Sat Jun 22 18:48:04 2019 daemon.info dnsmasq[1375]: reading /tmp/resolv.conf.auto

Any Idea what causes this issue?

thanks

anon50098793 · June 22, 2019, 5:52pm

wireguard...

trendy · June 22, 2019, 6:51pm

Please post here the output of the following command, copy and paste the whole block:

uci show network; \
uci show firewall; uci show dhcp; \
head -n -0 /etc/firewall.user; \
ls -l  /etc/resolv.* /tmp/resolv.*; head -n -0 /etc/resolv.* /tmp/resolv.*

Please use "Preformatted text </>" for logs, scripts, configs and general console output.

AL15 · June 23, 2019, 9:29am

here the logs - only removed repeating entries and masked some keys:

network.loopback=interface
network.loopback.ifname='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fde2:cfde:7e77::/48'
network.lan=interface
network.lan.type='bridge'
network.lan.ifname='eth1.1'
network.lan.proto='static'
network.lan.netmask='255.255.255.0'
network.lan.ip6assign='60'
network.lan.ipaddr='192.168.15.1'
network.lan.delegate='0'
network.lan.igmp_snooping='1'
network.wan=interface
network.wan.ifname='eth0.2'
network.wan.proto='dhcp'
network.wan.hostname='Internet'
network.wan.clientid='0100BEEFC0FFEE'
network.@switch[0]=switch
network.@switch[0].name='switch0'
network.@switch[0].reset='1'
network.@switch[0].enable_vlan='1'
network.@switch_vlan[0]=switch_vlan
network.@switch_vlan[0].device='switch0'
network.@switch_vlan[0].vlan='1'
network.@switch_vlan[0].ports='1 2 3 4 6t'
network.@switch_vlan[1]=switch_vlan
network.@switch_vlan[1].device='switch0'
network.@switch_vlan[1].vlan='2'
network.@switch_vlan[1].ports='5 0t'
network.WGINTERFACE=interface
network.WGINTERFACE.proto='wireguard'
network.WGINTERFACE.private_key='**********'
network.WGINTERFACE.addresses='10.**.**.**'
network.WGINTERFACE.force_link='1'
network.WGINTERFACE.delegate='0'
network.@wireguard_WGINTERFACE[0]=wireguard_WGINTERFACE
network.@wireguard_WGINTERFACE[0].public_key='***********'
network.@wireguard_WGINTERFACE[0].allowed_ips='0.0.0.0/0'
network.@wireguard_WGINTERFACE[0].endpoint_host='***-wireguard.mullvad.net'
network.@rule[0]=rule
network.@rule[0].in='lan'
network.@rule[0].src='192.168.15.50/32'
network.@rule[0].lookup='100'
....
network.@rule[20]=rule
network.@rule[20].in='lan'
network.@rule[20].src='192.168.15.79/32'
network.@rule[20].lookup='100'
network.@rule[21]=rule
network.@rule[21].in='lan'
network.@rule[21].src='192.168.15.0/24'
network.@rule[21].lookup='101'
network.VPN_route=route
network.VPN_route.interface='WGINTERFACE'
network.VPN_route.target='0.0.0.0'
network.VPN_route.netmask='0.0.0.0'
network.VPN_route.table='100'
network.WAN_route=route
network.WAN_route.interface='WAN'
network.WAN_route.target='0.0.0.0'
network.WAN_route.netmask='0.0.0.0'
network.WAN_route.table='101'
network.lan_route=route
network.lan_route.interface='lan'
network.lan_route.target='192.168.15.0'
network.lan_route.netmask='255.255.255.0'
network.lan_route.gateway='192.168.15.1'
network.lan_route.table='100 101'
network.wg0=interface
network.wg0.proto='wireguard'
network.wg0.private_key='**************************'
network.wg0.listen_port='****'
network.wg0.force_link='1'
network.wg0.delegate='0'
network.wg0.addresses='192.168.16.1/24'
network.@wireguard_wg0[0]=wireguard_wg0
network.@wireguard_wg0[0].route_allowed_ips='1'
network.@wireguard_wg0[0].persistent_keepalive='25'
network.@wireguard_wg0[0].description='MobileNote8'
network.@wireguard_wg0[0].public_key='*****************'
network.@wireguard_wg0[0].allowed_ips='192.168.16.2/24'
firewall.@rule[0]=rule
firewall.@rule[0].src='*'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='****'
firewall.@rule[0].name='Allow-Wireguard-Inbound'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-DHCP-Renew'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='udp'
firewall.@rule[1].dest_port='68'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[1].family='ipv4'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-Ping'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='icmp'
firewall.@rule[2].icmp_type='echo-request'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-IGMP'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='igmp'
firewall.@rule[3].family='ipv4'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-DHCPv6'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='udp'
firewall.@rule[4].src_ip='fc00::/6'
firewall.@rule[4].dest_ip='fc00::/6'
firewall.@rule[4].dest_port='546'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-MLD'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].src_ip='fe80::/10'
firewall.@rule[5].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Input'
firewall.@rule[6].src='wan'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable                                                                                                                                   ' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-so                                                                                                                                   licitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertise                                                                                                                                   ment'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-ICMPv6-Forward'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='*'
firewall.@rule[7].proto='icmp'
firewall.@rule[7].icmp_type='echo-request' 'echo-reply' 'destination-unreachable                                                                                                                                   ' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[7].limit='1000/sec'
firewall.@rule[7].family='ipv6'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-IPSec-ESP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].proto='esp'
firewall.@rule[8].target='ACCEPT'
firewall.@rule[9]=rule
firewall.@rule[9].name='Allow-ISAKMP'
firewall.@rule[9].src='wan'
firewall.@rule[9].dest='lan'
firewall.@rule[9].dest_port='500'
firewall.@rule[9].proto='udp'
firewall.@rule[9].target='ACCEPT'
firewall.@rule[10]=rule
firewall.@rule[10].src='lan'
firewall.@rule[10].name='block WAN .70'
firewall.@rule[10].src_ip='192.168.15.70 192.168.15.71 192.168.15.72 192.168.15.                                                                                                                                   73 192.168.15.74 192.168.15.75 192.168.15.76 192.168.15.77 192.168.15.78 192.168                                                                                                                                   .15.79'
firewall.@rule[10].target='REJECT'
firewall.@rule[10].family='ipv4'
firewall.@rule[10].dest='wan'
firewall.@rule[11]=rule
firewall.@rule[11].src='lan'
firewall.@rule[11].name='block WAN .50'
firewall.@rule[11].src_ip='192.168.15.50 192.168.15.51 192.168.15.52 192.168.15.                                                                                                                                   53 192.168.15.54 192.168.15.55 192.168.15.56 192.168.15.57 192.168.15.58 192.168                                                                                                                                   .15.59'
firewall.@rule[11].target='REJECT'
firewall.@rule[11].family='ipv4'
firewall.@rule[11].dest='wan'
firewall.@rule[12]=rule
firewall.@rule[12].target='ACCEPT'
firewall.@rule[12].src='lan'
firewall.@rule[12].name='to wan'
firewall.@rule[12].dest='wan'
firewall.@rule[13]=rule
firewall.@rule[13].target='ACCEPT'
firewall.@rule[13].name='to vpn'
firewall.@rule[13].src='lan'
firewall.@rule[13].dest='WGZONE'
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].forward='REJECT'
firewall.@defaults[0].input='REJECT'
firewall.@defaults[0].output='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[0].network='lan'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].network='wan'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@zone[2]=zone
firewall.@zone[2].input='REJECT'
firewall.@zone[2].forward='REJECT'
firewall.@zone[2].name='WGZONE'
firewall.@zone[2].output='ACCEPT'
firewall.@zone[2].masq='1'
firewall.@zone[2].mtu_fix='1'
firewall.@zone[2].network='WGINTERFACE'
firewall.@zone[3]=zone
firewall.@zone[3].name='wg'
firewall.@zone[3].input='ACCEPT'
firewall.@zone[3].forward='ACCEPT'
firewall.@zone[3].output='ACCEPT'
firewall.@zone[3].masq='1'
firewall.@zone[3].network='wg0'
firewall.@zone[3].conntrack='1'
firewall.@zone[3].log='1'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wg'
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].src='wan'
firewall.@forwarding[1].dest='wg'
firewall.@forwarding[2]=forwarding
firewall.@forwarding[2].dest='lan'
firewall.@forwarding[2].src='wg'
firewall.@forwarding[3]=forwarding
firewall.@forwarding[3].dest='wan'
firewall.@forwarding[3].src='wg'
dhcp.@dnsmasq[0]=dnsmasq
dhcp.@dnsmasq[0].domainneeded='1'
dhcp.@dnsmasq[0].localise_queries='1'
dhcp.@dnsmasq[0].rebind_protection='1'
dhcp.@dnsmasq[0].rebind_localhost='1'
dhcp.@dnsmasq[0].local='/lan/'
dhcp.@dnsmasq[0].domain='lan'
dhcp.@dnsmasq[0].expandhosts='1'
dhcp.@dnsmasq[0].authoritative='1'
dhcp.@dnsmasq[0].readethers='1'
dhcp.@dnsmasq[0].leasefile='/tmp/dhcp.leases'
dhcp.@dnsmasq[0].resolvfile='/tmp/resolv.conf.auto'
dhcp.@dnsmasq[0].nonwildcard='1'
dhcp.@dnsmasq[0].localservice='1'
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='20'
dhcp.lan.limit='20'
dhcp.lan.leasetime='1h'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='0'
dhcp.odhcpd.leasefile='/tmp/hosts/odhcpd'
dhcp.odhcpd.leasetrigger='/usr/sbin/odhcpd-update'
dhcp.odhcpd.loglevel='4'
dhcp.@host[0]=host
dhcp.@host[0].ip='192.168.15.3'
dhcp.@host[0].mac='******'
dhcp.@host[0].name='Repeater'
....
dhcp.@host[38]=host
dhcp.@host[38].name='Smarthome-virt0'
dhcp.@host[38].dns='1'
dhcp.@host[38].mac='***********'
dhcp.@host[38].ip='192.168.15.11'
# This file is interpreted as shell script.
# Put your custom iptables rules here, they will
# be executed with each firewall (re-)start.

# Internal uci firewall chains are flushed and recreated on reload, so
# put custom rules into the root chains e.g. INPUT or FORWARD or into the
# special user chains, e.g. input_wan_rule or postrouting_lan_rule.
lrwxrwxrwx    1 root     root            16 Jan 30 13:21 /etc/resolv.conf -> /tm                                                                                                                                   p/resolv.conf
-rw-r--r--    1 root     root            32 Jun 15 13:33 /tmp/resolv.conf
-rw-r--r--    1 root     root            64 Jun 22 22:48 /tmp/resolv.conf.auto
==> /etc/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf <==
search lan
nameserver 127.0.0.1

==> /tmp/resolv.conf.auto <==
# Interface wan
nameserver 213.94.78.17
nameserver 213.94.78.16

trendy · June 24, 2019, 12:04pm

A few things I noticed:
Make sure your isp requires the hostname and clientid in wan.

allowed_ips='192.168.16.2/24
This must be either 2/32 or 0/24 and you don't need to route the allowed IPs.

AL15 · June 24, 2019, 5:09pm

Thanks - if my isp not require the hostname and client id - is there any setting i should change - i tried to remove the clientid but it seams it can not be empty?
As mentioned above if the wan connection drops i simple click reconnect and within seconds wan is up and get the ip so i belive the config in general is working - somehow i only see this behavior if i generate a lot of traffic and the dhcp refresh is triggered... can i somehow use a command to trigger the dhcp client refresh on wan manually to see if i can somehow force this behavior ?

THANKS for your support

anon50098793 · June 24, 2019, 5:23pm

[ -f /etc/udhcpc.user ] && . /etc/udhcpc.user "$@"

trendy · June 24, 2019, 8:42pm

If your isp doesn't require them, better leave them blanc. Otherwise I have noticed unpredicted behavior.
Your situation could be explained though by DHCP packets not reaching the dhcp server of your ISP due to vast traffic. This is difficult to happen however, because as per protocol the client sends DHCP request at half lease time. A qos rule to prioritize DHCP packets could help there.
Also make sure that DHCP packets go out of wan and not wireguard!