RT-AX53U hangs periodically with OpenWrt 22.03.3

Define 'hang'?

Did you try disabling Adblock to see if it stays stable? Would be the first thing I'd do, from what I understand Adblock can eat quite some memory.

1 Like

Sorry for the late response. I was traveling due to a family emergency.

  1. I did not run the OEM firmware. As soon as I bought this router, I installed OpenWRT.

2 cat /etc/config/network

config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option packet_steering '1'
	option ula_prefix 'fd18:bc6a:a18e::/48'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'

config interface 'lan'
	option device 'br-lan'
	option proto 'static'
	option ipaddr '192.168.1.1'
	option netmask '255.255.255.0'
	option ip6assign '60'

config interface 'wan'
	option device 'wan'
	option proto 'pppoe'
	option username '**************'
	option password '**************'
	option persist 'true'
	option maxfail '0'
	option holdoff '10'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'

cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
	option channel '1'
	option band '2g'
	option htmode 'HE20'
	option country 'IN'
	option cell_density '3'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option encryption 'sae-mixed'
	option ssid '************'
	option key '************'

config wifi-device 'radio1'
	option type 'mac80211'
	option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0+1'
	option channel '36'
	option band '5g'
	option htmode 'HE80'
	option cell_density '0'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ssid '************'
	option encryption 'sae-mixed'
	option key '************'

config wifi-iface 'wifinet2'
	option device 'radio1'
	option mode 'ap'
	option encryption 'psk-mixed'
	option key '************'
	option ssid '************'
	option network 'lan'

cat /etc/config/dhcp

config dnsmasq
	option domainneeded '1'
	option boguspriv '1'
	option filterwin2k '0'
	option localise_queries '1'
	option rebind_protection '1'
	option rebind_localhost '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option nonegcache '0'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
	option nonwildcard '1'
	option localservice '1'
	option ednspacket_max '1232'
	option filter_aaaa '0'
	option filter_a '0'
	option confdir '/tmp/dnsmasq.d'

config dhcp 'lan'
	option interface 'lan'
	option start '100'
	option limit '150'
	option leasetime '12h'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	list dhcp_option '6,************'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config host
	option name 'xxxxxxxx'
	option ip '************'
	option mac '************'


cat /etc/config/firewall

config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'
	option drop_invalid '1'

config zone
	option name 'lan'
	list network 'lan'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'

config zone
	option name 'wan'
	list network 'wan'
	list network 'wan6'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'

config forwarding
	option src 'lan'
	option dest 'wan'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option dest 'lan'
	option proto 'esp'
	option target 'ACCEPT'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest 'lan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'

config include
	option path '/etc/firewall.fail2ban'
	option enabled '1'
	option reload '1'
  1. No, I did not try the snapshots. I wanted to use a stable release just to be safe.

Please advise. Thank you!

1 Like

The router stops responding and there is no network link. I have to reboot to get it to work again.
Yes, I have disabled the Adblock. Still the issue is not getting resolved.

WPA2/3 combined ('SAE mixed') is known to cause issues with some hardware (although I haven't heard about it for MT7915). Try disabling that and splitting your SSIDs between one WPA2 and another WPA3 one.

Any offloading you have set?

You're sure fail2ban isn't breaking anything either?

1 Like

Ok, I have disabled SAE. Lets see whether this resolves the issue. keeping fingers crossed.
as you would know, fail2ban comes into play only when anyone tries to ssh into the router.

True, but no idea how much RAM it uses.

1 Like

The issues with WPA3/ WPA2 mixed-mode are client side (interoperability), there's no problem with the AP side (neither ath5k, ath9k, ath10k, ath11k nor mt76) here (nor with sane clients, but many iOS/ android and other proprietary clients get confused if they see WAP3 or 802.11w and don't work properly). You will see the same problems with fully proprietary APs here (which is why OEM firmwares have largely disabled the option of providing mixed-mode, even if they shipped with it originally).

2 Likes

I disabled SAE mixed mode and using only WPA3-PSK. but, the router still hangs. I had to reboot it to make it work again.

@slh You're right about that.

@tagsense At this point it sounds like either serial or some kind of remote logging will shed light on the issue.

1 Like

A post was split to a new topic: Periodic hangs with Xiaomi R3Gv1

As per your suggestion, I have setup logging on an USB drive using the information available on the following 2 pages:

  1. https://openwrt.org/docs/guide-user/storage/usb-drives
  2. https://baheyeldin.com/technology/linux/using-rsyslog-and-usb-storage-openwrt-logging.html
    I have sent all the logs (messages, authpriv, mail, cron and local7) to the attached USB drive. Do I need to any other logs and/or increase the log levels?
1 Like

Usually just the logread output (where OpenWrt routes most if not all of the relevant logging to) is sufficient to find out the error messages.

To save RAM the log buffer is cycled periodically, which means you cannot go back for days, which is another reason why loging remotely is handy.

1 Like

I see the following messages in the log file. It seems the firewall was reloaded after the WAN interface was brought back up. After that, the connection was completely lost. I could not even ssh into the router from the same LAN. Any hints/suggestions?

Feb 12 11:05:14 OpenWrt kernel: [   35.072806] br-lan: port 5(wlan0) entered forwarding state                                                                                                                     
Feb 12 11:05:14 OpenWrt kernel: [   35.183214] br-lan: port 6(wlan1-1) entered blocking state                                                                                                                     
Feb 12 11:05:14 OpenWrt kernel: [   35.188851] br-lan: port 6(wlan1-1) entered disabled state                                                                                                                     
Feb 12 11:05:14 OpenWrt kernel: [   35.195411] device wlan1-1 entered promiscuous mode                                                                                                                            
Feb 12 11:05:14 OpenWrt kernel: [   35.210093] br-lan: port 6(wlan1-1) entered blocking state                                                                                                                     
Feb 12 11:05:14 OpenWrt kernel: [   35.215730] br-lan: port 6(wlan1-1) entered forwarding state                  
Feb 12 11:05:14 OpenWrt kernel: [   35.352766] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1-1: link becomes ready
Feb 12 11:05:14 OpenWrt firewall: Reloading firewall due to ifup of wan (pppoe-wan)                                                                                                                               
Feb 12 11:05:15 OpenWrt adblock-4.1.5[1794]: download of 'reg_cn' failed, url: https://easylist-downloads.adblockplus.org/easylistchina.txt, rule: BEGIN{FS="[|^]"}/^\|\|([[:alnum:]_-]{1,63}\.)+[[:alpha:]]+\^(\$
Feb 12 11:05:15 OpenWrt adblock-4.1.5[1794]: download of 'reg_ru' failed, url: https://easylist-downloads.adblockplus.org/ruadlist.txt, rule: BEGIN{FS="[|^]"}/^\|\|([[:alnum:]_-]{1,63}\.)+[[:alpha:]]+\^(\$third
Feb 12 11:05:15 OpenWrt adblock-4.1.5[1794]: download of 'openphish' failed, url: https://openphish.com/feed.txt, rule: BEGIN{FS="/"}/^http[s]?:\/\/([[:alnum:]_-]{1,63}\.)+[[:alpha:]]+(\/|$)/{print tolower($3)}
Feb 12 11:05:15 OpenWrt adblock-4.1.5[1794]: download of 'yoyo' failed, url: https://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=0&mimetype=plaintext, rule: /^([[:alnum:]_-]{1,63}\.)+[[:al
Feb 12 14:37:59 OpenWrt dnsmasq[1]: started, version 2.86 cachesize 150        

Not even with a static IP on your client?

I'v got into same scenario on Bananapi BPI R3 these days, flashed into latest firmware didn't help.

The router was running fine previously with 30+ days of uptime. It hangs periodically for the past few days, lost LAN connection to it, only solution is to RESTART router.

I'v checked the system log, the last logged message was:

Sun Feb 12 15:01:59 2023 user.info adblock-4.1.5[1774]: download of 'energized' failed, url: https://block.energized.pro/, rule: /^([[:alnum:]_-]{1,63}\.)+[[:alpha:]]+([[:space:]]|$)/{print tolower($1)}, categories:  porn/formats/domains.txt, rc: 8, log: Downloading 'https://block.energized.pro/porn/formats/domains.txt' Connecting to 172.67.221.49:443 HTTP error 404

So I guess maybe its the adblock caused this issue, now I have 3 options to test with:

  1. disable adblock completely
  2. exclude energized from blocksource.
  3. switch to simple-adblock.

I disabled AdBlock and tried. But, it did not help and the router continues to hang every few hours or so. Just to be clear, this does NOT prove AdBlock is not the issue in your case. I am just sharing the results of my troubleshooting efforts.

1 Like

yeah, looks like your case is different, we are using different hardware after all, might be the firmware glitch with your hardware.

I will observe for few days after I excluded "energized" from the block source.

I set static IP address for my laptop and connected to the router over an ethernet cable. Even that link to the laptop goes down.

UPDATE:

  • Excluded energized block source from adblock.

  • Got disconnected from router (dhcp server) again last night around 11pm, lost PC LAN connection to router. changed my PC to static IP and did ping, ssh, router didn't respond...

  • system.log has log up only to 7pm with no any critical error.

same?