[Solved]Can't access couple of websites from OpenWrt

I would say that it is not so terrible, but having packet loss at your router is worrying and you could start investing from there.
You are not applying any rate limit, are you?
Run a ping for 1000 packets and see how much is the loss.

2 Likes

First I am not applying any rate limit, just using SQM but even without SQM it's same thing.
Secondly the packet loss is not consistent, sometimes there's no response for 80 packets in one go. I have seen it in traceping, the packet loss is unusal sometimes and there's not really a pattern. Sometimes it keeps working for a while and then a massive packet loss.
I have also noticed some dropped traffic in firewall but I don't really know if it's related to this because it was just a few kbs maybe 250 or so.

So I would like to see if firewall or iptables cause this issue somewhere. How can I disable firewall and iptables rules and still access internet? Because if I stop firewall there's no internet connectivity anymore.

Edit: I have tested with different websites and except twitter every website has only around 1,2% of packet loss but with twitter it's around 10-50%.

iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o WAN_INTERFACE_NAME -j MASQUERADE
1 Like

Actually, service firewall stop invokes fw3 flush, which clears the tables regardless of whether the firewall service is running or not.

2 Likes

It doesn't work for me.

root@xeli:~# service firewall stop
-ash: service: not found

I could to stop it with

/etc/init.d/firewall stop

Nonetheless, he will need the last MASQ command to enable internet in the lan.

1 Like

5 posts were split to a new topic: Service command not found

No I dont think so, I have flashed a new built firmware, with no settings saved, to W8980. First I was using HH5A and same thing was occurring with my phone.

Well in any case, I tried stopping firewall and flushing iptables entries but it's still the same on my phone. Although traceping showed rather better results but the official twitter app is still crappy for me. 3rd paty twitter apps and other devices on my network still working fine. Now I am forced to believe that something actually may be wrong with my phone. Because I have 2 more android devices and they work fine.

1 Like

Have you tried that?

For example, this is twitter.com for me via OpenVPN:

$ tracepath -b twitter.com
 1?: [LOCALHOST]                      pmtu 1500
 1:  _gateway (192.168.8.1)                               49.228ms 
 1:  _gateway (192.168.8.1)                               49.054ms 
 2:  router1-lon.linode.com (212.111.33.229)              50.224ms 
 3:  109.74.207.22 (109.74.207.22)                        49.036ms 
 4:  109.74.207.9 (109.74.207.9)                          49.078ms asymm  3 
 5:  xe-1-1-0.cr1-lon1.twttr.com (195.66.225.142)         51.217ms asymm  4 
 6:  104.244.42.129 (104.244.42.129)                      52.315ms reached
     Resume: pmtu 1500 hops 6 back 5 

As you can see, delay from VPN-provider to the service is ~3ms.

1 Like

Yes I can access twitter from vpn just fine with the official app. I have been doing that for a couple of months. I want vpn to be the last resort thing because I know it works. But why does the normal internet not work?

Maybe your provider is manipulating traffic somehow. By going over VPN you bypass your provider's traffic shaping.

2 Likes

But then twitter works on my other devices without VPN and on my phone it works when getting internet directly from ISP router. So I really dont think it's an ISP issue. Maybe something between my phone and OpenWrt doesnt work as expected. So I think it could be an issue with phone's wifi maybe.

An ISP messing with traffic is exactly the reason why people utilize VPN.
You are not the first and not the last in such circumstances.

That's why I suggest you to set up a VPN-client on the router.
Test it to localize the issue.

1 Like

Well it works with a VPN. So I just configured twitter to go through the VPN client on the router.

1 Like

In addition, if using a VPN for all devices affects the throughput, you can utilize policy-based routing:

Yes I am already using that, only two websites at the moment are configured to go through VPN.

1 Like

Some more info for future purposes.

As you may know I was having issues with some websites and as it turns out they may be getting throttled in my country to some extent and it could be one of the reasons they were not working but anyway I was able to make my ADSL connection faster for me with the help of rectifying DNS issues. I was searching online for any help regarding slow internet and some forums suggested to use PingPlotter and DNSBench. I think they are Windows based programs but may be available for Linux systems but I am not sure.

The thing is you may only need to do it once though. So yeah just use DNSBench first and get faster DNS addresses that may be available for you in your area. You can also add any DNSs that you specifically want to test and are not available in the list. My ISP was using some DNSs which were not helpful so with the help of the above software I was able to add 3 servers to my DNS list, basically in WAN interface, which improved my internet connectivity.

For me these worked but you may find something else:
39.39.39.39
208.67.220.222
8.8.8.8

2 Likes

You can also try cloudflare NS 1.1.1.1 and 1.0.0.1 (2606:4700:4700::1111 & 2606:4700:4700::1001)

1 Like

Yes I know but these DNSs are too slow for me. I have already tried them and Internet was barely crawling.

1 Like

Alrighty, I just mentioned them cause they are the fastest for me.

1 Like

Yes I think this also depends on where you live, your ISP, etc. I mean it's not just DNS related, there are more things to consider but still thanks though.

Edit: This can be related to something broken within OpenWrt System becasue right now @28-Feb-2019 I am using Snapshot and the websites work just fine with simple config changes to start internet with pppoe.

2 Likes