Trouble connecting to and pinging a specific website

Installing and Using OpenWrt
1

I have recently set up my router with the newest stable OpenWRT firmware and for the most part it works completely fine. The configuring I have done is setting timezone and enabling WiFi. There is however one specific website which I seem to be unable to connect to. The website in question is https://aftenbladet.no. IPv4 pings have 100% packet loss, and when I try to connect through a browser it is just stuck loading.

I am fully able to connect to the website through another router or through mobile data, so I know that the website isn't down. Using a VPN does nothing, so I am pretty sure

Model: TP-Link Archer AX23 v1
Firmware Version: OpenWrt 23.05.2 r23630-842932a63d / LuCI openwrt-23.05 branch git-23.306.39416-c86c256

Here is my diagnostics data:

Connecting to the openwrt website works fine

PING openwrt.org (64.226.122.113): 56 data bytes
64 bytes from 64.226.122.113: seq=0 ttl=52 time=33.452 ms
64 bytes from 64.226.122.113: seq=1 ttl=52 time=32.242 ms
64 bytes from 64.226.122.113: seq=2 ttl=52 time=32.205 ms
64 bytes from 64.226.122.113: seq=3 ttl=52 time=32.175 ms
64 bytes from 64.226.122.113: seq=4 ttl=52 time=32.183 ms

Here is the result when trying to connect to https://aftenbladet.no

PING aftenbladet.no (195.88.55.37): 56 data bytes

--- aftenbladet.no ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss

Here is my traceroute output

traceroute to aftenbladet.no (195.88.55.37), 30 hops max, 46 byte packets
 1  *  *  *
 2  *  *  *
 3  *  *  *
 4  *  *  *
 5  *  *  *
 6  *  *  *
 7  *  *  *
 8  *  *  *
 9  *  *  *
10  *  *  *
11  *  *  *
12  *  *  *
13  *  *  *
14  *  *  *
15  *  *  *
16  *  *  *
17  *  *  *
18  *  *  *
19  *  *  *
20  *  *  *
21  *  *  *
22  *  *  *
23  *  *  *
24  *  *  *
25  *  *  *
26  *  *  *
27  *  *  *
28  *  *  *
29  *  *  *
30  *  *  *
3

Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
4
ubus call system board 
{
        "kernel": "5.15.137",
        "hostname": "OpenWrt",
        "system": "MediaTek MT7621 ver:1 eco:4",
        "model": "TP-Link Archer AX23 v1",
        "board_name": "tplink,archer-ax23-v1",
        "rootfs_type": "squashfs",
        "release": {
                "distribution": "OpenWrt",
                "version": "23.05.2",
                "revision": "r23630-842932a63d",
                "target": "ramips/mt7621",
                "description": "OpenWrt 23.05.2 r23630-842932a63d"
        }
}
cat /etc/config/network 
config interface 'loopback'
        option device 'lo'
        option proto 'static'
        option ipaddr '127.0.0.1'
        option netmask '255.0.0.0'

config globals 'globals'
        option ula_prefix 'fd11:df37:0a65::/48'
        option packet_steering '1'

config device

        option name 'br-lan'
        option type 'bridge'
        list ports 'lan1'
        list ports 'lan2'
        list ports 'lan3'
        list ports 'lan4'

config interface 'lan'
        option device 'br-lan'
        option proto 'static'
        option ipaddr '192.168.1.1'
        option netmask '255.255.255.0'
        option ip6assign '60'

config interface 'wan'
        option device 'wan'
        option proto 'dhcp'

config interface 'wan6'
        option device 'wan'
        option proto 'dhcpv6'
cat /etc/config/wireless 
config wifi-device 'radio0'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
        option channel 'auto'
        option band '2g'
        option htmode 'HE20'
        option cell_density '0'

config wifi-iface 'default_radio0'
        option device 'radio0'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt'
        option encryption 'sae'
        option key '[redacted]'

config wifi-device 'radio1'
        option type 'mac80211'
        option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0+1'
        option channel 'auto'
        option band '5g'
        option htmode 'HE80'
        option cell_density '0'

config wifi-iface 'default_radio1'
        option device 'radio1'
        option network 'lan'
        option mode 'ap'
        option ssid 'OpenWrt_5G'
        option encryption 'sae'
        option key '[redacted]'
cat /etc/config/dhcp 
config dnsmasq
        option domainneeded '1'
        option boguspriv '1'
        option filterwin2k '0'
        option localise_queries '1'
        option rebind_protection '1'
        option rebind_localhost '1'
        option local '/lan/'
        option domain 'lan'
        option expandhosts '1'
        option nonegcache '0'
        option cachesize '1000'
        option authoritative '1'
        option readethers '1'
        option leasefile '/tmp/dhcp.leases'
        option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
        option nonwildcard '1'
        option localservice '1'
        option ednspacket_max '1232'
        option filter_aaaa '0'
        option filter_a '0'

config dhcp 'lan'
        option interface 'lan'
        option start '100'
        option limit '150'
        option leasetime '12h'
        option dhcpv4 'server'
        option dhcpv6 'server'
        option ra 'server'
        option ra_slaac '1'
        list ra_flags 'managed-config'
        list ra_flags 'other-config'

config dhcp 'wan'
        option interface 'wan'
        option ignore '1'

config odhcpd 'odhcpd'
        option maindhcp '0'
        option leasefile '/tmp/hosts/odhcpd'
        option leasetrigger '/usr/sbin/odhcpd-update'
        option loglevel '4'
cat /etc/config/firewall 
config defaults
        option syn_flood        1
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
# Uncomment this line to disable ipv6 rules
#       option disable_ipv6     1

config zone
        option name             lan
        list   network          'lan'
        option input            ACCEPT
        option output           ACCEPT
        option forward          ACCEPT

config zone
        option name             wan
        list   network          'wan'
        list   network          'wan6'
        option input            REJECT
        option output           ACCEPT
        option forward          REJECT
        option masq             1
        option mtu_fix          1

config forwarding
        option src              lan
        option dest             wan

# We need to accept udp packets on port 68,
# see https://dev.openwrt.org/ticket/4108
config rule
        option name             Allow-DHCP-Renew
        option src              wan
        option proto            udp
        option dest_port        68
        option target           ACCEPT
        option family           ipv4

# Allow IPv4 ping
config rule
        option name             Allow-Ping
        option src              wan
        option proto            icmp
        option icmp_type        echo-request
        option family           ipv4
        option target           ACCEPT

config rule
        option name             Allow-IGMP
        option src              wan
        option proto            igmp
        option family           ipv4
        option target           ACCEPT

# Allow DHCPv6 replies
# see https://github.com/openwrt/openwrt/issues/5066
config rule
        option name             Allow-DHCPv6
        option src              wan
        option proto            udp
        option dest_port        546
        option family           ipv6
        option target           ACCEPT

config rule
        option name             Allow-MLD
        option src              wan
        option proto            icmp
        option src_ip           fe80::/10
        list icmp_type          '130/0'
        list icmp_type          '131/0'
        list icmp_type          '132/0'
        list icmp_type          '143/0'
        option family           ipv6
        option target           ACCEPT

# Allow essential incoming IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Input
        option src              wan
        option proto    icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        list icmp_type          router-solicitation
        list icmp_type          neighbour-solicitation
        list icmp_type          router-advertisement
        list icmp_type          neighbour-advertisement
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT

# Allow essential forwarded IPv6 ICMP traffic
config rule
        option name             Allow-ICMPv6-Forward
        option src              wan
        option dest             *
        option proto            icmp
        list icmp_type          echo-request
        list icmp_type          echo-reply
        list icmp_type          destination-unreachable
        list icmp_type          packet-too-big
        list icmp_type          time-exceeded
        list icmp_type          bad-header
        list icmp_type          unknown-header-type
        option limit            1000/sec
        option family           ipv6
        option target           ACCEPT

config rule
        option name             Allow-IPSec-ESP
        option src              wan
        option dest             lan
        option proto            esp
        option target           ACCEPT

config rule
        option name             Allow-ISAKMP
        option src              wan
        option dest             lan
        option dest_port        500
        option proto            udp
        option target           ACCEPT
5

Looks like an entirely default config (aside from wifi). There's no reason within OpenWrt that you would not have access to that site.

When you ran your tests earlier, were they from the router or a client behind the router?

What happens if you connect another router (or your computer directly) to your ISP instead of OpenWrt? Pro-tip: pay attention to the IP address you have on your OpenWrt router's WAN and compare that to whatever you use to test in lieu of the OpenWrt router... if different, that could be relevant.

6

These test were run directly from the router, but I have gotten the same results running them from my computer and phone.

Everything works without a hitch when using another router or connecting directly to my computer. I struggled to find the ip address of the other routers WAN interface, but in the end I wasn't able to find out where it was supposed to be

7

You could try simply googling “what’s my ip address “. That will give you your apparent public ip.

8

The public IPs seem to differ

9

It is possible that there is a block on the ip address your openwrt router is using.

Try cloning the MAC address of the working router into the openwrt router (the wan port MAC address). Hopefully that will enable the openwrt router to get the same ip as your other router, and then you can try again.

10

It works now. Thanks for the help. Could you explain why cloning the MAC address worked?

11

The isp probably gives out the ip addresses based on the MAC address. Something was causing the specific ip address you had on your openwrt router to be unable to reach the server in question - possibly a block on the server side for security or dos protection (or other reasons, although I have no way to know why that might have happened).

By cloning the other router’s MAC address, the isp gave you the same ip as it gave to your old router. And that ip was’t blocked. So now it is working.

Glad I could help!

12

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.