Lose internet connection every few days until I restart firewall(skynet)

[dvohwinkel]

I have a RT-AC86U running Merlin 384.13 with Skynet using a 512 MB swap that skynet created on install.
This issue seems to happen at random but ever couple of days..

I will not be able to get out to the WAN and when I go into the router GUI I see the red X saying the internet connectivity is not there.. sure enough nettools ping will show all packets as lost.

The interesting thing is in the syslog I will still see some dropped packets from incoming connections..

Aug 7 07:00:02 Skynet: [#] 154792 IPs (+0) -- 1648 Ranges Banned (+0) || 16648 Inbound -- 249 Outbound Connections Blocked! [save] [2s]
Aug 7 07:21:32 WLCEVENTD: eth6: Assoc 10:41:7F:1C:55:0D
Aug 7 07:21:33 dnsmasq-dhcp[789]: DHCPREQUEST(br0) 192.168.0.57 10:41:7f:1c:55:0d
Aug 7 07:21:33 dnsmasq-dhcp[789]: DHCPACK(br0) 192.168.0.57 10:41:7f:1c:55:0d iPhone
Aug 7 07:35:17 WLCEVENTD: eth6: Disassoc 10:41:7F:1C:55:0D
Aug 7 07:36:24 dnsmasq-dhcp[789]: DHCPRELEASE(br0) 192.168.0.2 00:d0:2d:be:41:af
Aug 7 07:36:27 WLCEVENTD: eth5: Assoc 000:2D:BE:41:AF
Aug 7 07:36:30 dnsmasq-dhcp[789]: DHCPDISCOVER(br0) 00:d0:2d:be:41:af
Aug 7 07:36:30 dnsmasq-dhcp[789]: DHCPOFFER(br0) 192.168.0.2 00:d0:2d:be:41:af
Aug 7 07:36:30 dnsmasq-dhcp[789]: DHCPDISCOVER(br0) 00:d0:2d:be:41:af
Aug 7 07:36:30 dnsmasq-dhcp[789]: DHCPOFFER(br0) 192.168.0.2 00:d0:2d:be:41:af
Aug 7 07:36:31 dnsmasq-dhcp[789]: DHCPREQUEST(br0) 192.168.0.2 00:d0:2d:be:41:af
Aug 7 07:36:31 dnsmasq-dhcp[789]: DHCPACK(br0) 192.168.0.2 00:d0:2d:be:41:af GatewayBE41AF
Aug 7 07:45:46 WLCEVENTD: eth6: Assoc 10:41:7F:1C:55:0D
Aug 7 07:45:46 dnsmasq-dhcp[789]: DHCPREQUEST(br0) 192.168.0.57 10:41:7f:1c:55:0d
Aug 7 07:45:46 dnsmasq-dhcp[789]: DHCPACK(br0) 192.168.0.57 10:41:7f:1c:55:0d iPhone
Aug 7 07:46:51 WLCEVENTD: eth6: Disassoc 10:41:7F:1C:55:0D
Aug 7 07:54:42 WLCEVENTD: eth6: Assoc 10:41:7F:1C:55:0D
Aug 7 07:54:43 dnsmasq-dhcp[789]: DHCPREQUEST(br0) 192.168.0.57 10:41:7f:1c:55:0d
Aug 7 07:54:43 dnsmasq-dhcp[789]: DHCPACK(br0) 192.168.0.57 10:41:7f:1c:55:0d iPhone
Aug 7 08:00:03 Skynet: [#] 154792 IPs (+0) -- 1648 Ranges Banned (+0) || 16739 Inbound -- 249 Outbound Connections Blocked! [save] [3s]
Aug 7 08:00:18 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=b0:6e:bf:62:49:e8:00:17:10:88:d7:99:08:00 SRC=36.228.27.44 DST=65.190.32.148 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=6203 PROTO=TCP SPT=39264 DPT=23 SEQ=1102979220 ACK=0 WINDOW=45389 RES=0x00 SYN URGP=0 MARK=0x8000000
Aug 7 08:01:04 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=b0:6e:bf:62:49:e8:00:17:10:88:d7:99:08:00 SRC=87.241.107.62 DST=65.190.32.148 LEN=40 TOS=0x08 PREC=0x00 TTL=42 ID=64944 PROTO=TCP SPT=62784 DPT=23 SEQ=1102979220 ACK=0 WINDOW=56685 RES=0x00 SYN URGP=0 MARK=0x8000000
Aug 7 08:01:08 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=b0:6e:bf:62:49:e8:00:17:10:88:d7:99:08:00 SRC=80.82.64.127 DST=65.190.32.148 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=5225 PROTO=TCP SPT=42332 DPT=49789 SEQ=4213503616 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Aug 7 08:01:33 WLCEVENTD: eth6: Disassoc 10:41:7F:1C:55:0D
Aug 7 08:02:15 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=b0:6e:bf:62:49:e8:00:17:10:88:d7:99:08:00 SRC=185.143.221.62 DST=65.190.32.148 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=8070 PROTO=TCP SPT=57590 DPT=3390 SEQ=2536518188 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Aug 7 08:02:23 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=b0:6e:bf:62:49:e8:00:17:10:88:d7:99:08:00 SRC=216.218.206.125 DST=65.190.32.148 LEN=33 TOS=0x00 PREC=0x00 TTL=50 ID=1698 DF PROTO=UDP SPT=48526 DPT=3283 LEN=13 MARK=0x8000000
Aug 7 08:02:31 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=b0:6e:bf:62:49:e8:00:17:10:88:d7:99:08:00 SRC=193.32.161.60 DST=65.190.32.148 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=50774 PROTO=TCP SPT=56803 DPT=9000 SEQ=3270690282 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

When I did my upgrade I did a total reset to factory defaults, reformatted jffs, everything was reset. I saw this before in 384.12 as well.
A /jffs/scripts/firewall restart will clear the issue.

 

[Adamm]

I have a RT-AC86U running Merlin 384.13 with Skynet using a 512 MB swap that skynet created on install.
This issue seems to happen at random but ever couple of days..

I will not be able to get out to the WAN and when I go into the router GUI I see the red X saying the internet connectivity is not there.. sure enough nettools ping will show all packets as lost.

The interesting thing is in the syslog I will still see some dropped packets from incoming connections..

Aug 7 07:00:02 Skynet: [#] 154792 IPs (+0) -- 1648 Ranges Banned (+0) || 16648 Inbound -- 249 Outbound Connections Blocked! [save] [2s]
Aug 7 07:21:32 WLCEVENTD: eth6: Assoc 10:41:7F:1C:55:0D
Aug 7 07:21:33 dnsmasq-dhcp[789]: DHCPREQUEST(br0) 192.168.0.57 10:41:7f:1c:55:0d
Aug 7 07:21:33 dnsmasq-dhcp[789]: DHCPACK(br0) 192.168.0.57 10:41:7f:1c:55:0d iPhone
Aug 7 07:35:17 WLCEVENTD: eth6: Disassoc 10:41:7F:1C:55:0D
Aug 7 07:36:24 dnsmasq-dhcp[789]: DHCPRELEASE(br0) 192.168.0.2 00:d0:2d:be:41:af
Aug 7 07:36:27 WLCEVENTD: eth5: Assoc 000:2D:BE:41:AF
Aug 7 07:36:30 dnsmasq-dhcp[789]: DHCPDISCOVER(br0) 00:d0:2d:be:41:af
Aug 7 07:36:30 dnsmasq-dhcp[789]: DHCPOFFER(br0) 192.168.0.2 00:d0:2d:be:41:af
Aug 7 07:36:30 dnsmasq-dhcp[789]: DHCPDISCOVER(br0) 00:d0:2d:be:41:af
Aug 7 07:36:30 dnsmasq-dhcp[789]: DHCPOFFER(br0) 192.168.0.2 00:d0:2d:be:41:af
Aug 7 07:36:31 dnsmasq-dhcp[789]: DHCPREQUEST(br0) 192.168.0.2 00:d0:2d:be:41:af
Aug 7 07:36:31 dnsmasq-dhcp[789]: DHCPACK(br0) 192.168.0.2 00:d0:2d:be:41:af GatewayBE41AF
Aug 7 07:45:46 WLCEVENTD: eth6: Assoc 10:41:7F:1C:55:0D
Aug 7 07:45:46 dnsmasq-dhcp[789]: DHCPREQUEST(br0) 192.168.0.57 10:41:7f:1c:55:0d
Aug 7 07:45:46 dnsmasq-dhcp[789]: DHCPACK(br0) 192.168.0.57 10:41:7f:1c:55:0d iPhone
Aug 7 07:46:51 WLCEVENTD: eth6: Disassoc 10:41:7F:1C:55:0D
Aug 7 07:54:42 WLCEVENTD: eth6: Assoc 10:41:7F:1C:55:0D
Aug 7 07:54:43 dnsmasq-dhcp[789]: DHCPREQUEST(br0) 192.168.0.57 10:41:7f:1c:55:0d
Aug 7 07:54:43 dnsmasq-dhcp[789]: DHCPACK(br0) 192.168.0.57 10:41:7f:1c:55:0d iPhone
Aug 7 08:00:03 Skynet: [#] 154792 IPs (+0) -- 1648 Ranges Banned (+0) || 16739 Inbound -- 249 Outbound Connections Blocked! [save] [3s]
Aug 7 08:00:18 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=b0:6e:bf:62:49:e8:00:17:10:88:d7:99:08:00 SRC=36.228.27.44 DST=65.190.32.148 LEN=40 TOS=0x00 PREC=0x00 TTL=48 ID=6203 PROTO=TCP SPT=39264 DPT=23 SEQ=1102979220 ACK=0 WINDOW=45389 RES=0x00 SYN URGP=0 MARK=0x8000000
Aug 7 08:01:04 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=b0:6e:bf:62:49:e8:00:17:10:88:d7:99:08:00 SRC=87.241.107.62 DST=65.190.32.148 LEN=40 TOS=0x08 PREC=0x00 TTL=42 ID=64944 PROTO=TCP SPT=62784 DPT=23 SEQ=1102979220 ACK=0 WINDOW=56685 RES=0x00 SYN URGP=0 MARK=0x8000000
Aug 7 08:01:08 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=b0:6e:bf:62:49:e8:00:17:10:88:d7:99:08:00 SRC=80.82.64.127 DST=65.190.32.148 LEN=40 TOS=0x00 PREC=0x00 TTL=236 ID=5225 PROTO=TCP SPT=42332 DPT=49789 SEQ=4213503616 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Aug 7 08:01:33 WLCEVENTD: eth6: Disassoc 10:41:7F:1C:55:0D
Aug 7 08:02:15 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=b0:6e:bf:62:49:e8:00:17:10:88:d7:99:08:00 SRC=185.143.221.62 DST=65.190.32.148 LEN=40 TOS=0x00 PREC=0x00 TTL=241 ID=8070 PROTO=TCP SPT=57590 DPT=3390 SEQ=2536518188 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
Aug 7 08:02:23 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=b0:6e:bf:62:49:e8:00:17:10:88:d7:99:08:00 SRC=216.218.206.125 DST=65.190.32.148 LEN=33 TOS=0x00 PREC=0x00 TTL=50 ID=1698 DF PROTO=UDP SPT=48526 DPT=3283 LEN=13 MARK=0x8000000
Aug 7 08:02:31 kernel: [BLOCKED - INBOUND] IN=eth0 OUT= MAC=b0:6e:bf:62:49:e8:00:17:10:88:d7:99:08:00 SRC=193.32.161.60 DST=65.190.32.148 LEN=40 TOS=0x00 PREC=0x00 TTL=242 ID=50774 PROTO=TCP SPT=56803 DPT=9000 SEQ=3270690282 ACK=0 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000

When I did my upgrade I did a total reset to factory defaults, reformatted jffs, everything was reset. I saw this before in 384.12 as well.
A /jffs/scripts/firewall restart will clear the issue.

Don't think its Skynet causing issues here. You say there's no wan connection but your logs show there's incoming packets (albeit blocked but it still indicates an active WAN connection).

Next time this occurs, rather then restart the firewall service (note this does a lot more then just restart Skynet), instead use the disable command so you can effectively rule out Skynet as the cause or not.

 

[dvohwinkel]

It happened again last night. I didn't get to disable skynet as it would hang right after it displayed the swap size.. I was going to disable it via the menu.. I didn't think to try ./firewall disable. I will do that next time. Anything else I should look for?

dave@RT-AC86U-49E8:/jffs/scripts# ./firewall
################################################################################
# _____ _ _ __ #
# / ____| | | | / / #
# | (___ | | ___ _ _ __ ___| |_ __ __/ /_ #
# \___ \| |/ / | | | '_ \ / _ \ __| \ \ / / '_ \ #
# ____) | <| |_| | | | | __/ |_ \ V /| (_) |#
# |_____/|_|\_\\__, |_| |_|\___|\__| \_/ \___/ #
# __/ | #
# |___/ #
# #
## - 05/07/2019 - Asus Firewall Addition By Adamm v6.8.5 #
## https://github.com/Adamm00/IPSet_ASUS #
################################################################################


================================================================================


Router Model; RT-AC86U
Skynet Version; v6.8.5 (05/07/2019) (1b0d481af8d2da574015a3de5548ed51)
iptables v1.4.15 - (eth0 @ 192.168.1.1)
ipset v6.32, protocol version: 6
IP Address; (65.190.32.148)
FW Version; 384.13_0 (Jul 31 2019) (4.1.27)
Install Dir; /tmp/mnt/sda1/skynet (8.5G / 9.5G Space Available)
SWAP File; /tmp/mnt/sda1/myswap.swp (512.5M)

^C

 

[Elmer]

I had an AC88 and I struggled with this same problem. I agree with Adamm, Skynet is not the culprit, it's just the first to go down in the firmware crossfire. If you are having the same problem as I was, you'll see memory constantly hovering around max. If you reboot, memory will be fine, but within hours it will be back to the 97%+ range (also had a swap on an SSD in a USB 3.0 adapter - better than USB thumbdrive). First thing to die was Skynet, and eventually you'd get a kernel panic. Tried turning this off, and that off, and nothing seemed to help, until...

I was reading an article about trendmicro and asus (you'll see a lot of old threads here), and I decided well, if I have Skynet, why do I need trendmicro? Went to the privacy page, turned off the privacy agreement for trendmicro and IFFT/Alexa (wasn't using that feature anyway) and viola, smooth sailing ever since. It's amazing how much stuff is disabled when trendmicro is turned off, and among them is adaptive QOS. Well, that was another surprise, traditional QOS still works (thanks "VAL D."), and it worked better for me than adaptive QOS (A+ bufferbloat these days). One downside is that hardware acceleration supposedly gets turned off, and the router can only handle ~400M bps from the modem (according to another post). I'm good with that, you may not be. The traffic analyzer goes away as well, Anyway, my guess is that there is some poorly written closed binary Asus code (they don't have a great track record - I'm also a Crosshair Hero VI user, and speak from experience). Great router, Merlin is doing a fantastic job, but how many times have you heard him say - can't do anything about that, it's an Asus binary.

Shame really. Like I said, it's great hardware (except for cooling maybe).

 

[Kingp1n]

I had an AC88 and I struggled with this same problem. I agree with Adamm, Skynet is not the culprit, it's just the first to go down in the firmware crossfire. If you are having the same problem as I was, you'll see memory constantly hovering around max. If you reboot, memory will be fine, but within hours it will be back to the 97%+ range (also had a swap on an SSD in a USB 3.0 adapter - better than USB thumbdrive). First thing to die was Skynet, and eventually you'd get a kernel panic. Tried turning this off, and that off, and nothing seemed to help, until...

I was reading an article about trendmicro and asus (you'll see a lot of old threads here), and I decided well, if I have Skynet, why do I need trendmicro? Went to the privacy page, turned off the privacy agreement for trendmicro and IFFT/Alexa (wasn't using that feature anyway) and viola, smooth sailing ever since. It's amazing how much stuff is disabled when trendmicro is turned off, and among them is adaptive QOS. Well, that was another surprise, traditional QOS still works (thanks "VAL D."), and it worked better for me than adaptive QOS (A+ bufferbloat these days). One downside is that hardware acceleration supposedly gets turned off, and the router can only handle ~400M bps from the modem (according to another post). I'm good with that, you may not be. The traffic analyzer goes away as well, Anyway, my guess is that there is some poorly written closed binary Asus code (they don't have a great track record - I'm also a Crosshair Hero VI user, and speak from experience). Great router, Merlin is doing a fantastic job, but how many times have you heard him say - can't do anything about that, it's an Asus binary.

Shame really. Like I said, it's great hardware (except for cooling maybe).

I'm trying to use traditional qos...can you assist on how you were able to set it up?

 

[Elmer]

I'm trying to use traditional qos...can you assist on how you were able to set it up?

I'm certainly not an expert, and I just did what user "Val D." said to do, which was keep it simple, but in a nutshell:
1. Under Adaptive QOS/QOS tab select traditional QOS
2. I use fq_codel - again I'm no expert, it just seems to work OK
3. I have cable so I used that as the preset
4. I have 200 Mbps/10 Mbps cable so I went with 9 up and 185 down (you can fine tune these using dslreports speedtest that displays buffer bloat)
Using about 85% of your bandwidth will usually give decent bufferbloat. I get A+ with these setting, F with no QOS.
5. There is a drop down tab in the upper right corner. The options are very dated, but at a minimum set:
a. file transfers and bittorrent to low
b. web/http/https and DNS to high

Been working great for me. You'll see a bunch of stories about how it is broken, but apparently it was patched up a while back.
After activatiing, you may need to reboot..

 

[Val D.]

After activatiing, you may need to reboot..

You may not need to. I can turn it ON and OFF and test the results on the fly. And the results are:

QoS Disabled - bufferbloat rating D
Traditional QoS Enabled (90% ISP speed) - bufferbloat rating A

I don't know what is/was broken in Traditional QoS, but constant good results show it is actually working.

 

[Kingp1n]

I'm certainly not an expert, and I just did what user "Val D." said to do, which was keep it simple, but in a nutshell:
1. Under Adaptive QOS/QOS tab select traditional QOS
2. I use fq_codel - again I'm no expert, it just seems to work OK
3. I have cable so I used that as the preset
4. I have 200 Mbps/10 Mbps cable so I went with 9 up and 185 down (you can fine tune these using dslreports speedtest that displays buffer bloat)
Using about 85% of your bandwidth will usually give decent bufferbloat. I get A+ with these setting, F with no QOS.
5. There is a drop down tab in the upper right corner. The options are very dated, but at a minimum set:
a. file transfers and bittorrent to low
b. web/http/https and DNS to high

Been working great for me. You'll see a bunch of stories about how it is broken, but apparently it was patched up a while back.
After activatiing, you may need to reboot..

@Elmer and Val D. Thanks for the response....if I do any type of gaming, mainly on Xbox and ps4...should I put it under high or highest? The fam also does video streaming i.e. Kodi, Netflix, Hulu, Prime....etc, where wld I put these while I'm gaming at the same time?

 

[Val D.]

should I put it under high or highest?

QoS is just one variable in the performance equation. You may not need QoS at all.
If you want everyone on your network to be happy, then the following is more important than QoS:

- all traffic-hungry clients wired or on 5GHz AC only, 433Mpbs link speed and up
- the sum of all client's Internet traffic doesn't exceed 80% of the ISP connection speed
- run on the Router software and services you absolutely need, let the Router do routing

If something above is not right, then some devices will suffer, no matter what magic settings you have. Don't try to control everything, let the OoS do what it is designed to do. Just set the essential Internet services to Highest, file transfers and torrents to Lowest. This is the default setting anyway. You can select device priority, if you like. Xbox and PS4 as High, for example. Test and see what the result is. If it is not what you expect, you may need to upgrade something. No software solution will fix hardware deficiency.

Before you begin testing, make sure there is no waste of resources on your network. Some examples:

- 1080p YouTube on a laptop with 1280x768 screen resolution. This laptop can't show 1920x1080 pixels on it's screen.
- 1080p YouTube on a 5.5" phone screen. Do you have any family members watching videos using a magnifying glass?
- Router Firewall + Firewall script + AiProtect + DNS Filter + Windows Firewall + Antivirus + Malware Protection +... what?
- DNS Ad-blocking + Pi-Hole + AdGuard DNS +... seriously? I've seen this, not a joke.
- Wireless NAS. Something that is stationary and can read/write with >100MB/sec is wireless? Sure! Mobile devices can wait.

 

[Kingp1n]

QoS is just one variable in the performance equation. You may not need QoS at all.
If you want everyone on your network to be happy, then the following is more important than QoS:

- all traffic-hungry clients wired or on 5GHz AC only, 433Mpbs link speed and up
- the sum of all client's Internet traffic doesn't exceed 80% of the ISP connection speed
- run on the Router software and services you absolutely need, let the Router do routing

If something above is not right, then some devices will suffer, no matter what magic settings you have. Don't try to control everything, let the OoS do what it is designed to do. Just set the essential Internet services to Highest, file transfers and torrents to Lowest. This is the default setting anyway. You can select device priority, if you like. Xbox and PS4 as High, for example. Test and see what the result is. If it is not what you expect, you may need to upgrade something. No software solution will fix hardware deficiency.

Before you begin testing, make sure there is no waste of resources on your network. Some examples:

- 1080p YouTube on a laptop with 1280x768 screen resolution. This laptop can't show 1920x1080 pixels on it's screen.
- 1080p YouTube on a 5.5" phone screen. Do you have any family members watching videos using a magnifying glass?
- Router Firewall + Firewall script + AiProtect + DNS Filter + Windows Firewall + Antivirus + Malware Protection +... what?
- DNS Ad-blocking + Pi-Hole + AdGuard DNS +... seriously? I've seen this, not a joke.
- Wireless NAS. Something that is stationary and can read/write with >100MB/sec is wireless? Sure! Mobile devices can wait.

Thanks, Ill try it out. Do I need to messed around with the "user-defined priorities" settings? Also, under user-defined QOS rules, I've added xbox live and playstation network to reflect under "high", do I need to input anything inside the transferred column?