Random Clients being dropped (Connected, But no Internet)

[Jensen]

I recently upgraded to the AC86U.

I run PIA as a VPN for all clients, with a couple excluded for Netflix access. It has always worked great, but recently, I'm having a weird issue which I suspect is related to the routing table not being created correctly. VPN is configured as per the attached file. Basically x.x.x.x/24 devices going to 0.0.0.0 are to be VPN'd. Then I have a couple other entries for 2 devices I want excluded as well as the VPN address for my work. Everything works great, sometimes for 2 hours, other times for 2 days. Then, suddenly "some" of the devices will say connected to Wifi, but no internet, while others continue as normal with wifi and internet. Each time it occurs, the following entry is in the system log:

Nov 13 18:36:40 nat: apply redirect rules
Nov 13 18:36:40 WAN_Connection: WAN was exceptionally disconnected.
Nov 13 18:36:40 DualWAN: skip single wan wan_led_control - WANRED off
Nov 13 18:36:53 WAN_Connection: WAN was restored.
Nov 13 18:36:53 dnsmasq[2514]: read etc/hosts - 5 addresses
Nov 13 18:36:53 dnsmasq[2514]: read etc/hosts.dnsmasq - 1 addresses
Nov 13 18:36:53 dnsmasq[2514]: using nameserver X.X.X.X#53
Nov 13 18:36:53 dnsmasq[2514]: using nameserver X.X.X.X#53
Nov 13 18:36:53 nat: apply nat rules (tmp/nat_rules_eth0_eth0)

*There are no errors before or after this, so I am certain something here is dropping some devices from the network (also, the DNS address was removed for the post)

I'm fairly certain that when the nat: apply nat rules runs, it's not applying correctly or maybe not in the correct order. This config is identical to my last router, but for some reason is acting very, very differently.

Am I doing something wrong in the config, or is something going on?

I did try 2 different firmwares (and 1 beta) with 30-30-30 resets between, I've cleared the JFFS, turned JFFS ON/OFF, reset to factory defaults etc. When the issue occurs, I reboot the router and everything is fine again. Then at some random point, boom....some devices are offline.

 

[Jensen]

Anyone seen this? Have tips, or something to try? I've swapped out the router with a new one, tried the latest beta firmware, still no go.

 

[skeal]

Anyone seen this? Have tips, or something to try? I've swapped out the router with a new one, tried the latest beta firmware, still no go.

What are you using for DNS settings, either on the device or on the router?

 

[indark]

30-30-30 does not work

if it's not much trouble to reset, i will try power cycle and clear nvram with wps button.
it sometimes fix those awkward issue.

the steps:
power off router for 30+ sec, hold wps button while powering on
wait till the power led to start blinking/flashing then release the wps button
wait for the router to boot properly and manually reconfigure everything.

I will try to keep most setting as close to default as possible.

I will also try to clear the setting from the device in question and re-pair them with new setting too.
make sure you dont have some crazy characters in SSID/password.


also check if there is any driver update for the devices in question.

 

[Jensen]

What are you using for DNS settings, either on the device or on the router?

Oh come on, you and I both know it's NEVER DNS. Lol.

I have it set as follows:
On the WAN--> Internet Connection page, I have "Connect to DNS automatically?" set to no, then I supply the 2 DNS entries for the PIA VPN (They supply their own DNS addresses).

That said, some devices remain online. IE: My Google Pixel phone drops off, but my wife's Essential Phone stay running just fine. Because she's excluded from the VPN, the NAT rules apply and don't affect her. The devices which are routed through the VPN, all drop the internet connection.

 

[Jensen]

30-30-30 does not work

if it's not much trouble to reset, i will try power cycle and clear nvram with wps button.
it sometimes fix those awkward issue.

the steps:
power off router for 30+ sec, hold wps button while powering on
wait till the power led to start blinking/flashing then release the wps button
wait for the router to boot properly and manually reconfigure everything.

I will try to keep most setting as close to default as possible.

I will also try to clear the setting from the device in question and re-pair them with new setting too.
make sure you don't have some crazy characters in SSID/password.


also check if there is any driver update for the devices in question.

Definitely tried every reset method, 30-30-30, Emergency recovery, Initialize from the Admin page, WPS reset etc. Still happens, it's 100% a software/config issue.

Somthing I haven't tried yet is re-pairing the devices that drop. I did use the same SSID, so maybe the connection gets dropped for thode devices. Thanks! This is a great test!

 

[skeal]

I would reset to defaults and configure back up with screen shots. Who knows it may fix a few things you didn't even notice.

 

[Jensen]

I would reset to defaults and configure back up with screen shots. Who knows it may fix a few things you didn't even notice.

I'm assuming you didn't read the post in full, haha? I have reset many, many times to try to figure this out.

 

[skeal]

What setting in the vpn client have you for "accept dns configuration" ?

 

[Jensen]

What setting in the vpn client have you for "accept dns configuration" ?

I've tried Disabled, Strict and Exclusive with the same results on each. Unfortunately...

 

[indark]

Definitely tried every reset method, 30-30-30, Emergency recovery, Initialize from the Admin page, WPS reset etc. Still happens, it's 100% a software/config issue.

Somthing I haven't tried yet is re-pairing the devices that drop. I did use the same SSID, so maybe the connection gets dropped for thode devices. Thanks! This is a great test!

what i was trying to say is the 30-30-30 does not work with the new asus router.

if you did already did wps method exactly the way i mentioned and it still happen with all the setting default.
my suggestion is to create a guest wifi network, with simple alphanumeric ssid/password and test there.
I dont know what type of ssid/password you using, so it might also caused by special character if any.
It can also depends on how congested the wifi in your area is.
You can download wifi analyse tool and manually change the channel to less congested channel to see if it helps.

I also remember some experience wifi drop out with pixel phone, and it was caused by one of the security update.
I personally dont have issue with my pixel and ac3100, but it will be worth to check to see if your phone is up to date.

 

[Jensen]

what i was trying to say is the 30-30-30 does not work with the new asus router.

if you did already did wps method exactly the way i mentioned and it still happen with all the setting default.
my suggestion is to create a guest wifi network, with simple alphanumeric ssid/password and test there.
I dont know what type of ssid/password you using, so it might also caused by special character if any.
It can also depends on how congested the wifi in your area is.
You can download wifi analyse tool and manually change the channel to less congested channel to see if it helps.

I also remember some experience wifi drop out with pixel phone, and it was caused by one of the security update.
I personally dont have issue with my pixel and ac3100, but it will be worth to check to see if your phone is up to date.

So, I have definitely done every reset, but I think you may have resolved my issues. In your first part you said to reset the SSID of in the devices (not the router) and you clued me into something. I've been using the same SSID each time I reset the router, and all the devices which are failing are probably thinking they're connected to the original router, but the only thing that's the same is the SSID and password. So, last night I did a full reset again, and used a completely different SSID.... and it hasn't happened again (at least not yet). I'm going to start re-adding my IoT devices and see if it remains stable.

Thank you so much!

Crazy how the simplest little thing may end up resolving the issue. If it does, the config was likely ok, just that there must be something that links an SSID to a specific device and when it changes, it can cause weird issues when the NAT rules re-apply. Makes sense to me thinking about it now!

 

[Jensen]

So, I have definitely done every reset, but I think you may have resolved my issues. In your first part you said to reset the SSID of in the devices (not the router) and you clued me into something. I've been using the same SSID each time I reset the router, and all the devices which are failing are probably thinking they're connected to the original router, but the only thing that's the same is the SSID and password. So, last night I did a full reset again, and used a completely different SSID.... and it hasn't happened again (at least not yet). I'm going to start re-adding my IoT devices and see if it remains stable.

Thank you so much!

Crazy how the simplest little thing may end up resolving the issue. If it does, the config was likely ok, just that there must be something that links an SSID to a specific device and when it changes, it can cause weird issues when the NAT rules re-apply. Makes sense to me thinking about it now!

Just to follow up on this in case someone else has the same issue, It has not occurred in the last 3 days since I changed the SSID. So, lesson learnt...don't reuse the same SSID on a new router if you also rely on VPN rules to route some traffic and not others on Merlin Firmware. Not certain exactly what the underluying issue is, but the NAT rules must rely on a specifc router ESSID? Someone much smarter than I am might be able to explain why.

At this point, I consider the issue resolved! Thanks everyone!