Solved RT-AX86U Pro log repeats "WAN_Connection: WAN was restored" while red light keeps on and no Internet connection?

[Rici]

Hi,

Almost daily, if not more then daily (not sure exactly when it started, I somehow feel it started when I installed SkyNet...), my RT-AX86U Pro looses the WAN connection from the cable modem and cannot get it restored automatically. The red LED remains on and the router keeps stating "No internet" in the GUI, while the cable modem shows perfectly. Only turning the router off and on restores the WAN connection, a simple reboot usually does not help.

Router is running 3004.388.5, so the newest version. Under WAN options, DHCP is set to Continuous mode.

What is wrong here, and how to fix it?

Jan  9 22:28:55 rc_service: httpd 2418:notify_rc restart_logger
Jan  9 22:28:55 custom_script: Running /jffs/scripts/service-event (args: restart logger)
Jan  9 22:29:22 WAN_Connection: WAN was restored.
Jan  9 22:29:48 kernel: net_ratelimit: 8 callbacks suppressed
Jan  9 22:29:48 kernel: Invalid ndev status 4
Jan  9 22:29:48 kernel: wfd_unregisterdevice Successfully unregistered ifidx 3 wfd_idx 0
Jan  9 22:29:48 kernel: No wdev corresponding to bssidx: 0x0 found! Ignoring event.
Jan  9 22:29:48 kernel: wfd_unregisterdevice Successfully unregistered ifidx 1 wfd_idx 1
Jan  9 22:29:48 ovpn-client1[3138]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan  9 22:29:48 ovpn-client1[3138]: TLS Error: TLS handshake failed
Jan  9 22:29:49 ovpn-client1[3138]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Jan  9 22:29:49 ovpn-client1[3138]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan  9 22:30:02 kernel: wfd_registerdevice Successfully registered dev wds0.0.1 ifidx 3 wfd_idx 0
Jan  9 22:30:03 kernel: Invalid ndev status 4
Jan  9 22:30:03 kernel: wfd_unregisterdevice Successfully unregistered ifidx 3 wfd_idx 0
Jan  9 22:30:17 kernel: wfd_registerdevice Successfully registered dev wds0.0.1 ifidx 3 wfd_idx 0
Jan  9 22:30:49 ovpn-client1[3138]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan  9 22:30:49 ovpn-client1[3138]: TLS Error: TLS handshake failed
Jan  9 22:30:51 ovpn-client1[3138]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Jan  9 22:30:51 ovpn-client1[3138]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan  9 22:31:31 WAN_Connection: WAN was restored.
Jan  9 22:31:51 ovpn-client1[3138]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan  9 22:31:51 ovpn-client1[3138]: TLS Error: TLS handshake failed
Jan  9 22:31:55 ovpn-client1[3138]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Jan  9 22:31:55 ovpn-client1[3138]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan  9 22:32:55 ovpn-client1[3138]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan  9 22:32:55 ovpn-client1[3138]: TLS Error: TLS handshake failed
Jan  9 22:33:03 ovpn-client1[3138]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Jan  9 22:33:03 ovpn-client1[3138]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan  9 22:33:18 WAN_Connection: WAN was restored.

 

[jzchen]

DHCP is normally/default to Aggressive I thought, at least on non-Merlin ASUS firmware? Did you change that because of DHCP issues?

 

[TheLyppardMan]

Hi,

Almost daily, if not more then daily (not sure exactly when it started, I somehow feel it started when I installed SkyNet...), my RT-AX86U Pro looses the WAN connection from the cable modem and cannot get it restored automatically. The red LED remains on and the router keeps stating "No internet" in the GUI, while the cable modem shows perfectly. Only turning the router off and on restores the WAN connection, a simple reboot usually does not help.

Router is running 3004.388.5, so the newest version. Under WAN options, DHCP is set to Continuous mode.

What is wrong here, and how to fix it?

Jan  9 22:28:55 rc_service: httpd 2418:notify_rc restart_logger
Jan  9 22:28:55 custom_script: Running /jffs/scripts/service-event (args: restart logger)
Jan  9 22:29:22 WAN_Connection: WAN was restored.
Jan  9 22:29:48 kernel: net_ratelimit: 8 callbacks suppressed
Jan  9 22:29:48 kernel: Invalid ndev status 4
Jan  9 22:29:48 kernel: wfd_unregisterdevice Successfully unregistered ifidx 3 wfd_idx 0
Jan  9 22:29:48 kernel: No wdev corresponding to bssidx: 0x0 found! Ignoring event.
Jan  9 22:29:48 kernel: wfd_unregisterdevice Successfully unregistered ifidx 1 wfd_idx 1
Jan  9 22:29:48 ovpn-client1[3138]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan  9 22:29:48 ovpn-client1[3138]: TLS Error: TLS handshake failed
Jan  9 22:29:49 ovpn-client1[3138]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Jan  9 22:29:49 ovpn-client1[3138]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan  9 22:30:02 kernel: wfd_registerdevice Successfully registered dev wds0.0.1 ifidx 3 wfd_idx 0
Jan  9 22:30:03 kernel: Invalid ndev status 4
Jan  9 22:30:03 kernel: wfd_unregisterdevice Successfully unregistered ifidx 3 wfd_idx 0
Jan  9 22:30:17 kernel: wfd_registerdevice Successfully registered dev wds0.0.1 ifidx 3 wfd_idx 0
Jan  9 22:30:49 ovpn-client1[3138]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan  9 22:30:49 ovpn-client1[3138]: TLS Error: TLS handshake failed
Jan  9 22:30:51 ovpn-client1[3138]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Jan  9 22:30:51 ovpn-client1[3138]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan  9 22:31:31 WAN_Connection: WAN was restored.
Jan  9 22:31:51 ovpn-client1[3138]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan  9 22:31:51 ovpn-client1[3138]: TLS Error: TLS handshake failed
Jan  9 22:31:55 ovpn-client1[3138]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Jan  9 22:31:55 ovpn-client1[3138]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan  9 22:32:55 ovpn-client1[3138]: TLS Error: TLS key negotiation failed to occur within 60 seconds (check your network connectivity)
Jan  9 22:32:55 ovpn-client1[3138]: TLS Error: TLS handshake failed
Jan  9 22:33:03 ovpn-client1[3138]: WARNING: No server certificate verification method has been enabled.  See http://openvpn.net/howto.html#mitm for more info.
Jan  9 22:33:03 ovpn-client1[3138]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Jan  9 22:33:18 WAN_Connection: WAN was restored.

It might be a good idea to upload some screenshots of the settings on the WAN page, so that the experts on this forum can see exactly how your setup is configured. I'm not using Skynet, so I can't comment on that, but I am on the same firmware as you and I'm not having any WAN connection problems. In my case, my router is at the top of the stairs and is connected to the ONT supplied by my ISP (Zen Internet) using a Cat 7 Ethernet cable.

 

[Lynx]

I wonder if the problem relates to the same problem that I addressed with this solution:

GitHub - lynxthecat/maintain-wan-lease: Resolve problem with Asus Merlin routers in terms of release/renew of udhcpc.

Resolve problem with Asus Merlin routers in terms of release/renew of udhcpc. - lynxthecat/maintain-wan-lease

github.com

 

[Rici]

Now I watched the problem closely, and unfortunately it keeps occurring. Interestingly enough every day at almost the same time...

Having the log watches closely every day now I doubt that it's a Comcast DHCP issue that the Asus router can't handle properly.
I don't even have related DHCP entries in my log, so that probably might not be the problem.

While I don't know why it happens every 24 hours, I am confident now to know what's causing the problem of my Asus router: It just does not restore the WAN connection properly.

When the red light remain on despite my log stating that my WAN connection was restored, I manually turned the WAN connection off in the GUI and manually on a few seconds later. The red light on front of the router is gone and the router has Internet connectivity back.

That means: Asus, or Merlin, is restoring the WAN connection not handling correctly.
My log (see below) shows several entries with rc_service, restart_dnsmasq, wanduck, start_dnsmasq, and dnsmasq.conf.add entries, for which I don't know what it is.

• Although I have a vague feeling of what it should do, it obviously doesn't work correctly as my WAN connection does not get restored in a way that it is functional and I have Internet again.
• wanduck, IIRC, manages the WAN interface (detects and handles things when the WAN goes down, manages the red WAN LED, and so on). Maybe that's what fails on my router.

How to fix the problem of my Asus router not restoring the WAN connection correctly?
Can ChkWAN help? And if so: Where to find an implementation guide that actually works?

Jan 18 22:23:00 custom_script: Running /jffs/scripts/firewall-start (args: eth0)
Jan 18 22:23:00 dhcp_client: bound 71.nnn.nn.nnn/255.255.252.0 via 71.nnn.nn.n for 345600 seconds.
Jan 18 22:23:02 rc_service: service 1394:notify_rc restart_dnsmasq
Jan 18 22:23:02 custom_script: Running /jffs/scripts/service-event (args: restart dnsmasq)
Jan 18 22:23:02 custom_config: Appending content of /jffs/configs/dnsmasq.conf.add.
Jan 18 22:23:06 WAN_Connection: WAN was restored.
Jan 18 22:23:06 rc_service: wanduck 1574:notify_rc start_dnsmasq
Jan 18 22:23:06 custom_script: Running /jffs/scripts/service-event (args: start dnsmasq)
Jan 18 22:23:06 custom_config: Appending content of /jffs/configs/dnsmasq.conf.add.

 

[bennor]

Now I watched the problem closely, and unfortunately it keeps occurring. Interestingly enough every day at almost the same time...
<snip>

As a troubleshooting step have you tested with stock Asus firmware?
If you have access to another router perhaps set that up as a test and see if it exhibits the same issues.

 

[Lynx]

@Rici did you try the solution I developed and linked above?

 

[KevTech]

Under WAN options, DHCP is set to Continuous mode.

I have Comcast but DHCP is set to the default with no issues. You hammer Comcast servers with too many requests they will temporarily block you.

 

[Rici]

As a troubleshooting step have you tested with stock Asus firmware?
If you have access to another router perhaps set that up as a test and see if it exhibits the same issues.

Not yet, since I have no 2nd RT-AX86U Pro. I'm working on it, or testing with another Asus router - as I am certain it is the router that's causing my issues.
Proof:

• Restart my cable modem (when the problem with the router reporting no WAN connection exists) - no change.
• Restart my RT-AX86U Pro running Merlin (newest firmware): WAN connection restored.

Also, I tried ChkWAN. It sometimes gets a ping back, despite the router reporting no WAN connection. ChkWAN FORCE even transmits (seemingly super slow) some byte, so ChkWAN does not trigger an automatic router reboot, unfortunately.

 

[Rici]

@Rici did you try the solution I developed and linked above?

No, as it I think it is not a DHCP problem from Comcast.

 

[Rici]

I have Comcast but DHCP is set to the default with no issues. You hammer Comcast servers with too many requests they will temporarily block you.

View attachment 55723

No matter what I set the DHCP frequency to, it doesn't change my problem. And no, I am not hammering Comcast's DHCP server with requests, as the lease time I get from them is 3 days - and my issues with my router reporting no WAN connection occurs every 24 hours at almost the same time/minute.

 

[Rici]

Question - since my router reports no WAN connection every 24 hours at almost the same time/minute (although my DHCP lease from Comcast goes for 72 hours, and the Cable modem shows a perfectly working WAN connection):

What is running in the Asus router / Merlin every 24 hours?
I checked cron, but hour and time of the entries there don't fit with when my issues occur. So it probably is something not showing there.

Strange stuff...

 

[glens]

So you're /sure/ it's not the cable modem doing something iffy, like breaking the connection then not doing what's necessary to reestablish it?

 

[Rici]

Cable modem, including coax cable from the wall outlet to the modem itself, and then the Ethernet cable to the Asus router: What should happen exactly (almost to the minute) every 24 hours to them that is causing this problem?

Also, the LEDs on the cable modem don't show any error = lost connection. It's only my Asus router that declares "No WAN connection" despite the modem having one perfectly working.

 

[bennor]

As suggested above, post a screen capture of your WAN settings to review just in case there is something with your settings. Others who have RT-AX86U Pro's and use other broadband providers do not appear to report similar problems of the WAN dropping ever 24 hours. As such it is likely something specific to Comcast and possibly your router and it's configuration.
A few basic troubleshooting steps to narrow down or eliminate various things.

• Perform a hard factory reset and do a basic manual configure (do not import a saved router CFG file, disconnect any attached USB drive).
• If using Merlin firmware, flash stock Asus firmware and do a hard factory reset and basic manual configuration (do not import a saved router CFG file, disconnect any attached USB drive).
• Remove the Asus router from the configuration and either use the broadband providers router/equipment or use a second router.
• Check the broadband provider's router or modem to see if it has any log files and if the WAN disconnections are indicated.
• Some broadband providers may register a specific MAC address when activating the service, and kick devices that don't have that MAC address. One may have to clone that MAC address to their router.
• One may have to call their service provider and escalate the problem beyond the initial tech support script readers. They may have to get the service reset or see if the recorded MAC address can be updated on the service provider's end or provided to the customer so the customer can set a manual MAC address on their router.
• If the service provider's equipment is connected to a UPS, or smart plug, or power strip, remove the UPS or smart plug or power strip equation and check if issue continues.
• Check around the location for other equipment, and on the local network, to see if anything else is occurring right at the same time the WAN goes offline on the router.

It is possible there is a problem with the service provider's upstream equipment that only manifests itself under certain conditions like cold weather or while raining. Or the service provider's customer premises equipment is potentially failing or connected to a dirty power line or failing power strip.

 

[glens]

Check the broadband provider's router or modem to see if it has any log files and if the WAN disconnections are indicated.

This right here. My money's on the cable modem (or something upstream) doing housekeeping in a funky way. This is too uncommon(ly-reported) and too rhythmic for anything I know our wireless routers to be doing on their own.

 

[glens]

the LEDs on the cable modem don't show any error = lost connection. It's only my Asus router that declares "No WAN connection" despite the modem having one perfectly working.

It may well be that the modem's indicators are functioning properly, but perhaps not. If you can't determine with what "tools" you've got available, swapping-gear tests are in your future.

 

[Rici]

Here's a screenshot of my WAN settings:

 

[Rici]

Modem (Arris SB6190, runs fine for 5 years) log shows nothing, and status UI does not report anything unusual. All LEDs are blue = Internet connection, and have been steady blue while my RT-AX86U Pro reports No WAN connection and shows a red LED.


Today, it (no WAN connection with the red LED on) happened after 22,5 hours - that's new. Usually it was 24 hours close to the minute.

Since the system log reports it (see below): What is the content of "/jffs/configs/dnsmasq.conf.add" ?

• When I nano the content, it's empty?
• What should be added there?

Jan 22 20:34:27 WAN_Connection: WAN was restored.
Jan 22 20:34:27 rc_service: wanduck 1578:notify_rc start_dnsmasq
Jan 22 20:34:27 custom_script: Running /jffs/scripts/service-event (args: start dnsmasq)
Jan 22 20:34:27 custom_config: Appending content of /jffs/configs/dnsmasq.conf.add.

 

[glens]

Nothing or anything you want. If the file even exists.