AC88U with Merlin 380.60 beta WAN connection drops (DHCP)

[barbieaction]

Hi,

First i like to start by stating i do not think my problem is linked to the specific firmware. My problem accured on original Asus firmware.

My setup is as followed.
And my problem is connection drops (no more drops i think) but alot of error in the logs. It seems to me that my router blocks DHCP renewal from my modem.

The setup.

- Coxaial modem set as bridge, no dhcp, simple bridge to the Asus router. (192.168.100.1
- Asus AC88U set as a router with DHCP and wireless active. (192.168.1.1)

What happens is that 2-4 times a day the connection drops, i then have to restart the modem and disconnect the WAN port from the router and connect it again. When the connection drops i get an error on the asus router ISPS' DHCP failed and i can't access the coaxial modem at 192.168.100.1 until i restart it, but i can acces my router at 192.168.1.1. The modem can still be pinged by the service provider but i cannot access any webpage or such.

Now if i go to the Asus router and into WAN settings and set WAN-DNS to do not connect automaticly and set google dns as servers what happens is that even now when i get the ISP's DHCP failed in the router log i can still visit webpages and surf but my OpenVPN connection fails and my asus router now gets an Internal IP instead of the service provider IP and the router says disconnected from Internet, but the connection still works, and i can't access the coaxial modem at 192.168.100.1, if i restart the coaxial modem the router now gets the service providers assigned IP and everything works until next DHCP renewal.

I think my problem is the same as this thread:
http://www.snbforums.com/threads/is-this-a-bug-on-asus-firmware-wan-disconnections.8433/

So i made a nat-start script added
iptables -I INPUT -p udp --sport 67 --dport 68 -j ACCEPT
(Did the above due to maybe fix it related to another discussion on another forum)

Now my modem log gets filled with error. (My connection still works at the moment no drop, but i belive the drop will come soon) What is wrong with my setup or is it there a problem with my modem (getting a new this week from the service provider)

Honoring MDD; IP provisioning mode = IPv4
2016-6-21, 04:36:33 Critical (3) DHCP FAILED - Discover sent, no offer received;CM-MAC=a4:2b:8c:a9:0e:78;CMTS-MAC=00:0f:90:27:e3:e6;CM-QOS=1.0;CM-VER=3.0;

2016-6-21, 04:37:41 Critical (3) Received Response to Broadcast Maintenance Request, But no Unicast Maintenance opportunities received - T4 time out;CM-MAC=a4:2b:8c:a9:0e:78;CMTS-MAC=00:0f:90:27:e3:e6;CM-QOS=1.0;CM-VER=3.0;

2016-6-21, 04:37:56 Notice (6) Honoring MDD; IP provisioning mode = IPv4

2016-6-21, 04:38:00 Warning (5) DHCP WARNING - Non-critical field invalid in response ;CM-MAC=a4:2b:8c:a9:0e:78;CMTS-MAC=00:0f:90:27:e3:e6;CM-QOS=1.1;CM-VER=3.0;

2016-6-21, 04:38:00 Warning (5) ToD request sent - No Response received;CM-MAC=a4:2b:8c:a9:0e:78;CMTS-MAC=00:0f:90:27:e3:e6;CM-QOS=1.1;CM-VER=3.0;


Error log modem: http://pastebin.com/WBfi8d5F

Sorry if i posted this in the wrong section.

If anyone can explain to me or give me any info i would appreciate it alot!

 

[poor_poor]

Same issue, but my log show

Jun 21 19:01:50 WAN Connection: ISP's DHCP did not function properly.
Jun 21 19:01:50 DualWAN: skip single wan wan_led_control - WANRED off
Jun 21 19:01:50 stop_nat_rules: apply the redirect_rules!

 

[barbieaction]

Same issue, but my log show

Jun 21 19:01:50 WAN Connection: ISP's DHCP did not function properly.
Jun 21 19:01:50 DualWAN: skip single wan wan_led_control - WANRED off
Jun 21 19:01:50 stop_nat_rules: apply the redirect_rules!

This error i had before i did the following.
Go to WAN settings and set WAN-DNS to do not connect automaticly and set google dns as servers.
Then i added the nat-start script
iptables -I INPUT -p udp --sport 67 --dport 68 -j ACCEPT

Now im not getting those errors on the router anymore, but instead my modem/coaxial router that is bridge now shows what i posted in the error log.
It also seems that i have had no drops yet on my system.

 

[mstombs]

The ISP DHCP fix has been in Asuswrt-merlin for a long time, apparently needed when ISPs have pools of servers and any may reply

https://github.com/RMerl/asuswrt-merlin/blob/master/release/src/router/rc/firewall.c#L2390

I don't think this is at all related to the modem errors on the cable side.

 

[barbieaction]

The ISP DHCP fix has been in Asuswrt-merlin for a long time, apparently needed when ISPs have pools of servers and any may reply

https://github.com/RMerl/asuswrt-merlin/blob/master/release/src/router/rc/firewall.c#L2390

I don't think this is at all related to the modem errors on the cable side.

Thank you so much for the replay.
Is this an option that i need to activate or is it built into the code and runs on it's own?

Should i remove my iptables script?
Thank you so much for the input

 

[mstombs]

You can check if it is there without your script, using an iptables command - it should be inserted at a sensible place for performance, and the counters prove it is working. On different router/firmware here's mine:-

ASUSWRT-Merlin RT-N66U 380.59-0 Tue May 10 15:44:44 UTC 2016
admin@RT-N66U:/tmp/home/root# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination
1310 55272 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0           state INVALID
2000K  205M ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED
55388 3324K ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0           state NEW
374K   24M ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0           state NEW
1494  493K ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0           udp spt:67 dpt:68
138K 3878K ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0
6040  377K DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0

 

[primitivo]

Does it mean mine is not working due to counters being zeroed?

ASUSWRT-Merlin RT-AC68U 380.61-0 Fri Aug  5 01:18:59 UTC 2016
admin@RT-AC68U-72F8:/tmp/home/root# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination        
1110  143K ACCEPT     all  --  *      *       0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
   12   760 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0            state INVALID
  749 84062 ACCEPT     all  --  br0    *       0.0.0.0/0            0.0.0.0/0            state NEW
  188 44100 ACCEPT     all  --  lo     *       0.0.0.0/0            0.0.0.0/0            state NEW
    0     0 ACCEPT     udp  --  *      *       0.0.0.0/0            0.0.0.0/0            udp spt:67 dpt:68
    0     0 ACCEPT     icmp --  *      *       0.0.0.0/0            0.0.0.0/0          
    0     0 ACCEPT     tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:1723
    0     0 ACCEPT     47   --  *      *       0.0.0.0/0            0.0.0.0/0          
    3   299 DROP       all  --  *      *       0.0.0.0/0            0.0.0.0/0