Locking up ?

Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware
Author Message
woto
DD-WRT Novice


Joined: 29 Apr 2015
Posts: 11

PostPosted: Mon May 31, 2021 6:51    Post subject: Locking up ? Reply with quote
Hey Guys

Having a problem with the router locking up - after a few days I can’t log into the router the internet is still on and everything is running ok apart from logging into it - the router is a TP Link Archer C9 v3 running r46301 - I have also tried a v2 router with the same results - My family have the same router running the same firmware on a couple of their routers that don’t lock up - tried different firmwares with no luck- this has been happening for months now - I have keep awake set on the router tried that for everyday and every week but it still locks up at some point - Hope someone could help as Im a bit lost now to why this is happening
Sponsor
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6388
Location: UK, London, just across the river..

PostPosted: Mon May 31, 2021 12:23    Post subject: Reply with quote
depends from the settings you use, but yep it happens on some unstable set ups or a bad build regarding your router in particular...best bet.. reset, flash to a newer build, reset, rebuild settings manually, do not load them from save file from a different builds...

otherwise to diagnose the problem provide more details..
provide those outputs or syslog while it happens on the router side...

dmesg
cat /tmp/var/log/messages

if you have a telnet/ssh access to the router you can try those commands via CLI

stopservice httpd
startservice httpd

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,AP Isolation,Ad-Block,Firewall
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 --DD-WRT 55363 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55363 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
woto
DD-WRT Novice


Joined: 29 Apr 2015
Posts: 11

PostPosted: Mon May 31, 2021 19:44    Post subject: Reply with quote
Ok thanks - I could give that a go with the rebuild - what do them commands do if I ran them ?
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6388
Location: UK, London, just across the river..

PostPosted: Mon May 31, 2021 20:52    Post subject: Reply with quote
stopservice httpd && startservice httpd

restart the GUI service... Cool

now if you ask me what is GUI... Graphical User Interface.. Laughing

p.s. opss thanks KP-69 corrected, been too rushy...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,AP Isolation,Ad-Block,Firewall
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 --DD-WRT 55363 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55363 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913


Last edited by Alozaros on Tue Jun 01, 2021 9:37; edited 1 time in total
kernel-panic69
DD-WRT Guru


Joined: 08 May 2018
Posts: 14102
Location: Texas, USA

PostPosted: Mon May 31, 2021 23:09    Post subject: Reply with quote
Graphical* https://www.google.com/search?q=GUI
_________________
"Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT
Pogo - A minimal level of ability is expected and needed...
DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)

----------------------
Linux User #377467 counter.li.org / linuxcounter.net
woto
DD-WRT Novice


Joined: 29 Apr 2015
Posts: 11

PostPosted: Tue Jun 01, 2021 7:07    Post subject: Reply with quote
Thanks - lol

Do you think it could be the amount of devices connected on the network that's causing the GUI to lock up ?
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6388
Location: UK, London, just across the river..

PostPosted: Tue Jun 01, 2021 9:40    Post subject: Reply with quote
and what is the amount of devices ?

yes and no...it could eat a lots of ram and than router will become slow and funny...but i had 50+ and never had a complains...than again it depends form the way how the unit is set up, scripts running, activity, CPU amount of ram and ect...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,AP Isolation,Ad-Block,Firewall
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 --DD-WRT 55363 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55363 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
woto
DD-WRT Novice


Joined: 29 Apr 2015
Posts: 11

PostPosted: Tue Jun 01, 2021 10:13    Post subject: Reply with quote
I have everything wired with 3 switches of 8 - routing to all devices only phones, tablets and Alexa's are WiFi - Approximately 43 devices - I have a enabled Syslog as it wasn't enabled - I don’t have any scripts running it's quite standard default - have some ports open - web GUI enabled - 2 clients for WOL - that’s about it - It can be running for 3 weeks or more before the GUI lockup and sometimes only a couple of days it’s very random
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6388
Location: UK, London, just across the river..

PostPosted: Tue Jun 01, 2021 16:55    Post subject: Reply with quote
web GUI enabled and ports open sounds scary....very scary...!!
do you mean GUI is exposed over the WAN ?

If, so make sure its very secured, at least use a very long and complex password...if there are a lot of attempts to break in that may lock in the GUI...

Otherwise, your router has a decent CPU and Memory to sustain that many devices, i guess...in the past i had 50+ on R7000 with same CPU and bit more ram...
To improve your set up, if you have that many devices and you use DNSmsaq for DNS...as it should... you may need to increase the size of the concurrent queries..
add this line to advanced DNSmasq

dns-forward-max=500

also make sure your WiFi is using an appropriate set up... https://forum.dd-wrt.com/phpBB2/viewtopic.php?t=327595

if you can collect the log it will be more useful...
you can forward it to a syslogger either online or over the LAN if you have a PC that can run it...
otherwise if locks up try to use those 2 commands i gave you via ssh... stopservice httpsd && startservice httpd

Finally, since your build is old, there are a lot of new builds around, some of them contain critical security fixes... so its not bad idea to update...bear in mind, if you use VLan set up(switched ports), on the new builds Vlans are using different approach on Broadcom devices...all set up via GUI or its using same command line commands as Atheros devices, if you prefer setting it via CLI...still WIP..but working...

No idea, what kind of devices are you running, but i would ve separate my devices on a different VLan segments related to a different router ports (4 ports behind), so you can isolate those, that do not need to communicate with the others, in order to prevent inter network spam...as some of the IoT and Smart devices can really spam the LAN segment...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,AP Isolation,Ad-Block,Firewall
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 --DD-WRT 55363 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55363 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
woto
DD-WRT Novice


Joined: 29 Apr 2015
Posts: 11

PostPosted: Wed Jun 02, 2021 8:29    Post subject: Reply with quote
Thanks for the info - I have to use the web GUI over WAN as I use WOL a lot - My password is 20 random digits - Didn't have the wifi set like that all - I've altered Mode, Channel and Width used it like that for years with no problems - I have 4 other routers the same in the family their’s don’t have a problem but they don’t have many devices connected – The devices I run are TVs – Media players – NAS – CCTV – Alarm system – Alexa’s – Harmony elite Remote – Vera Plus automation – Hue bridge – Amplifier/Receiver – Apple AirPort – Tablets – Phones – laptops – Desktop PC -
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6388
Location: UK, London, just across the river..

PostPosted: Wed Jun 02, 2021 14:26    Post subject: Reply with quote
There you go...GUI over WAN...!!
If your GUI has https access, than you must use a different certificate, as i guess that one that comes with DDWRT is self signed...and probably not that secure...

The thing with exposing it, if you see your firewall log you will find its a heavy abused subject, either via script based attacks or individual attackers and this takes resources and causes DDoS at some point...and your router locks up GUI...

If i remember correctly, BS the main developer, imposed a rule on the last builds, to time out those trys, if they are wrong attempts, but that is not a solution....as the attackers will continue..

In general WAN GUI is bad idea, as an alternative people use SSh key cyphered and no password, or VPN to connect to GUI...as the best option

In the forum there are few guides here and there, about it..or if you need more info create a new thread in advanced networking forum section...How to access securely GUI via WAN...

As, far as a big number of devices...I used to run my R7000 in very heavy used environment and never had that issue, but I used SSh over the WAN instead of GUI..with secure key only access only, password was disabled...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,AP Isolation,Ad-Block,Firewall
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 --DD-WRT 55363 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55363 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
tedm
DD-WRT Guru


Joined: 13 Mar 2009
Posts: 554

PostPosted: Thu Jun 03, 2021 0:27    Post subject: Reply with quote
woto,

could you please confirm that when the "GUI locks up" that the router is still running and that you can SSH or Telnet into the router and kill and restart the httpd process and the GUI will come back?

There's a longtime bug in dd-wrt on this. It does not affect a lot of routers but it does affect some. Refer to
https://svn.dd-wrt.com/ticket/6873
and IF your device matches the symptoms, please add to this bug.

Please ALSO note my item #2 in the last post to this bug. And read the discussion on remote attackers "hanging" on the http port in the bug.
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6388
Location: UK, London, just across the river..

PostPosted: Thu Jun 03, 2021 7:28    Post subject: Reply with quote
tedm wrote:
woto,

could you please confirm that when the "GUI locks up" that the router is still running and that you can SSH or Telnet into the router and kill and restart the httpd process and the GUI will come back?

There's a longtime bug in dd-wrt on this. It does not affect a lot of routers but it does affect some. Refer to
https://svn.dd-wrt.com/ticket/6873
and IF your device matches the symptoms, please add to this bug.

Please ALSO note my item #2 in the last post to this bug. And read the discussion on remote attackers "hanging" on the http port in the bug.


tedm if you have a problem with WAN address is showing your GUI, when no WAN access is activated, there is a mitigation for it...

iptables -I INPUT -s `nvram get lan_ipaddr`/`nvram get lan_netmask` -d `nvram get wan_ipaddr` -j DROP

As far as GUI is locking on you as well, have you even looked at your firewall log, when GUI over WAN is turned on...??
Same will happen, if i expose my low grade routers on WAN, as they don't have a capacity to handle those attacks....DDoS in other words...but it will happen eventually on the high grade routers too...so the answer is... either secure your WAN GUI or don't use it...

To be honest, i do agree on some builds, some routers have a buggy GUI...sadly/luckily non of my routers had the same issue for a long time...and as i read your statements...no prove, or any back up data was provided, just the classics "it was working before but now its not" i also want to learn and find why this is happening?

It could be a due to a bad config...or memleak or BS typo...what the standard config will do...try to eliminate any reason for it...services used and ect...as well provide kernel logs and any valuable output + what's running router model/firmware to BS...directly...

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,AP Isolation,Ad-Block,Firewall
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear R7800 --DD-WRT 55363 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55363 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum