If you can ping 8.8.8.8 from the router via SSH, but you can't ping that same IP from a LAN client, that suggests to me this is an issue w/ NAT. The router doesn't need NAT for itself to have internet access, but the LAN devices behind it do.
First thing I would do is disable all NAT/firewall acceleration (SFE, CTF, FA). You're unlikely to ever get close to the kinds of speeds those features can deliver when using the device as a travel router. And these features are KNOWN to cause all kinds of weird problems. You might as well just eliminate it as a culprit.
I'd like to see a firewall dump to see if in fact it is a NAT problem, or some other firewall issue.
Disabling SFE did not help, and there is no setting for CTF and FA on my Basic Setup page, as you can see on one of the screenshots. Attached is the output of your two commands, and incoming/outgoing firewall log screenshots.
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Tue May 10, 2022 13:53 Post subject:
In the past, i had something like on my R7000 with my other router ahead was giving correct IP, there was WAN and DNS, but no connection was possible...tried all sorts of things, static IP dynamic IP mac clone and ect. than decided to reset/reflash and it did work......the only thing was, i updated to the next firmware available..just don't use the old save file but rebuild manually... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
I am only at this place until Friday, and next one will be different, so I'd rather not reflash it. It worked at the three previous places, so hopefully will work at the next one as well. At least right now I can use it with mobile hotspot, but if I reflash, god knows how long it will take to fix it up again.
Ooh I know what is going on (sort of) and feel very stupid now. I do have an OpenVPN client configured with a kill switch. When I use mobile hotspot, it connects to VPN and everything is fine. When I use home internet, either the internet provider is blocking my VPN server IP, or Digital Ocean, where my server is spinning, is blocking my home IP. No VPN, no internet (which is by design).
I even thought about it the first time I had the problem. I looked at the VPN status page in DD-WRT web GUI and saw nothing (as opposed to errors in the VPN log), no attempts to connect. Little did I know that the server was simply unaccessible from the router.
Whatever it is, it has nothing to do with router settings. Thank you so much everybody for your help! Case closed (although not quite solved lol).
Note:
1. If you use the default TUN setup which is a routed solution, the servers subnet, the OpenVPN's subnet (10.8.0.0) and the clients subnet must all be different!
So better not use 192.168.1.0/24 or 192.168.0.0/24 for the OpenVPN servers subnet.