Posted: Wed Jul 13, 2022 21:09 Post subject: Boot loop: when QoS enabled (attempting to limit VAP)?
Router/Version: Linksys EA6700/V1(CFE with 32k Fix)
File/Kernel: cli wget & write linksys-ea6700-webflash.bin
Previous/Reset: r49418/Yes
Mode/Status: WAN Disabled, WAP, router, wl0 enabled, VAP wl0.1(assigned to bridge br1), br1 unbridged & isolated, wl1 disabled, dnsmasq (VAP DHCP & DNS), firewall disabled in GUI, iptable commands for br1 NAT, QoS to limit br1
Issues/Errors: Yes, boot loop
I have hesitated to report an issue. I had to take some time to try and isolate the issue rather than just say it's a kernel-panic loop. After upgrading and configuring my setup, the box enters a boot loop. I recover by resetting.
I have narrowed it down to the QoS settings: QoS setup for the LAN & WLAN side(since WAN is disabled). The only item is the interface VAP bridge br1 (which is assigned wl0.1). I set WAN throttling levels at 0(since WAN is disabled), I set the QoS LAN values to 500k. Clicking save & apply is fine, it's rebooting after the QoS changes that the symptom appears. Sometimes I get the CFE Mini browser page, sometimes I get nothing, I have been pinging it and watching TTL=100 for a few seconds then unreachable, then TTL=64 for a few seconds, before the router reboots. If I am fast enough I can load the DD-WRT index page before it reboots. It never recovers from this loop, I have to reset and start the config from scratch (or from the previous saved config before the QoS change).
FYI, I stated this investigation because while upgrading my spare EA6400 with r49418, I encountered a boot loop. The previous version installed on the EA6400 & EA6700 was from early 2021. Such a big jump had me at a disadvantage as far as being able to specify what exactly the issue was. I was not sure if it was hardware related, my poor DD-WRT config skills, or firmware. I was only able to confirm and narrow down the issue with the EA6700 a few hours ago. I would love to supply logs, but I am not setup right now with serial port connection.
If someone could guide me on how to save syslogs to external storage when a boot loop occurs, I would appreciate it.
I hope this helps - I assume you will need more information, please ask and I will try to provide it.
On @@the-joker's advice, I have started a new thread for this issue.
I assume this issue may have been before r49418, but I can't specify a tighter range. I upgraded from an early 2021 version.
Posted: Wed Jul 13, 2022 21:14 Post subject: Config
Config:
I have gone back and forth between using VAP wl0.1 on it's own bridge and unbridged. So, wl0.1 with or without br1 does not seem to make a difference as far as the boot loop goes.
Also, I have enabled and disabled wl1 and that does not make a difference as far as the boot loop goes. Currently wl1 is disabled to make troubleshooting simpler.
DD-WRT GUI config for "WAN" is disabled, but the actual WAN port is assigned the switch's vlan2 and by default assigned to br0.
WAN port on vlan2.png
Description:
Filesize:
24.92 KB
Viewed:
2508 Time(s)
VAP br1 assiged wl0.1.png
Description:
Filesize:
36.05 KB
Viewed:
2508 Time(s)
WAN Disabled.png
Description:
Filesize:
6.06 KB
Viewed:
2508 Time(s)
Last edited by ZenInTexas on Thu Jul 14, 2022 0:31; edited 1 time in total
QoS is disabled currently and r49467 is stable in this configuration. If I enable QoS, click save and then click apply, the box seems fine.
The problem is after I enable QoS on VAP br1(or wl0.1 if unbridged), if I ever reboot, the box enters a boot loop. And the only way to recover is to reset nvram (somehow, either thru the CFE Mini or reset button, either way allows me to start configuring dd-wrt from the start again)
QoS Enabled.png
Description:
QoS enabled, not stable on reboot
Filesize:
48.29 KB
Viewed:
2506 Time(s)
QoS disabled.png
Description:
Stable on reboot
Filesize:
6.87 KB
Viewed:
2506 Time(s)
Last edited by ZenInTexas on Thu Jul 14, 2022 0:32; edited 1 time in total
I know there has been recent changes to 5GHz and some concern about that. To simplify debugging, I have disabled wl1(aka 5GHz).
I have read that about the recent concerns regarding CTF. To simplify debugging, I have disabled the engines. However, I am not sure why it seems like they are still running. See syslog(attached to the 1st post), which shows related messages.
Also, syslog(attached to the 1st post) shows that the NAS service is running, but from the GUI I think I have disabled it.
GUI shows nas should be disabled (I think).png
Description:
Filesize:
33.55 KB
Viewed:
2502 Time(s)
FYI, Engine should be disabled (but syslog shows CTL messages).png
DD-WRT SPI firewall disabled in GUI. iptable commands added via Command->firewall(see attached) I have gone back and froth with having wl0.1 bridged and unbridged, my comments need updating.
As a workaround to get VAP working, I added commands "sleep 10;stopservice nas;stopservice wlconf;startservice wlconf;startservice nas" in firewall commands (per @the-joker).
Based on new information, I removed the VAP workaround commands 2 weeks, when I installed r49418(from an early 2021 version, which had the issue with VAP).
GUI firewall disabled.png
Description:
Filesize:
34.09 KB
Viewed:
2490 Time(s)
July 13 2022 firewall.txt
Description:
iptables commands in "Firewall" commands. NOTE: I have gone back and froth with wl0.1 bridged and unbridged, comments need updating
Perhaps avoiding this configuration is the problem using a vap with qos port selected "lan & wlan", the dd-wrt quality of service wiki states to use a bridge configuration and that maybe the reason you had these regression issues with qos setup with a vap?
The other issues with the EA6400 may need it's own thread or try another build.
Perhaps avoiding this configuration is the problem using a vap with qos port selected "lan & wlan", the dd-wrt quality of service wiki states to use a bridge configuration and that maybe the reason you had these regression issues with qos setup with a vap?
That's a fair point about the QoS wiki. In a previous post, I posted the QoS config - QoS Enabled.png. It does show this configuration is attempting to do QoS on bridge br1. I did add bridge br1 and assign VAP wl0.1 to it. And when I enabled QoS, on the QoS page, I selected only br1 to be limited to LAN of 500kBits - saving & applying is fine; rebooting results in a boot loop.
Yes I seen your config but as mentioned "client or repeater bridge modes" are supported, using a wap configured br1-vap , no inbound limited stated maybe the reason your having problems.
As an experiment could you try one of the configuration stated in the wiki?
I'll see if this works on my end later this evening on another router I have.
By the way do you have a main router with dd-wrt flashed? If so use qos on to limit your wap, create a vap on the main dd-wrt router to limit the vap if you would like as well.
Edited: I used my old F7D4302 to flash dd-wrt on, I did run into some issues with the r49467 no lan dhcp worked, static ip or wifi would connect this build was flaky for me and so I flashed the r49492 this build allow me to continue to configure station bridge? either way it work to but no vap would work and this part is documented I believe? I continued to check if qos would work with the connection port set to "lan & wlan" no boot loop after rebooting but qos didn't work.
The wiki is correct but having BRIDGED in caps I kinda thought repeater/client but knowing vap may not work in either configuration didn't register until later my apologies on that but I didn't run into a boot loop.
Is the EA6700 hardwired to another dd-wrt router or no?
As an experiment could you try one of the configuration stated in the wiki?
I will; I think you have a good point. It would be good to know if QoS still works as "documented" or if there is some other underlying issue.
native_tx wrote:
By the way do you have a main router with dd-wrt flashed? If so use qos on to limit your wap, create a vap on the main dd-wrt router to limit the vap if you would like as well.
I have a main router with an older version of dd-wrt. It's CPU usage is a bit high because it is running the VPN for the entire network. I really hate messing with the main router; any problems take everything offline. I have another eBay router(with a better CPU) that will show up soon. When it shows up, I will try out QoS on the main router replacement with a VPN and see how it works.
native_tx wrote:
...either way it work to but no vap would work and this part is documented I believe? I continued to check if qos would work with the connection port set to "lan & wlan" no boot loop after rebooting but qos didn't work.
Thanks for testing it. I really appreciate the fact you tried it. I went back to using an unbridged VAP today. I have gone back and forth with the VAP being bridged and unbridged. Besides the QoS issue, I have not yet gotten the firewall/start up script to use iptables 100% correctly for a bridged VAP. I have a client that I use to test what's open: ports, DNS, DHCP, subnet access, etc. So, I am back to using the VAP in a non-bridged setup with an iptables config that does work 100% correctly; at least until I get more time to mess with iptables.
Thanks again for the feed back on not seeing a boot loop; that is very valuable information.
native_tx wrote:
Is the EA6700 hardwired to another dd-wrt router or no?
I am beginning to think the configuration I would like is just not possible right now.
I've done testing in the past using a vap but it was done on a main router running dd-wrt and not on a wap config, from time to time I do find qos on dd-wrt may have problems loading leading to a broken inbound qos but not a boot loop on the main router that qos is configured it maybe possible that additional unnecesary configs were done on your router that could've lead to this but I would have to have to setup a wap with dd-wrt and setup the vap on the current build r49492 later using an arm router instead of mips.
Depending on the build your running and updates to openvpn it would probably be advisable to upgrade be sure to create a backup both written(copy/paste) and in dd-wrt format for the current build but don't use the backup for the upgraded build manually input(copy/paste)perhaps someone else may give other instructions on if this is necessary or not? when upgrading or upgrading is necessary?
Joined: 31 Jul 2021 Posts: 2146 Location: All over YOUR webs
Posted: Sun Jul 17, 2022 18:20 Post subject:
Sorry, just been too busy and missed this thread entirely, just didnt show up on my radar.
I'm not entirely sure what the issues are with CTF/SFE (some people have raised issues but its hard to get to the bottom without any indicators on any provided evidence like logs etc), I dont use CTF personally as I dont need it, My ISP speed is 100Mbps down and 10Mbps up, but SFE is enabled on mine, doesn't seem to give me any troubles.
CTF and CTF & FA will by design break port forwarding and QoS, because they are both by definition bypassing all this traffic shaping and other rules in order to do their job.
CTF (is software NAT acceleration) only supports adaptive QoS, while CTF & FA (rather the FA part which is hardware acceleration) doest support any QoS.
OK that said, when you enable CTF & FA it needs two reboots, the first loads the modules the second enables the onboard chip that handles the HW acceleration for FA. proper initialization is required, so I hope this isn't what the boot loops are that you noticed. I may have missed your detailed explanation.
Ill try and read though thread with more attention, now I have to go feed myself and my cats, before they feed on me.
You could try enable verbose userspace messages (hidden by default) with nvram set console_debug=1 && nvram commit && reboot and see if your logs help get any more info
When you're done just do nvram unset console_debug && nvram commit && reboot, else your logs are just filled.
Joined: 08 May 2018 Posts: 14246 Location: Texas, USA
Posted: Sun Jul 17, 2022 18:42 Post subject:
Neither SFE (Fast-classifier from QCA) nor CTF/CTF+FA function together with QoS in DD-WRT. Before CTF was re-introduced along with FA, SFE and QoS could *not* be enabled at the same time because they cannot coexist. SFE does essentially the same thing as CTF. _________________ "Life is but a fleeting moment, a vapor that vanishes quickly; All is vanity"
Contribute To DD-WRT Pogo - A minimal level of ability is expected and needed... DD-WRT Releases 2023 (PolitePol)
DD-WRT Releases 2023 (RSS Everything)
----------------------
Linux User #377467 counter.li.org / linuxcounter.net