Hello, I'm currently playing around trying to segment my network to separate my trusted clients from my untrusted IOT devices. What I've done so far is created 2 bridges and interfaces.

br-LAN is for ports 1 and 2 on my router that's used for trusted clients which is associated to interface LAN (clients of which will be assigned IPs of 192.168.1.X), and br-IOT is for ports 3 and 4 on my router that's used for untrusted/quarantined IOT clients which is associated to interface IOT (clients of which will be assigned IPs of 192.168.2.X). I've also created firewall rules to forward each interface to WAN. Subnet mask for both interfaces is 255.255.255.0.

Problem is, I can connect my computer to ports 1 and 2 and are assigned an IP of 192.168.1.X as desired, however I can still ping and interact with devices on 192.168.2.X including the LUCI interface on 192.168.2.1. Vice versa, I can connect my computer to ports 2 and 4 and are assigned an IP of 192.168.2.X as desired, however I can still ping and interact with devices on 192.168.1.X including the LUCI interface on 192.168.1.1.

Can someone please give me a clue on what I'm doing wrong here, as I want complete segregation of these ip groups from each other. Being honest, I'm not well versed in VLANs or subnets, so I'm not sure what's going wrong here. I've pretty much set this up the same as the Multiple Bridged Networks on the OpenWRT DSA Mini-Tutorial. I'm not sure if what I've set up is considered 2 separate VLANs which are discretely assigned to physical ports, or 2 subnets, or neither. Is the subnet mask the issue here or is it something else entirely? I've attached a crude network map along with LUCI interface and firewall configuration screenshots, and if needed, can paste the /etc/config/network and /etc/config/firewall in the comments.

Also just to clarify, it's not largely relevant here but I have 2 wireguard interfaces set up. WG0 is set up for me to remotely connect into my network and access internet through the WAN connection as well as access devices on 192.168.1.X, and wg1 allows select devices (192.168.1.X) to connect to another remote network through policy routing.

https://preview.redd.it/4bxl0zvt68sc1.png?width=1654&format=png&auto=webp&s=5e08ecbfb5590cd9de1672496051d77c08cdf587

https://preview.redd.it/w52korux68sc1.png?width=1650&format=png&auto=webp&s=8bd082c9b2cff20e9912088f62fd9d13e15b3685

https://preview.redd.it/fnjcq2sz58sc1.png?width=2382&format=png&auto=webp&s=3490cb7d5dd80440e1885b946960b70ec01de3c7

Skynet is a firewall which runs on iptables and automatically updated with the web gui info on type of blocks and alienvault links on blocked ip

It is the only thing that I miss from Asusmerlin hence everything else is avail (unbound, qos, vlans for parental control)

I tried flashing my e8450 with 23.05.3 .bin and I thought I bricked it and turned it off

Tried after it sat off and it works but now trying to flash the installer it and even downgrading to 1.0.0.0 Linksys firmware it says image file incorrect

Any ideas? The firmware is correct and unsigned following dangowrt guide

I want to get a router consumer brand or DIY project for openwrt. I want it to be able to broadcast two ssids that can be isolated from each other, or at least have functionality that allows it to segment wireless traffic into vlans.

What specs should I look for?

I'm trying to route IP ranges via already established tunnel between two openwrt routers :

ipset create range_ips hash:net

for range in 45.57.0.0/16 108.175.32.0/20 185.2.220.0/24 185.2.220.0/22 198.38.96.0/23 198.45.48.0/20 198.51.100.0/22 199.16.156.0/22 199.19.250.0/24 204.12.200.0/22 208.75.76.0/22 216.228.121.0/24; do

ipset add range_ips $range

done

echo "200 range" >> /etc/iproute2/rt_tables

ip rule add fwmark 1 lookup range

ip route add default dev wgserver table range

iptables -t mangle -A PREROUTING -m set --match-set range_ips dst -j MARK --set-mark 1

/etc/init.d/firewall restart

Unfortunatelly seems still, after traceroute from host inside network, being routed through WAN of local router instead other end of wireguard tunnel.

Hi, I recently bricked my TP-Link Archer A6, it was running OpenWRT. I do not have a backup router so I am using my RPI4 as a router. I am using it's inbuilt WiFi as an AP and the range is,well you all know about it. Are there any antennas or anything available online (I'm from India) so that I can use it for few more days. Thanks.

TL;Dr : suggest me antennas (USB preferred) for RPI 4.

Equipment: Netgear Wax 202 & WAX 206. Pics for more details.

https://preview.redd.it/3r9e68vc4zrc1.png?width=1173&format=png&auto=webp&s=e0a08f28f6d145822a5677498f91ad2d12686cdd

https://preview.redd.it/payad8vc4zrc1.png?width=1147&format=png&auto=webp&s=b86a5486ddf417e790303f03f5676583a7706057

My Problem:

I have tremendously high latency and drops just pinging the gateway, which is the router itself.

Details:

• It it present on all wifi networks 2.4 and 5 ghz.
• My WAX 206 is my "production" router running my wifi and other internet functions.
• Neither 2.4 or 5 ghz channels are saturated.
• I am not doing a tremendously large amount of network traffic. Often just web browsing.
• I am not far from it at all and nothing is in between me and it.

Example 1: Connecting to WAX 206 and immediately pinging it. Low latency for a few seconds and then high ping times with a single drop. There are often windows where 4 or 5 drops may happen several times within a few minutes.

https://preview.redd.it/ltesjty45zrc1.png?width=660&format=png&auto=webp&s=2b8c44f190200c229cb4ba0e4f212ed5d653d182

Example 2: WAX 202 same process. Possibly slightly better? Hard to say though since it is sporadic or inconsistent.

https://preview.redd.it/h0r50rpu6zrc1.png?width=612&format=png&auto=webp&s=78353f3dbd9523697def19d3cbc05a3b642c2701

Things I've checked/tried:

• Rebooting.
• No there aren't overlapped or saturated channels but I've tried different ones. I've tried changing the channel width as well.
• I've changed the security settings (WPA2, WPA3 mixed, CCMP, etc).
• I'm using the WAX 202 as a test. Upgrading to the new 23.05.3 made little to no difference on it.
• Changing various power options on the router and my laptop made no difference.
• On the WAX 202 I completely reset and reflashed it. The only thing I did was set a password, create a basic Wi-Fi network, and tie it to the LAN directly.
• In the case of my WAX 202 I am about 1 ft from it with these ping times and the only thing connected is my laptop over Wi-Fi. It has no internet access physically.
• Connecting to either via Ethernet has ping times of 1ms or less consistently
• Pulling out 1/3rd of my hair
• Praying to several deities

Also: OpenWRT forum

I'll start by saying I'm not super savvy when it comes to networking. I know the basics. I'd say that by the average persons standards, I'm a network engineer, and by a network engineers standards, I'm no better than the average person.

On to the stupid question.

I have a glinet travel router. It's a great little bit of kit, and once set up, works really well for what I do. The only slightly annoying thing is how long it takes for these routers to start/restart.

I go to multiple locations with various IP address ranges. Every time I want to use the router, I have to check/change settings, and possibly restart the router. Sometimes finding the existing IP address range requires extra faffing about.

Is it possible to have the router detect the existing network and set it's IP address, and possibly DHCP settings appropriately?

These networks typically consist of less than 20 connected devices (usually only 2-3) connected through unmanaged switches, and don't normally have a DHCP server on them.

There are 3 IP ranges most commonly in use. If fully automagic isn't an option, I'd be happy enough with a system that auto detected if either of two were in use and otherwise defaulted to the third, keeping the same basic settings for each range.

I am new to OpenWRT and Wire Guard and would like to know if my thinking is correct.

I have 3 different networks (Location A, Location B, Location C) that I would like to connect. Each network has a Linksys 1900AC router. Each location also has a Raspberry Pi. The Raspberry Pi at Location A functions as an NAS and as a MQTT Broker. The Raspberry Pis at Location B and Location C will need to connect to the Raspberry Pi at Location A to send periodic MQTT messages and to backup daily. I can successfully connect to each of the Pis through SSH (port 22) but that leaves a BIG vulnerability.

My goal is to lockdown all 3 locations at the router so that any and all incoming requests that come from a location other than the three will be rejected with a "get lost" response.

Is OpenWRT and Wire Guard a viable option for what I am trying to achieve? Would I need to set up Wire Guard with a site-to-site configuration? Should I use a server-client configuration?

Like I said, I am new to OpenWRT and Wire Guard so any and all suggestions and assistance would be greatly appreciated.

I was looking at this on AliExpress for my next upgrade. Planning on getting the barebones, and ordering my RAM and NVMe on Amazon. Most likely I'll only be running OpenWRT on it. I thought about proxmox, and running OpenWRT virtually, but that option just doesn't look stable, and too complex.

My question(s):

• Which is the best quality price RAM for the N100 from Amazon? Probably won't go more than 8GB.
• Which is the best quality price NVMe (128-256GB is plenty )for the N100 from Amazon?
• How do I go about installing OpenWRT on NVMe? I'm assuming it's this image. This will be in my basement where my CAT6 terminate, so once mounted, it'll be less flexible to pull the NMVe or move the unit.
• Would it be safe to use zip ties to secure it in a wall enclosure?

Hello,

I'm rather new to OpenWRT and I'm trying to connect to ethernet in a hotel room with little success. I have a Linksys WRT1900ACS V2 flashed with the most recent stable build linked on the associated OpenWRT page.

There is an ethernet port in my hotel room. When I connect my laptop directly to the port, I am prompted for a login when I go to example.com or 192.168.1.1. From a hard reset on the router, these are the steps I have taken and with which I've seen no success: -Boot up router -Connect LAN1 to Laptop -Change Laptop physical IP to 192.168.1.20 -Change LAN static IP to 192.168.2.1 -Relog after changing laptop to 2.20 -Go to DNS, disable Rebind Protection and uncheck 'only dhcp'.

From here, I am not able to get any pings through, nor can I access the captive portal. I think I'm missing something crucial, but it's unclear from the sections of the documentation I've looked at.

I have confirmed that I can plug and play from default settings when I use ethernet tethering on my phone. (Access internet on my laptop and download packages via the router web interface).

From the wiki: "It is common to use a USB 3.0 to Gigabit Ethernet adapter to connect your WAN/Internet device (e.g. cable modem), thus freeing up the built-in Ethernet port for a switch and/or wireless access point."

I did nothing of the above, I just flashed OpenWrt to an SD-card and use the pi's internal wifi and like that I have an access point. A switch I can see, and I understand it's just a "recommendation", but why would I want to free up the built-in Ethernet port to add an access point when the rpi in itself is already capable of being the access point?

Hi, i wanted to do some simple firewall rules on my router for a security system in my house, but the standard routers didn't had even the basics rules, like denying internet access. So i ended up falling down into a rabbit hole until i found openwrt, i am still learning so i want some feedback to see if my plan will work.

I can't change my ISP router, or rather i can but its requires a lot of works arounds and the compatible routers are really expensive and hard to find. So i am planning on doing the following:

First i will put the ISP router on bridge, them i will plug a nano pi r2s with openwrt on it, and on the nano pi i will plug an tp link router like the new tp link c6 v4, and on the tp link i will be plugging all my devices, including an external access point for outdoor wifi. Having in the end, something like this: ISP Router -> nanopi r2s openwrt -> tp link c6 -> my devices plus external access point.

What i want to achieve with this setup is a good internet connection with stable 1gb while on cable, a good wifi connection that can go trough about 5 concrete walls. Also most important of all, security and lots of options and features. And something that would last about 5 years without any need of upgrade or replacement of hardware.

Is this a good plan?

Currently I'm running a r5s nanopi as my router. It is running for an att 1g/1g fiber. And while it works, and I get can get close to 1g most days, I feel I could do much better with an x86 setup running openwrt and a docker setup for Adguard and home assistant/frigate with a coraltpu. Behind my router, I have a Cisco 52 port switch (48x1g, 4xspf+ (2x10g or 4x1g) and back to a unraid server with a 10g sfp+. I'd like to use a 10g sfp+ for the router to allow for using the docker's as well as the full 1g/1g connection. Especially since I don't have a 2.5g on my switch. So far, I haven't found a version of the n5105 which has sfp+ and is rackmount. I did find some atoms, but I'm concerned that they would be so much less powerful with more power usage than the n5105. Any suggestions. Would the atoms be capable and able to run dockers/keep up with routing? Is the n5105 really the place I want to be? Is there a media converter to use a 2.5g connection with a 10g sfp+ connection?

Title is self-explanatory.

I'm setting up a road-warrior wireguard, and I'd prefer its MTU to be the actual maximum instead of 1280.

My carrier is O2 if that matters.

I have read up as much as I can about the AX3600 OpenWRT. I have seen reports that there are some performance issues with it not being able to use all available resources in OpenWRT.

What’s your experience? Do you get good speed, WiFi and Ethernet?

Thank you!

Hi Everyone,

I'm gearing up to work remotely in the countryside and I'm looking to set up a 5G router with OpenWRT. I already have some hardware that I could repurpose for this, but I want to ensure it's a solid setup without any hiccups.

My initial thought is to utilize a spare Dell x86 Dell Wyse 3040 and pair it with this external usb m.2 adapter . However, I'm a bit torn between different options for the adapter, particularly regarding cooling and overall performance. Here are the options I'm considering:

1. External m.2 usb enclosure 1
2. External m.2 usb enclosure 2
3. External m.2 usb enclosure 3
4. external usb m.2 adapter 4

On the other hand, I'm also contemplating using a Raspberry Pi 5 with the same adapter mentioned above. Though, I'm concerned if this might be overkill, especially considering I had plans to repurpose the Pi 5 for an Android box.

Lastly, there's the option of purchasing one of the following boards:

1. CM4 Board option 1
2. CM4 Board option 2
3. CM4 Board and case option 3

I'm eyeing the affordable Fibocom FM350-GL and have heard that some folks have successfully integrated it, particularly with Rooter firmware fork.

Ideally, I'm aiming for an all-in-one enclosure setup to minimize moving parts and cables/extensions, ensuring a clean and reliable configuration.

Any insights or experiences you could share regarding these options would be greatly appreciated!

Thank you in advance for your help.

Long story short:

​

I am at more than 600 KM from a computer I need to connect. I do have other computers on the same network that I can connect and I do have access to my Openwrt router on that remote location.

​

My approach is to send a WOL to that specific device from another device on the same LAN but I don't know the MAC address of that device.

Anyway to retrieve the MAC address of all devices previously connected to my OpenWRT? I tried cgi-bin/luci/admin/status/routes but none of those devices are the one I am looking for.

Any help will be very much appreciated.

​

Thanks

​

​

I’ve just ordered a nanopi R4S from Allieexpress and before It comes I want to make sure I’ve got the correct openwrt file ready to flash it onto the micro SD card.

I don’t want Openwrt where I need to configure it via SHH, I just want a plain simple GUI where I can access in through my browser and then start to configure, Only package I want installing is the SQM for my 500/70 connection, Once I indulge more into Openwrt and do some research on DNS/Adguard that will be next.

Appreciate the help!

I found a couple of these abandoned at a shopping mall. Anyone had success revitalizing one? It's got ipq4029 in it so I am assuming it's supported in some way. I can't find anything online about getting cfw on these devices. Inside is what looks like spi pins and uart. I can't find my USB ttl cable to confirm this at the moment though.

It's a 4G router available in multiple asian countries. I want to install openwrt on it and use it as a secondary router but I can't find it on openwrt download page. please help

Hello everyone, I have spare router with mediatek chipset. Is it possible to use the router as external usb wifi adapter.

The used case for this mode is to use it for packet injection and ethical hacking in kali linux. Currently the router is very well supported by openwrt.

Thanks in advance.Any reply will be appreciated.

I’m about to purchase the nanopi r4s from alliexpress, I’m a little worried has there seem to be a few negative reviews about the website but that’s the only place I can get the nanopi from as I’m located in Europe and it’s the cheapest I’ve seen, I just have a few questions to ask regarding the nanopi R4S

1. What micro SD storage do I need to get Openwrt installed on the nano?

2. What adapter will I need to connect my micro SD to my laptop to flash the openwrt file?

3. There is a few options for the nanopi R4S, One with a unique MAC address and the other without a unique MAC address, Which one will I need? This is for my home network and not a business.

4. "If you restart or change settings with SQM, it will reset the CPU affinity and you will need to re-apply settings" can anyone confirm this is still an ongoing issue with SQM enabled?

Altogether, R4S + SD card + Power lead and plug - Total: £110 GBP not sure if this is good or not? I was going to go for a N100 with pfsense but has I’m learning networking at the moment openwrt should work.

Bear with me, As I’m just starting out.

Thanks

I know some cisco commands, I don't know what's the deal with cisco anyway? Login this, enable login that. Bunch of commands, openwrt has that too. Is cisco routers overrated? I don't get it. For me I would choose an openwrt device any day. But server people deliberately choose cisco. Why?

What model of pcie nic can i get for that amount of money with these specs? I need it compatible with openwrt and with at least Gb ports (10 Gb with 100 Mb, 1, 2.5 and 5 Gb may be the best for futureproof). Used models are well accepted, i want to buy on ebay. Is it any good a model like this https://www.ebay.it/itm/395072058033?mkcid=16&mkevt=1&mkrid=711-127632-2357-0&ssspo=1cvnsmohrl2&sssrc=4429486&ssuid=flZ9hns1Sie&var=&widget_ver=artemis&media=COPY or it is a scam? Help!

Hey folks, I'm on the lookout for router suggestions that support or have the potential for OpenWRT, particularly for the Indian market. I'm running a 200mbps wired optic broadband connection. Additionally, I want to run Wireguard VPN at maximum speeds possible. I was also checking out DL-WRX36, but sadly its not available in my region.

Currently, I have the Archer A9 AC 1900, but it doesn't support the 2.4 GHz band and struggles to reach above 135 mbps speeds (even with wireguard). I'm open to exploring Wifi 6 options if they offer good specs and performance for the price. Any recommendations within 9-10k INR would be greatly appreciated!

This is my first time flashing a router so while i've been able to handle flashing video cards, CyanogenMod on android phones, etc.., this is new to me territory.

I picked up a used TP Link C7 v.4 running firmeware 1.0.9 Build 20211231 rel.65285(5553)

The instructions i have found "seem" to be straight forward but i wanted to check with more experienced users that i have it correct:

1. download latest supported version of openWRT and rename it "firmware.bin"

2. log in to router via web interface, i assume Firefox will suffice, and go to the update firmware tab.

3. simply flash the renamed openwrt firmware as if its was a TPLink update

and that is it?

I dont have to downgrade the existing firmware or anything or change setting somewhere to accept the firmware? I want to have a handle on this so i dont brick the thing on my first attempt. Thanks