Advanced optimization setup and recommended packages

Yes "oE" expands to over Ethernet but the PPPoE header lives inside the ethernet payload, so any transport that caries at least the full ethernet payload (like VDSL2/PTM, some ADSL/ATM/AAL5 configurations, DOCSIS, GPON/GEM, ...) can use PPPoE.

Telephony traditionally uses 2 wires (organized as a pair). Often a house/flat is connected to the distribution point with multiple pairs, but at that distribution point most a single pair is connected to the central office (or directly to an outdoor DSLAM). When you say "cables" do you mean individual wires in a compound entity or do you have multiple "compound entities"?

1 Like

1 cable 2 pairs 4 individual wires within the cable towards my house. i dont know where the dslam is. but the cable coming towards my house is connected to a pole which divides the wires of individual houses. all i know is 105 mbps is reaching my house and the cabling within my house needs replacement. so i wonder why they used one pair. but on the other hand in house wiring is also 1 pair. so id need to replace the wiring within the walls even if id have 2 working pairs to install ppp over utp. if im not mistaking it must be fiber till dslam and from there on regular copper.

Because DSL really only works over a single pair. You can combine multiple such 2-wire links (called bonding) but typically ISPs avoid that because typically there are not enough ports/wires to the CO to allow multiple pairs per subscriber (at least that is an explanation I read somewhere IIRC).
What sometimes happens is that if a pair is compromised a technician might switch over the an so far un-used pair. Also if say a flat gets split into two (or a subscriber books a second internet access link) a hitherto unused pair might get activated.

If your in house cabling is bad, you could try to move the modem as close to the first face-plate as possible and use proper ethernet cables for distributing the network internally after the modem.

1 Like

hmm so the first technician telling me i could convert my dsl from phone line to ethernet was wrong even if i had 2 pairs. if i will change cabling im thinking at least making it future proof. have some quality sattelite cables which i could use instead. good isolation and seperated from eachother. wonder if that is a viable solution next to shortening the in house distance. unfortunately i cannot bond them because the 1 pair goes to the first floor and second to the second floor. i wonder though since its only 1 pair if i would have loss using an ethernet cable unless i bond that one as well and if sattelite cables wouldnt be better. very thick copper very well isolated in individual cables. but since i have ptm as you say i could just ask them to activate all 2 pairs and use pppoe instead of ppptp right, even if its sattelite cabling. ive read however that 4 pin ethernet is capped at 100mbps at some forums. others say it can carry 1gbps. not sure myself havent ever tried before. the house is seperated from neighbors so the wiring belongs to the same house. i wonder if they would be so kind to make it possible for me to use pppoe instead though. right now the way it works is either i can use a splitter and the isp recommends splitting twice and using a filter directly on the phone line and the second split of the phone line reenters the router. i could also directly plug in the phone line in the router and without splitters hookup my landline to my router and still works but think the latter gave me less performance. id have no problem if i would use pppoe to do the same pluging in my phone in my router right.

It depends, you can use ethernet cables (the higher the category the better the quality) in your flat even for the analog part between first face-plate and modem (you simply use a single pair).

Not a bad idea, currently that would probably mean to use cat6A, cat7 or cat8, but for the short runs typical all of these should work for >= 10 Gbps ethernet.

That would likely be coaxial cable, which is not useful for normal ethernet (I think with 10o Mbps FastEthernet twisted pair cables became mandatory). There are adapters (MOCA) to use coaxial cables for ethernet, but I would not recommend those unless for specific issues (like an existing coaxial cable between two locations that is hard to replace for whatever reason).

I said "likely" for a reason, I can not figure this out from my side conclusively, but the overview/diagnostics/information page of your modem might contain information to answer that question.

Generally it results in higher SNR to disconnect everything but the first face-plate and connect the modem there, and connect phones only to the router VoIP-basestation, but that requires your ISP to actually use/allow VoIP/SIP and not analog POTS.

As far as I have heard in the UK (I assume you are in the UK) most ISPs will accept users switching between PPPoA and PPPoE (assuming an ATM/AAL5 carrier to begin with, on a PTM link PPPoA is NOT an option anyway).

1 Like

hmm thanks a lot very valuable info i knew nothing of. i was wondering why i was having so much loss since the in house cabling is very thick copper but it was meant for telephone. so getting a quality cat cable will be better over other solutions despite of using only 1 pair of the whole cable? is it any good to bond some of the 8 pins in this case or not recommended? im from greece btw. using cosmote isp
heres my router status page. it does show pppoe however still only have one pair hooked up over telephone line. router supports sip as well. ive taken out the splitters and directly hookup up the line in the router and after tap phone from the router instead of the wall socket. its not worse might have been isp issue last time. meanwhile i also found the archives of config will have a look
was wondering when checking iw list if there is any need in latest openwrt releases to manually input list ht_capab and after option enable

1 Like

It depends... over here house/flat internal wiring often is done by electricians with cabling/wires that work well for electric/power and relativ low-frequency traditional analog telephony but that has increasing problems with increasingly higher frequency using DSL variants (ADSL<=VDSL2 17a<=VDSL2 35b). Compared to that modern ethernet cabling is considerably better suited for higher frequencies. If however your in-house wiring is the same as used for the wiring from the distribution box to your house exchanging the last few meters in your house is unlikely to help much. However if you use shielded ethernet cabling you might be able to still improve things if your problems are caused by noise pick-up in your flat.
IMHO the best way forward is to reduce the length of the analog wiring as much as possible.

Unlikely. One thing that ethernet and proper telephony cables do is to twist the two members of a pair around each other; a consequence of this is that if the wire traverses through an external EM field ("noise") both wires will pick-up more or less the same amount of that noise-signal, and the common mode rejection in the modem will be able to remove most of that noise again, non-twisted wire pairs tend to pick-up larger differences in noise amplitude which will not be cleaned up well by common mode rejection. I would assume that simply using multiple pairs in an 8-wire ethernet cable for analog signals is going to render the twisting-effect less effective.
In short try to reduce the amount of house internal analog wiring as much as possible, and for stretches where that is not possible try to use high quality cabling.

Ah, sorry for confusing that. I think we have a few other users of greek internet that might be able to chime in with details.

1 Like

I tried both too and used HTTP/3 with dnscrypt-proxy2 thinking there might be a gain but there wasn't over https-dns-proxy using HTTPS/2.

At least using NextDNS.

However, there are more fine tuned options you can configure with dnscrypt-proxy2.

1 Like

So this clearly is VDSL2/PTM so PPPoA is not an option, and as expected PPPoE is in use.

1 Like

Yes, locate the DSL modem at the closest point to the phone company that you have access to. Disconnect any existing parallel wiring in the house after that point. If there is analog phone service on the line, install a DSL filter at the closest point then connect all the old wiring and phones after the filter.

Then from the DSL modem to your router use 4 pair Ethernet cable of cat5e or higher.


the messed up thing is pppoe passthrough gives me a gateway located far away from me and increases my ping by 7. both in isp modem and in wrt only in passthrough mode at least. tried copying settings of gateway from isp modem to the wrt router using static addresses on pppoe-wan. doesnt connect. anyone any clue if i could change this. thanks for all the advice btw will surely do all. many other threads btw dont want to create duplicates catching up meanwhile. im however very interested in what packages and kernel modules are nice to have. also optimizations, hope more people share their setup here so i can kang it.

Like what? What do you typically fine-tune with dnscrypt-proxy2?

1 Like

I use HTTP/3 which has benefits over HTTP/2 and increase the cache for both positive and negative responses independently.

Funny, you and I had a conversation regarding libcurl with HTTP/3 support. Maybe one day there is a separate libcurl package from the minimal one.

As for the cache I can increase the cache in DNSMasq but you can't set the cache for negative responses independently.

As for https-dns-proxy I think the default 120 second polling is excessive and has a latency cost which defeats the whole purpose of HTTP/2 being able to keep the connection open. I change it to the max allowed of 60 minutes.

This might be for a different thread but I couldn't get it to change with option polling_interval in config so I hardcoded it in /etc/init.d/https-dns-proxy in start_instance():

append_parm "$cfg" 'polling_interval' '-i' "3600"

I haven't time to dig around to see why it wasn't working in config.

1 Like

Most likely minimal unless it's a really slow system, there are a few ms back and forth using my blocky (go) daemon and going directly but that's most likely variance in network latency on a fully loaded system (100% cpu).

1 Like

come across another interesting package "rng-tools"

Using the Jitter RNG core, the rngd provides an entropy source that feeds into the Linux /dev/random device if its entropy runs low. It updates the /dev/random entropy estimator such that the newly provided entropy unblocks /dev/random.

The seeding of /dev/random also ensures that /dev/urandom benefits from entropy. Especially during boot time, when the entropy of Linux is low, the Jitter RNGd provides a source of sufficient entropy.

furthermore when i cat to mtab it shows content.
not with vi to edit. it links back to several locations
was wanting to edit some flags

root@OpenWrt:~# cat /etc/mtab
/dev/root /rom squashfs ro,relatime 0 0
proc /proc proc rw,nosuid,nodev,noexec,noatime 0 0
sysfs /sys sysfs rw,nosuid,nodev,noexec,noatime 0 0
cgroup2 /sys/fs/cgroup cgroup2 rw,nosuid,nodev,noexec,relatime,nsdelegate 0 0
tmpfs /tmp tmpfs rw,nosuid,nodev,noatime 0 0
/dev/mtdblock6 /overlay jffs2 rw,noatime 0 0
overlayfs:/overlay / overlay rw,noatime,lowerdir=/,upperdir=/overlay/upper,workdir=/overlay/work 0 0
tmpfs /dev tmpfs rw,nosuid,noexec,noatime,size=512k,mode=755 0 0
devpts /dev/pts devpts rw,nosuid,noexec,noatime,mode=600,ptmxmode=000 0 0
debugfs /sys/kernel/debug debugfs rw,noatime 0 0
none /sys/fs/bpf bpf rw,nosuid,nodev,noexec,noatime,mode=700 0 0

i must copy paste this to /etc/fstab and after edit? because fstab was empty. meanwhile i found mtab cant be edited at all. so was wondering copying the content of mtab and after adjusting it in the fstab would mean the changes would be active when in userspace right? dont know if openwrt uses the fstab at all because it was empty.

some more interesting packages ive come across for anyone wanting to look into it
my current setup is the snapshot build stock packages plus the underneath that im playing around with currently.
i dont understand however unlike other systems how can there not be any filesystem drivers in the kernel selected by default for routers and no fstab? probably they are built in the kernel and not as modules, and the modules must be options for other devices. so not necessary...
also most of these cpu architectures must not be vulnerable to mitigations right. ive checked lscpu see none as opposed to x86. mips24kec.
im starting to think that probably packages like kmod-swconfig etc are already in kernel. so many of these packages arent necessary. my isp supports ipv6 i think my linux setup has issues i can ping ipv6 addresses through ssh in router but not on desktop. i reverted back to dnscrypt-proxy2 using cloudlfare-ipv6. i was on xfce prior but now on kde running a customized debian setup and it broke ipv6 afaik... hassle
reverted the only changes ive made underneath. still issues
weird thing is i can ping localhost ipv6 on the desktop but not cloudflare just as in the router. must be router config thing. not that familiar with ipv6 cant even ping the ipv6 router address.

echo 'net.ipv6.conf.all.disable_ipv6 = 0' | sudo tee /etc/sysctl.conf
echo 'net.ipv6.conf.default.disable_ipv6 = 0' | sudo tee /etc/sysctl.conf
echo 'net.ipv6.conf.lo.disable_ipv6 = 0' | sudo tee /etc/sysctl.conf
sed -i '/GRUB_CMDLINE_LINUX=/c\GRUB_CMDLINE_LINUX="ipv6.disable=0 "' /etc/default/grub

Most deployments use only the internal filesystems. That configuration is basically baked into the kernel. Desktop systems boot two blobs, kernel and an initial RAM disk which contains drivers needed to mount the hardware filesystems. OpenWrt packs these into a singular kernel blob.

Extending the file system with external drives is handled with the package block-mount and the specific config file /etc/config/fstab (which is not the basic fstab). There are a lot of different filesystems supported by Linux, each with its own filesystem driver kmod. Some of them are quite large in the context of 8MB flash, so none are included by default.


thanks for the info. btw i managed to fix the ipv6 issue. funny is that it didnt work with dhcp mode yet after resetting my setup on both router and desktop it worked with pppoe passthrough. btw im wondering. i found some libmount or i dont remember what but lets say i want to change flags associated with the partitions because well i might know some stuff but im no professional and openwrt is different. where can i change these flags lets say i want lazytime instead of noatime. the mtab is also different i didnt know much about it but looked up info online and understand now. i cant just copy the mtab to fstab while fstab is empty basically and after configure and hope it will work right? forgot to mention, the mtab is different. so id need to generate an fstab and after work with it right cause of the partition layout. and in case of routers how would i know which flags to use on each partition i mean i dont want to mess up the stock settings.

and after further testing for any beginners just copy pasting this whole setup. not a good idea. the setup is only good in 2 cases. high end hardware or a router that isnt bloated. i mean it still needs adjustment and ive played around a lot with it. however that whole /proc/sys/vm ratio needs to be default or adjusted manually and the tcp memory options scrapped out. i find it odd with this above setup dsncrypt2 adblock pppoe passthrough + ipv6 my router would run out of memory. as soon as i disabled ipv6 all worked like a charm. then again ive switched to simple adblock with only 128mb of memory. i was also constantly having issues with ipv6 reaching servers because it prefers to pick ipv6 when available or for some other reason im not aware of. opkg was also very unstable. ive just disabled ipv6 meanwhile. same conclusion with low end desktop hardware. needed to scrap same parts of the script for it to work good. and with low end in this case i mean 2gb memory core duo, managed to corrupt my bios so awaiting spi programmer meanwhile so had a chance to test same setup on very old hardware.
for anyone wanting to play around with kernel parameters its quite interesting, an example here
can be configured according to specs and usage. in case of low specs to be efficient or vice versa and maybe low spec users can get away with less memory consumption this way. when bloated my router would just run out of memory and reboot. with the script, without the script, same. but after adjusting it for low specs it worked fine even with ipv6 and all the above. nice to play around with depending on what your needs are. im wondering lately is it possible to run openwrt in chroot and use my desktop with pppoe passthrough. i dont want to be running a vm is it secure this way? was wondering how it will work since chroot shares the hosts resources so in case of connection i dont know.

and btw anyone wanting to play with u-boot bootargs with u-boot-envtools the underneath (mt7620 miwifimini) config for /etc/fw_env.config worked for me. however doing cat on /proc/cmdline doesnt show the changes. any clue? ive read somewhere this isnt enabled by default and the kernel needs to be recompiled with this option enabled.

# MTD device name       Device offset   Env. size       Flash sector size
/dev/mtd1               0x0000          0x1000         0x10000

this underneath worked when i cat /proc/cmdline from the arch wiki. i dont know if it actually does work however have never changed kernel parameters from userspace before.

Hijacking cmdline

Even without access to your bootloader it is possible to change your kernel parameters to enable debugging (if you have root access). This can be accomplished by overwriting /proc/cmdline which stores the kernel parameters. However /proc/cmdline is not writable even as root, so this hack is accomplished by using a bind mount to mask the path.

First create a file containing the desired kernel parameters


root=UUID=0a3407de-014b-458b-b5c1-848e92a327a3 ro console=tty1 logo.nologo debug

Then use a bind mount to overwrite the parameters

# mount -n --bind -o ro /root/cmdline /proc/cmdline

The -n option skips adding the mount to /etc/mtab, so it will work even if root is mounted read-only. You can cat /proc/cmdline to confirm that your change was successful.