i already have a router MI Router 4c (1 wan port 2 lan ports & wireless).
since this router not powerful enough for some packages i installed openwrt in to a mini PC. it only has 1 rj45 port and i dont have any supported wireless devices.but i can access this from Terminal.
can i create a Virtual Lan and use MI Router 4C as the interface . (i also can install openwrt to mi router 4c if needed)
please guide me how to do it. my quite new to openwrt
What you have right now is a router, and a server inside your LAN, right? What features do you need to add, that are not working right now?
i have an openwrt installed Mi Router 4C device.. and a Mini PC that installed Openwrt and eth0 configured as WAN port.
so currently i only can use terminal to access it. i can make it LAN if needed
i need to use OpenClash , v2ray features. mi router is not powerful enough to handle 300mbps conenction with v2ray.
what im trying to do is use MI Router as the network interface. and use mini pc like a server
The easiest path would-be to add a second ethernet port to the mini PC, configure it as the main router, and the Mi as a dumb access point.
Otherwise, I would create two VLANs between the router and the server, one for the WAN network and another.one for the LAN network.
thanks for the reply. im also considering to install a second LAN port to the PC. but it dosent have any large PCI ports. there is a WIFI card slot and bunch of usb ports. ( Lenovo ThinkCentre M93p)
maybe i can use this usb to rj45 cable ? TP-Link UE300
I would use VLANs, instead of a USB device... those do not seem reliable to me (perhaps just my view).
is it possible to create VLANS on a x86 system. i dont see a "switch" menu on the dashboard
Yes, using dotted notation.
That is expected because you don't have a switch in that device.
im little bit lost. please help me
this is my 1 lan port PC which needs to be used as "router on a stick"
i created vlan using eth.10
and this is my MI router 4c. which has 1 WAN port and 2 lan ports. i connected my main internet cable to wan port. LAN 1 to my mini pc (which is openwrt installed) and i need to use LAN 2 to use internet on my laptop
for some reason this is not working
Is the intent in your situation to effectively pass the WAN directly to the PC such that all the routing occurs there, and then to use the Mi router as basically a dumb AP and switch?
yes. thats right
Ok... let's take a look at the configs from both devices:
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
ubus call system board
cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall
sorry for the late reply. here are the requested outputs
MINI PC/LAPTOP
ubus call system board
{
"kernel": "5.15.158",
"hostname": "OpenWrt",
"system": "11th Gen Intel(R) Core(TM) i7-1165G7 @ 2.80GHz",
"model": "Acer Aspire A515-56G",
"board_name": "acer-aspire-a515-56g",
"rootfs_type": "squashfs",
"release": {
"distribution": "1004",
"version": "23.05-SNAPSHOT",
"revision": "06.10.2024",
"target": "x86/64",
"description": "OpenWrt 06.10.2024 by Kiddin'"
}
}
cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config globals 'globals'
option ula_prefix 'fd7d:1c37:8687::/48'
option packet_steering '1'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0'
option promisc '1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.2.1'
option netmask '255.255.255.0'
option ip6assign '60'
config interface 'WAN'
option proto 'dhcp'
option device 'eth0.10'
NO WIRELESS
cat /etc/config/dhcp
config dnsmasq
option domainneeded '1'
option boguspriv '1'
option filterwin2k '0'
option localise_queries '1'
option rebind_protection '0'
option rebind_localhost '1'
option local '/lan/'
option domain 'lan'
option expandhosts '1'
option nonegcache '0'
option cachesize '10000'
option authoritative '1'
option readethers '1'
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
option nonwildcard '1'
option localservice '0'
option ednspacket_max '1232'
option filter_aaaa '0'
option filter_a '0'
option port '53'
option dns_redirect '1'
option allservers '1'
option min_ttl '3600'
option dnsforwardmax '10000'
option localuse '1'
config dhcp 'lan'
option interface 'lan'
option start '100'
option limit '150'
option leasetime '12h'
option dhcpv4 'server'
option dhcpv6 'hybrid'
option ra 'hybrid'
option ra_slaac '1'
list ra_flags 'managed-config'
list ra_flags 'other-config'
option force '1'
option ndp 'hybrid'
config dhcp 'wan'
option interface 'wan'
option ignore '1'
config odhcpd 'odhcpd'
option maindhcp '0'
option leasefile '/tmp/hosts/odhcpd'
option leasetrigger '/usr/sbin/odhcpd-update'
option loglevel '4'
cat /etc/config/firewall
config defaults
option syn_flood '1'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
list network 'wan'
list network 'wan6'
list network 'WAN'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'
config include 'miniupnpd'
option type 'script'
option path '/usr/share/miniupnpd/firewall.include'
option family 'any'
option reload '1'
config include 'openclash'
option type 'script'
option path '/var/etc/openclash.include'
option reload '1'
config include 'passwall'
option type 'script'
option path '/var/etc/passwall.include'
option reload '1'
config include 'passwall_server'
option type 'script'
option path '/var/etc/passwall_server.include'
option reload '1'
config include 'shadowsocksr'
option type 'script'
option path '/var/etc/shadowsocksr.include'
option reload '1'
MI ROUTER 4C
i had to reset this router because it stopped working after configuring the vlan
ubus call system board
{
"kernel": "5.4.143",
"hostname": "OpenWrt",
"system": "MediaTek MT7628AN ver:1 eco:2",
"model": "Xiaomi Mi Router 4C",
"board_name": "xiaomi,mi-router-4c",
"release": {
"distribution": "OpenWrt",
"version": "21.02.0",
"revision": "r16279-5cc0535800",
"target": "ramips/mt76x8",
"description": "OpenWrt 21.02.0 by syazwan"
}
}
cat /etc/config/network
config interface 'loopback'
option device 'lo'
option proto 'static'
option ipaddr '127.0.0.1'
option netmask '255.0.0.0'
config device
option name 'br-lan'
option type 'bridge'
list ports 'eth0.1'
config interface 'lan'
option device 'br-lan'
option proto 'static'
option ipaddr '192.168.1.1'
option netmask '255.255.255.0'
config device
option name 'eth0.2'
option macaddr '************'
config interface 'wan'
option device 'eth0.2'
option proto 'dhcp'
config switch
option name 'switch0'
option reset '1'
option enable_vlan '1'
config switch_vlan
option device 'switch0'
option vlan '1'
option ports '4 2 6t'
config switch_vlan
option device 'switch0'
option vlan '2'
option ports '1 6t'
cat /etc/config/wireless
config wifi-device 'radio0'
option type 'mac80211'
option channel '11'
option hwmode '11g'
option path 'platform/10300000.wmac'
option htmode 'HT20'
option disabled '0'
config wifi-iface 'default_radio0'
option device 'radio0'
option network 'lan'
option mode 'ap'
option ssid 'OpenWrt'
option encryption 'none'
cat /etc/config/dhcp
config dnsmasq
option domainneeded 1
option boguspriv 1
option filterwin2k 0 # enable for dial on demand
option localise_queries 1
option rebind_protection 1 # disable if upstream must serve RFC1918 addresses
option rebind_localhost 1 # enable for RBL checking and similar services
#list rebind_domain example.lan # whitelist RFC1918 responses for domains
option local '/lan/'
option domain 'lan'
option expandhosts 1
option nonegcache 0
option authoritative 1
option readethers 1
option leasefile '/tmp/dhcp.leases'
option resolvfile '/tmp/resolv.conf.d/resolv.conf.auto'
#list server '/mycompany.local/1.2.3.4'
option nonwildcard 1 # bind to & keep track of interfaces
#list interface br-lan
#list notinterface lo
#list bogusnxdomain '64.94.110.11'
option localservice 1 # disable to allow DNS requests from non-local subnets
option ednspacket_max 1232
config dhcp lan
option interface lan
option start 100
option limit 150
option leasetime 12h
config dhcp wan
option interface wan
option ignore 1
cat /etc/config/firewal
config defaults
option syn_flood '1'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'REJECT'
config zone
option name 'lan'
list network 'lan'
option input 'ACCEPT'
option output 'ACCEPT'
option forward 'ACCEPT'
config zone
option name 'wan'
list network 'wan'
list network 'wan6'
option input 'REJECT'
option output 'ACCEPT'
option forward 'REJECT'
option masq '1'
option mtu_fix '1'
config forwarding
option src 'lan'
option dest 'wan'
config rule
option name 'Allow-DHCP-Renew'
option src 'wan'
option proto 'udp'
option dest_port '68'
option target 'ACCEPT'
option family 'ipv4'
config rule
option name 'Allow-Ping'
option src 'wan'
option proto 'icmp'
option icmp_type 'echo-request'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-IGMP'
option src 'wan'
option proto 'igmp'
option family 'ipv4'
option target 'ACCEPT'
config rule
option name 'Allow-DHCPv6'
option src 'wan'
option proto 'udp'
option src_ip 'fc00::/6'
option dest_ip 'fc00::/6'
option dest_port '546'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-MLD'
option src 'wan'
option proto 'icmp'
option src_ip 'fe80::/10'
list icmp_type '130/0'
list icmp_type '131/0'
list icmp_type '132/0'
list icmp_type '143/0'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Input'
option src 'wan'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
list icmp_type 'router-solicitation'
list icmp_type 'neighbour-solicitation'
list icmp_type 'router-advertisement'
list icmp_type 'neighbour-advertisement'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-ICMPv6-Forward'
option src 'wan'
option dest '*'
option proto 'icmp'
list icmp_type 'echo-request'
list icmp_type 'echo-reply'
list icmp_type 'destination-unreachable'
list icmp_type 'packet-too-big'
list icmp_type 'time-exceeded'
list icmp_type 'bad-header'
list icmp_type 'unknown-header-type'
option limit '1000/sec'
option family 'ipv6'
option target 'ACCEPT'
config rule
option name 'Allow-IPSec-ESP'
option src 'wan'
option dest 'lan'
option proto 'esp'
option target 'ACCEPT'
config rule
option name 'Allow-ISAKMP'
option src 'wan'
option dest 'lan'
option dest_port '500'
option proto 'udp'
option target 'ACCEPT'
config rule
option name 'Support-UDP-Traceroute'
option src 'wan'
option dest_port '33434:33689'
option proto 'udp'
option family 'ipv4'
option target 'REJECT'
option enabled 'false'
config include
option path '/etc/firewall.user'
config include 'shadowsocksr'
option type 'script'
option path '/var/etc/shadowsocksr.include'
option reload '1'
Both of your OpenWrt builds are not coming from the official OpenWrt project:
21.02 in particular is long since EOL and has not had any security updates in several years.
Both your devices can easily run genuine OpenWrt -- is there a reason you're not using stuff from the official project?
Use this for your x86 machine.
And your Xiaomi, here is the official OpenWrt firmware.
When you do the upgrade, do not keep settings -- start fresh because the configurations are likely not compatible from the current versions you are using.
sure. i can install fresh version for Xiaomi router but on x86 system there are some pre installed softwares like PassWall Bypass, SSR-Plus, OpenClash ,PassWall2, VSSR (Hello World)
i dont know how to install them manually 
.
this is the website where i built the firmware
I see that syazwan is indeed a user on the forums here, so I can imagine that they did produce this build (for your Xiaomi) in the past, but that specific firmware is really old and should be upgraded. You should be able to download the latest official OpenWrt firmware and then use the GUI to do the upgrade without any issue (just make sure the "keep settings" box is unchecked).
As far as the x86 build by Kiddin, I don't see any users by that name here on the forum.... did you really get that from here???
EDIT: I see you went to openwrt-dot-ai -- this is not related to the official OpenWrt project, so you'll have to ask them for help.
i see. the whole reason i have to use this 2 routers is to route my all traffic through a V2ray server.
i think mi router 4c is not powerful enough to do that. do you have any suggestions. i just need a v2ray/xray/open clash client ( i dont know why but only chinese people talks about these)
thanks for the help btw
I can't speak to those specific concerns (v2ray and the processing power required), but I can address the general thing...
If you want your x86 device to be the primary router, the easiest way is to make sure it has 2 ethernet ports (you can add an ethernet port via USB3 if needed). Then make one the wan (internet uplink) and the other the lan. From there, you configure your Mi router 4C as a dumb AP and plug it in to the x86 box. No VLANs required, simple and effective.
yes im also considering to buy a USB to ethernet device since this vlan thing is confusing .
TP-Link UE300 . this one
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.