Davidc502- wrt1200ac wrt1900acx wrt3200acm wrt32x builds

anomeome · June 21, 2020, 6:39pm

The best work through of a complex setup that I have seen to this point was by dengqf6 in PR2942, which I assume accounts for the content of the above posts.

InkblotAdmirer · June 21, 2020, 6:46pm

That's actually a pretty good thread. Below there is a response with a typical "old" VLAN setup from swconfig, and the response is:

@SirToffski
It looks like you are using VLAN filtering only to separate traffic, but DSA already did that automatically. So you don't need to enable it.

Which I think agrees with what I was saying above: for basic VLAN setups (isolating ports to specific networks) nothing additional is needed.

kmarzic · June 21, 2020, 6:52pm

Hi,
Thanks anomeome!.
The difference from my configuration posted here today is that there is only one bridge.
I tried configuration based on that setup, but the router is dead (bricked) after reboot.
I don't have serial cable to see where is the problem.
I saw that there is setup in /etc/hotplug.d/iface/21-lan file (not in /etc/rc.local).
Ports lan1 and lan2 are trunk ports (with vlans 201, 202, and 203), and ports lan3 and lan4 are untagged ports with vlan 201.
Maybe somebody can locate the error:

# vi /etc/config/network
config interface 'lan'
        option type 'bridge'
        option ifname 'lan1 lan2 lan3 lan4'
        option proto 'none'

config interface 'vlan201'
        option ifname '@lan.201'
        option proto 'static'
        option ipaddr '10.254.201.1'
        option netmask '255.255.255.0'

config interface 'vlan202'
        option ifname '@lan.202'
        option proto 'static'
        option ipaddr '10.254.202.1'
        option netmask '255.255.255.0'

config interface 'vlan204'
        option ifname '@lan.204'
        option proto 'static'
        option ipaddr '10.254.204.1'
        option netmask '255.255.255.0'

# vi /etc/hotplug.d/iface/21-lan
#!/bin/sh
[ $INTERFACE = lan -a $ACTION = ifup ] || exit 0

# enable VLAN filtering
ip link set dev br-lan type bridge vlan_filtering 1

# clear out vlan 1
bridge v del dev lan1 vid 1
bridge v del dev lan2 vid 1
bridge v del dev lan3 vid 1
bridge v del dev lan4 vid 1
bridge v del dev br-lan self vid 1

# set vlans lan1
bridge v add dev lan1 vid 201
bridge v add dev lan1 vid 202
bridge v add dev lan1 vid 204

# set vlans lan2
bridge v add dev lan2 vid 201
bridge v add dev lan2 vid 202
bridge v add dev lan2 vid 204

# set vlans lan1
bridge v add dev lan3 vid 201 pvid untagged

# set vlans lan2
bridge v add dev lan4 vid 201 pvid untagged

# set vlans cpu port
bridge v add dev br-lan self vid 201 pvid untagged
bridge v add dev br-lan self vid 202
bridge v add dev br-lan self vid 204

anomeome · June 21, 2020, 7:04pm

So bricked partition but still able to boot the other partition? Fighting this without a serial it is probably best to ensure a wifi connection at least. Regardless, I would suggest best to open a separate thread to sort the DSA setup, as it will garner more eyeballs, and probably more would be willing to respond as this really OT in this thread.

Ciao · June 21, 2020, 7:08pm

I am seeing the arguments of the Linux community, but In my eyes:

DSA is by far to complex
end user unfriendly
still a lot of bugs and questions
no good or comprehensive guidance

Openwrt closes the door for a wide audience, either you use it very plainly or you must be a real linux expert.

kmarzic · June 21, 2020, 7:37pm

Hi,

I summarized my DSA configuration in existing thread:

MidGe48 · June 21, 2020, 10:19pm

Hello directnupe,

Your suggested solution did indeed do the trick.

Many thanks

directnupe · June 21, 2020, 11:38pm

Dear MidGe48,
No problem - glad to be of assistance. For any and all who may insist that the message " Required dependency package kmod-wireguard is not available in any repository " - well - that is not true. Here is the link to the kmod-wireguard package in Dave's last build : kmod-wireguard_5.4.42+1.0.20200520-1_arm_cortex-a9_vfpv3-d16.ipk
I believe the recurring issue happens when folks do not use the proper install command for WireGuard on OpenWRT see below for the working install command : opkg update && opkg install kmod-wireguard luci-app-wireguard luci-proto-wireguard wireguard wireguard-tools qrencode I got them from several guides months ago - However, I have been running into issues with keeping a steady WireGuard connection on this build. So - this may be related to Dave's earlier post concerning the fact that kmod-wireguard did not cleanly compile on this particular build. I have been using OpenVPN in the meanwhile.
see here for easy WireGuard Torguard setup :

T-Troll · June 22, 2020, 4:22am

Hmmm..... Did wireguard requires it?

slh · June 22, 2020, 4:25am

qrencode can be used by the luci frontend to display a qr code containing (partial) keys on its connection overview in the webinterface, its presence is optional (and imho not very useful).

phinn · June 22, 2020, 12:54pm

My take on DSA is this is the point of Master branch, major new features. It's going to be some time before it's stable and the issues get worked out. We probably shouldn't expect to see builds from it consistently and a lot of people will be sticking with OpenWrt 19.07.x for a while throughout the userbase (maybe not here with davidc), which is unfortunate because it's a big step back due to not having kernel 5.4. Good news is davidc502's current build with 5.4.42 has been flawless for weeks for me so I'll stick with that for a while.

davidc502 · June 22, 2020, 1:21pm

thanks @phinn

I have not been able to get DSA to work with my configuration. However, I'm somewhat miffed anyway because how long before someone says... Oh, I don't like the name 'WAN' or "LAN" they should all be called Ethernet 1, 2, 3 etc.. But then maybe WAN, but the LAN should be Ethernet. It's getting tiresome as it seems quite often the interface names are changed and it just screws everyone up. I realize DSA is different, but seems when changes are made the names are changed too.

So yeah, I'm not happy about this right now

Edit Sorry about the rant... Not having a good morning so far... trying to better though.

RuralRoots · June 22, 2020, 8:10pm

Anybody here using OpenVPN with Dnscrypt-proxy2?

I've just set up IPVanish in OpenVPN, but can't seem to go anywhere.
Ping, traceroute all good, ifconfig shows the TUN established, syslog shows all is good as far as the connection goes.

I suspect it may have something to do with firewall rules, but haven't been able to find where to look next. Any direction appreciated.

Kherby · June 22, 2020, 9:36pm

I'll stay away from DSA at the moment as I need working vlans for my guest setup. When there is a solid documenation availible and DSA can be configured via Luci (like swconfig) I might give it a try. I would really love to give those builds with the 5.x kernel a try but DSA is currently a nogo for me.

davidc502 · June 23, 2020, 12:24am

I'm considering just reverting DSA and building as normal. Will see how things go.

Kherby · June 23, 2020, 1:18am

Sounds good. The thing is that I don't even know if DSA offers any notable advantage over swconfig. All I know is that swconfig always worked fine with mvebu...

BigThunder · June 23, 2020, 1:38am

Hi @davidc502, do you have an ETA on this change? The latest builds from May still do not seem to have this. Thanks!

davidc502 · June 23, 2020, 3:03am

I don't have an ETA. If I get a chance to work with it this weekend I should know more.

BigThunder · June 23, 2020, 4:12am

Awesome, thanks much and appreciate all your work on these builds!

phinn · June 23, 2020, 6:33pm

You're probably aware but there has been a dev discussion on DSA for the past year over on this thread too: