I want to downgrade my devices (1 Rpi4 router and 2 WAX202 APs) to 23.05.
The entire network seemed to perform better before, including the router (which had OpenVPN client + AGH before vs WireGuard client & no AGH now, so it should be way lighter) and APs. I seem to have a drastic performance drop with each additional point.
Now, has anyone ever done a downgrade on a WAX202 or similar? (WAX206 or what have you)
Is it a smooth transition like an upgrade?
Edit: same goes for the RPi, actually. Can I just do a "SYSUPGRADE" to a lower version?
The wiki has a page on going back to stock firmware, but I haven't found anything on downgrading OpenWRT versions.
To answer your main question, this shouldn't be hard. However, it also shouldn't be necessary. Both of those devices should run well with 24.10. I think it would make sense to review the configs on each device to make sure that nothing is out of place. Further, it would be good to get an idea of the current performance of the system and the test method(s) you are using.
That said, I agree with @brada4 the you can simply use another SD card and simply swap it out. In general, the config for the Pi should be compatible for 24.10 > 23.05.
Yes, you can downgrade this device using the sysupgrade method. I would recommend making a backup first just in case you end up in any odd situations that could require a reset to defaults.
Meanwhile, I want to reiterate that before you downgrade, let's look at your configs. If for no other reason than the fact that 23.05 will go EOL at some point, and you'll want to be able to stay current, so debugging the current config will be valuable.
Please connect to your OpenWrt device using ssh and copy the output of the following commands and post it here using the "Preformatted text </> " button:
Remember to redact passwords, MAC addresses and any public IP addresses you may have:
(also, if there are any non-standard/default packages that you have installed, please tell us what you've added; the only one you've specifically mentioned thus far is WG)
I think RPi4 is ok, and will definitely leave it for last.
This is what I have today:
ISP modem -> RPi4B openwrt router -> TPLink SG105E -> WAX202 openwrt AP1 -> WDS -> WAX202 openwrt AP2
I get ~380mbps speedtest DLs connecting a computer directly to the router
~160 speedtest-cli in the router (which is already bad, RPi4B should be able to hold 380 with a WG client)
~60 speedtest-cli on the AP 1
~50 speedtest-cli on the AP 2
Pings are in the 200~300ms range
iperf3 between router and AP1 gives me ~800mbps
Even though the absolute numbers aren't that bad, user experience is awful - things take forever to load. And it didn't use to be like this before I upgraded everything to 24.10.
Only major difference in the new config is the VPN client, I had OpenVPN on 23.05 and manage to get WG to work now.
I'll post the configs on separate posts for easiness of reading
One thing I noticed is that you have a guest network defined on one of the APs but not on the main router. This means the AP is actually also routing. Why not have it on the main router as a VLAN?
Also, have you tested with wireguard disabled? There are two factors -- one is CPU (which should not be big problem), but the other is latency and bandwidth impacts relative to just using your regular wan.
Where is this DNS server (10.64.0.1)? Is that via the VPN?
Remove all these routes:
Big one: Remove the logging. This will slow things down and will not be very useful anyway.
Now on the APs:
I asked earlier, but why is the guest network here and not on the main router?
Why are you using WDS? is one of your APs using a wireless backhaul? Can you make it wired?
WDS will cause a reduction in bandwidth by its nature.
Again, turn off logging:
On AP2:
Remove the STP line:
Why do you have a second guest subnet defined here? This doesn't belong here -- you should be using one guest network and it should be defined on the main router:
As a matter of fact, I have. No visible difference, at least in testing speeds.
That's the goal, but I haven't learned how to set up a router + external switch yet.
If/when I get that working the plan is to upgrade the SG105E to a decent openwrt-compatible one.
Edit: I remember now. These routes are for the NTP servers to bypass the VPN
Nice catch! It's been on for the last couple of days, as I was debugging the RPi4 vs Debian DNS error. I turned off the DNS logging but this one was going to stay on forever!
On the other side, it's been on for 3 days and hasn't logged a single REJECT.
Again, the answer is lack of skill.... lol
Impossible right now, but definitely in the plans.
I know, but without VLANs that's what I managed to do to get a guest network to the whole coverage area.
Now for the results.
pings all around 250
DL in router at 180 (I get 150~200, but this is on the good side)
DL in AP1 ~60 (good, but still don't get the downgrade vs router)
DL in client on AP1 ~30 (on the bad side, usually 45~50)
But, on the other hand, loading webpages does seem a little faster!
I'm also noticing that you're only using the 2.4G band currently. So 60Mbps on the first AP makes sense.
Enable the 5G band and it should be better. Keep in mind that the 2nd AP (with the wireless backhaul) might only end up at ~1/2 the speed of its uplink due to WDS and the fact that the radio needs to simultaneously work as an AP and an STA mode device.
Thanks. I'll consider enabling 5G. It's currently off because the coverage area is big and some clients have issues hopping automatically between 2.4/5G and between APs.
But the 60Mbps I got in the AP was measured in the AP itself, running speedtest-cli via SSH. Wireless speed shouldn't matter, right?
Actually, if you're running speed tests on the router/AP devices themselves, that is not necessarily a good measure of performance. Many purpose built network devices in the consumer market have relatively low general CPU performance, even if they can move data through them (routing and/or switching/wifi) really fast. Their CPUs are not designed to generate/terminate large volumes of network traffic; they are instead designed to control the specialized routing/switching/wifi hardware that move data through the device. Thus, you should be testing on a general purpose computer (i.e. a desktop/laptop computer, maybe a phone or a tablet).
The Pi's processor is fine, though -- so you can still use that as one end of the equation.
With that in mind I ran speedtest in my notebook via a just-enabled 5G on AP1, and standing right next to it.
It is better @ 70~90Mbps, but still a good downgrade from the router's.
Network runs a lot better with the VLAN set up you helped me with in the other post! Even though the speedtest numbers don't show much difference.
But there are still some issues with the WAX.
Something is off today so I ran the tests again.
I am getting ~55Mbps DL / 45Mbps UL on the AP1 (via SSH), but only 5/3 Mbps on a computer connected to AP1 via WiFi.
In the System log there were a lot of entries throughout the day such as:
Sun May 11 17:03:48 2025 daemon.notice hostapd: phy0-ap1: AP-STA-POSSIBLE-PSK-MISMATCH {mac address A}
Sun May 11 17:20:34 2025 daemon.warn odhcpd[1781]: No default route present, overriding ra_lifetime to 0!
and some:
Sun May 11 18:03:15 2025 daemon.notice hostapd: phy0-ap0: AP-STA-DISCONNECTED {mac address B}
Sun May 11 18:03:15 2025 daemon.info hostapd: phy0-ap0: STA {mac address B} 802.11: disassociated
Sun May 11 18:03:17 2025 daemon.info hostapd: phy0-ap0: STA {mac address B} IEEE 802.11: deauthenticated due to inactivity (timer DEAUTH/REMOVE)
I don't know if these are related to the WiFI performance issue, but there they were.
Could something in my network be triggering this situation?
I know openwrt version is a less-likely cause, but I don't remember ever having this problem with 23.05.
