Full-featured custom build for Dynalink DL-WRX36 (AX3600)

I updated, for some reason I get oddly slow speeds (5G connection):

image855×527 28.9 KB

My actual speeds are 500-550/150. Any ideas @jkool702?

PS: Yes. It is because of the firmware. I double-checked it

EDIT:
I just disabled SQM and I have almost full speed now. Mhm I also can't edit the SQM DL/UL values, permission denied...

EDIT2:
Still seems like I get some problems. I can't open certain websites some DNS errors, no access to OpenWRT forums. Dunno what happened. Maybe it does not like my router combo. The modem router in front of the Dynalink router has no bridge mode. It runs either static or dhcp.

Thank you very much for your new builds. Previous I flashed your unbound build, which I am not knowledgeable enough to use unbound. I would like to try your dnsmasq build.

I got SSL error when doing wget from a ssh shell into router.

Below is doing same command in a Linux shell OK:

#wget https://github.com/jkool702/openwrt-custom-builds/raw/main-NSS-dnsmasq/WRX36/bin/targets/qualcommax/ipq807x/openwrt-qualcommax-ipq807x-dynalink_dl-wrx36-squashfs-sysupgrade.bin
--2024-06-01 08:53:04--  https://github.com/jkool702/openwrt-custom-builds/raw/main-NSS-dnsmasq/WRX36/bin/targets/qualcommax/ipq807x/openwrt-qualcommax-ipq807x-dynalink_dl-wrx36-squashfs-sysupgrade.bin
Resolving github.com (github.com)... 20.205.243.166
Connecting to github.com (github.com)|20.205.243.166|:443... connected.
HTTP request sent, awaiting response... 302 Found
Location: https://raw.githubusercontent.com/jkool702/openwrt-custom-builds/main-NSS-dnsmasq/WRX36/bin/targets/qualcommax/ipq807x/openwrt-qualcommax-ipq807x-dynalink_dl-wrx36-squashfs-sysupgrade.bin [following]
--2024-06-01 08:53:04--  https://raw.githubusercontent.com/jkool702/openwrt-custom-builds/main-NSS-dnsmasq/WRX36/bin/targets/qualcommax/ipq807x/openwrt-qualcommax-ipq807x-dynalink_dl-wrx36-squashfs-sysupgrade.bin
Resolving raw.githubusercontent.com (raw.githubusercontent.com)... 2606:50c0:8003::154, 2606:50c0:8000::154, 2606:50c0:8001::154, ...
Connecting to raw.githubusercontent.com (raw.githubusercontent.com)|2606:50c0:8003::154|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 61266729 (58M) [application/octet-stream]
Saving to: ‘openwrt-qualcommax-ipq807x-dynalink_dl-wrx36-squashfs-sysupgrade.bin’

openwrt-qualcommax-ipq807x-dy 100%[===============================================>]  58.43M   109MB/s    in 0.5s    

2024-06-01 08:53:09 (109 MB/s) - ‘openwrt-qualcommax-ipq807x-dynalink_dl-wrx36-squashfs-sysupgrade.bin’ saved [61266729/61266729]

On my router (running the new unbound variant on my firmware) it works. There is an option for whether you want to compile in SSL support to wget or not. I added this on my firmware, but the one in the default openwrt repos may not have ssl support (meaning no downloading from https:// addresses).

You can try just changing the https:// to http:// and it should probably work. Or, download it on you linux pc and then transfer it over to the router via

scp openwrt-qualcommax-ipq807x-dynalink_dl-wrx36-squashfs-sysupgrade.binroot@X.X.X.X:/tmp

(where X.X.X.X is the router ip address). If that command doesnt work then this one should

cat openwrt-qualcommax-ipq807x-dynalink_dl-wrx36-squashfs-sysupgrade.bin | ssh root@X.X.X.X 'cat > /tmp/openwrt-qualcommax-ipq807x-dynalink_dl-wrx36-squashfs-sysupgrade.bin'

Use curl instead of wget if that is available

Hmm....thats weird. Can you manually edit the config file (e.g., via vim /etc/config/sqm?)

SQM works as it should on the unbound variant. On my 1000/500 fiber connection with SQM enabled (download set to 950000,upload set to 500000) im getting results like this from the waveform test (and similiar results from fast.com):

• 920-950 mbps with +0-3ms latency for download,
• 470-490 mbps with no latency increase for upload

This might be related to how dnsmasq is being automatically configured by openwrt. It might need some manual configuration embedded in the build (much like what I do with the unbound variant).

This might (or might not) play a role.

It might be worth quickly (and temporairly) flashing the unbound variant just to see if these problems persist or not, strictly for diagnostic purposes. If the issues go away then it is a good chance they are related to the dnsmasq configuration. If they are still there then it is probably either related to your specific setup or it is a bigger underlying issue with the build that I just havent run into yet.

It is hard to pinpoint what is going on but I just unticked this button here:

image1057×89 4.16 KB

Don't know if this is the curlprit. Imo the issue which persisted was kinda random I guess.

What I also did is a clean update of your firmware. Everybody should do that, if some issues occur.

However to come back to the SQM part:
This is still an issue, it doesn't work well with a 5G connection. I see you use FQ_Codel for this. I tried this in the past on a ASUS router. It does not work on 5G.

Instead, I found this:

Could you implement it into the firmware?

It needs to use fq-codel in order to have SQM implemented on the NSS. Using cake (with a different SQM script) is possible, but itll run on the CPU not the NSS. That said, the CPU should be able to handle at least a few hundred mbps, so foir your 5G connection that might be OK.

Heeyyy will you look at that. Lynx and I are friends. Him and I bounced many optimization ideas off of each other as he was writing cake-autorate and I was writing forkrun.

Cake-autorate uses bash, and all of its requirements should already be included in my firmware build. You should be able to install it usig his setup script and it should work. You will probably need to modify the SQM config to use cake and something like layer-of-cake for the sqm script, but other than that it should be a fairly straightforward process.

I will try cake-autorate. I wonder if it is possible to make it run on the NSS.

I will try to use his approach first and then I can tell if it works

I think this question largely cones down to "can it use fq-codel instead of cake". I think the answer is "no", but im not 100% sure. There is a cake autorate thread here on the openwrt forums.

Perhaps the NSS SQM routine can be made to implement cake, but that is above my pay grade, so to speak. The main qualcommax NSS thread would be the place to ask about that.

Alright. I will look into it when I have some more time. I think the 5G connection will not stay for long anyway (fiber on its way).

I found out that the SQM service perhaps has some anomalies and makes the connection unstable. The symptoms I told you come from the service. I just disabled it and everything runs good now. I can't 100% say I will further investigate.

Glad to hear it is running good. No worries on not investigating...as long as it runs well that is the important part.

One other tweak worth mentioning: if you get any random disconnects you may want to try disabling GRO in the ecm config

uci set ecm.general.disable_gro='1'
uci commit ecm

That said, if you arent having this issue then id keep it as is.

One final request - would you mind sharing your full working configuration by posting the output of the following command? It would be a great help in figuring out what configuration should be builtin for the dnsmasq variant so it runs closer to optimally from the start.

uci show | sed -E 's/(^.*fstab\.@mount.*)=.+$/\1=REDACTED/;s/(^.*ksmbd\.@share.*)=.+$/\1=REDACTED/;s/(^.*network.wan6?.ipaddr.*)=.+$/\1=REDACTED/;s/(^.*system\..*\.(timezone|zonename).*)=.+$/\1=REDACTED/;s/(^.*usteer\..*\.ssid_list.*)=.+$/\1=REDACTED/;s/(^.*wireless\..*\.(ssid|key|time_zone).*)=.+$/\1=REDACTED/;'

You should of course feel free to remove any configuration items that you arent comfortable sharing...I include a sed filter in the above command to remove many of the configs that contain potentially sensitive info (wifi network names and keys, time zone info, wan-side ip addresses, custom fstab entries and ksmbd shares), but I may have overlooked one or two that are likely to contain sensitive info (especially those from the dnsmasq config)

I came to the conclusion that it simply do not work... Some websites do not open. Comment sections of magazines do not open, too. I have no clue what is happening. It is running really inconsistent.

This is my config:

adblock.global=adblock
adblock.global.adb_enabled='0'
adblock.global.adb_debug='0'
adblock.global.adb_forcedns='1'
adblock.global.adb_safesearch='0'
adblock.global.adb_dnsfilereset='0'
adblock.global.adb_mail='0'
adblock.global.adb_report='0'
adblock.global.adb_backup='1'
adblock.global.adb_dns='unbound'
adblock.global.adb_fetchutil='curl'
adblock.global.adb_dnsflush='1'
adblock.global.adb_trigger='lan'
adblock.global.adb_zonelist='IoT' 'lan'
adblock.global.adb_lookupdomain='gstatic.com'
adblock.global.adb_portlist='53'
chrony.@pool[0]=pool
chrony.@pool[0].hostname='stratum1.time.cifelli.xyz'
chrony.@pool[0].maxpoll='12'
chrony.@pool[0].iburst='yes'
chrony.@pool[0].nts='yes'
chrony.@dhcp_ntp_server[0]=dhcp_ntp_server
chrony.@dhcp_ntp_server[0].iburst='yes'
chrony.@dhcp_ntp_server[0].disabled='no'
chrony.@allow[0]=allow
chrony.@allow[0].interface='lan'
chrony.@makestep[0]=makestep
chrony.@makestep[0].threshold='1.0'
chrony.@makestep[0].limit='3'
chrony.@nts[0]=nts
chrony.@nts[0].rtccheck='yes'
chrony.@nts[0].systemcerts='yes'
collectd.globals=globals
collectd.globals.alt_config_file='/etc/collectd.conf'
cpu-perf.config=main
cpu-perf.config.enabled='1'
cpu-perf.ondemand=governor
cpu-perf.conservative=governor
cpu-perf.cpu0=cpu
cpu-perf.cpu1=cpu
cpu-perf.cpu2=cpu
cpu-perf.cpu3=cpu
dhcp.lan=dhcp
dhcp.lan.interface='lan'
dhcp.lan.start='100'
dhcp.lan.limit='150'
dhcp.lan.leasetime='4h'
dhcp.lan.dhcpv4='server'
dhcp.lan.dhcpv6='server'
dhcp.lan.ra='server'
dhcp.lan.ra_management='1'
dhcp.lan.ra_default='2'
dhcp.lan.netmask='255.255.255.0'
dhcp.lan.force='1'
dhcp.lan.router='10.0.0.1'
dhcp.lan.domain='lan'
dhcp.lan.ra_flags='managed-config' 'other-config'
dhcp.lan.dhcp_option='1,255.255.255.0' '3,10.0.0.1' '6,10.0.0.1' '12,OpenWrt_WRX36' '15,lan'
dhcp.wan=dhcp
dhcp.wan.interface='wan'
dhcp.wan.ignore='1'
dhcp.odhcpd=odhcpd
dhcp.odhcpd.maindhcp='1'
dhcp.odhcpd.leasefile='/var/lib/unbound/odhcpd/dhcp.leases'
dhcp.odhcpd.leasetrigger='/usr/lib/unbound/odhcpd.sh'
dhcp.odhcpd.loglevel='4'
dhcp.IoT=dhcp
dhcp.IoT.interface='IoT'
dhcp.IoT.start='100'
dhcp.IoT.limit='150'
dhcp.IoT.leasetime='12h'
dhcp.IoT.dhcpv4='server'
dhcp.IoT.dhcpv6='server'
dhcp.IoT.ra='server'
dhcp.IoT.ra_management='1'
dhcp.IoT.ra_default='2'
dhcp.IoT.netmask='255.255.255.0'
dhcp.IoT.force='1'
dhcp.IoT.router='192.168.0.1'
dhcp.IoT.domain='lan'
dhcp.IoT.ra_flags='managed-config' 'other-config'
dhcp.IoT.dhcp_option='1,255.255.255.0' '3,192.168.0.1' '6,192.168.0.1' '12,OpenWrt_WRX36' '15,lan'
dhcp.@host[0]=host
dhcp.@host[0].name='AP_IoT'
dhcp.@host[0].ip='192.168.0.254'
dropbear.@dropbear[0]=dropbear
dropbear.@dropbear[0].PasswordAuth='on'
dropbear.@dropbear[0].RootPasswordAuth='on'
dropbear.@dropbear[0].Port='22'
ecm.global=ecm
ecm.global.acceleration_engine='auto'
ecm.general=ecm
ecm.general.enable_bridge_filtering='0'
ecm.general.disable_offloads='0'
ecm.general.disable_flow_control='0'
ecm.general.disable_interrupt_moderation='0'
ecm.general.disable_gro='0'
firewall.@defaults[0]=defaults
firewall.@defaults[0].input='REJECT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@defaults[0].synflood_protect='1'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].network='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[1].enabled='0'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@zone[1]=zone
firewall.@zone[1].name='IoT'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].network='IoT'
firewall.@zone[2]=zone
firewall.@zone[2].name='wan'
firewall.@zone[2].network='wan' 'wan6'
firewall.@zone[2].input='REJECT'
firewall.@zone[2].output='ACCEPT'
firewall.@zone[2].forward='REJECT'
firewall.@zone[2].masq='1'
firewall.@zone[2].mtu_fix='1'
firewall.@forwarding[1]=forwarding
firewall.@forwarding[1].src='IoT'
firewall.@forwarding[1].dest='wan'
firewall.@forwarding[2]=forwarding
firewall.@forwarding[2].src='lan'
firewall.@forwarding[2].dest='IoT'
firewall.qcanssecm=include
firewall.qcanssecm.type='script'
firewall.qcanssecm.path='/etc/firewall.d/qca-nss-ecm'
fstab.@global[0]=global
fstab.@global[0].anon_swap='0'
fstab.@global[0].anon_mount='0'
fstab.@global[0].auto_swap='1'
fstab.@global[0].auto_mount='1'
fstab.@global[0].delay_root='5'
fstab.@global[0].check_fs='1'
fstab.@mount[0]=REDACTED
fstab.@mount[0].target=REDACTED
fstab.@mount[0].enabled=REDACTED
fstab.@mount[0].fstype=REDACTED
fstab.@mount[1]=REDACTED
fstab.@mount[1].target=REDACTED
fstab.@mount[1].fstype=REDACTED
fstab.@swap[0]=swap
fstab.@swap[0].enabled='1'
fstab.@swap[0].device='/dev/zram0'
fstab.@uvol[0]=uvol
fstab.@uvol[0].initialized='1'
ipinfo.config=ipinfo
ipinfo.config.asn='1'
ipinfo.config.city='1'
ipinfo.config.country='1'
ipinfo.config.ip='1'
ipinfo.config.latitude='1'
ipinfo.config.longitude='1'
ipinfo.config.name='1'
ipinfo.config.organization='1'
ipinfo.config.timezone='1'
ksmbd.@globals[0]=globals
ksmbd.@globals[0].workgroup='WORKGROUP'
ksmbd.@globals[0].interface='lan'
ksmbd.@globals[0].description='OpenWrt_WRX36'
ksmbd.@share[0]=REDACTED
ksmbd.@share[0].read_only=REDACTED
ksmbd.@share[0].users=REDACTED
ksmbd.@share[0].guest_ok=REDACTED
ksmbd.@share[0].create_mask=REDACTED
ksmbd.@share[0].dir_mask=REDACTED
luci.main=core
luci.main.lang='auto'
luci.main.mediaurlbase='/luci-static/bootstrap'
luci.main.resourcebase='/luci-static/resources'
luci.main.ubuspath='/ubus/'
luci.flash_keep=extern
luci.flash_keep.uci='/etc/config/'
luci.flash_keep.dropbear='/etc/dropbear/'
luci.flash_keep.openvpn='/etc/openvpn/'
luci.flash_keep.passwd='/etc/passwd'
luci.flash_keep.opkg='/etc/opkg.conf'
luci.flash_keep.firewall='/etc/firewall.user'
luci.flash_keep.uploads='/lib/uci/upload/'
luci.languages=internal
luci.sauth=internal
luci.sauth.sessionpath='/tmp/luci-sessions'
luci.sauth.sessiontime='3600'
luci.ccache=internal
luci.ccache.enable='1'
luci.themes=internal
luci.themes.Bootstrap='/luci-static/bootstrap'
luci.themes.BootstrapDark='/luci-static/bootstrap-dark'
luci.themes.BootstrapLight='/luci-static/bootstrap-light'
luci.apply=internal
luci.apply.rollback='90'
luci.apply.holdoff='4'
luci.apply.timeout='5'
luci.apply.display='1.5'
luci.diag=internal
luci.diag.dns='openwrt.org'
luci.diag.ping='openwrt.org'
luci.diag.route='openwrt.org'
luci_netports.global=global
luci_netports.global.default_additional_info='0'
luci_netports.global.default_h_mode='1'
luci_netports.global.hv_mode_switch_button='1'
luci_netports.@port[0]=port
luci_netports.@port[0].ifname='lo'
luci_netports.@port[0].disable='1'
luci_netports.@port[1]=port
luci_netports.@port[1].ifname='wan'
luci_netports.@port[1].name='WAN'
luci_netports.@port[1].type='auto'
luci_netports.@port[2]=port
luci_netports.@port[2].ifname='lan1'
luci_netports.@port[2].name='LAN 1 (lan)'
luci_netports.@port[2].type='auto'
luci_netports.@port[3]=port
luci_netports.@port[3].ifname='lan2'
luci_netports.@port[3].name='LAN 2 (lan)'
luci_netports.@port[3].type='auto'
luci_netports.@port[4]=port
luci_netports.@port[4].ifname='lan3'
luci_netports.@port[4].name='LAN 3 (lan)'
luci_netports.@port[4].type='auto'
luci_netports.@port[5]=port
luci_netports.@port[5].ifname='lan4'
luci_netports.@port[5].name='LAN 4 (IoT)'
luci_netports.@port[5].type='auto'
luci_netports.@port[6]=port
luci_netports.@port[6].ifname='phy0-ap0'
luci_netports.@port[6].name='WiFi (5 GHz)'
luci_netports.@port[6].type='auto'
luci_netports.@port[7]=port
luci_netports.@port[7].ifname='phy1-ap0'
luci_netports.@port[7].name='WiFi (2.4 GHz)'
luci_netports.@port[7].type='auto'
luci_statistics.collectd=statistics
luci_statistics.collectd.BaseDir='/var/run/collectd'
luci_statistics.collectd.PIDFile='/var/run/collectd.pid'
luci_statistics.collectd.PluginDir='/usr/lib/collectd'
luci_statistics.collectd.TypesDB='/usr/share/collectd/types.db'
luci_statistics.collectd.Interval='30'
luci_statistics.collectd.ReadThreads='2'
luci_statistics.rrdtool=statistics
luci_statistics.rrdtool.default_timespan='2hour'
luci_statistics.rrdtool.image_width='600'
luci_statistics.rrdtool.image_height='150'
luci_statistics.rrdtool.image_path='/tmp/rrdimg'
luci_statistics.collectd_rrdtool=statistics
luci_statistics.collectd_rrdtool.enable='1'
luci_statistics.collectd_rrdtool.DataDir='/tmp/rrd'
luci_statistics.collectd_rrdtool.RRARows='288'
luci_statistics.collectd_rrdtool.RRASingle='1'
luci_statistics.collectd_rrdtool.RRATimespans='2hour 1day 1week 1month 1year'
luci_statistics.collectd_rrdtool.backup='0'
luci_statistics.collectd_csv=statistics
luci_statistics.collectd_csv.enable='0'
luci_statistics.collectd_csv.StoreRates='0'
luci_statistics.collectd_csv.DataDir='/tmp'
luci_statistics.collectd_email=statistics
luci_statistics.collectd_email.enable='0'
luci_statistics.collectd_email.SocketFile='/var/run/collectd/email.sock'
luci_statistics.collectd_email.SocketGroup='nogroup'
luci_statistics.collectd_logfile=statistics
luci_statistics.collectd_logfile.enable='0'
luci_statistics.collectd_logfile.LogLevel='notice'
luci_statistics.collectd_logfile.File='/var/log/collectd.log'
luci_statistics.collectd_logfile.Timestamp='1'
luci_statistics.collectd_network=statistics
luci_statistics.collectd_network.enable='0'
luci_statistics.collectd_syslog=statistics
luci_statistics.collectd_syslog.enable='0'
luci_statistics.collectd_syslog.LogLevel='warning'
luci_statistics.collectd_syslog.NotifyLevel='WARNING'
luci_statistics.collectd_unixsock=statistics
luci_statistics.collectd_unixsock.enable='0'
luci_statistics.collectd_unixsock.SocketFile='/var/run/collectd/query.sock'
luci_statistics.collectd_unixsock.SocketGroup='nogroup'
luci_statistics.collectd_apcups=statistics
luci_statistics.collectd_apcups.enable='0'
luci_statistics.collectd_apcups.Host='localhost'
luci_statistics.collectd_apcups.Port='3551'
luci_statistics.collectd_chrony=statistics
luci_statistics.collectd_chrony.enable='0'
luci_statistics.collectd_chrony.Host='127.0.0.1'
luci_statistics.collectd_chrony.Port='323'
luci_statistics.collectd_chrony.Timeout='2'
luci_statistics.collectd_conntrack=statistics
luci_statistics.collectd_conntrack.enable='0'
luci_statistics.collectd_contextswitch=statistics
luci_statistics.collectd_contextswitch.enable='0'
luci_statistics.collectd_cpu=statistics
luci_statistics.collectd_cpu.enable='1'
luci_statistics.collectd_cpu.ReportByCpu='1'
luci_statistics.collectd_cpu.ReportByState='1'
luci_statistics.collectd_cpu.ShowIdle='0'
luci_statistics.collectd_cpu.ValuesPercentage='1'
luci_statistics.collectd_cpufreq=statistics
luci_statistics.collectd_cpufreq.enable='0'
luci_statistics.collectd_curl=statistics
luci_statistics.collectd_curl.enable='0'
luci_statistics.collectd_df=statistics
luci_statistics.collectd_df.enable='0'
luci_statistics.collectd_df.Devices='/dev/mtdblock/4'
luci_statistics.collectd_df.MountPoints='/overlay'
luci_statistics.collectd_df.FSTypes='tmpfs'
luci_statistics.collectd_df.IgnoreSelected='0'
luci_statistics.collectd_df.ValuesPercentage='0'
luci_statistics.collectd_dhcpleases=statistics
luci_statistics.collectd_dhcpleases.enable='0'
luci_statistics.collectd_dhcpleases.Path='/tmp/dhcp.leases'
luci_statistics.collectd_disk=statistics
luci_statistics.collectd_disk.enable='0'
luci_statistics.collectd_disk.Disks='hda1 hdb'
luci_statistics.collectd_disk.IgnoreSelected='0'
luci_statistics.collectd_dns=statistics
luci_statistics.collectd_dns.enable='0'
luci_statistics.collectd_dns.Interfaces='br-lan'
luci_statistics.collectd_dns.IgnoreSources='127.0.0.1'
luci_statistics.collectd_entropy=statistics
luci_statistics.collectd_entropy.enable='0'
luci_statistics.collectd_exec=statistics
luci_statistics.collectd_exec.enable='0'
luci_statistics.collectd_interface=statistics
luci_statistics.collectd_interface.enable='1'
luci_statistics.collectd_interface.Interfaces='br-lan'
luci_statistics.collectd_interface.IgnoreSelected='0'
luci_statistics.collectd_ipstatistics=statistics
luci_statistics.collectd_ipstatistics.enable='0'
luci_statistics.collectd_iptables=statistics
luci_statistics.collectd_iptables.enable='0'
luci_statistics.@collectd_iptables_match[0]=collectd_iptables_match
luci_statistics.@collectd_iptables_match[0].table='nat'
luci_statistics.@collectd_iptables_match[0].chain='luci_fw_postrouting'
luci_statistics.@collectd_iptables_match[0].target='MASQUERADE'
luci_statistics.@collectd_iptables_match[0].source='192.168.1.0/24'
luci_statistics.@collectd_iptables_match[0].outputif='br-ff'
luci_statistics.@collectd_iptables_match[0].name='LAN-Clients traffic'
luci_statistics.@collectd_iptables_match[1]=collectd_iptables_match
luci_statistics.@collectd_iptables_match[1].chain='luci_fw_postrouting'
luci_statistics.@collectd_iptables_match[1].table='nat'
luci_statistics.@collectd_iptables_match[1].target='MASQUERADE'
luci_statistics.@collectd_iptables_match[1].source='10.61.230.0/24'
luci_statistics.@collectd_iptables_match[1].outputif='br-ff'
luci_statistics.@collectd_iptables_match[1].name='WLAN-Clients traffic'
luci_statistics.collectd_irq=statistics
luci_statistics.collectd_irq.enable='0'
luci_statistics.collectd_irq.Irqs='2 3 4 7'
luci_statistics.collectd_iwinfo=statistics
luci_statistics.collectd_iwinfo.enable='1'
luci_statistics.collectd_load=statistics
luci_statistics.collectd_load.enable='1'
luci_statistics.collectd_memory=statistics
luci_statistics.collectd_memory.enable='1'
luci_statistics.collectd_memory.HideFree='0'
luci_statistics.collectd_memory.ValuesAbsolute='1'
luci_statistics.collectd_memory.ValuesPercentage='0'
luci_statistics.collectd_netlink=statistics
luci_statistics.collectd_netlink.enable='0'
luci_statistics.collectd_netlink.IgnoreSelected='0'
luci_statistics.collectd_netlink.VerboseInterfaces='br-lan'
luci_statistics.collectd_netlink.QDiscs='br-lan'
luci_statistics.collectd_nut=statistics
luci_statistics.collectd_nut.enable='0'
luci_statistics.collectd_nut.UPS='myupsname'
luci_statistics.collectd_olsrd=statistics
luci_statistics.collectd_olsrd.enable='0'
luci_statistics.collectd_olsrd.Port='2006'
luci_statistics.collectd_olsrd.Host='127.0.0.1'
luci_statistics.collectd_openvpn=statistics
luci_statistics.collectd_openvpn.enable='0'
luci_statistics.collectd_ping=statistics
luci_statistics.collectd_ping.enable='0'
luci_statistics.collectd_ping.TTL='127'
luci_statistics.collectd_ping.Interval='30'
luci_statistics.collectd_ping.Hosts='127.0.0.1'
luci_statistics.collectd_processes=statistics
luci_statistics.collectd_processes.enable='0'
luci_statistics.collectd_processes.Processes='uhttpd dnsmasq dropbear'
luci_statistics.collectd_sensors=statistics
luci_statistics.collectd_sensors.enable='0'
luci_statistics.collectd_snmp6=statistics
luci_statistics.collectd_snmp6.enable='0'
luci_statistics.collectd_snmp6.Interfaces='br-lan'
luci_statistics.collectd_snmp6.IgnoreSelected='0'
luci_statistics.collectd_splash_leases=statistics
luci_statistics.collectd_splash_leases.enable='0'
luci_statistics.collectd_tcpconns=statistics
luci_statistics.collectd_tcpconns.enable='0'
luci_statistics.collectd_tcpconns.ListeningPorts='0'
luci_statistics.collectd_tcpconns.LocalPorts='22'
luci_statistics.collectd_tcpconns.AllPortsSummary='0'
luci_statistics.collectd_thermal=statistics
luci_statistics.collectd_thermal.enable='0'
luci_statistics.collectd_thermal.IgnoreSelected='0'
luci_statistics.collectd_uptime=statistics
luci_statistics.collectd_uptime.enable='0'
network.loopback=interface
network.loopback.device='lo'
network.loopback.proto='static'
network.loopback.ipaddr='127.0.0.1'
network.loopback.netmask='255.0.0.0'
network.globals=globals
network.globals.ula_prefix='fda0:e854:8bbe::/48'
network.@device[0]=device
network.@device[0].name='br-lan'
network.@device[0].type='bridge'
network.@device[0].ports='lan1' 'lan2' 'lan3'
network.@device[0].bridge_empty='1'
network.@device[0].stp='1'
network.@device[0].igmp_snooping='1'
network.lan=interface
network.lan.device='br-lan'
network.lan.proto='static'
network.lan.ip6assign='60'
network.lan.broadcast='10.0.0.255'
network.lan.dns_search='lan'
network.lan.ipaddr='10.0.0.1/24'
network.lan.dns='10.0.0.1'
network.lan.delegate='0'
network.IoT=interface
network.IoT.device='lan4'
network.IoT.proto='static'
network.IoT.ip6assign='60'
network.IoT.broadcast='192.168.0.255'
network.IoT.ipaddr='192.168.0.1/24'
network.IoT.dns_search='lan'
network.IoT.dns='192.168.0.1'
network.IoT.delegate='0'
network.IoT.type='bridge'
network.wan=interface
network.wan.device='wan'
network.wan.proto='dhcp'
network.wan.force_link='1'
network.wan.peerdns='0'
network.wan.delegate='0'
network.wan.dns='127.0.0.1'
network.wan6=interface
network.wan6.device='wan'
network.wan6.proto='dhcpv6'
network.wan6.auto='0'
network.wan6.reqaddress='try'
network.wan6.reqprefix='auto'
network.wan6.peerdns='0'
network.@device[1]=device
network.@device[1].name='lan4'
nss.general=nss
nss.general.enable_rps='1'
nss.general.enable_log='1'
openssl.legacy=provider
openssl.legacy.enabled='1'
packagesync.@packagesync[0]=packagesync
packagesync.@packagesync[0].home_url='packagesync'
packagesync.@packagesync[0].auto_exec='0'
packagesync.@packagesync[0].cron_expression='0 0 * * *'
packagesync.@packagesync[0].proxy_enabled='0'
pbuf.opt=general
pbuf.opt.memory_profile='auto'
pingcheck.@default[0]=default
pingcheck.@default[0].host='8.8.8.8'
pingcheck.@default[0].interval='10'
pingcheck.@default[0].timeout='30'
pingcheck.@default[0].protocol='icmp'
pingcheck.@interface[0]=interface
pingcheck.@interface[0].name='wan'
pingcheck.@interface[1]=interface
pingcheck.@interface[1].name='sta'
pingcheck.@interface[1].disabled='1'
plexmediaserver.@main[0]=main
pservice.@pservice[0]=pservice
pservice.@pservice[0].disabled='1'
pservice.@pservice[0].name='demo0'
pservice.@pservice[0].command='/bin/sh'
pservice.@pservice[0].respawn_maxfail='0'
pservice.@pservice[0].args='-c' 'env | logger -t $name; exec sleep $time'
pservice.@pservice[0].env='v0=0' 'v1=val with space' 'name=demo0' 'time=1799'
pservice.@pservice[0].file='/tmp/sleep.conf'
pservice.@pservice[1]=pservice
pservice.@pservice[1].disabled='1'
pservice.@pservice[1].name='8021x'
pservice.@pservice[1].command='/usr/sbin/wpa_supplicant'
pservice.@pservice[1].stdout='1'
pservice.@pservice[1].args='-i' 'eth0.1' '-D' 'wired' '-c' '/etc/wpa_supplicant-eth0.1.conf'
radius.@radius[0]=radius
radius.@radius[0].disabled='1'
radius.@radius[0].ca_cert='/etc/radius/ca.pem'
radius.@radius[0].cert='/etc/radius/cert.pem'
radius.@radius[0].key='/etc/radius/key.pem'
radius.@radius[0].users='/etc/radius/users'
radius.@radius[0].clients='/etc/radius/clients'
radius.@radius[0].auth_port='1812'
radius.@radius[0].acct_port='1813'
rpcd.@rpcd[0]=rpcd
rpcd.@rpcd[0].socket='/var/run/ubus/ubus.sock'
rpcd.@rpcd[0].timeout='30'
rpcd.@login[0]=login
rpcd.@login[0].username='root'
rpcd.@login[0].password='$p$root'
rpcd.@login[0].read='*'
rpcd.@login[0].write='*'
smp_affinity.general=smp_affinity
smp_affinity.general.enable='1'
smp_affinity.general.enable_log='1'
sqm.wan=queue
sqm.wan.enabled='1'
sqm.wan.interface='wan'
sqm.wan.qdisc='fq_codel'
sqm.wan.script='nss-zk.qos'
sqm.wan.overhead='44'
sqm.wan.linklayer='ethernet'
sqm.wan.linklayer_advanced='1'
sqm.wan.tcMPU='84'
sqm.wan.ingress_ecn='ECN'
sqm.wan.egress_ecn='NOECN'
sqm.wan.squash_dscp='1'
sqm.wan.squash_ingress='1'
sqm.wan.tcMTU='2047'
sqm.wan.tcTSIZE='512'
system.@system[0]=system
system.@system[0].hostname='OpenWrt_WRX36'
system.@system[0].ttylogin='0'
system.@system[0].log_size='64'
system.@system[0].urandom_seed='0'
system.@system[0].log_proto='udp'
system.@system[0].conloglevel='8'
system.@system[0].cronloglevel='5'
system.@system[0].zram_comp_algo='zstd'
system.@system[0].description='OpenWrt on Dynalink DL-WRX36 (NSS)'
system.@system[0].notes='Custom NSS-enabled OpenWrt firmware for Dynalink DL-WRX36'
system.ntp=timeserver
system.ntp.enabled='0'
system.led_wan_port_link_green=led
system.led_wan_port_link_green.name='WAN-PORT-LINK-GREEN'
system.led_wan_port_link_green.sysfs='90000.mdio-1:1c:green:wan'
system.led_wan_port_link_green.trigger='netdev'
system.led_wan_port_link_green.mode='link 1000 link_2500'
system.led_wan_port_link_green.dev='wan'
system.led_wan_port_link_yellow=led
system.led_wan_port_link_yellow.name='WAN-PORT-LINK-YELLOW'
system.led_wan_port_link_yellow.sysfs='90000.mdio-1:1c:yellow:wan'
system.led_wan_port_link_yellow.trigger='netdev'
system.led_wan_port_link_yellow.mode='tx rx link_10 link_100'
system.led_wan_port_link_yellow.dev='wan'
system.@rngd[0]=rngd
system.@rngd[0].enabled='1'
system.@rngd[0].device='/dev/urandom'
tang.config=tang
tang.config.port='9090'
tang.config.enabled='0'
ubootenv.@ubootenv[0]=ubootenv
ubootenv.@ubootenv[0].dev='/dev/mtd14'
ubootenv.@ubootenv[0].offset='0x0'
ubootenv.@ubootenv[0].envsize='0x40000'
ubootenv.@ubootenv[0].secsize='0x20000'
ubootenv.@ubootenv[0].numsec='2'
udebug.procd=service
udebug.procd.enabled='0'
udebug.log=service
udebug.log.enabled='0'
udebug.log.debug='0'
udebug.log.kernel='1'
udebug.log.syslog='1'
udebug.hostapd=service
udebug.hostapd.enabled='0'
udebug.hostapd.wpa_log='1'
udebug.hostapd.wpa_nl_rx='0'
udebug.hostapd.wpa_nl_tx='0'
udebug.hostapd.wpa_nl_ctrl='0'
udebug.wpa_supplicant=service
udebug.wpa_supplicant.enabled='0'
udebug.wpa_supplicant.wpa_log='1'
udebug.wpa_supplicant.wpa_nl_rx='0'
udebug.wpa_supplicant.wpa_nl_tx='0'
udebug.wpa_supplicant.wpa_nl_ctrl='0'
udebug.netifd=service
udebug.netifd.enabled='0'
udebug.netifd.netifd_log='1'
udebug.netifd.netifd_nl='0'
udebug.umdns=service
udebug.umdns.enabled='0'
uhttpd.main=uhttpd
uhttpd.main.listen_http='0.0.0.0:80' '[::]:80'
uhttpd.main.listen_https='0.0.0.0:443' '[::]:443'
uhttpd.main.redirect_https='0'
uhttpd.main.home='/www'
uhttpd.main.rfc1918_filter='1'
uhttpd.main.max_requests='3'
uhttpd.main.max_connections='100'
uhttpd.main.cert='/etc/uhttpd.crt'
uhttpd.main.key='/etc/uhttpd.key'
uhttpd.main.cgi_prefix='/cgi-bin'
uhttpd.main.lua_prefix='/cgi-bin/luci=/usr/lib/lua/luci/sgi/uhttpd.lua'
uhttpd.main.script_timeout='60'
uhttpd.main.network_timeout='30'
uhttpd.main.http_keepalive='20'
uhttpd.main.tcp_keepalive='1'
uhttpd.main.ubus_prefix='/ubus'
uhttpd.defaults=cert
uhttpd.defaults.days='730'
uhttpd.defaults.key_type='ec'
uhttpd.defaults.bits='2048'
uhttpd.defaults.ec_curve='P-256'
uhttpd.defaults.country='ZZ'
uhttpd.defaults.state='Somewhere'
uhttpd.defaults.location='Unknown'
uhttpd.defaults.commonname='OpenWrt'
umdns.@umdns[0]=umdns
umdns.@umdns[0].jail='1'
umdns.@umdns[0].network='lan' 'IoT'
unbound.ub_main=unbound
unbound.ub_main.interface_auto='1'
unbound.ub_main.hide_binddata='1'
unbound.ub_main.listen_port='53'
unbound.ub_main.extended_luci='1'
unbound.ub_main.localservice='1'
unbound.ub_main.num_threads='1'
unbound.ub_main.rate_limit='0'
unbound.ub_main.rebind_protection='1'
unbound.ub_main.rebind_localhost='1'
unbound.ub_main.root_age='5'
unbound.ub_main.ttl_min='120'
unbound.ub_main.ttl_neg_max='1000'
unbound.ub_main.validator='1'
unbound.ub_main.validator_ntp='1'
unbound.ub_main.verbosity='1'
unbound.ub_main.enabled='1'
unbound.ub_main.extended_stats='1'
unbound.ub_main.dhcp_link='odhcpd'
unbound.ub_main.recursion='default'
unbound.ub_main.resource='default'
unbound.ub_main.domain='lan'
unbound.ub_main.unbound_control='2'
unbound.ub_main.protocol='ip6_local'
unbound.ub_main.manual_conf='0'
unbound.ub_main.edns_size='1232'
unbound.ub_main.dns64='1'
unbound.ub_main.dns64_prefix='64:ff9b::/96'
unbound.ub_main.trigger_interface='lan' 'IoT' 'wan'
unbound.ub_main.dhcp4_slaac6='1'
unbound.ub_main.domain_type='static'
unbound.ub_main.add_local_fqdn='3'
unbound.ub_main.add_wan_fqdn='4'
unbound.ub_main.iface_lan='IoT' 'lan'
unbound.ub_main.iface_wan='wan' 'wan6'
unbound.ub_main.iface_trig='IoT' 'lan' 'wan'
unbound.auth_icann=zone
unbound.auth_icann.enabled='1'
unbound.auth_icann.fallback='1'
unbound.auth_icann.url_dir='https://www.internic.net/domain/'
unbound.auth_icann.zone_type='auth_zone'
unbound.auth_icann.server='lax.xfr.dns.icann.org' 'iad.xfr.dns.icann.org'
unbound.auth_icann.zone_name='.' 'arpa.' 'in-addr.arpa.' 'in-addr-servers.arpa.' 'ip4only.arpa.' 'ip6.arpa.' 'ip6-servers.arpa.' 'root-servers.net.' 'iana-servers.net.' 'icann-servers.net.' 'mcast.net.' 'ns.arpa.' 'home.arpa.' 'resolver.arpa.' 'uri.arpa.' 'urn.arpa.' 'iris.arpa.'
usteer.@usteer[0]=usteer
usteer.@usteer[0].network='lan'
usteer.@usteer[0].syslog='1'
usteer.@usteer[0].local_mode='1'
usteer.@usteer[0].ipv6='0'
usteer.@usteer[0].debug_level='2'
usteer.@usteer[0].band_steering_threshold='1'
usteer.@usteer[0].band_steering_interval='30000'
usteer.@usteer[0].link_measurement_interval='30000'
usteer.@usteer[0].band_steering_min_snr='0'
usteer.@usteer[0].ssid_list=REDACTED
watchcat.@watchcat[0]=watchcat
watchcat.@watchcat[0].period='15m'
watchcat.@watchcat[0].mode='ping_reboot'
watchcat.@watchcat[0].pinghosts='1.1.1.1'
watchcat.@watchcat[0].forcedelay='1m'
watchcat.@watchcat[0].addressfamily='ipv4'
watchcat.@watchcat[0].pingperiod='1m'
watchcat.@watchcat[0].pingsize='standard'
watchcat.@watchcat[0].interface='@wan'
watchcat.@watchcat[1]=watchcat
watchcat.@watchcat[1].mode='ping_reboot'
watchcat.@watchcat[1].period='15m'
watchcat.@watchcat[1].pinghosts='gstatic.com'
watchcat.@watchcat[1].addressfamily='any'
watchcat.@watchcat[1].pingperiod='1m'
watchcat.@watchcat[1].pingsize='standard'
watchcat.@watchcat[1].forcedelay='1m'
watchcat.@watchcat[1].interface='@wan'
wireless.radio0=wifi-device
wireless.radio0.type='mac80211'
wireless.radio0.path='platform/soc@0/c000000.wifi'
wireless.radio0.band='5g'
wireless.radio0.channel='161'
wireless.radio0.htmode='HE80'
wireless.radio0.country='US'
wireless.radio0.country_ie='1'
wireless.radio0.cell_density='0'
wireless.radio0.txpower='30'
wireless.radio0.diversity='1'
wireless.radio1=wifi-device
wireless.radio1.type='mac80211'
wireless.radio1.path='platform/soc@0/c000000.wifi+1'
wireless.radio1.band='2g'
wireless.radio1.channel='2'
wireless.radio1.htmode='HE40'
wireless.radio1.country='US'
wireless.radio1.country_ie='1'
wireless.radio1.cell_density='0'
wireless.radio1.txpower='30'
wireless.radio1.diversity='1'
wireless.radio1.disabled='0'
wireless.radio1.noscan='1'
wireless.lan_radio0=wifi-iface
wireless.lan_radio0.device='radio0'
wireless.lan_radio0.mode='ap'
wireless.lan_radio0.ssid=REDACTED
wireless.lan_radio0.encryption='sae-mixed'
wireless.lan_radio0.network='lan'
wireless.lan_radio0.ieee80211r='1'
wireless.lan_radio0.ieee80211w='1'
wireless.lan_radio0.ieee80211k='1'
wireless.lan_radio0.ft_over_ds='0'
wireless.lan_radio0.na_mcast_to_ucast='1'
wireless.lan_radio0.wnm_sleep_mode='1'
wireless.lan_radio0.wnm_sleep_mode_no_keys='1'
wireless.lan_radio0.bss_transition='1'
wireless.lan_radio0.reassociation_deadline='8192'
wireless.lan_radio0.proxy_arp='1'
wireless.lan_radio0.multicast_to_unicast_all='1'
wireless.lan_radio0.key=REDACTED
wireless.lan_radio1=wifi-iface
wireless.lan_radio1.device='radio1'
wireless.lan_radio1.mode='ap'
wireless.lan_radio1.ssid=REDACTED
wireless.lan_radio1.encryption='sae-mixed'
wireless.lan_radio1.network='lan'
wireless.lan_radio1.ieee80211r='1'
wireless.lan_radio1.ieee80211w='1'
wireless.lan_radio1.ieee80211k='1'
wireless.lan_radio1.ft_over_ds='0'
wireless.lan_radio1.na_mcast_to_ucast='1'
wireless.lan_radio1.wnm_sleep_mode='1'
wireless.lan_radio1.wnm_sleep_mode_no_keys='1'
wireless.lan_radio1.bss_transition='1'
wireless.lan_radio1.reassociation_deadline='8192'
wireless.lan_radio1.proxy_arp='1'
wireless.lan_radio1.multicast_to_unicast_all='1'
wireless.lan_radio1.key=REDACTED
wireless.wifinet2=wifi-iface
wireless.wifinet2.device='radio0'
wireless.wifinet2.mode='ap'
wireless.wifinet2.ssid=REDACTED
wireless.wifinet2.encryption='sae-mixed'
wireless.wifinet2.hidden='1'
wireless.wifinet2.multicast_to_unicast_all='1'
wireless.wifinet2.isolate='1'
wireless.wifinet2.key=REDACTED
wireless.wifinet2.network='IoT'

And this is my actual connection:

This is the default connection. However I think unbound (also dnsmasq version same problem) does something freaky or I do not know how to configure it. Help would be appreciated

Thank you. I uploaded to my PC then from PC to router OK with -O options for scp .

I am using the dnsmasq variant - which out of box, access to Internet do not work. My wan interfaces can got IPv4 & IPv6 via dhcp. But even in router, DNS cannot resolve hostnames to IPs.

I am not sure but I think he has configured the firmware in a way that WAN from a bridged modem can be received. I receive my IP on WAN@DHCP but the connection is somehow weird...

EDIT:
@jkool702 could you make a firmware without unbound and just the default dns like in stock openwrt? You can leave the adblocker inside. I want to check if it is a wrong unbound config.

I installed the dnsmasq version and I have to report that it doesn't work (for me) in the vanilla version.

1. I have to use a serial console to configure it because I am unable to login via SSH. I changed the password both via luci and via the console, but using root to login does not work. What is the default root password and why can I not change it?

2. Even by default, the router has Internet but a client connected via cable doesn't have Internet. DNS resolution seems to be the issue:

C:\Users\odhiambo>ping gmail.com    
Ping request could not find host gmail.com. Please check the name and try again.

C:\Users\odhiambo>ping gmail.com
Ping request could not find host gmail.com. Please check the name and try again.

C:\Users\odhiambo>nslookup           
DNS request timed out.
    timeout was 2 seconds.
Default Server:  UnKnown
Address:  10.0.0.1

> gmail.com
Server:  UnKnown
Address:  10.0.0.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out
> gmail.com
Server:  UnKnown
Address:  10.0.0.1

DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
DNS request timed out.
    timeout was 2 seconds.
*** Request to UnKnown timed-out
>

3. Running opkg update also fails, meaning that I cannot install my pkgs.

root@OpenWrt_WRX36:/tmp# opkg update
Downloading https://fantastic-packages.github.io/packages/releases/23.05/package
s/aarch64_cortex-a53/packages/Packages.gz
Updated list of available packages in /var/opkg-lists/fantastic_packages_package
s
Downloading https://fantastic-packages.github.io/packages/releases/23.05/package
s/aarch64_cortex-a53/packages/Packages.sig
Signature check passed.
Downloading https://fantastic-packages.github.io/packages/releases/23.05/package
s/aarch64_cortex-a53/luci/Packages.gz
Updated list of available packages in /var/opkg-lists/fantastic_packages_luci
Downloading https://fantastic-packages.github.io/packages/releases/23.05/package
s/aarch64_cortex-a53/luci/Packages.sig
Signature check passed.
Downloading https://fantastic-packages.github.io/packages/releases/23.05/package
s/aarch64_cortex-a53/special/Packages.gz
Updated list of available packages in /var/opkg-lists/fantastic_packages_special

Downloading https://fantastic-packages.github.io/packages/releases/23.05/package
s/aarch64_cortex-a53/special/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/snapshots/targets/qualcommax/ipq807x/p
ackages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_core
Downloading https://downloads.openwrt.org/snapshots/targets/qualcommax/ipq807x/p
ackages/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/
base/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_base
Downloading https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/
base/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/
luci/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_luci
Downloading https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/
luci/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/
nss_packages/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/snaps
hots/packages/aarch64_cortex-a53/nss_packages/Packages.gz

Downloading https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/
packages/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_packages
Downloading https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/
packages/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/
routing/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_routing
Downloading https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/
routing/Packages.sig
Signature check passed.
Downloading https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/
sqm_scripts_nss/Packages.gz
*** Failed to download the package list from https://downloads.openwrt.org/snaps
hots/packages/aarch64_cortex-a53/sqm_scripts_nss/Packages.gz

Downloading https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/
telephony/Packages.gz
Updated list of available packages in /var/opkg-lists/openwrt_telephony
Downloading https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/
telephony/Packages.sig
Signature check passed.
Collected errors:
 * opkg_download: Failed to download https://downloads.openwrt.org/snapshots/pac
kages/aarch64_cortex-a53/nss_packages/Packages.gz, wget returned 8.
 * opkg_download: Failed to download https://downloads.openwrt.org/snapshots/pac
kages/aarch64_cortex-a53/sqm_scripts_nss/Packages.gz, wget returned 8.
root@OpenWrt_WRX36:/tmp#

And while at it, does is the image compile with dnsmasq-full or just dnsmasq? I use pbr/luci-proto-pbr which requires dnsmasq-full so I suggest that you build the image using dnsmasq-full.

4. Just for the kicks, I also tested the unbound version and that one works out of the box! But because pbr requires dnsmasq-full, this unbound version is not for me because I have to do Policy Based Routing and I have been using luci-proto-pbr/pbr and wireguard for that.

5. The adblock does NOT work with the dnsmasq version. I checked it and via http://10.0.0.1/cgi-bin/luci/admin/services/adblock and the Status showed error/4.1.5. On the unbound firmware, it shows enabled / 4.1.5.

6. The opkg update also fails to complete cleanly on the unbound version. I tried to install luci-app-minidlna and encountered this error:

Collected errors:
Collected errors:
 * pkg_hash_check_unresolved: cannot find dependency kernel (= 6.6.32~edb82a9356
c51dab59aeaca493c36c2f-r1) for kmod-sound-core
 * pkg_hash_fetch_best_installation_candidate: Packages for kmod-sound-core found, but incompatible with the architectures configured

But all in all, I wonder what I am missing. I was hoping that it would work out of the box. Do you suppose the issue is the adblock failure on the dnsmasq version?

I am looking forward to the dnsmasq version being build with dnsmasq-full.
I am willing to test it up to where it works because I have a spare functional router that I use for the home.

Last but not least, do I really need sqm? I am on a 45Mbps/45Mbps fiber link, but I cascade my router's WAN to the ISP router's LAN. I suppose some of you are given a direct ethernet cable from the fiber device to your router, no?

Lastly, while at it, could you consider including these packages: kmod-wireguard luci-proto-wireguard wireguard-tools pbr luci-app-pbr nlbwmon luci-app-nlbwmon ? Although I could add those later if opkg allows.

Right now I am abandoning the use of this particular router because I cannot install openvpn-openssl. Also I cannot install wireguard. VPN is a must for me here in KE.

root@OpenWrt_WRX36:/# opkg install openvpn-openssl
Multiple packages (libgcc1 and libgcc1) providing same name marked HOLD or PREFER. Using latest.
Installing openvpn-openssl (2.6.10-r1) to root...
Downloading https://downloads.openwrt.org/snapshots/packages/aarch64_cortex-a53/
packages/openvpn-openssl_2.6.10-r1_aarch64_cortex-a53.ipk
Collected errors:
 * pkg_hash_check_unresolved: cannot find dependency kernel (= 6.6.32~edb82a9356
c51dab59aeaca493c36c2f-r1) for kmod-tun
 * pkg_hash_fetch_best_installation_candidate: Packages for kmod-tun found, but incompatible with the architectures configured
 * satisfy_dependencies_for: Cannot satisfy the following dependencies for openvpn-openssl:
 *      kernel (= 6.6.32~edb82a9356c51dab59aeaca493c36c2f-r1)
 * opkg_install_cmd: Cannot install package openvpn-openssl.
root@OpenWrt_WRX36:/#

Thanks and looking forward to your updates.

I appreciate the feedback and thank you for taking the timed to type up.

So, I'll try and respond to all your points, but I'll first mention that I just pushed an updated version (of both varients) to github which might fix at least a few of the issues youve mentioned.

1. I did use dnsmasq-full, not dnsmasq

2. There shouldnt be a root password. the default wifi password is "password". The intent behind setting the wifi password was so that people could just go in and change the SSID and password/key and have everything else already setup well. For fast roaming (80211r) to set itself up automatically it needs a PSK, which means you need to be using wpa2, so if I left wifi open then people would need to manually csetup the wpa2 encyption and all the fast roaming settings.

3. dns not working on the dnsmasq variant is not terribly surprising. On the unbound varient I seed the build with a pre-setup (and rather complex) unbound configuration that I know works well, because Ive been using that exact unbound config for some time. This includes overwriting some of the unbound package files (like the main setup script at /usr/lib/unbound/unbound.sh) with custom versions that ive tweaked personally. On the dnsmasq variant (which again really uses dnsmasq-full), Im not seeding any custom configuration...I had hoped that the openwrt default config for these would work (since it uses dnsmasq by default), but it seems that may not be the case.

4. You can (assuming you have internet access) install non-kmod packages with opkg, but not kmod packages. When you use snapshot (especially with a custom kernel) you pretty much have to build all the kmod packages you want to use when you build the firmware. Good news is with the update I just pushed I build a whole bunch of the extra kmod packages (including the wireguard one). Foir ones like wireguard that arent installed by default in the firmware you can find the kmod .ipk packages in the github repo here. To install do something like

# example - install wireguard kmod. This is run on the router via a ssh shell.
cd /tmp
wget https://github.com/jkool702/openwrt-custom-builds/raw/main-NSS-dnsmasq/WRX36/bin/targets/qualcommax/ipq807x/packages/kmod-wireguard_6.6.32-r1_aarch64_cortex-a53.ipk
opkg install /tmp/kmod-wireguard_6.6.32-r1_aarch64_cortex-a53.ipk

5. adblock not working was probably my fault...I think I had it configured to use unbound and forgot to change that for the dnsmasq variant build. This has been fixed in the new update nI just pushed.

6. regarding sqm - are you sure you have fiber and only 45mbps/45mbps? Typically a direct fiber connection is at least 500/500 or better. That said, nobody "needs" sqm, its just a matter of how bad bufferbloat is without it, which will vary a lot depending on your connection.usage. here is a test that will show you this. To see the effects of SQM: for my connection I get this with sqm versus this without sqm. Latency increase (both average and maximum during spikes) is reduced while under heavy network load, in exchange for slightly lower bandwidth. That said, I really dont need sqm for my connection....I just run it because I can thanks to using NSS. But, for slower connections (that are much easier to fully saturate) bufferbloat tends to have more noticable effects (e.g., things getting laggy for everyone whenever someone streams a HD video)

As a final note: I should add that I still havent been able to test the dnsmasq varient and am still using the default openwrt builtin config for it. There are 6 other family members in our house and now that school is out for the summer the only time I get to turn off the internet to tweak things (without getting yelled at by literally everyone else in our house) is from about 3am to 5am, so...

Since the unbound varient is working, Ill add that, if you wantred, you could start with the unbound variant, use opkg to install dnsmasq-full and remove unbound, get it configured so it runs, send me the configuration and then I can build that config into the next update. It really is on my to-dop list to iron out the kinks in the dnsmasq version, butfor better or worse my to-do list is rather long and continually growing it seems....lol.

To clarify: Non of your versions work for me correctly.

Unbound has weird behaviour, dnsmasq does not work at all.

Is there something I do wrong? I dont get it, do I need to configure the DNS on the modem router to point to the DL_WRX36? I literally did not change much at all, I just installed your firmware and that is all.

I would be thankful for some advice. I am literally on edge I really hardly want to use your firmware because it actually gives more throughput than the stock openwrt

So, first thing Id suggest is to try the update I put out earlier today...I hopefully fixed a few issues that might have been causing problems with the dnsmasq version. With any luck this one might just work "as-is". If I'm still up tonight after everyone else is alseep then I'll try and flash it and see if it runs and figure out a fix if it doesnt.

That said, the unbound version should have been working more-or-less correctly, which might indicate that the ISP's router is doing something that is interfering. This could be something that is typically harmless but that the NSS build has trouble with (e.g., doing soimething weird with vlan tagging), or it could be something borderline shady (e.g., forcibly redirecting DNS traffic, dropping DNSSEC, etc.).Any chance it can be bypassed and you can connect your router directly?

Now that Ive typed that all up, the thought occured to me that the "weirdness" you see might be due to adblock somehow still being enabled and running and doing what it is supposed to but using blocklists you dont want. adblock works by generating a blacklist tat it passes to unbound (or dnsmasq), and then those dns addresses (that lead to ads and stuff you dont want) are blocked. What exactly gets blocked depends on what source blacklists you tell adguard to use, and some of those source blocklists are intended to block exactly the types of things that you describe not working.

Perhaps a good first test (from the unbound variant that I know is working, on my end at least), run

# stop adblock
service adblock disable
service adblock stop

# restart network+unbound. Optionally, you could just reboot the router instead (type 'reboot' and hit enter)
service unbound restart
service network restart

and see if the "weirdness" with the unbound variant is fixed.

I uploaded an updated version to github earlier today that I hope will fix this. I think what happened is that the adblock package has an option to "redirect all dns queries back to the router's dns server (where adblock can filter them to block ads and malware and such at the dns level). This was enabled. It works well on the unbound version, but on the dnsmasq varient I could see it being possible that it wasnt configured correctly and that dns queries that dnsmasq was making/forwarding (on your behalf) to an upstream dns resolver were being redirected back to the router. This would make it impossible to resolve any dns queries using forwarding dns resolver like dnsmasq.

Im not 100% sure this is the cause, but at the moment it is my best guess. At any rate, this potential issue has been fixed with the newest updated version on github.

If Im still awake tonight after everyone else in the house is asleep i'll try flashing the dnsmasq variant and see if it works and figure out how to fix it if it doesnt. If not tonight then I'll really try to make that happen within the next few days.

Just flashed your new dnsmasq version:
OpenWrt SNAPSHOT r26582-a6e20b34aa / LuCI Master 24.156.45379~9068e94

Internet access is working out of the box. Thank you very much!