GL-iNet MT300N -V2 - to fresh build of OpenWrt -- Connection Issues

schmeelk · January 24, 2020, 8:46am

Hi All! OpenWrt is really amazing! Thanks so much for all the developers do on this and thanks in advance!

Quick question, to keep moving forward with running OpenWrt.....

I was able to build a fresh OpenWrt image for G-iNet GL-MT300N-V2 and flash the router with fresh build/image from github specifically in accordance with https://openwrt.org/toh/gl.inet/gl.inet_gl-mt300n_v2. Yay! (Built with debian.)

I'm perfectly able to ssh into the box 192.168.1.1 and change the settings (e.g. enable new ssid, unhide ssid broadcast, add firewall rules, etc). There are no issues connecting to the GL box running OpenWrt via WiFi, either.

However, I'm still having issues connecting to LuCI via http://192.168.1.1/index.html?index and still having issues seeing any actual internet traffic flow through wifi router. It feels like a firewall issue, but thought to reach out to the pros after hours of trouble shooting. Perhaps Forwarding needs to be configured.

Any advise on which rabbit hole to go down next would be most appreciated! Thanks a ton in advance!

Sincerely,
Suzanna Schmeelk

mpa · January 26, 2020, 11:17pm

There is a stable OpenWrt 19.07.0 image available for this device - have you tried it?

Which error message do you get? LuCI might be missing in your custom build.

mk24 · January 26, 2020, 11:30pm

With a routed client the WAN IP (from the main router) needs to be in a different subnet range than the LAN IP. For example if they are both 192.168.1.X it can't route out to the Internet.

schmeelk · January 27, 2020, 4:12am

Thanks so much, MPA! This is very helpful!
RE#1 - Yes, great idea about stable version, thank you. I will try it after working more on fresh build. It would be great to showcase a fresh build to a few new learners in the field.
RE#2 - Is there a way to tell if LuCI is in build? It is in the config menu but wasn't sure we needed to set anything from links off openwrt.org/docs/guide-developer/start. If I recall correctly the browser simply indicates connection refused. (Aside, by the way, sorry in advance for any delay in response this week+. I had to pull my lab apart from a hard computer crash (wouldn't even boot) for a week+ but will be back when new device arrives/installed.)

schmeelk · January 27, 2020, 4:12am

Thanks so much, MK24!!! This is also very helpful!
RE# I'll check the IPs. The config of stock firmware worked fine (i.e. traffic flowed fine between ports). Then after fresh build traffic wasn't moving so figured maybe this setup is missing a config component with new firmware.

The device firewall rules are below (the plan is to lock it back down once it's up and running perhaps even after another rebuild):

root@OpenWrt:~# uci show firewall
firewall.@defaults[0]=defaults
firewall.@defaults[0].syn_flood='1'
firewall.@defaults[0].input='ACCEPT'
firewall.@defaults[0].output='ACCEPT'
firewall.@defaults[0].forward='REJECT'
firewall.@zone[0]=zone
firewall.@zone[0].name='lan'
firewall.@zone[0].network='lan'
firewall.@zone[0].input='ACCEPT'
firewall.@zone[0].output='ACCEPT'
firewall.@zone[0].forward='ACCEPT'
firewall.@zone[1]=zone
firewall.@zone[1].name='wan'
firewall.@zone[1].network='wan' 'wan6'
firewall.@zone[1].input='REJECT'
firewall.@zone[1].output='ACCEPT'
firewall.@zone[1].forward='REJECT'
firewall.@zone[1].masq='1'
firewall.@zone[1].mtu_fix='1'
firewall.@forwarding[0]=forwarding
firewall.@forwarding[0].src='lan'
firewall.@forwarding[0].dest='wan'
firewall.@rule[0]=rule
firewall.@rule[0].name='Allow-DHCP-Renew'
firewall.@rule[0].src='wan'
firewall.@rule[0].proto='udp'
firewall.@rule[0].dest_port='68'
firewall.@rule[0].target='ACCEPT'
firewall.@rule[0].family='ipv4'
firewall.@rule[1]=rule
firewall.@rule[1].name='Allow-Ping'
firewall.@rule[1].src='wan'
firewall.@rule[1].proto='icmp'
firewall.@rule[1].icmp_type='echo-request'
firewall.@rule[1].family='ipv4'
firewall.@rule[1].target='ACCEPT'
firewall.@rule[2]=rule
firewall.@rule[2].name='Allow-IGMP'
firewall.@rule[2].src='wan'
firewall.@rule[2].proto='igmp'
firewall.@rule[2].family='ipv4'
firewall.@rule[2].target='ACCEPT'
firewall.@rule[3]=rule
firewall.@rule[3].name='Allow-DHCPv6'
firewall.@rule[3].src='wan'
firewall.@rule[3].proto='udp'
firewall.@rule[3].src_ip='fc00::/6'
firewall.@rule[3].dest_ip='fc00::/6'
firewall.@rule[3].dest_port='546'
firewall.@rule[3].family='ipv6'
firewall.@rule[3].target='ACCEPT'
firewall.@rule[4]=rule
firewall.@rule[4].name='Allow-MLD'
firewall.@rule[4].src='wan'
firewall.@rule[4].proto='icmp'
firewall.@rule[4].src_ip='fe80::/10'
firewall.@rule[4].icmp_type='130/0' '131/0' '132/0' '143/0'
firewall.@rule[4].family='ipv6'
firewall.@rule[4].target='ACCEPT'
firewall.@rule[5]=rule
firewall.@rule[5].name='Allow-ICMPv6-Input'
firewall.@rule[5].src='wan'
firewall.@rule[5].proto='icmp'
firewall.@rule[5].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type' 'router-solicitation' 'neighbour-solicitation' 'router-advertisement' 'neighbour-advertisement'
firewall.@rule[5].limit='1000/sec'
firewall.@rule[5].family='ipv6'
firewall.@rule[5].target='ACCEPT'
firewall.@rule[6]=rule
firewall.@rule[6].name='Allow-ICMPv6-Forward'
firewall.@rule[6].src='wan'
firewall.@rule[6].dest='*'
firewall.@rule[6].proto='icmp'
firewall.@rule[6].icmp_type='echo-request' 'echo-reply' 'destination-unreachable' 'packet-too-big' 'time-exceeded' 'bad-header' 'unknown-header-type'
firewall.@rule[6].limit='1000/sec'
firewall.@rule[6].family='ipv6'
firewall.@rule[6].target='ACCEPT'
firewall.@rule[7]=rule
firewall.@rule[7].name='Allow-IPSec-ESP'
firewall.@rule[7].src='wan'
firewall.@rule[7].dest='lan'
firewall.@rule[7].proto='esp'
firewall.@rule[7].target='ACCEPT'
firewall.@rule[8]=rule
firewall.@rule[8].src='wan'
firewall.@rule[8].dest='lan'
firewall.@rule[8].dest_port='500'
firewall.@rule[8].proto='udp'
firewall.@rule[8].target='ACCEPT'
firewall.@rule[8].name='Allow-ISAKMP'
firewall.@include[0]=include
firewall.@include[0].path='/etc/firewall.user'
firewall.@rule[9]=rule
firewall.@rule[9].name='Allow-80'
firewall.@rule[9].src='lan'
firewall.@rule[9].dest='lan'
firewall.@rule[9].target='ACCEPT'
firewall.@rule[9].proto='all'
firewall.@rule[10]=rule
firewall.@rule[10].dest='wan'
firewall.@rule[10].proto='all'
firewall.@rule[10].target='ACCEPT'
firewall.@rule[10].name='Allow-Traffic'
firewall.@rule[10].src='lan'
firewall.@rule[11]=rule
firewall.@rule[11].name='Allow-WAN-Traffic'
firewall.@rule[11].src='wan'
firewall.@rule[11].proto='all'
firewall.@rule[11].target='ACCEPT'
firewall.@rule[11].dest='lan'
firewall.@rule[12]=rule
firewall.@rule[12].enabled='no'

mpa · January 27, 2020, 11:24am

On a running OpenWrt system (18.06.6 in my case):

root@OpenWrt:~# opkg list-installed | egrep "luci|uhttpd"
liblucihttp - 2019-07-05-a34a17d5-1
liblucihttp-lua - 2019-07-05-a34a17d5-1
luci - git-19.353.67991-868abc1-1
luci-app-firewall - git-19.353.67991-868abc1-1
luci-app-sqm - 1.2.4-1
luci-base - git-19.353.67991-868abc1-1
luci-lib-ip - git-19.353.67991-868abc1-1
luci-lib-jsonc - git-19.353.67991-868abc1-1
luci-lib-nixio - git-19.353.67991-868abc1-1
luci-mod-admin-full - git-19.353.67991-868abc1-1
luci-proto-ipv6 - git-19.353.67991-868abc1-1
luci-proto-ppp - git-19.353.67991-868abc1-1
luci-ssl - git-19.353.67991-868abc1-1
luci-theme-bootstrap - git-19.353.67991-868abc1-1
uhttpd - 2019-12-22-5f9ae573-1

Offline:

egrep "luci|uhttpd" openwrt-19.07.0-ramips-mt76x8.manifest

Is the web server running at all?

root@OpenWrt:~# netstat -ltnp | egrep ':(80|443)\>'
tcp   0   0   0.0.0.0:443   0.0.0.0:*   LISTEN   1692/uhttpd
tcp   0   0   0.0.0.0:80    0.0.0.0:*   LISTEN   1692/uhttpd
tcp   0   0   :::443        :::*        LISTEN   1692/uhttpd
tcp   0   0   :::80         :::*        LISTEN   1692/uhttpd

schmeelk · January 31, 2020, 5:41am

Hi MPA! Thanks so much! I think you are correct! I'm getting a fail on both the opkg and netstat queries as seen below.

BusyBox v1.31.1 () built-in shell (ash)
  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 OpenWrt SNAPSHOT, r12089-5f4f269ce1
--------------------------------------------------
root@OpenWrt:~# opkg list-installed | egrep "luci|uhttpd"
root@OpenWrt:~# netstat -ltnp | egrep ':(80|443)\>'
root@OpenWrt:~# exit

Any chance if there is anything special we need to do during the config for GL-iNet to install LuCi? I followed example on https://openwrt.org/docs/guide-developer/quickstart-build-images

make menuconfig

The last command will open a menu.
If you want to build images for the “TL-WR841N v11” Wifi-Router, select:
“Target System” ⇒ “Atheros AR7xxx/AR9xxx”
“Subtarget” ⇒ “Devices with small flash”
“Target Profile” ⇒ “TP-LINK TL-WR841N/ND v11”
In the menu, select Exit and then Yes to save your settings. Now build the images. That may take some time:
make
Afterwards, the images can be found in ./bin/targets/ar71xx/generic/ - done.

The *-factory.bin images are for the first installation.

The *-sysupgrade.bin images are for the updating existing OpenWrt installations.

Perhaps more needs to be enabled/configured than the above for LuCi on GL-iNet?

Thanks so much!

Suzanna

ulmwind · January 31, 2020, 6:59am

Connect router to Internet, and install packages with opkg:

opkg update
opkg install luci

mpa · January 31, 2020, 11:18am

See the "Beginners guide to building your own firmware", section 2.4.

schmeelk · February 1, 2020, 5:54am

Thanks for the insights, ulmwind and mpa!! Working on it!