Going back from 21.02.1 to 19.07.8 (wrt3200acm)

Having a wrt3200acm running with the latest openwrt, but having some issues/problems with it, is it wise to go back to the previous version 19.07.8 of openwrt?

No in my opinion. What issues are you experiencing (open a new thread after searching)? Best course of action would be to work to solve these rather than downgrading. If you have a backup, a recent snapshot build might solve your issues depending on what they are.

Depends on your perspective here.

19.07 will soon be EOL, which means it will not get security patches and other fixes in the not terribly distant future. So sure, at the moment it is fine, but you might find yourself behind the curve with all of this stuff soon.

OTOH, if you can actually tell us what types of issues you are experiencing, maybe we can hep you resolve them.

Hello @psherman and @darksky thank you for your time and maybe helping out.

I have a syslink wrt3200acm I heard of the wireless problem so I'm thinking ofto buying a separate wireless accespoint (from Zyxel, mikrotik, TP-Link, Aruba, or ubiquiti) and connect this to the router, so this will fix my wireless problems of the router.

The other problem is with my setup I think.
I got a good conversation with mercygroundabyss who helped me a lot.
The problem is the DHCP I think.

My problem is that the webpage aren't loading but I can ping and windows is saying I have a connection.

But with some subnets I don't have any connection.

My setup is that I have several subnets
But only with one I can connect and see the webpage

I can't comment on the performance of the wifi on that device, @darksky recommended trying a snapshot... might be worth it. However, if you use outboard APs, your router should be fine, provided it is configured properly.

If you'd like to have a review of your config...

Please copy the output of the following commands and post it here using the "Preformatted text </> " button:
grafik
Remember to redact passwords, MAC addresses and any public IP addresses you may have:

cat /etc/config/network
cat /etc/config/wireless
cat /etc/config/dhcp
cat /etc/config/firewall

And if your network topology isn't straight forward, please also make a quick sketch of your network so we can see how things are physically connected to each other.

1 Like

I will do this I like to have a view on it because I don't have the experience if it all is setup correct I'm assuming it's good

/etc/config/network


config interface 'loopback'
	option device 'lo'
	option proto 'static'
	option ipaddr '127.0.0.1'
	option netmask '255.0.0.0'

config globals 'globals'
	option ula_prefix 'xxx'

config device
	option name 'br-lan'
	option type 'bridge'
	list ports 'lan1'
	list ports 'lan2'
	list ports 'lan3'
	list ports 'lan4'

config device
	option name 'wan'
	option macaddr 'xxx'

config interface 'wan'
	option device 'wan'
	option proto 'dhcp'
	list dns '1.1.1.1'
	list dns '1.0.0.1'
	option peerdns '0'

config interface 'wan6'
	option device 'wan'
	option proto 'dhcpv6'
	list dns '2606:4700:4700::1111'
	list dns '2606:4700:4700::1001'
	option peerdns '0'

config bridge-vlan
	option device 'br-lan'
	option vlan '1'

config bridge-vlan
	option device 'br-lan'
	option vlan '2'
	list ports 'lan2'

config bridge-vlan
	option device 'br-lan'
	option vlan '3'
	list ports 'lan3'

config bridge-vlan
	option device 'br-lan'
	option vlan '4'
	list ports 'lan4'

config device
	option type '8021q'
	option ifname 'lan1'
	option vid '10'
	option name 'lan1.10'

config interface 'guest'
	option proto 'static'
	option ipaddr '192.168.10.1'
	option netmask '255.255.255.0'
	option device 'lan1.10'
	option type 'bridge'

config interface 'home'
	option proto 'static'
	option device 'br-lan.2'
	option ipaddr '192.168.2.1'
	option netmask '255.255.255.0'

config interface 'iot'
	option proto 'static'
	option device 'br-lan.3'
	option ipaddr '192.168.3.1'
	option netmask '255.255.255.0'

config interface 'crypt'
	option proto 'static'
	option device 'lan3.40'
	option ipaddr '192.168.40.1'
	option netmask '255.255.255.0'
	option type 'bridge'

config interface 'secure'
	option proto 'static'
	option device 'br-lan.4'
	option ipaddr '192.168.4.1'
	option netmask '255.255.255.0'

config interface 'homevpn'
	option proto 'none'
	option device 'tun0'

config interface 'cryptvpn'
	option proto 'none'
	option device 'tun1'

config interface 'securevpn'
	option proto 'none'
	option device 'tun2'

config interface 'dc0'
	option type 'bridge'
	option proto 'static'
	option bridge_empty '1'


etc/config/wireless


config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11a'
	option path 'soc/soc:pcie/pci0000:00/0000:00:01.0/0000:01:00.0'
	option country 'NL'
	option cell_density '1'
	option distance '10'
	option frag '2346'
	option rts '2347'
	option htmode 'VHT20'
	option channel '149'

config wifi-device 'radio1'
	option type 'mac80211'
	option hwmode '11g'
	option path 'soc/soc:pcie/pci0000:00/0000:00:02.0/0000:02:00.0'
	option htmode 'HT20'
	option cell_density '0'
	option channel '8'
	option country 'NL'
	option distance '10'
	option frag '2346'
	option rts '2347'

config wifi-device 'radio2'
	option type 'mac80211'
	option channel '34'
	option hwmode '11a'
	option path 'platform/soc/soc:internal-regs/f10d8000.sdhci/mmc_host/mmc0/mmc0:0001/mmc0:0001:1'
	option htmode 'VHT80'
	option disabled '1'

config wifi-iface 'wifinet1'
	option device 'radio0'
	option mode 'ap'
	option encryption 'sae-mixed'
	option isolate '1'
	option wpa_disable_eapol_key_retries '1'
	option ssid '@guest 5GHZ'
	option network 'guest'
	option ieee80211w '0'
	option key 'xxx'

config wifi-iface 'wifinet2'
	option device 'radio0'
	option mode 'ap'
	option encryption 'sae-mixed'
	option isolate '1'
	option key 'xxx'
	option ssid '@home 5GHZ'
	option network 'home'
	option ieee80211w '0'

config wifi-iface 'wifinet3'
	option device 'radio0'
	option mode 'ap'
	option encryption 'sae-mixed'
	option ieee80211w '0'
	option ssid '@home @live 5Ghz'
	option key 'xxx'
	option wpa_disable_eapol_key_retries '1'
	option network 'secure'

config wifi-iface 'wifinet4'
	option device 'radio0'
	option mode 'ap'
	option encryption 'sae-mixed'
	option key 'xxx'
	option wpa_disable_eapol_key_retries '1'
	option network 'secure'
	option ssid '@secure 5Ghz'
	option ieee80211w '0'

config wifi-iface 'wifinet5'
	option device 'radio1'
	option mode 'ap'
	option ssid '@home @live'
	option ieee80211w '0'
	option wpa_disable_eapol_key_retries '1'
	option encryption 'psk-mixed'
	option key 'xxx'
	option network 'secure'

config wifi-iface 'wifinet6'
	option device 'radio1'
	option mode 'ap'
	option ssid '@home'
	option encryption 'sae-mixed'
	option key 'xxx'
	option ieee80211w '0'
	option wpa_disable_eapol_key_retries '1'
	option network 'dc0'

config wifi-iface 'wifinet7'
	option device 'radio1'
	option mode 'ap'
	option ssid '@crypt'
	option encryption 'sae-mixed'
	option key 'xxx'
	option wpa_disable_eapol_key_retries '1'
	option network 'crypt'

/etc/config/dhcp


config dnsmasq
	option domainneeded '1'
	option localise_queries '1'
	option local '/lan/'
	option domain 'lan'
	option expandhosts '1'
	option authoritative '1'
	option readethers '1'
	option leasefile '/tmp/dhcp.leases'
	option ednspacket_max '1232'
	option cachesize '1000'
	option noresolv '1'
	option port '5353'
	option rebind_protection '0'
	list server '192.168.4.1'
	option localservice '1'

config dhcp 'wan'
	option interface 'wan'
	option ignore '1'

config odhcpd 'odhcpd'
	option maindhcp '0'
	option leasefile '/tmp/hosts/odhcpd'
	option leasetrigger '/usr/sbin/odhcpd-update'
	option loglevel '4'

config dhcp 'guest'
	option interface 'guest'
	option start '100'
	option limit '150'
	option leasetime '12h'
	list ra_flags 'none'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	option ra_slaac '1'
	list dhcp_option '6,192.168.10.1'
	list dhcp_option '3,192.168.10.1'
	list dns '::1'

config dhcp 'home'
	option interface 'home'
	option start '100'
	option limit '150'
	option leasetime '12h'
	list ra_flags 'none'
	
config dhcp 'iot'
	option interface 'iot'
	option start '100'
	option limit '150'
	option leasetime '12h'
	list ra_flags 'none'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	option ra_slaac '1'
	list dhcp_option '6,192.168.3.1'
	list dhcp_option '3,192.168.3.1'
	list dns '::1'

config dhcp 'crypt'
	option interface 'crypt'
	option start '100'
	option limit '150'
	option leasetime '12h'
	list ra_flags 'none'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	option ra_slaac '1'
	list dhcp_option '6,192.168.40.1'
	list dhcp_option '3,192.168.40.1'
	list dns '::1'

config dhcp 'secure'
	option interface 'secure'
	option start '100'
	option limit '150'
	option dhcpv4 'server'
	option dhcpv6 'server'
	option ra 'server'
	option ra_slaac '1'
	list ra_flags 'managed-config'
	list ra_flags 'other-config'
	list dhcp_option '6,192.168.4.1'
	list dhcp_option '3,192.168.4.1'
	list dns '::1'
	option leasetime '24h'

/etc/config/firewall


config defaults
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option synflood_protect '1'

config zone
	option name 'Guest'
	option output 'ACCEPT'
	option input 'REJECT'
	option forward 'REJECT'
	list network 'guest'

config zone
	option output 'ACCEPT'
	option name 'home'
	option input 'REJECT'
	option forward 'REJECT'
	list network 'home'
	list network 'dc0'

config zone
	option name 'IoT'
	option output 'ACCEPT'
	option input 'REJECT'
	option forward 'REJECT'
	list network 'iot'

config zone
	option name 'crypt'
	option output 'ACCEPT'
	option forward 'REJECT'
	option input 'REJECT'

config zone
	option name 'Secure'
	option input 'ACCEPT'
	option output 'ACCEPT'
	option forward 'ACCEPT'
	list network 'secure'

config zone
	option name 'homevpn'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	list network 'homevpn'

config rule
	option name 'Allow-DHCP-Renew'
	option src 'wan'
	option proto 'udp'
	option dest_port '68'
	option target 'ACCEPT'
	option family 'ipv4'

config rule
	option name 'Allow-Ping'
	option src 'wan'
	option proto 'icmp'
	option icmp_type 'echo-request'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-IGMP'
	option src 'wan'
	option proto 'igmp'
	option family 'ipv4'
	option target 'ACCEPT'

config rule
	option name 'Allow-DHCPv6'
	option src 'wan'
	option proto 'udp'
	option src_ip 'fc00::/6'
	option dest_ip 'fc00::/6'
	option dest_port '546'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-MLD'
	option src 'wan'
	option proto 'icmp'
	option src_ip 'fe80::/10'
	list icmp_type '130/0'
	list icmp_type '131/0'
	list icmp_type '132/0'
	list icmp_type '143/0'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Input'
	option src 'wan'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	list icmp_type 'router-solicitation'
	list icmp_type 'neighbour-solicitation'
	list icmp_type 'router-advertisement'
	list icmp_type 'neighbour-advertisement'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-ICMPv6-Forward'
	option src 'wan'
	option dest '*'
	option proto 'icmp'
	list icmp_type 'echo-request'
	list icmp_type 'echo-reply'
	list icmp_type 'destination-unreachable'
	list icmp_type 'packet-too-big'
	list icmp_type 'time-exceeded'
	list icmp_type 'bad-header'
	list icmp_type 'unknown-header-type'
	option limit '1000/sec'
	option family 'ipv6'
	option target 'ACCEPT'

config rule
	option name 'Allow-IPSec-ESP'
	option src 'wan'
	option proto 'esp'
	option target 'ACCEPT'
	option dest 'Secure'

config rule
	option name 'Allow-ISAKMP'
	option src 'wan'
	option dest_port '500'
	option proto 'udp'
	option target 'ACCEPT'
	option dest 'Secure'

config rule
	option name 'Support-UDP-Traceroute'
	option src 'wan'
	option dest_port '33434:33689'
	option proto 'udp'
	option family 'ipv4'
	option target 'REJECT'
	option enabled '0'

config include
	option path '/etc/firewall.user'

config forwarding
	option src 'Guest'
	option dest 'wan'

config forwarding
	option src 'home'
	option dest 'wan'

config forwarding
	option src 'IoT'
	option dest 'wan'

config forwarding
	option src 'Secure'
	option dest 'wan'

config rule
	option name 'Guest DHCP & DNS'
	option target 'ACCEPT'
	option dest_port '53 67 68'
	option src 'Guest'

config rule
	option dest_port '53 67 68'
	option target 'ACCEPT'
	option name 'Home DHCP & DNS'
	option src 'home'

config rule
	option target 'ACCEPT'
	option dest_port '53 67 68'
	option src 'IoT'
	option name 'IoT DHCP & DNS'

config rule
	option src 'Secure'
	option dest_port '53 67 68'
	option target 'ACCEPT'
	option name 'secure DHCP & DNS'

config zone
	option name 'cryptvpn'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	list network 'cryptvpn'

config zone
	option name 'securevpn'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'securevpn'

config zone
	option name 'wan'
	option input 'REJECT'
	option output 'ACCEPT'
	option forward 'REJECT'
	option masq '1'
	option mtu_fix '1'
	list network 'wan'
	list network 'wan6'

config forwarding
	option src 'crypt'
	option dest 'wan'

config forwarding
	option src 'home'
	option dest 'homevpn'

config forwarding
	option src 'crypt'
	option dest 'cryptvpn'

config forwarding
	option src 'Secure'
	option dest 'securevpn'

In radio configs, make it much longer. If the longest a client would connect is 10 meters, make it at least 30.

In dnsmasq config, is the port correct? Have you disabled it?
The server 4.1 is not correct, you should not use itself as resolver.

In guest, redundant options, these are the defaults. Same in iot, secure, and crypt.

The network is missing.

In dnsmasq config, is the port correct? Have you disabled it?
The server 4.1 is not correct, you should not use itself as resolver.

i'm running adguard on port 53, so the server 4.1 is still not good?

These lines needs to removed ?

They are redundant. OpenWrt will advertise itself as gateway and dns anyway,

Regarding WiFi problems with 21.02.1 in wrt3200acm, you might also read this

2 Likes
    list dhcp_option '6,192.168.4.1'
	list dhcp_option '3,192.168.4.1'

If i remove this line special 4.1 i get a connection but the webpages are not loading,
I get a windows problem solving that the webpage can't be found because there is no DNS server
when i pass those lines back in /etc/confi/dhcp i have a internet connection and the webpages are loading.

With this i don't get this, does it means i need to follow these command and change unbound for adguard?

Can you be a bit more specific?

I thought you already run adguard.

Sounds weird, but leave them on if it causes issues.

i just made a backup and started over again at the point adguard is not installed and running.

Also made some changes in the network file.

I think I get no connection with the wifi because I think it's the problem listed here above.
Is there any date to expect the next release candidate of openwrt 21.02.2?

One problem now is that the wifi is connected but not loading webpages I first thought this was a DNS or DHCP problem
Also when selecting a wifi accespoint there is a lot of time before getting a connection it feels like the wifi freezes!